Proxy + 2x static passdb not working as expected

Michael Goth mg at webflow.de
Tue Nov 13 13:19:05 EET 2018 

Hi all,

I'm trying to setup a Dovecot proxy that authenticates the user against 
two backend servers. If login server1 fails, server2 should be tried.

The problem: Only the first server seems to be tried, even if the login 
fails.

Config snippet:

   protocol imap {
     passdb {
       driver = static
       args = proxy=y nopassword=y host=oldserver1.example.com port=993 
ssl=y
     }

     passdb {
       driver = static
       args = proxy=y nopassword=y host=oldserver2.example.com port=993 
ssl=y
     }
   }

With this config, only accounts on oldserver1.example.com can login. If 
I reverse the two passdb entries, only accounts on 
oldserver2.example.com can login.

I've done the same with SQL passdb first + static passdb second. That 
worked as expected. Not sure what I'm doing wrong here.

Attached is the output of doveconf -n


Thanks

   Michael

Mit freundlichen Grüßen
-- 
Michael Goth

.webflow GmbH

Geschäftsführer: Andreas Schrei
Wasserburger Straße 4
D - 83352 Altenmarkt a. d. Alz

Amtsgericht Traunstein HRB 18537

E-Mail:   mg at webflow.de
Tel:      +49 (0) 8621 - 99989 - 26
Fax:      +49 (0) 8621 - 99989 - 28
Web:      www.webflow.de
-------------- next part --------------
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 4.15.0-36-generic x86_64 Ubuntu 18.04.1 LTS
# Hostname: proxy.example.com
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
listen = *
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
passdb {
  args = /dev/null
  driver = passwd-file
}
protocols = imap pop3 submission sieve
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/private/wildcard.example.com.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_require_crl = no
userdb {
  args = static uid=65534 gid=65534 home=/dev/null
  driver = static
}
protocol imap {
  passdb {
    args = proxy=y nopassword=y host=oldserver1.example.com port=993 ssl=y
    driver = static
    name =
  }
  passdb {
    args = proxy=y nopassword=y host=oldserver2.example.com port=993 ssl=y
    driver = static
    name =
  }
}

More information about the dovecot mailing list