dovecot - Dec 2020 - Combine director and HAProxy for loadbalancig and failover

Hi All

I?m trying to achive an active/active cluster with dovecot-director and HAProxy,
as the director does not do health checks (loadblancing only) and I want both,
loadblancing AND failover, where the latter is far more important to me
(loadblancing I would just use as an addon and for curiosity, it is not really
need in my setup).

However, I?m not sure if this combination can be used that way, as I found
almost no documentation on this.

What I found is using either directory OR haproxy with dovecot, but not both.
So I guess, that the description here is intended to use without the director:
https://wiki2.dovecot.org/HAProxy

This older list post is basically exaclty, what I?m trying to achive:
https://dovecot.org/pipermail/dovecot/2015-July/101487.html
Clients --> Load Balancer(HAProxy) --> Dovecot Proxy(DP) --> Dovecot
Director(DD) --> MS1 / MS2

As far as I understood, this would require to (statically) set a host= entry for
each client which would give another single point of failure?

However reading the documentation:
https://doc.dovecot.org/configuration_manual/haproxy/ assumes that this setup IS
actually possible.
Unfortunately it does not describe how dovecot must be setup at this point.

So I assume since HAProxy is listening on port 1143 (for IMAP) and dovecot (with
directror enabled) is listening on port 143, which is the main entry point for
clients. So in this setup dovecot-director should first pass the mail traffic to
HAProxy on port 1143 and then HAProxy passes it to the actual imap servers?

So how would the dovecot setup on the director servers look like and how on the
dovecot imap mail servers?

My setup consist of each two machines: loadblancer (with HAProxy and
dovecot-director) and dovecot imap servers.

Last but not least, I found documentation for ?dovemon?, which, if I got that
correctly, should replace the external tool ?poolmon?:
https://doc.dovecot.org/configuration_manual/dovemon/ - However, I could not
find out where the configuration YAML file (/etc/dovecot/dovemon.config.yml)
should get included in the main dovecot configuration. By default this file
would not be included at all and therefore would have no effect?

thanks.
Steven



My setup:

LOADBALANCERS:
Currently one only running on: 10.0.2.26

haproxy: Exactly as: https://doc.dovecot.org/configuration_manual/haproxy/ where
the backend servers line have been replaced with the mail servers.


dovecot -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 3.10.0-1127.19.1.el7.x86_64 x86_64 CentOS Linux release 7.8.2003
(Core)
# Hostname: lb01.example.com
auth_verbose = yes
director_mail_servers = 10.0.2.30 10.0.2.29
director_servers = 10.0.2.26
disable_plaintext_auth = no
first_valid_uid = 1000
haproxy_trusted_networks = 10.0.2.0/24
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location   mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix }
passdb {
  args = proxy=y ssl=any-cert nopassword=y
  driver = static
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap pop3 lmtp sieve
service director {
  fifo_listener login/proxy-notify {
    mode = 0666
  }
  inet_listener {
    port = 9090
  }
  unix_listener director-userdb {
    mode = 0600
  }
  unix_listener login/director {
    mode = 0666
  }
}
service imap-login {
  executable = imap-login director
  inet_listener imap {
    port = 143
  }
  inet_listener imap_haproxy {
    haproxy = yes
    port = 10143
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
service pop3-login {
  executable = pop3-login director
}
ssl_cert = </etc/letsencrypt/live/mail-lb.tech-island.xyz/fullchain.pem
ssl_key =  # hidden, use -P to show it
verbose_proctitle = yes
protocol lmtp {
  auth_socket_path = director-userdb
  mail_plugins = " sieve"
}
protocol lda {
  mail_plugins = " sieve"
}



MAIL SERVERS:
mx01: 10.0.2.30
mx02: 10.0.2.29

dovecot -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 3.10.0-1127.19.1.el7.x86_64 x86_64 CentOS Linux release 7.8.2003
(Core)
# Hostname: mx01.example.com
auth_mechanisms = plain login
auth_verbose = yes
dict {
  sqlquota = mysql:/etc/dovecot/dict-sqlquota.conf.ext
}
doveadm_password =  # hidden, use -P to show it
doveadm_port = 14310
first_valid_uid = 1000
login_trusted_networks = 10.0.2.0/24
mail_location = maildir:~/Maildir
mail_plugins = quota notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location   mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix   separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  mail_replica = tcp:10.0.2.29
  quota = maildir:User quota
  quota_exceeded_message = Quota exceeded, please go to
http://www.tech-island.xyz/over_quota_help for instructions on how to fix this.
  quota_rule2 = INBOX.Trash:storage=+100M
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full / Mailbox ist voll
  quota_status_success = DUNNO
  quota_warning = storage=90%% quota-warning 90 %u
  quota_warning2 = -storage=90%% quota-warning below %u
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = postmaster at tech-island.xyz
protocols = imap pop3 lmtp sieve
replication_dsync_parameters = -d -l 30 -U
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
  }
  unix_listener replication-notify {
    user = vmail
  }
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    user = vmail
  }
}
service dict {
  unix_listener dict {
    user = vmail
  }
}
service doveadm {
  inet_listener {
    port = 14310
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    port = 14340
  }
}
service quota-warning {
  executable = script /usr/local/libexec/dovecot/quota-warning.sh
  unix_listener quota-warning {
    user = vmail
  }
  user = vmail
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    mode = 0600
    user = vmail
  }
}
ssl = required
ssl_cert = </etc/ssl/acme/certs/mail.tech-island.xyz.chain.crt
ssl_key =  # hidden, use -P to show it
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = quota notify replication sieve
}
protocol lda {
  mail_plugins = quota notify replication sieve
}
protocol imap {
  mail_max_userip_connections = 20
  mail_plugins = quota notify replication imap_quota
}



-- 
https://steven.varco.ch/