thr3ads.net - dovecot - director & backend on same server with director_proxy

If this information is useful, please help other people find it:
Share via:
lucas.raynaud at ircf.fr
2021-May-21 09:21 UTC
director & backend on same server with director_proxy_maybe

Hello,

I've 2 mail servers, as test server, with dovecot as backend and setup 
pop3 and imap connections and NFS. For prevent issues with simultaneous 
connections I want to setup up Director on the same VM and on the same 
instance as the backend Dovecot.

I found in the documentation that this configuration is broken, but can 
work with development, and after research on the internet and on the 
questions encountered previously as on :

https://dovecot.org/pipermail/dovecot/2015-July/101483.html

https://dovecot.org/pipermail/dovecot/2011-September/130939.html

https://dovecot.org/pipermail/dovecot/2012-June/136535.html

I find it quite unclear if this is really possible with 
director_proxy_maybe, which according to the changelog, allows this 
setup to work.

Today I've reached this level with those errors:

IPs :

 ??? mail4 : XX.XX.111.8

 ??? mail3 : XX.XX.51.247

doveadm director ring status

director ip? port type last failed status ??? // on mail3
XX.XX.51.247 9090 self? never synced
XX.XX.111.8? 9090? l+r never?????? synced

doveadm director status lucas.raynaud at ircf.fr

Current: 5.196.111.8 (expires 2021-05-21 10:48:51)
Hashed: 5.196.111.8
Initial config:

login with lucas.raynaud at ircf.fr on mail4

mail log on mail4

May 21 10:51:52 mail4 dovecot: auth-worker(12917): Debug: 
sql(lucas.raynaud at ircf.fr,XX.XX.111.8,<4h3SK9PCYsIFxG8I>): query:
SELECT
password, 'y' as proxy_maybe, 'y' as director_proxy_maybe FROM
mail_user
WHERE (login = 'lucas.raynaud at ircf.fr' OR email = 
'lucas.raynaud at ircf.fr') AND disableimap = 'n' AND server_id
= '8'
May 21 10:51:52 mail4 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=lucas.raynaud at
ircf.fr#011director_proxy_maybe=y#011lip=XX.XX.111.8#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: director_proxy_maybe
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lip
May 21 10:51:52 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lport
May 21 10:51:52 mail4 dovecot: imap-login: Error: proxy: host not given: 
user=<lucas.raynaud at ircf.fr>, method=PLAIN, rip=XX.XX.111.8, 
lip=XX.XX.111.8, secured, session=<4h3SK9PCYsIFxG8I>
May 21 10:51:52 mail4 dovecot: imap-login: Disconnected (internal 
failure, 1 successful auths): user=<lucas.raynaud at ircf.fr>, 
method=PLAIN, rip=XX.XX.111.8, lip=XX.XX.111.8, secured, 
session=<4h3SK9PCYsIFxG8I>

no log on mail3


login with lucas.raynaud at ircf.fr on mail3

mail log on mail3

May 21 10:55:07 mail3 dovecot: auth-worker(19907): Debug: 
sql(lucas.raynaud at ircf.fr,XX.XX.51.247,<Hh5yN9PCRtAFxDP3>): query: 
SELECT password, 'y' as proxy_maybe, 'y' as director_proxy_maybe
FROM
mail_user WHERE (login = 'lucas.raynaud at ircf.fr' OR email = 
'lucas.raynaud at ircf.fr') AND disableimap = 'n' AND server_id
= '8'
May 21 10:55:07 mail3 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=lucas.raynaud at
ircf.fr#011director_proxy_maybe=y#011lip=XX.XX.51.247#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: director_proxy_maybe
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lip
May 21 10:55:07 mail3 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lport
May 21 10:55:07 mail3 dovecot: imap-login: proxy(lucas.raynaud at ircf.fr): 
Login failed to XX.XX.111.8:143: [UNAVAILABLE] Account is temporarily 
unavailable.: user=<lucas.raynaud at ircf.fr>, method=PLAIN, 
rip=XX.XX.51.247, lip=XX.XX.51.247, secured, session=<Hh5yN9PCRtAFxDP3>
May 21 10:55:07 mail3 dovecot: imap-login: Disconnected (proxy dest auth 
failed): user=<lucas.raynaud at ircf.fr>, method=PLAIN, rip=XX.XX.51.247, 
lip=XX.XX.51.247, secured, session=<Hh5yN9PCRtAFxDP3>

mail log on mail4

May 21 10:55:07 mail4 dovecot: auth-worker(13096): Debug: 
sql(lucas.raynaud at ircf.fr,XX.XX.51.247,<rI10N9PCyKsFxDP3>): query: 
SELECT password, 'y' as proxy_maybe, 'y' as director_proxy_maybe
FROM
mail_user WHERE (login = 'lucas.raynaud at ircf.fr' OR email = 
'lucas.raynaud at ircf.fr') AND disableimap = 'n' AND server_id
= '8'
May 21 10:55:07 mail4 dovecot: auth: Debug: client passdb out: 
OK#0111#011user=lucas.raynaud at
ircf.fr#011director_proxy_maybe=y#011lip=XX.XX.111.8#011lport=143#011proxy#011pass=x9Im.bprP!CWzbgQ
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: director_proxy_maybe
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lip
May 21 10:55:07 mail4 dovecot: imap-login: Debug: Ignoring unknown 
passdb extra field: lport
May 21 10:55:07 mail4 dovecot: imap-login: Error: proxy: host not given: 
user=<lucas.raynaud at ircf.fr>, method=PLAIN, rip=XX.XX.51.247, 
lip=XX.XX.111.8, session=<rI10N9PCyKsFxDP3>
May 21 10:55:07 mail4 dovecot: imap-login: Disconnected (internal 
failure, 1 successful auths): user=<lucas.raynaud at ircf.fr>, 
method=PLAIN, rip=XX.XX.51.247, lip=XX.XX.111.8,
session=<rI10N9PCyKsFxDP3>

