Hello,
I've 2 mail servers, as test server, with dovecot as backend and setup
pop3 and imap connections and NFS. For prevent issues with simultaneous
connections I want to setup up Director on the same VM and on the same
instance as the backend Dovecot.
I found in the documentation that this configuration is broken, but can
work with development, and after research on the internet and on the
questions encountered previously as on :
https://dovecot.org/pipermail/dovecot/2015-July/101483.html
https://dovecot.org/pipermail/dovecot/2011-September/130939.html
https://dovecot.org/pipermail/dovecot/2012-June/136535.html
I find it quite unclear if this is really possible with
director_proxy_maybe, which according to the changelog, allows this
setup to work.
Today I've reached this level with those errors:
IPs :
mail4 : XX.XX.111.8
mail3 : XX.XX.51.247
doveadm director ring status
director ip port type last failed status // on mail3
XX.XX.51.247 9090 self never synced
XX.XX.111.8 9090 l+r never synced
doveadm director status [email protected]
Current: 5.196.111.8 (expires 2021-05-21 10:48:51)
Hashed: 5.196.111.8
Initial config:
login with [email protected] on mail4
mail log on mail4
May 21 10:51:52 mail4 dovecot: auth-worker(12917): Debug:
sql([email protected],XX.XX.111.8,<4h3SK9PCYsIFxG8I>): query: SELECT
password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM mail_user
WHERE (login = '[email protected]' OR email =
'[email protected]') AND disableimap = 'n' AND server_id = '8'
May 21 10:51:52 mail4 dovecot: auth: Debug: client passdb out:
OK#0111#[email protected]#011director_proxy_maybe=y#011lip=XX.XX.111.8#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: director_proxy_maybe
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: lip
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: lport
May 21 10:51:52 mail4 dovecot: imap-login: Error: proxy: host not given:
user=<[email protected]>, method=PLAIN, rip=XX.XX.111.8,
lip=XX.XX.111.8, secured, session=<4h3SK9PCYsIFxG8I>
May 21 10:51:52 mail4 dovecot: imap-login: Disconnected (internal
failure, 1 successful auths): user=<[email protected]>,
method=PLAIN, rip=XX.XX.111.8, lip=XX.XX.111.8, secured,
session=<4h3SK9PCYsIFxG8I>
no log on mail3
login with [email protected] on mail3
mail log on mail3
May 21 10:55:07 mail3 dovecot: auth-worker(19907): Debug:
sql([email protected],XX.XX.51.247,<Hh5yN9PCRtAFxDP3>): query:
SELECT password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM
mail_user WHERE (login = '[email protected]' OR email =
'[email protected]') AND disableimap = 'n' AND server_id = '8'
May 21 10:55:07 mail3 dovecot: auth: Debug: client passdb out:
OK#0111#[email protected]#011director_proxy_maybe=y#011lip=XX.XX.51.247#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: director_proxy_maybe
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: lip
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: lport
May 21 10:55:07 mail3 dovecot: imap-login: proxy([email protected]):
Login failed to XX.XX.111.8:143: [UNAVAILABLE] Account is temporarily
unavailable.: user=<[email protected]>, method=PLAIN,
rip=XX.XX.51.247, lip=XX.XX.51.247, secured, session=<Hh5yN9PCRtAFxDP3>
May 21 10:55:07 mail3 dovecot: imap-login: Disconnected (proxy dest auth
failed): user=<[email protected]>, method=PLAIN, rip=XX.XX.51.247,
lip=XX.XX.51.247, secured, session=<Hh5yN9PCRtAFxDP3>
mail log on mail4
May 21 10:55:07 mail4 dovecot: auth-worker(13096): Debug:
sql([email protected],XX.XX.51.247,<rI10N9PCyKsFxDP3>): query:
SELECT password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM
mail_user WHERE (login = '[email protected]' OR email =
'[email protected]') AND disableimap = 'n' AND server_id = '8'
May 21 10:55:07 mail4 dovecot: auth: Debug: client passdb out:
OK#0111#[email protected]#011director_proxy_maybe=y#011lip=XX.XX.111.8#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: director_proxy_maybe
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: lip
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown
passdb extra field: lport
May 21 10:55:07 mail4 dovecot: imap-login: Error: proxy: host not given:
user=<[email protected]>, method=PLAIN, rip=XX.XX.51.247,
lip=XX.XX.111.8, session=<rI10N9PCyKsFxDP3>
May 21 10:55:07 mail4 dovecot: imap-login: Disconnected (internal
failure, 1 successful auths): user=<[email protected]>,
method=PLAIN, rip=XX.XX.51.247, lip=XX.XX.111.8, session=<rI10N9PCyKsFxDP3>
sql query :
password_query = SELECT password, 'y' as proxy_maybe, 'y' as
director_proxy_maybe FROM mail_user WHERE (login = '%u' OR email = '%u')
AND disable%Ls = 'n' AND server_id = '8'
It seems that Director is working but not adding the "host" extra field
when it should, also it's strange that the director_proxy_maybe is unknown.
Is it really possible to configure director on same instance as backend?
Is director_proxy_maybe working? Also do you have answers about my problems?
Thanks for advance.
Lucas
############
mail3's and mail4's configs are the same.
dovecot -n
# 2.2.27 (): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 ()
# OS: Linux 4.9.0-14-amd64 x86_64 Debian 9.13
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_proxy_self = XX.XX.111.8
auth_verbose = yes
dict {
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
director_mail_servers = XX.XX.111.8 XX.XX.51.247
director_servers = XX.XX.111.8 XX.XX.51.247
director_user_expire = 5 mins
disable_plaintext_auth = no
doveadm_port = 24245
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = " quota"
mail_privileged_group = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
quota_warning = storage=90%% quota-warning 90 %u
sieve = /var/vmail/%d/%n/.sieve
sieve_after = /etc/dovecot/sieve/after.d
sieve_before = /var/vmail/%d/%n/sieve
sieve_dir = /var/vmail/%d/%n/sieve/
sieve_global_dir = /etc/dovecot/sieve
}
pop3_reuse_xuidl = yes
pop3_save_uidl = yes
pop3_uidl_format = UID%u-%v
protocols = " imap sieve pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
}
service director {
fifo_listener login/proxy-notify {
mode = 0666
user = $default_login_user
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap-login {
executable = imap-login director
inet_listener imap {
port = 143
}
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service pop3-login {
executable = pop3-login director
inet_listener pop3 {
port = 110
}
}
service quota-warning {
executable = script /usr/local/bin/mail-scripts/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
ssl_cert = </opt/ssl/ircf.crt
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
auth_socket_path = director-userdb
}
protocol doveadm {
auth_socket_path = director-userdb
}
protocol lda {
mail_plugins = " quota sieve quota"
}
protocol imap {
auth_socket_path = director-userdb
mail_max_userip_connections = 16
mail_plugins = " quota quota imap_quota"
}
protocol pop3 {
auth_socket_path = director-userdb
mail_max_userip_connections = 16
mail_plugins = " quota quota"
}
local 10.10.10.0/24 {
doveadm_password = # hidden, use -P to show it
}
