Can?t dovecot authenticate against imap? What I need is to make smtp authentication balanced and keep everything in backend (private network) On 27 Mar 2015, at 13:29, Benny Pedersen <me at junc.eu> wrote:> Edgaras Luko?evi?ius skrev den 2015-03-27 12:21: > >> is it possible to configure configure haproxy to work with postfix >> sasl and dovecot auth like this: >> clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1, >> 20025:auth-backend-2 > > configure cyrus-sasl as a remote imap client is more simple > > if imap hostname is dns round robin it would be ha-avail already > > keep postfix simple
Edgaras Luko?evi?ius skrev den 2015-03-27 14:34:> Can?t dovecot authenticate against imap?will it be trusted ?> What I need is to make smtp authentication balanced and keep > everything in backend (private network)dovecot is not a smtp server, thats why i say cyrus-sasl yes cyrus-sasl is ha-awail with rimap, but there is a minor problem with it, haproxy and rimap have both the same problem to connect to one ip that times out before the next ip is used, haproxy does imho not solve this better then rimap
Once upon a time, Edgaras Luko?evi?ius <edgaras.lukosevicius at gmail.com> said:> What I need is to make smtp authentication balanced and keep everything in backend (private network)If you have more than one Postfix server, each one must talk to its own private Dovecot server for auth. The Dovecot auth protocol includes a client (Postfix) assigned ID, and Postfix uses the process ID. If you have multiple Postfix servers talking to one Dovecot server, you'll get ID conflicts and dropped auths. I ended up putting a local instance of Dovecot on each Postfix server, with no protcols configured except for auth. Not quite as HA, but I have my monitoring system doing SMTP AUTH (never have had a problem with the setup); you could probably have HAProxy do it as well (IIRC it can do some basic expect-style send/receive). -- Chris Adams <cma at cmadams.net>
I don?t want to allow public network facing servers to be able to reach passwords database. And I want to segregate roles of the servers. If I will setup dovecot locally I will still have to provide it access to database (eg. /etc/dovecot/dovecot-sql.conf.ext). On 27 Mar 2015, at 15:49, Benny Pedersen <me at junc.eu> wrote:> Edgaras Luko?evi?ius skrev den 2015-03-27 14:34: >> Can?t dovecot authenticate against imap? > > will it be trusted ? > >> What I need is to make smtp authentication balanced and keep >> everything in backend (private network) > > dovecot is not a smtp server, thats why i say cyrus-sasl > > yes cyrus-sasl is ha-awail with rimap, but there is a minor problem with it, haproxy and rimap have both the same problem to connect to one ip that times out before the next ip is used, haproxy does imho not solve this better then rimap
Am 27.03.2015 um 14:49 schrieb Benny Pedersen:>> What I need is to make smtp authentication balanced and keep >> everything in backend (private network) > > dovecot is not a smtp server, thats why i say cyrus-sasljesus christ keep your smart-ass responses for yourself http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150327/94acfee4/attachment-0001.sig>