sql query :

password_query = SELECT password, 'y' as proxy_maybe, 'y' as 
director_proxy_maybe FROM mail_user WHERE (login = '%u' OR email =
'%u')
AND disable%Ls = 'n' AND server_id = '8'

It seems that Director is working but not adding the "host" extra
field
when it should, also it's strange that the director_proxy_maybe is unknown.

Is it really possible to configure director on same instance as backend? 
Is director_proxy_maybe working? Also do you have answers about my problems?

Thanks for advance.

Lucas

############

mail3's and mail4's configs are the same.

dovecot -n

# 2.2.27 (): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 ()
# OS: Linux 4.9.0-14-amd64 x86_64 Debian 9.13
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_proxy_self = XX.XX.111.8
auth_verbose = yes
dict {
 ? quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
director_mail_servers = XX.XX.111.8 XX.XX.51.247
director_servers = XX.XX.111.8 XX.XX.51.247
director_user_expire = 5 mins
disable_plaintext_auth = no
doveadm_port = 24245
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = " quota"
mail_privileged_group = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
 ? inbox = yes
 ? location  ? mailbox Drafts {
 ??? special_use = \Drafts
 ? }
 ? mailbox Junk {
 ??? special_use = \Junk
 ? }
 ? mailbox Sent {
 ??? special_use = \Sent
 ? }
 ? mailbox "Sent Messages" {
 ??? special_use = \Sent
 ? }
 ? mailbox Trash {
 ??? special_use = \Trash
 ? }
 ? prefix }
passdb {
 ? args = /etc/dovecot/dovecot-sql.conf.ext
 ? driver = sql
}
plugin {
 ? quota = dict:user::file:/var/vmail/%d/%n/.quotausage
 ? quota_warning = storage=90%% quota-warning 90 %u
 ? sieve = /var/vmail/%d/%n/.sieve
 ? sieve_after = /etc/dovecot/sieve/after.d
 ? sieve_before = /var/vmail/%d/%n/sieve
 ? sieve_dir = /var/vmail/%d/%n/sieve/
 ? sieve_global_dir = /etc/dovecot/sieve
}
pop3_reuse_xuidl = yes
pop3_save_uidl = yes
pop3_uidl_format = UID%u-%v
protocols = " imap sieve pop3"
service auth {
 ? unix_listener /var/spool/postfix/private/auth {
 ??? group = postfix
 ??? mode = 0660
 ??? user = postfix
 ? }
 ? unix_listener auth-userdb {
 ??? group = vmail
 ??? mode = 0600
 ??? user = vmail
 ? }
}
service director {
 ? fifo_listener login/proxy-notify {
 ??? mode = 0666
 ??? user = $default_login_user
 ? }
 ? inet_listener {
 ??? port = 9090
 ? }
 ? unix_listener director-userdb {
 ??? mode = 0600
 ? }
 ? unix_listener login/director {
 ??? mode = 0666
 ? }
}
service doveadm {
 ? inet_listener {
 ??? port = 24245
 ? }
}
service imap-login {
 ? executable = imap-login director
 ? inet_listener imap {
 ??? port = 143
 ? }
}
service ipc {
 ? unix_listener ipc {
 ??? user = dovecot
 ? }
}
service pop3-login {
 ? executable = pop3-login director
 ? inet_listener pop3 {
 ??? port = 110
 ? }
}
service quota-warning {
 ? executable = script /usr/local/bin/mail-scripts/quota-warning.sh
 ? unix_listener quota-warning {
 ??? group = vmail
 ??? mode = 0660
 ??? user = vmail
 ? }
 ? user = vmail
}
ssl_cert = </opt/ssl/ircf.crt
ssl_key =? # hidden, use -P to show it
userdb {
 ? args = /etc/dovecot/dovecot-sql.conf.ext
 ? driver = sql
}
protocol lmtp {
 ? auth_socket_path = director-userdb
}
protocol doveadm {
 ? auth_socket_path = director-userdb
}
protocol lda {
 ? mail_plugins = " quota sieve quota"
}
protocol imap {
 ? auth_socket_path = director-userdb
 ? mail_max_userip_connections = 16
 ? mail_plugins = " quota quota imap_quota"
}
protocol pop3 {
 ? auth_socket_path = director-userdb
 ? mail_max_userip_connections = 16
 ? mail_plugins = " quota quota"
}
local 10.10.10.0/24 {
 ? doveadm_password =? # hidden, use -P to show it
}
dovecot - May 2021 - director & backend on same server with director_proxy_maybe

director & backend on same server with director_proxy_maybe
