dominik
2015-Jul-20 15:06 UTC
Problems with IMAP/POP and dovecot director on backend (director_proxy_maybe)
Hello dovecot community, first of all: dovecot ist great! ;) ...nevertheless I?ve got some problems to get my director scenario running as needed/expected :( My scenario: I?d like to configure two dovecot backends, without the need for multiple dovecot instances. Both backend servers are active/active and act on top of a glusterfs storage, which implies the need for dovecot director. As described in release notes (v2.2.17) this should be possible by setting the extra field "director_proxy_maybe=yes".: "+ director: Implemented director_proxy_maybe passdb extra field to be able to run director and backend in the same Dovecot instance. (LMTP doesn't support mixed proxy/non-proxy destinations currently.)" My setup: * 1 LMTP client (SLES11p3 with postfix) * 1 IMAP/POP3 client (Debian8 with thunderbird 31.6.0): 10.0.0.26. The client connects through a dovecot mailproxy or direct. * 1 dovecot mailproxy: 10.0.1.151 * 2 mailbox backends running dovecot v2.2.18 on SLES11p3 with mail_location pointing to a glusterfs-mountpoint (GlusterFS: v3.6.3) * mailbox01.example.de: 10.0.2.21 * mailbox02.example.de: 10.0.2.22 * mailbox-gluster.example.de points as an A-RR to 10.0.2.21 and 10.0.2.22. My problem: With LMTP everything works fine (thanks for this!). The director sets the "host" field correctly and all delivery attempts work fine to the estimated backend servers. But when I try to connect via IMAP-/POP3-client (through proxy or direct) it fails with following log messages. It seems, that the director doesn?t set the host field within IMAP/POP sessions before proxying!? auth: Debug: auth client connected (pid=46359) imap-login: ID sent: x-session-id=V3iJmU4biAAK/BAa, x-originating-ip=10.0.0.26, x-originating-port=54408, x-connected-ip=10.0.1.151, x-connected-port=143, x-proxy-ttl=4: user=<>, rip=10.0.1.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX> auth: Debug: client in: AUTH 1 PLAIN service=imap session=RVnAm04bzwAK/FCX lip=10.0.2.21 rip=10.0.1.151 lport=143 rport=54735 resp=<hidden> auth: Debug: ldap(tester at example.de,10.0.1.151,<RVnAm04bzwAK/FCX>): bind search: base=o=example,c=de filter=(&(|(uid=tester at example.de)(mail=tester at example.de))(!(<cut-cut-cut>)) [...] auth: Debug: client passdb out: OK 1 user=tester at example.de director_proxy_maybe=yes lip=10.0.2.21 lport=143 proxy pass=<hidden> imap-login: Debug: Ignoring unknown passdb extra field: director_proxy_maybe imap-login: Debug: Ignoring unknown passdb extra field: lip imap-login: Debug: Ignoring unknown passdb extra field: lport imap-login: Error: proxy: host not given: user=<tester at example.de>, method=PLAIN, rip=10.0.2.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX> imap-login: Disconnected (internal failure, 1 successful auths): user=<tester at example.de>, method=PLAIN, rip=10.0.2.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX> Finally the output of "doveadm proxy list" is empty! "doveadm director map" output after a successfull LMTP delivery attempt (before: doveadm director flush all): user hash mail server ip expire time tester at example.de 856838019 10.0.2.21 2015-07-20 15:49:18 "doveadm director map" output after a failed IMAP session attempt (before: doveadm director flush all): user hash mail server ip expire time tester at example.de 856838019 10.0.2.21 2015-07-20 15:50:02 So, director seems to work in this constellation, but only for LMTP and not for IMAP/POP Proxy :( Has anybody configured this before? Thanks in advance and a lot of greetings from Germany, Dominik ############ My config (mailbox01.example.de. mailbox02.example.de is identical, except the hostname): # doveconf -n # 2.2.18: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 (0c4ae064f307+) # OS: Linux 3.0.101-0.46-default x86_64 SUSE Linux Enterprise Server 11 (x86_64) auth_cache_negative_ttl = 0 auth_cache_ttl = 5 mins auth_debug = yes auth_master_user_separator = "#" auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1 director_consistent_hashing = yes director_mail_servers = mailbox-gluster.example.de director_servers = 10.0.2.21:9090 10.0.2.22:9090 disable_plaintext_auth = no imap_metadata = yes listen = mailbox01.example.de lmtp_proxy = yes lmtp_save_to_detail_mailbox = yes lock_method = dotlock login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> %k login_trusted_networks = 10.0.2.0/24 mail_access_groups = dovecot mail_attribute_dict = file:Maildir/dovecot-metadata mail_debug = yes mail_fsync = always mail_location = maildir:~/Maildir/ mail_plugins = quota acl managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mmap_disable = yes namespace { inbox = yes location mailbox Archiv { special_use = \Archive } mailbox Entw?rfe { special_use = \Drafts } mailbox "Gel?schte Objekte" { special_use = \Trash } mailbox "Gesendete Objekte" { special_use = \Sent } mailbox Sent { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox unerw?nscht { special_use = \Junk } prefix = INBOX/ separator = / } namespace { disabled = yes list = children location = maildir:%%h/:INDEXPVT=~/dovecot.index.shared/%%u/ prefix = SHARED/%%u/ separator = / type = shared } passdb { args = /***********/passwd.masterusers driver = passwd-file master = yes } passdb { args = /etc/dovecot/ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db } postmaster_address = postmaster@%d protocols = " imap lmtp pop3" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/saslauth_via_dovecot { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { mode = 0666 user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0600 user = $default_login_user } inet_listener { port = 9090 } unix_listener director-userdb { mode = 0666 } unix_listener login/director { mode = 0666 } } service doveadm { inet_listener { port = 24245 } } service imap-login { executable = imap-login director inet_listener imaps { port = 0 } } service ipc { unix_listener ipc { user = dovecot } } service lmtp { inet_listener lmtp { port = 24 } } service managesieve-login { inet_listener sieve { address = mailbox01.example.de } } service pop3-login { executable = pop3-login director } ssl = no ssl_cipher_list = kEECDH+aRSA+AES256:kEDH+aRSA+AES256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA ssl_dh_parameters_length = 4096 ssl_options = no_compression ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1 userdb { args = /etc/dovecot/ldap.conf driver = ldap } verbose_proctitle = yes protocol lmtp { auth_socket_path = director-userdb mail_plugins = quota notify mail_log } protocol imap { imap_id_log = * mail_plugins = quota fts fts_squat imap_quota mail_log notify acl imap_acl } protocol pop3 { mail_plugins = quota acl pop3_uidl_format = %fan } ################ My /etc/dovecot/ldap.conf: uris = ldap://ldap.example.de pass_filter = (&(|(uid=%u)(mail=%u))(!(<cut-cut-cut>))) pass_attrs = =proxy_maybe=yes, \ =director_proxy_maybe=yes user_filter = (&(|(uid=%u)(mail=%u)(mailAlternateAddress=%u))(!(<cut-cut-cut>))) user_attrs = =master_user=%u, \ =uid=%{ldap:qmailUID:12345}, \ =gid=%{ldap:qmailGID:12345}, \ =home=/mnt/testvol2/%{ldap:mailMessageStore}/%1{ldap:mail}/%{ldap:mail}/, \ =quota_rule=*:bytes=%{ldap:mailQuotaSize:128M} iterate_attrs = mail=user iterate_filter = (objectClass=qmailuser)