problem in setting up proxy

Aki Tuomi aki.tuomi at open-xchange.com
Wed Jan 23 09:39:22 EET 2019 

Hi!

First of all, can you provide output of 'doveconf -n'? It's much cleaner
to read and shows what's really there?

Aki

On 22.1.2019 17.57, Ted wrote:
> Hello,
>
> We're having difficulty with our updated cluster of dovecot servers
> accessing the email storage on the NFS mounts.  It seems index files get
> corrupted when 2 backend mailservers access the same account, and from
> documentation setting up a director proxy in front of the backup
> servers.  I'm trying to just set up a straight proxy first, which the
> documents say is the first step, and although I can see the connections
> coming into the server when I try to login via the proxy, the connection
> times out and there are no logs from dovecot anywhere saying what
> happened to the connection.
>
> The configs I have set up for this in dovecot are:
>
> dovecot.conf
>
> # Protocols we want to be serving.
> protocols = imap pop3
>
> #when re-enabling quota enforcement add quota in below:
> mail_plugins = $mail_plugins mail_log notify
>
> protocol imap {
>   # Space separated list of plugins to load (default is global
> mail_plugins).
> #when re-enabling quota enforcement add imap_quota in below:
>   mail_plugins = $mail_plugins
> }
>
>
> # A comma separated list of IPs or hosts where to listen in for
> connections.
> # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
> # If you want to specify non-default ports or anything more complex,
> # edit conf.d/master.conf.
> #listen = *, ::
>
> # Base directory where to store runtime data.
> #base_dir = /var/run/dovecot/
>
> # Name of this instance. In multi-instance setup doveadm and other commands
> # can use -i <instance_name> to select which instance is used (an
> alternative
> # to -c <config_path>). The instance name is also added to Dovecot processes
> # in ps output.
> #instance_name = dovecot
>
> # Greeting message for clients.
> login_greeting = Welcome to easyMail.
>
> shutdown_clients = yes
>
> # Most of the actual configuration gets included below. The filenames are
> # first sorted by their ASCII value and parsed in that order. The
> 00-prefixes
> # in filenames are intended to make it easier to understand the ordering.
> !include conf.d/*.conf
>
> # A config file can also tried to be included without giving an error if
> # it's not found:
> !include_try local.conf
>
> service auth {
>   unix_listener auth-master {
>     mode = 0600
>     user = vmail
>   }
> }
>
> conf.d/10-auth.conf
>
> ##
> ## Authentication processes
> ##
> # Username formatting before it's looked up from databases. You can use
> # the standard variables here, eg. %Lu would lowercase the username, %n
> would
> # drop away the domain if it was given, or "%n-AT-%d" would change the
> '@' into
> # "-AT-". This translation is done after auth_username_translation changes.
> auth_username_format = %Lu
>
> # Space separated list of wanted authentication mechanisms:
> #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
> #   gss-spnego
> # NOTE: See also disable_plaintext_auth setting.
> auth_mechanisms = plain login
> #
> # Password database is used to verify user's password (and nothing more).
> # You can have multiple passdbs and userdbs. This is useful if you want to
> # allow both system users (/etc/passwd) and virtual users to login without
> # duplicating the system users into virtual database.
> #
> # <doc/wiki/PasswordDatabase.txt>
> #
> # User database specifies where mails are located and what user/group IDs
> # own them. For single-UID configuration use "static" userdb.
> #
> # <doc/wiki/UserDatabase.txt>
>
> #!include auth-deny.conf.ext
> #!include auth-master.conf.ext
>
> #!include auth-system.conf.ext
> #!include auth-sql.conf.ext
> #!include auth-ldap.conf.ext
> #!include auth-passwdfile.conf.ext
> #!include auth-checkpassword.conf.ext
> #!include auth-vpopmail.conf.ext
> !include auth-static.conf.ext
>
> conf.d/auth-static.conf.ext
>
> # Static passdb. Included from auth.conf.
>
> # This can be used for situations where Dovecot doesn't need to verify the
> # username or the password, or if there is a single password for all users:
> #
> #  - proxy frontend, where the backend verifies the password
> #  - proxy backend, where the frontend already verified the password
> #  - authentication with SSL certificates
> #  - simple testing
>
>   passdb static {
>    driver = static
>    args = nopassword=y
>    default_fields = proxy=y host=10.5.10.121
>   }
>
>
> #passdb {
> #  driver = static
> #  args = password=test
> #}
>
> #userdb {
> #  driver = static
> #  args = uid=vmail gid=vmail home=/home/%u
> #}
>
> conf.d/10-logging.conf
>
> ##
> ## Log destination.
> ##
>
> # Log file to use for error messages. "syslog" logs to syslog,
> # /dev/stderr logs to stderr.
> #log_path = syslog
>
> # Log file to use for informational messages. Defaults to log_path.
> #info_log_path =
> # Log file to use for debug messages. Defaults to info_log_path.
> #debug_log_path =
>
> # Syslog facility to use if you're logging to syslog. Usually if you don't
> # want to use "mail", you'll use local0..local7. Also other standard
> # facilities are supported.
> #syslog_facility = mail
>
> ##
> ## Logging verbosity and debugging.
> ##
>
> # Log unsuccessful authentication attempts and the reasons why they failed.
> auth_verbose = yes
>
> # In case of password mismatches, log the attempted password. Valid
> values are
> # no, plain and sha1. sha1 can be useful for detecting brute force password
> # attempts vs. user simply trying the same password over and over again.
> # You can also truncate the value to n chars by appending ":n" (e.g.
> sha1:6).
> #auth_verbose_passwords = no
>
> # Even more verbose logging for debugging purposes. Shows for example SQL
> # queries.
> auth_debug = yes
>
> # In case of password mismatches, log the passwords and used scheme so the
> # problem can be debugged. Enabling this also enables auth_debug.
> #auth_debug_passwords = no
>
> # Enable mail process debugging. This can help you figure out why Dovecot
> # isn't finding your mails.
> mail_debug = yes
>
> # Show protocol level SSL errors.
> verbose_ssl = yes
>
> # mail_log plugin provides more event logging for mail processes.
> plugin {
>   # Events to log. Also available: flag_change append
>   #mail_log_events = delete undelete expunge copy mailbox_delete
> mailbox_rename
>   # Available fields: uid, box, msgid, from, subject, size, vsize, flags
>   # size and vsize are available only for expunge and copy events.
>   #mail_log_fields = uid box msgid size
> }
>
>
> I'm basically expecting this to forward the login requests on to
> 10.5.10.121 when I try to access the email account through the proxy. 
> When I attempt this I am able to see the connections in a tcp dump, but
> dovecot does not log anything about the attempt.  I clearly must be
> missing something, can you let me know what I need to do or check? 
>
> Thank you
> Ted
> easyDNS Technologies
>

More information about the dovecot mailing list