dovecot - Jul 2012 - doveadm director status username != doveadm director status username@mailserver

Hi,

I've almost finished my new director based setup, but in the first test 
I discovered that imap and lmtp connections were not always being 
proxied to the same server. After some research now I think that the 
main problem is that in imap connections users connect as 'username' 
while lmtp connections are as 'username at mailserver'.

In my current setup I receive mail via SMTP in my director servers 
(which are loadbalanced by a CISCO machine), and then they send them to 
dovecot running on localhost. I've tried to get rid of the @mailserver 
in postfix in a generic way with no success.

Is there any way to redirect connections based only in the local part of 
the address? Or there is a way to get rid of the @mailserver in the 
postfix -> lmtp connection?

Both doveadm config -n and postconf -n are attached.

Thanks.

$ doveadm config -n
# 2.1.8: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.17.1.el6.x86_64 x86_64 Red Hat Enterprise Linux 
Server release 6.2 (Santiago)
auth_debug = yes
auth_master_user_separator = *
auth_verbose = yes
director_mail_servers = buzones2.ehu.es buzones3.ehu.es
director_servers = director1.ehu.es director2.ehu.es
doveadm_proxy_port = 4444
lmtp_proxy = yes
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave
passdb {
   args = proxy=y nopassword=y starttls=any-cert
   driver = static
}
protocols = imap pop3 lmtp sieve
service auth {
   unix_listener auth-userdb {
     user = dovecot
   }
}
service director {
   fifo_listener login/proxy-notify {
     mode = 0666
   }
   inet_listener {
     port = 3333
   }
   unix_listener director-userdb {
     mode = 0600
   }
   unix_listener login/director {
     mode = 0666
   }
}
service doveadm {
   inet_listener {
     port = 4444
   }
}
service imap-login {
   executable = imap-login director
}
service lmtp {
   inet_listener ltmp {
     address = director2.ehu.es 127.0.0.1
     port = 24
   }
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service managesieve-login {
   executable = managesieve-login director
   vsz_limit = 128 M
}
service pop3-login {
   executable = pop3-login director
}
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
syslog_facility = local1
userdb {
   args = allow_allusers=yes
   driver = static
}
protocol lmtp {
   auth_socket_path = director-userdb
   mail_plugins = " sieve"
   syslog_facility = local2
}
protocol doveadm {
   auth_socket_path = director-userdb
}

$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
local_destination_concurrency_limit = 10
local_recipient_maps = ldap:/etc/postfix/ldap-local-recipients.cf 
proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_transport = lmtp:inet:localhost:24
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 15000000
mydestination = ehu.es, mailsever.ehu.es, othermailserver.ehu.es
mydomain = ehu.es
myhostname = director1.ehu.es
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relayhost = [smtp.ehu.es]
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

On 2012-07-17 6:43 AM, Joseba Torre <joseba.torre at ehu.es>
wrote:
> Is there any way to redirect connections based only in the local part of
> the address? Or there is a way to get rid of the @mailserver in the
> postfix -> lmtp connection?
First, my imap connections/logins show the full username 
(user at example.com) in the logs. I'm not using LMTP (yet), but don't 
think that affects imap logins...

Second, since, in a virtual setup, it is very likely that you will have 
a collision of the local part, shouldn't you be figuring out how to make 
imap logins use the full user at example.com instead?

-- 

Best regards,

Charles

On 17.7.2012, at 13.43, Joseba Torre wrote:
> I've almost finished my new director based setup, but in the first test
I discovered that imap and lmtp connections were not always being proxied to the
same server. After some research now I think that the main problem is that in
imap connections users connect as 'username' while lmtp connections are
as 'username at mailserver'.
> 
> In my current setup I receive mail via SMTP in my director servers (which
are loadbalanced by a CISCO machine), and then they send them to dovecot running
on localhost. I've tried to get rid of the @mailserver in postfix in a
generic way with no success.
> 
> Is there any way to redirect connections based only in the local part of
the address? Or there is a way to get rid of the @mailserver in the postfix
-> lmtp connection?
director_username_hash = %n

El 17/07/12 13:34, Lee Standen escribi?:
> One thing that stands out to me is the lack of passdb.  One of the
> recommendations I got from the passdb documentation was to override the
> user field, so the user is always logged in consistently.  Without this,
> "BOB", "bob" and "bob at mydomain.com
<mailto:bob at mydomain.com>" might all
> accept auth, but be handled differently!  If you configure your passdb,
> then you'll get some consistency, which will probably fix your director
> problem.
We don't use passdb in the directors because incoming mails have already 
been checked by postfix, and the final mail server need to check our 
ldap server for other values, so we check there. Actually, I still feel 
that I can override some ldap connections if I think about it carefully.

Thank you.
>
> At the very least, you probably want to lowercase all your usernames.
>