similar to: Error configuring dovecot instance as proxy

We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of

This patch allows the dovecot proxy processes to lookup the destination host by name instead of IP address. Tested agains 1.2.10, expected to work against 1.2.11. The patch is pretty straightforward, it's making it work within the restrictions of the login process that's more interesting. I have made some changes to the wiki (pending approval) to - enhance the discussion of proxy

> On Jul 7, 2018, at 2:12 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > you can add nopassword attribute to the end. See https://wiki.dovecot.org/PasswordDatabase/ExtraFields > > > --- > Aki Tuomi > Dovecot oy Hi Aki, Thank you for your reply. I have two questions regarding this: 1. Is the ?nopassword? attribute the same as specifying a null password

Hi all, We have Exim using Dovecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries. When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells

On 17.11.2016 10:30, Arkadiusz Mi?kiewicz wrote: > On Thursday 17 of November 2016, Aki Tuomi wrote: >> On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: >>> Hello. >>> >>> dovecot 2.2.26.0 >>> >>> When testing nopassword extra field >>> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 >>> dovecot

When using proxy_maybe CRAM-MD5 authentication fails when the connection is proxied. Is this expected behavior? Is proxy_maybe too simplified for this case? We're using SQL so I could rewrite the query with IFs to fake proxy_maybe and return the password as NULL and nologin as Y, but if it works that way couldn't it work with proxy_maybe? This works: password_query = \ SELECT NULL AS

On 17.11.2016 10:30, Arkadiusz Mi?kiewicz wrote: > On Thursday 17 of November 2016, Aki Tuomi wrote: >> On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: >>> Hello. >>> >>> dovecot 2.2.26.0 >>> >>> When testing nopassword extra field >>> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 >>> dovecot

Hi all, I have some IMAP servers fronted with separate perdition processes, and it would be ideal if I could collapse this down to having dovecot do both the IMAP proxying and the IMAP serving at the same time on the same IP addresses. One of the fields in my LDAP entries contains the canonical name of the server that hosts their mailbox, and if I follow the manual at

Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have a NULL password

On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > Hello. > > dovecot 2.2.26.0 > > When testing nopassword extra field > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot > doesn't allow any password (while it should) and returns > > " Authentication failed" > > while in logs: > > Nov 17 08:22:34 auth-worker(1551):

Hi Folks, I spent quite some time yesterday understanding how proxy works along with the director. I came to the conclusion that proxy_maybe and director cannot be used together, but this isn?t a true incompatibility so much as caused by the way things are handled and the order they are processed in. The way proxy_maybe works is that it is processed by the auth provider once it gets the

In the course of experimenting with getting dovecot proxying to work, I took a guess at two things. These work fine for me, but now I'm wondering if they are "as designed" or just a lucky accident that might stop working in the future. (I'm using dovecot 1.0.rc17, which is the included version in Ubuntu Feisty. (I am aware that some details change in v1.1, and I'm not

Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible). I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect

I'm not sure if this would work, but possibly having two separate instances of dovecot with separate configs running may work for you. http://wiki2.dovecot.org/RunningDovecot On 08/07/15 11:04, Gerry wrote: > Situation: one front-facing server running Dovecot as IMAP/POP3/ > ManageSieve proxy, a mixture of IMAP servers (Dovecot, Exchange, ...) > in the back-end. Dovecot's

On 11 Oct 2015, at 20:04, Heiko Schlittermann <hs at schlittermann.de> wrote: > > Hello, > > I'm using a dovecot as proxy, connecting to one or more backends. > The backends use X.509 certificates. > > The proxy's passdb returns > > extra fields: > user=foo > proxy > host=backend1.<domain> > ssl=yes > nopassword=y

I've recently set up a director proxy environment on my test servers, with the intention of deploying on our cluster soon. One thing I found confusing in the proxying documentation [1] was the first bit about their being two ways to do the authentication...either you have the proxy forward the auth to the real server for authentication, or you have the proxy authenticate it and then login

On Thursday 17 of November 2016, Aki Tuomi wrote: > On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > > Hello. > > > > dovecot 2.2.26.0 > > > > When testing nopassword extra field > > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 > > dovecot doesn't allow any password (while it should) and returns > > > >

Hello. 1. I have two identically hosts 2. I have set up replication between two hosts 3. I have 'Y' AS proxy_maybe in password_query. 4. password_query returns one of this one hosts 5. I set this parameters in dovecot config: disable_plaintext_auth = yes ssl = yes auth_mechanisms = plain login for enforce use encrypted connections by client programs.

Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per IP & username. I know "mail_max_userip_connections" limit works for the mail stores, but it doesn't seem to have any effect on the proxies. I'm using a mix of Dovecot & Courier-IMAP servers as backends. Basically I need to find a way to enforce

On 15 May 2018, at 12.06, Timo Sirainen <tss at iki.fi> wrote: > > If you look at .176's error log, do you see an error about "director_consistent_hashing settings differ between directors"? Have you set director_consistent_hashing=yes in the old directors? That is needed now, because the old non-consistent-hashing method is obsoleted. Unfortunately there's no easy