director & backend on same server with director_proxy_maybe

Fri May 21 12:21:14 EEST 2021

Hello,

I've 2 mail servers, as test server, with dovecot as backend and setup 
pop3 and imap connections and NFS. For prevent issues with simultaneous 
connections I want to setup up Director on the same VM and on the same 
instance as the backend Dovecot.

I found in the documentation that this configuration is broken, but can 
work with development, and after research on the internet and on the 
questions encountered previously as on :

https://dovecot.org/pipermail/dovecot/2015-July/101483.html

https://dovecot.org/pipermail/dovecot/2011-September/130939.html

https://dovecot.org/pipermail/dovecot/2012-June/136535.html

I find it quite unclear if this is really possible with 
director_proxy_maybe, which according to the changelog, allows this 
setup to work.

Today I've reached this level with those errors:

IPs :

     mail4 : XX.XX.111.8

     mail3 : XX.XX.51.247

doveadm director ring status

director ip  port type last failed status     // on mail3
XX.XX.51.247 9090 self  never synced
XX.XX.111.8  9090  l+r never       synced

doveadm director status lucas.raynaud at ircf.fr

Current: 5.196.111.8 (expires 2021-05-21 10:48:51)
Hashed: 5.196.111.8
Initial config:

login with lucas.raynaud at ircf.fr on mail4

mail log on mail4

May 21 10:51:52 mail4 dovecot: auth-worker(12917): Debug: 
sql(lucas.raynaud at ircf.fr,XX.XX.111.8,<4h3SK9PCYsIFxG8I>): query: SELECT 
password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM mail_user 
WHERE (login = 'lucas.raynaud at ircf.fr' OR email = 
'lucas.raynaud at ircf.fr') AND disableimap = 'n' AND server_id = '8'
May 21 10:51:52 mail4 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=lucas.raynaud at ircf.fr#011director_proxy_maybe=y#011lip=XX.XX.111.8#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: director_proxy_maybe
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lip
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lport
May 21 10:51:52 mail4 dovecot: imap-login: Error: proxy: host not given: 
user=<lucas.raynaud at ircf.fr>, method=PLAIN, rip=XX.XX.111.8, 
lip=XX.XX.111.8, secured, session=<4h3SK9PCYsIFxG8I>
May 21 10:51:52 mail4 dovecot: imap-login: Disconnected (internal 
failure, 1 successful auths): user=<lucas.raynaud at ircf.fr>, 
method=PLAIN, rip=XX.XX.111.8, lip=XX.XX.111.8, secured, 
session=<4h3SK9PCYsIFxG8I>

no log on mail3

login with lucas.raynaud at ircf.fr on mail3

mail log on mail3

May 21 10:55:07 mail3 dovecot: auth-worker(19907): Debug: 
sql(lucas.raynaud at ircf.fr,XX.XX.51.247,<Hh5yN9PCRtAFxDP3>): query: 
SELECT password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM 
mail_user WHERE (login = 'lucas.raynaud at ircf.fr' OR email = 
'lucas.raynaud at ircf.fr') AND disableimap = 'n' AND server_id = '8'
May 21 10:55:07 mail3 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=lucas.raynaud at ircf.fr#011director_proxy_maybe=y#011lip=XX.XX.51.247#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: director_proxy_maybe
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lip
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lport
May 21 10:55:07 mail3 dovecot: imap-login: proxy(lucas.raynaud at ircf.fr): 
Login failed to XX.XX.111.8:143: [UNAVAILABLE] Account is temporarily 
unavailable.: user=<lucas.raynaud at ircf.fr>, method=PLAIN, 
rip=XX.XX.51.247, lip=XX.XX.51.247, secured, session=<Hh5yN9PCRtAFxDP3>
May 21 10:55:07 mail3 dovecot: imap-login: Disconnected (proxy dest auth 
failed): user=<lucas.raynaud at ircf.fr>, method=PLAIN, rip=XX.XX.51.247, 
lip=XX.XX.51.247, secured, session=<Hh5yN9PCRtAFxDP3>

