dovecot-proxy with managesieve, director and backend dovecot imap
George Vieira
george.vieira at netregistry.com.au
Wed May 6 04:06:52 UTC 2015
hi all,
I've been tasked to add sieve/managesieve to an existing dovecot cluster
running 2.1.7 on debian wheezy which is made up of 2 dovecot-proxy hosts
as directors and some back end dovecot imap hosts all running the same
version.
My problem is that I thought to put the service on the director/proxy
hosts since they wouldn't have too much load on it, but when I do I get
the following error:
Apr 28 11:00:28 master: Info: Dovecot v2.1.7 starting up (core dumps
disabled)
Apr 28 11:00:28 config: Warning: service auth { client_limit=50000 } is
lower than required under max. load (60000)
Apr 28 11:00:34 managesieve-login: Error: proxy: host not given:
user=<mailchannel at mydomain.net>, method=PLAIN, rip=192.168.100.207,
lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP>
Apr 28 11:00:34 managesieve-login: Info: Aborted login (internal
failure, 1 succesful auths): user=<mailchannel at mydomain.net>,
method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS,
session=<3/zPY74UOgDAqGTP>
From searching around, only ever saw 1 result which was to add
"executable = managesieve-login director" to the managesieve service,
but this made no difference at all and the error is the same.
So I tried to instead use the back end imap servers, but they throw
errors expecting the users password to be the common proxy/director
password as below:
passdb {
driver = static
args = user=%u password=crypticpasswordagain
}
Apr 28 12:03:37 auth: Debug:
static(mailchannel at mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): lookup
Apr 28 12:03:37 auth: Info:
static(mailchannel at mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>):
Password mismatch
Apr 28 12:03:37 auth: Debug:
static(mailchannel at mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>):
PLAIN(85387v92394jks) != 'crypticpasswordagain'
Apr 28 12:03:39 auth: Debug: client out: FAIL 1
user=mailchannel at mydomain.net
So with configs below, how is it best to run managesieve that takes the
correct login/password without directing to the cluster (or direct if
it's easier but must use real user password)?
-- dovecot proxy config --
# dovecot version 2.1.7
instance_name = dovecot-proxy
protocols = imap pop3 lmtp sieve
mail_location = maildir:~/
#listen = 192.168.101.119
listen = 0.0.0.0
# = dovecot-proxy-1
director_servers = 192.168.101.119
# = dovecot-shared-7
director_mail_servers = 192.168.100.101
base_dir = /var/run/dovecot-proxy
login_greeting = Welcome to IMAP.
default_internal_user = webmail
lmtp_proxy = yes
disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5
auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
auth_verbose_passwords=no
#log_path = syslog
log_path = /var/log/dovecot.log
default_process_limit = 10000
default_client_limit = 50000
ssl = no
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
director_user_expire = 15 min
doveadm_proxy_port = 9292
doveadm_password = somecrypticpassword
auth_worker_max_count = 90
passdb {
driver = ldap
args = /etc/dovecot/dovecot-proxy-ldap.conf.ext
}
passdb {
driver = checkpassword
args = /etc/dovecot/checkpassword_migration.py
}
userdb {
driver = prefetch
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
service director {
unix_listener login/director {
mode = 0666
}
fifo_listener login/proxy-notify {
mode = 0666
}
unix_listener director-userdb {
mode = 0600
}
inet_listener {
port = 9191
}
}
service imap-login {
process_min_avail = 2
service_count = 0
executable = imap-login director
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
process_min_avail = 2
service_count = 0
executable = pop3-login director
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service imap {
process_min_avail = 2
process_limit = 0
service_count = 0
}
service pop3 {
process_min_avail = 2
process_limit = 0
service_count = 0
}
service lmtp {
inet_listener lmtp {
port = 24
}
}
service auth {
client_limit=65000
inet_listener {
port = 5451
}
}
service auth-worker {
user = webmail
}
service doveadm {
inet_listener {
port = 9292
}
}
protocol imap {
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
}
protocol lmtp {
auth_socket_path = director-userdb
passdb {
driver = ldap
args = /etc/dovecot/dovecot-proxy-ldap.conf.ext
}
}
protocol doveadm {
auth_socket_path = director-userdb
}
plugin {
# Used by both the Sieve plugin and the ManageSieve protocol
sieve = file:~/sieve;active=~/.dovecot.sieve
}
-- dovecot backend config --
# dovecot version 2.1.7
protocols = imap pop3 lmtp #sieve
# OLDTEMP listen = 192.168.100.95
listen = 192.168.100.101
mail_location = maildir:~/
namespace {
prefix = INBOX.
separator = .
inbox = yes
}
base_dir = /var/run/dovecot/
login_greeting = Dovecot ready.
default_login_user = dovenull
default_internal_user = webmail
mail_access_groups = mail
postmaster_address = postmaster at mydomain.net
disable_plaintext_auth = no
auth_mechanisms = plain login
auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
auth_verbose_passwords=no
#log_path = syslog
log_path = /var/log/dovecot.log
default_process_limit = 10000
default_client_limit = 50000
mmap_disable = yes
mail_fsync = always
mail_nfs_storage = no
mail_nfs_index = no
#mail_plugin_dir = /usr/lib/dovecot
mail_plugin_dir = /usr/lib/dovecot/modules
# OLDTEMP mail_plugins = $mail_plugins quota fts fts_lucene
mail_plugins = $mail_plugins quota fts fts_squat sieve
ssl = no
# OLDTEMP ssl_cert = </usr/local/dovecot/ssl/dovecot.pem
# OLDTEMP ssl_key = </usr/local/dovecot/ssl/dovecot.pem
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
doveadm_password = somecrypticpassword
userdb {
driver = ldap
# OLDTEMP args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap.conf.ext
}
passdb {
driver = static
args = user=%u password=crypticpasswordagain
}
service imap-login {
process_min_avail = 2
service_count = 0
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
process_min_avail = 2
service_count = 0
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service imap {
process_min_avail = 2
process_limit = 0
executable = imap #imap-postlogin
vsz_limit = 384M
}
service pop3 {
process_min_avail = 2
process_limit = 0
executable = pop3 #pop3-postlogin
vsz_limit = 384M
}
service lmtp {
inet_listener lmtp {
port = 24
}
vsz_limit = 384M
}
service doveadm {
inet_listener {
port = 9292
}
}
service director {
unix_listener director-admin {
mode = 0
}
}
service quota-warning {
executable = script /etc/dovecot/quota-warning.sh
unix_listener quota-warning {
user = webmail
}
}
protocol imap {
mail_plugins = $mail_plugins quota imap_quota
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
}
plugin {
fts = fts_squat
fts_squat = partial=4 full=10
# fts_lucene = whitespace_chars=@.
quota = maildir:User quota
quota_warning = storage=75%% quota-warning 75 %u
quota_warning2 = storage=95%% quota-warning 95 %u
}
-- managesieve config --
service managesieve-login {
executable = managesieve-login director
service_count = 0
process_min_avail = 0
vsz_limit = 64M
}
service managesieve {
process_count = 100
}
# Service configuration
protocol sieve {
managesieve_max_line_length = 32768
executable = managesieve-login director
mail_max_userip_connections = 5
managesieve_max_compile_errors = 5
}
More information about the dovecot
mailing list