search for: haproxy_trusted_networks

Displaying 20 results from an estimated 37 matches for "haproxy_trusted_networks".

2020 Feb 10
2
starttls for some services only
Hi Aki, On 10.02.20 17:03, Aki Tuomi wrote: > Try setting > > login_trusted_networks = lb-ip/32 > > See? > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks I do have login-trusted_networks set already. Along with the proxy protocol (haproxy_trusted_networks = lb-ip) I had to set login_trusted_networks to 0.0.0.0/0 actually because the proxy protocol tells dovecot the real clients' IP address and that IP adders is the one actually evaluated for login_trusted_networks. With the plain authentication being done inside the load balancer's TLS conne...
2017 Oct 26
2
haproxy ssl support
...mode tcp balance leastconn stick store-request src stick-table type ip size 200k expire 30m timeout connect 5000 timeout server 50000 server proxy1 [2001:db8::11]:10110 send-proxy-v2-ssl server proxy2 [2001:db8::22]:10110 send-proxy-v2-ssl --- --- dovecot.conf haproxy_trusted_networks = [2001:db8::]/64 service pop3-login { inet_listener pop3_haproxy { port = 10110 haproxy = yes } } --- It would also be nice if haproxy would support STARTTLS offloading but that's a subject for a different mailing list ;) -- BR, Rok
2015 Aug 20
2
PROXY protocol
On 19/8/2015 5:43 ??, Stephan Bosch wrote: > Well... > > http://hg.dovecot.org/dovecot-2.2/rev/4d7a83ddb644 > > Regards, > > Stephan. That was impressive! Thank you Timo and Stephan. You are superb! I hope you will be able to provide some basic guidelines on how to enable/use the new functionality. (I am not very code-literate.) Looking forward to it! Thanks again!
2020 Feb 10
0
starttls for some services only
...i Tuomi wrote: > > Try setting > > > > login_trusted_networks = lb-ip/32 > > > > See? > > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks > > I do have login-trusted_networks set already. Along with the proxy > protocol (haproxy_trusted_networks = lb-ip) I had to set > login_trusted_networks to 0.0.0.0/0 actually because the proxy protocol > tells dovecot the real clients' IP address and that IP adders is the one > actually evaluated for login_trusted_networks. With the plain > authentication being done inside the load bala...
2017 Oct 26
1
haproxy ssl support
...stick-table type ip size 200k expire 30m >> timeout connect 5000 >> timeout server 50000 >> server proxy1 [2001:db8::11]:10110 send-proxy-v2-ssl >> server proxy2 [2001:db8::22]:10110 send-proxy-v2-ssl >> --- >> >> --- dovecot.conf >> haproxy_trusted_networks = [2001:db8::]/64 >> service pop3-login { >> inet_listener pop3_haproxy { >> port = 10110 >> haproxy = yes >> } >> } >> --- >> >> It would also be nice if haproxy would support STARTTLS offloading but >> that's a subject...
2015 Aug 20
2
PROXY protocol
On 20/8/2015 10:35 ??, Tim Groeneveld wrote: > # This is a list of trusted networks... ips are seperated by ", " > # default, empty > haproxy_trusted_networks = 10.1.2.0/24, 10.2.1.0/24 > > # This is the timeout... in seconds. > # default, 3 > # haproxy_timeout = 3 > > # modify your inet listener's to include haproxy=yes > inet_listener { > haproxy = yes > } Thank you Tim, As soon as I manage to re-build Dovecot with...
2016 Dec 06
2
Dovecot: Mails flagged as read get flagged as unread
...2.24 (a82c823): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.5 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@* default_client_limit = 5000 default_process_limit = 500 disable_plaintext_auth = no haproxy_trusted_networks = 10.10.189.28,10.10.189.29 imap_capability = IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS listen = 10.10.189.25 mail_location = mdbox:%h/mdbox mail_max_userip_connections = 0 mail_plugins = zlib mdbox_rotate_size = 10 M namesp...
2017 Oct 13
2
Question regarding replication - duplicate emails
...6). Also note that HAproxy is prepared but not in use at all. # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.20 (7cd71ba) # OS: FreeBSD 11.1-RELEASE amd64 auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it haproxy_trusted_networks = IPv4_Haproxy IPv6_Haproxy lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_fsync = always mail_location = sdbox:~/sdbox mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fil...
2017 Mar 18
0
replication issues between to nodes
...otocols = !SSLv2 !SSLv3 Machine A (the best working machine) # 2.2.28 (bed8434): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.17 (e179378) # OS: FreeBSD 11.0-RELEASE-p8 amd64 auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it haproxy_trusted_networks = XXXX/X lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_fsync = always mail_location = mdbox:~/mdbox mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = filei...
2020 Jul 03
0
Mail replication fails between v2.2.27 and v2.3.4.1
...d; -------------- next part -------------- # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-11-amd64 x86_64 Debian 9.11 auth_mechanisms = plain login default_vsz_limit = 512 M doveadm_password = # hidden, use -P to show it first_valid_uid = 100 haproxy_trusted_networks = 192.168.0.0/24 mail_location = mdbox:~/mdbox:ALT=/srv/mail/alt/%d/%n mail_log_prefix = "%Ls[%p]: user=<%u>, " mail_plugins = " acl notify replication acl stats" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-charact...
