The end of Dovecot Director?
Brendan Braybrook
brendan at tucows.com
Fri Oct 21 17:41:53 UTC 2022
On 2022-10-21 04:29, spi wrote:
> Am 21.10.22 um 13:14 schrieb Amol Kulkarni:
>> Nginx has an mail proxy for pop, imap, smtp.
>> Can it be used instead of director ?
> Nginx can authenticate imap/smtp (and probably pop3) users. If you that,
> you can define a backend server the session is routed to. Currently I
> use that approach to authenticate users by client certificates and route
> them to the appriopriate backend (well, I only have one ;-).
we've recently switched to director, but we used to use nginx for this
as well (we started using nginx before director existed). if you load
balance the nginx proxies themselves, you can easily handle hundreds of
thousands of concurrent imap connections with them.
in debian/ubuntu, i don't think the nginx packages include the mail
proxy bits. iirc, we had to compile nginx ourselves with the mail proxy
bits included.
the nginx config is pretty simple, you have to pre-specifiy the
capabilities for each protocol and set up some sort of way for nginx to
auth and get which backend node to send to as spi notes (in this
example, it's an http call):
mail {
auth_http localhost:8080/cgi-bin/auth;
proxy_pass_error_message on;
pop3_capabilities "TOP" "UIDL" "RESP-CODES" "PIPELINING"
"AUTH-RESP-CODE" "USER" "SASL PLAIN" "SASL PLAIN LOGIN";
server {
listen 110;
protocol pop3;
proxy on;
}
imap_capabilities "IMAP4rev1" "LITERAL+" "SASL-IR" "LOGIN-REFERRALS"
"IDLE";
server {
listen 143;
protocol imap;
proxy on;
}
}
localhost:8080/cgi-bin/auth then just auths the user/pass that nginx
gets from the incoming request and returns success and the next hop for
nginx to proxy to.
the only real difficulty is that you then need to write your own state
system into your cgi auth script to ensure that users get sent to the
same backend imap server if they already have an existing connection and
have some way to safely fail over to other backend imap servers should
one go down. (it's nice to have director handle this state stuff for you)
More information about the dovecot
mailing list