Nginx has an mail proxy for pop, imap, smtp. Can it be used instead of director ? On Fri, 21 Oct 2022 at 16:21, <hi at zakaria.website> wrote:> On 2022-10-21 10:51, Zhang Huangbin wrote: > >> On Oct 21, 2022, at 5:23 PM, hi at zakaria.website wrote: > >> > >> I was wondering if one can achieve the same implementation with > >> haproxy without dovecot director? > > > > The most important part of Director is it makes sure same mail user > > always proxied to same backend IMAP server. > > > > If mailbox is in Maildir format (and stored on shared storage like > > NFS), accessing it from different server may corrupt Dovecot index > > files and mailbox becomes unaccessible. Director perfectly avoids this > > issue. > > > > HAProxy can proxy mail user from same client IP to same backend IMAP > > server, but not same mail user from different IPs. > > > > Quote (https://doc.dovecot.org/admin_manual/director/dovecotdirector/): > > > > "Director can be used by Dovecot?s IMAP/POP3/LMTP proxy to keep a > > temporary user -> mail server mapping. As long as user has simultaneous > > connections, the user is always redirected to the same server. Each > > proxy server is running its own director process, and the directors are > > communicating the state to each others. Directors are mainly useful for > > setups where all of the mail storage is seen by all servers, such as > > with NFS or a cluster filesystem." > > > > ---- > > Zhang Huangbin, founder of: > > - iRedMail: Open source email server solution: > > https://www.iredmail.org/ > > - Spider: Lightweight, on-premises Email Archiving Software: > > https://spiderd.io > > Aha makes sense, although I was not able to see how can index files be > corrupted when its if will going to be updated, its in same manner as > from different connection, e.g. opening email account from different app > clients, with different connections, does not corrupt the index files? > > Also, Is it the issue Director resolving as well its with maintaining > the logged in dovecot connection to same backend? Anyhow, thanks for > your valuable efforts in clearing this :) > > I wondered if there is any other solution to avoid corrupting index > files? Perhaps if dovecot offer database indexing as well as login > sessions, it seems that this would eliminate Director requirement, and > offer better high availability, as for now userdb/authdb is only > available per my knowledge, and using database cluster resolves the > issue with user and auth queries during simultaneous connections to a > different backends. > > Otherwise, it seems in large enterprise deployment with high > availability a Director implementation will be needed, hopefully we will > find an alternative solution by the time Dovecot 3 is released. > > I might need to get my head around building dovecot with customised > modules and review the code which was removed and return it back, if > anyone is planning to this, and well off ahead of me, please let me > know, we might be able to help one another. > > With thanks. > > Zakaria. >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20221021/ed0e7e7e/attachment-0001.htm>
To be clear, we are not removing proxying features from Dovecot either. Just the director ring feature. Aki> On 21/10/2022 14:14 EEST Amol Kulkarni <amolk112k at gmail.com> wrote: > > > Nginx has an mail proxy for pop, imap, smtp. > Can it be used instead of director ? > > > On Fri, 21 Oct 2022 at 16:21, <hi at zakaria.website> wrote: > > On 2022-10-21 10:51, Zhang Huangbin wrote: > > >> On Oct 21, 2022, at 5:23 PM, hi at zakaria.website wrote: > > >> > > >> I was wondering if one can achieve the same implementation with > > >> haproxy without dovecot director? > > > > > > The most important part of Director is it makes sure same mail user > > > always proxied to same backend IMAP server. > > > > > > If mailbox is in Maildir format (and stored on shared storage like > > > NFS), accessing it from different server may corrupt Dovecot index > > > files and mailbox becomes unaccessible. Director perfectly avoids this > > > issue. > > > > > > HAProxy can proxy mail user from same client IP to same backend IMAP > > > server, but not same mail user from different IPs. > > > > > > Quote (https://doc.dovecot.org/admin_manual/director/dovecotdirector/): > > > > > > "Director can be used by Dovecot?s IMAP/POP3/LMTP proxy to keep a > > > temporary user -> mail server mapping. As long as user has simultaneous > > > connections, the user is always redirected to the same server. Each > > > proxy server is running its own director process, and the directors are > > > communicating the state to each others. Directors are mainly useful for > > > setups where all of the mail storage is seen by all servers, such as > > > with NFS or a cluster filesystem." > > > > > > ---- > > > Zhang Huangbin, founder of: > > > - iRedMail: Open source email server solution: > > > https://www.iredmail.org/ > > > - Spider: Lightweight, on-premises Email Archiving Software: > > > https://spiderd.io > > > > Aha makes sense, although I was not able to see how can index files be > > corrupted when its if will going to be updated, its in same manner as > > from different connection, e.g. opening email account from different app > > clients, with different connections, does not corrupt the index files? > > > > Also, Is it the issue Director resolving as well its with maintaining > > the logged in dovecot connection to same backend? Anyhow, thanks for > > your valuable efforts in clearing this :) > > > > I wondered if there is any other solution to avoid corrupting index > > files? Perhaps if dovecot offer database indexing as well as login > > sessions, it seems that this would eliminate Director requirement, and > > offer better high availability, as for now userdb/authdb is only > > available per my knowledge, and using database cluster resolves the > > issue with user and auth queries during simultaneous connections to a > > different backends. > > > > Otherwise, it seems in large enterprise deployment with high > > availability a Director implementation will be needed, hopefully we will > > find an alternative solution by the time Dovecot 3 is released. > > > > I might need to get my head around building dovecot with customised > > modules and review the code which was removed and return it back, if > > anyone is planning to this, and well off ahead of me, please let me > > know, we might be able to help one another. > > > > With thanks. > > > > Zakaria. > >
Am 21.10.22 um 13:14 schrieb Amol Kulkarni:> Nginx has an mail proxy for pop, imap, smtp. > Can it be used instead of director ? > >Nginx can authenticate imap/smtp (and probably pop3) users. If you that, you can define a backend server the session is routed to. Currently I use that approach to authenticate users by client certificates and route them to the appriopriate backend (well, I only have one ;-). -- Cheers spi -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20221021/3b0f0e6d/attachment.htm>