2015 Aug 20
0
PROXY protocol
...e basic guidelines on how to > enable/use the new functionality. (I am not very code-literate.) Looking through the code, the functionality should not be too hard to enable using the configuration: # This is a list of trusted networks... ips are seperated by ", " # default, empty haproxy_trusted_networks = 10.1.2.0/24, 10.2.1.0/24 # This is the timeout... in seconds. # default, 3 # haproxy_timeout = 3 # modify your inet listener's to include haproxy=yes inet_listener { haproxy = yes } As for HAProxy, the configuration would look something like this: listen smtp :25 mode tcp...
2017 Oct 26
0
haproxy ssl support
...store-request src > stick-table type ip size 200k expire 30m > timeout connect 5000 > timeout server 50000 > server proxy1 [2001:db8::11]:10110 send-proxy-v2-ssl > server proxy2 [2001:db8::22]:10110 send-proxy-v2-ssl > --- > > --- dovecot.conf > haproxy_trusted_networks = [2001:db8::]/64 > service pop3-login { > inet_listener pop3_haproxy { > port = 10110 > haproxy = yes > } > } > --- > > It would also be nice if haproxy would support STARTTLS offloading but > that's a subject for a different mailing list ;) >...
2015 Aug 21
0
PROXY protocol
...s I manage to re-build Dovecot with the latest snapshot, I'll > test it! Hello, I've built dovecot with a today snapshot from hg (dovecot-2-2-9f815e781beb) and I am trying to enable haproxy. I configured as follows (lines added compared to initial config are marked with +): + haproxy_trusted_networks = 62.217.xxx.xxx/29, 2001:648:xxx:xxx::/64 service auth { + inet_listener { + haproxy = yes + } unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { gro...
2017 Oct 21
1
Question regarding replication - duplicate emails
...t; # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf > > # Pigeonhole version 0.4.20 (7cd71ba) > > # OS: FreeBSD 11.1-RELEASE amd64 > > auth_mechanisms = plain login > > disable_plaintext_auth = no > > doveadm_password = # hidden, use -P to show it > > haproxy_trusted_networks = IPv4_Haproxy IPv6_Haproxy > > lda_mailbox_autocreate = yes > > lda_mailbox_autosubscribe = yes > > lmtp_save_to_detail_mailbox = yes > > mail_fsync = always > > mail_location = sdbox:~/sdbox > > mail_plugins = " quota notify replication" > > man...
2020 Oct 25
1
Dovecot replication not picking up new mail in maildir
...t see any issue with the settings. Output of doveconf -n: # 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf # OS: Linux 4.19.118-0-vanilla x86_64 CentOS Linux release 7.8.2003 (Core) # Hostname: imap1 disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it first_valid_uid = 1000 haproxy_trusted_networks = 172.16.0.0/24 mail_location = maildir:~/Mail mail_plugins = zlib notify replication mailbox_list_index = yes mailbox_list_index_include_inbox = yes maildir_empty_new = yes mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts }...
2020 Feb 10
2
starttls for some services only
Hi, I would like to disable offering starttls to clients for certain dovecot services. Background is that I want to do let a load balancer do the TLS stuff right on connect time and let dovecot only do plain imap without offering starttls (because the clients do imaps actually). Getting rid of the starttls feature offering works only if I set ssl = no globally only. Setting it in the service
2016 Jul 06
3
Master-Master replication question
...uded below the configurations from server A and B: Server A: # 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.14 (099a97c) # OS: FreeBSD 10.3-RELEASE-p2 amd64 auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it haproxy_trusted_networks = YYYY lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_save_to_detail_mailbox = yes mail_debug = yes mail_fsync = always mail_location = mdbox:~/mdbox mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileint...
2015 Oct 13
1
Dovecot - Postfix with HAproxy
...roxy 10465 inet n ? n ? 1 postscreen smtpd pass ? ? n ? ? smtpd S ##DOVECOT # 2.2.19 (719e7f8fd70b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.9 # OS: Linux 2.6.32-41-pve x86_64 Debian 7.9 simfs auth_debug = yes auth_verbose = yes disable_plaintext_auth = no *haproxy_timeout = 5 secs** **haproxy_trusted_networks = x.x.x.x* log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/mailbox/%d/%n mail_max_userip_connections = 0 mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress compara...
2019 Sep 25
1
'director_tag' field returned from passdb lookup results in 'unknown passdb extra field'
...h_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes director_mail_servers = 192.168.0.1 at foo 192.168.0.2 at bar 192.168.0.3 at foobar director_servers = x.x.x.x y.y.y.y director_user_expire = 5 mins disable_plaintext_auth = no doveadm_port = 24245 haproxy_trusted_networks = x.x.x.x y.y.y.y 127.0.0.1 login_greeting = Dovecot At Your Service managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify env...
2017 Oct 20
0
Question regarding replication - duplicate emails
...t; not in use at all. > > # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.20 (7cd71ba) > # OS: FreeBSD 11.1-RELEASE amd64 > auth_mechanisms = plain login > disable_plaintext_auth = no > doveadm_password = # hidden, use -P to show it > haproxy_trusted_networks = IPv4_Haproxy IPv6_Haproxy > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > lmtp_save_to_detail_mailbox = yes > mail_fsync = always > mail_location = sdbox:~/sdbox > mail_plugins = " quota notify replication" > managesieve_notify_capability = mailto...