Hello everyone,
I'm on a small dovecot director -> dovecot mailbox setup and I try to
get doveadm command proxying to work.
Though I don't get the expected output. My directors do not forward the
doveadm commands to the expected backend host.
Doveadm is working as expected on the backend hosts, the director hosts
just dont log anything about the proxying that should happen or anything
else about the doveadm commands at all.
Can someone guide me in a direction on what to try next or maybe got a
working config regarding doveadm proxying?
Thanks in advance!
Some technical data regarding my problem:
Dovecot Version: 2.3.10 (0da0eff44)
Output of a 'doveadm director status' command:
mail server ip tag??? vhosts state state changed users
10.0.0.81? tag1 100??? up??? -???????????? 0
10.0.0.82? tag1 100??? up??? -???????????? 1
Output of a 'doveadm director ring status' command:
director ip?? port type? last failed status????? ping ms input output
buffered buffered peak last read?????????? last write
10.0.0.193 9090 self? never?????? ring synced 5?????? -???? - -???????
-???????????? -?????????????????? -
10.0.0.194 9090 right never?????? synced????? 0?????? 2051? 6400
0??????? 757?????????? 2020-05-28 09:56:37 2020-05-28 09:56:37
10.0.0.195 9090 left? never?????? synced????? 0?????? 4929? 1804
0??????? 37??????????? 2020-05-28 09:56:37 2020-05-28 09:56:37
This is my dovecot-director hosts configuration (doveadm related part):
service doveadm {
? inet_listener {
??? # any port you want to use for this:
??? port = 24245
? }
}
local 0.0.0.0 {
? # password to use for client authentication
? doveadm_password = secret
? # allow client to only use specified list of commands (default is all):
? #doveadm_allowed_commands }
# same port as doveadm's inet_listener
doveadm_port = 24245
protocol doveadm {
? # NOTE: director-userdb socket is actually used only for passdb
lookups, not userdb lookups
? auth_socket_path = director-userdb
}
And here the dovecot-backend hosts configuration (doveadm related part):
### director conf
service doveadm {
? inet_listener {
??? # any port you want to use for this:
??? port = 24245
? }
}
local 0.0.0.0 {
? # password to use for client authentication
? doveadm_password = secret
? # allow client to only use specified list of commands (default is all):
? #doveadm_allowed_commands }
A 'doveadm user -u test at test.com' command on the backend host:
userdb: test at test.com
? user????? : test at test.com
? home????? : /var/spool/imap/test at test.com
? quota???? : maildir:User quota
? quota_rule: *:storage=1048576:messages=153000
A 'doveadm user -u test at test.com' command on the director host:
userdb: test at test.com
? user????? : test at test.com
> On 28. May 2020, at 11.12, patosec <patosec at freedaten.at> wrote: > > A 'doveadm user -u test at test.com' command on the backend host: > userdb: test at test.com > user : test at test.com > home : /var/spool/imap/test at test.com > quota : maildir:User quota > quota_rule: *:storage=1048576:messages=153000 > > A 'doveadm user -u test at test.com' command on the director host: > userdb: test at test.com > user : test at test.com >doveadm user is executed locally as director has its own userdb. try doveadm mailbox list -u <uid> Sami
Am 5/28/2020 um 10:22 AM schrieb Sami Ketola:> >> On 28. May 2020, at 11.12, patosec <patosec at freedaten.at> wrote: >> >> A 'doveadm user -u test at test.com' command on the backend host: >> userdb: test at test.com >> user : test at test.com >> home : /var/spool/imap/test at test.com >> quota : maildir:User quota >> quota_rule: *:storage=1048576:messages=153000 >> >> A 'doveadm user -u test at test.com' command on the director host: >> userdb: test at test.com >> user : test at test.com >> > doveadm user is executed locally as director has its own userdb. try doveadm mailbox list -u <uid> > > SamiThanks alot! That brought me into the right direction, with "doveadm mailbox list -u <uid>" I got an usefull error message! somehow doveadm_password ist not working that way: local 0.0.0.0 { ? doveadm_password = secret } I had to set it without the local x.x.x.x part, now it works :) I though will investigate this further, if this ip limitation with local is not working I need to setup iptables to restrict the access, but I don't really want to go this direction. Thanks!