mail log on mail4

May 21 10:55:07 mail4 dovecot: auth-worker(13096): Debug: 
sql(lucas.raynaud at ircf.fr,XX.XX.51.247,<rI10N9PCyKsFxDP3>): query: 
SELECT password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM 
mail_user WHERE (login = 'lucas.raynaud at ircf.fr' OR email = 
'lucas.raynaud at ircf.fr') AND disableimap = 'n' AND server_id = '8'
May 21 10:55:07 mail4 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=lucas.raynaud at ircf.fr#011director_proxy_maybe=y#011lip=XX.XX.111.8#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: director_proxy_maybe
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lip
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lport
May 21 10:55:07 mail4 dovecot: imap-login: Error: proxy: host not given: 
user=<lucas.raynaud at ircf.fr>, method=PLAIN, rip=XX.XX.51.247, 
lip=XX.XX.111.8, session=<rI10N9PCyKsFxDP3>
May 21 10:55:07 mail4 dovecot: imap-login: Disconnected (internal 
failure, 1 successful auths): user=<lucas.raynaud at ircf.fr>, 
method=PLAIN, rip=XX.XX.51.247, lip=XX.XX.111.8, session=<rI10N9PCyKsFxDP3>

sql query :

password_query = SELECT password, 'y' as proxy_maybe, 'y' as 
director_proxy_maybe FROM mail_user WHERE (login = '%u' OR email = '%u') 
AND disable%Ls = 'n' AND server_id = '8'

It seems that Director is working but not adding the "host" extra field 
when it should, also it's strange that the director_proxy_maybe is unknown.

Is it really possible to configure director on same instance as backend? 
Is director_proxy_maybe working? Also do you have answers about my problems?

Thanks for advance.

Lucas

############

mail3's and mail4's configs are the same.

dovecot -n

# 2.2.27 (): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 ()
# OS: Linux 4.9.0-14-amd64 x86_64 Debian 9.13
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_proxy_self = XX.XX.111.8
auth_verbose = yes
dict {
   quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
director_mail_servers = XX.XX.111.8 XX.XX.51.247
director_servers = XX.XX.111.8 XX.XX.51.247
director_user_expire = 5 mins
disable_plaintext_auth = no
doveadm_port = 24245
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = " quota"
mail_privileged_group = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   quota = dict:user::file:/var/vmail/%d/%n/.quotausage
   quota_warning = storage=90%% quota-warning 90 %u
   sieve = /var/vmail/%d/%n/.sieve
   sieve_after = /etc/dovecot/sieve/after.d
   sieve_before = /var/vmail/%d/%n/sieve
   sieve_dir = /var/vmail/%d/%n/sieve/
   sieve_global_dir = /etc/dovecot/sieve
}
pop3_reuse_xuidl = yes
pop3_save_uidl = yes
pop3_uidl_format = UID%u-%v
protocols = " imap sieve pop3"
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     group = vmail
     mode = 0600
     user = vmail
   }
}
service director {
   fifo_listener login/proxy-notify {
     mode = 0666
     user = $default_login_user
   }
   inet_listener {
     port = 9090
   }
   unix_listener director-userdb {
     mode = 0600
   }
   unix_listener login/director {
     mode = 0666
   }
}
service doveadm {
   inet_listener {
     port = 24245
   }
}
service imap-login {
   executable = imap-login director
   inet_listener imap {
     port = 143
   }
}
service ipc {
   unix_listener ipc {
     user = dovecot
   }
}
service pop3-login {
   executable = pop3-login director
   inet_listener pop3 {
     port = 110
   }
}
service quota-warning {
   executable = script /usr/local/bin/mail-scripts/quota-warning.sh
   unix_listener quota-warning {
     group = vmail
     mode = 0660
     user = vmail
   }
   user = vmail
}
ssl_cert = </opt/ssl/ircf.crt
ssl_key =  # hidden, use -P to show it
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
protocol lmtp {
   auth_socket_path = director-userdb
}
protocol doveadm {
   auth_socket_path = director-userdb
}
protocol lda {
   mail_plugins = " quota sieve quota"
}
protocol imap {
   auth_socket_path = director-userdb
   mail_max_userip_connections = 16
   mail_plugins = " quota quota imap_quota"
}
protocol pop3 {
   auth_socket_path = director-userdb
   mail_max_userip_connections = 16
   mail_plugins = " quota quota"
}
local 10.10.10.0/24 {
   doveadm_password =  # hidden, use -P to show it
}