We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario. http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever. Any input or suggestions would be appreciated. Justin Krejci
I get the feeling not many people are using Dovecot proxy with MySQL auth. Is there anyone who has done this before? We might end up going with something like NGINX for the proxy instead if we cannot figure out if and how this should work for our type of scenario but it would be nice if we could go with fewer components. -----Original Message----- From: dovecot-bounces+jkrejci=usinternet.com at dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet.com at dovecot.org] On Behalf Of Justin Krejci Sent: Wednesday, November 26, 2008 11:57 AM To: 'Dovecot Mailing List' Subject: [Dovecot] Dovecot Proxy with MySQL auth We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario. http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever. Any input or suggestions would be appreciated. Justin Krejci
On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote:> http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > At the bottom of this page it gives a query example of "SELECT NULL AS > password, ." but that does not seem to allow for us to use the proxy_maybeRight. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20081130/c8e9fcc1/attachment-0002.bin>
The info is appreciated, thanks for the update! We will try it out and respond with feedback. -----Original Message----- From: Timo Sirainen [mailto:tss at iki.fi] Sent: Saturday, November 29, 2008 7:49 PM To: Justin Krejci Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote:> http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > At the bottom of this page it gives a query example of "SELECT NULL AS > password, ." but that does not seem to allow for us to use the proxy_maybeRight. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work.