similar to: LMTP proxy does not pass RCPT TO: ... 5xx response back

Hi, still using 2.2.9, I've two directors, and these directors use both IPv4/IPv6 addresses. `host directors.<domain>` returns one A and AAA for each of the two directors: directors.<domain> has address 149.x.y.96 (director1) directors.<domain> has address 149.x.y.97 (director2) directors.<domain> has IPv6 address

Hi, I'm using dovecot 2.2.9 with a director/backend setup. The user base is about 4711 users currently. If I start at one of the directors doveadm search -A all savedbefore 5000d it terminates with doveadm(1rrissma): Error: doveadm server disconnected before handshake: EOF doveadm(1rrissma): Error: 2001:638:913:f33::5:ff:24245: Command search failed for 1phaaman: EOF

Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 00:10:50 CEST): > Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 23:49:20 CEST): > ? > > > > Proxying in general does check that hostname matches the SSL certificate, because both the hostname and IP address are sent to login process. So it should work in a way that host=<hostname> and

Hello, using Dovecot 2.2.9 and a setup with directors and backends. The communication between directors and backends needs to be TLS secured. The director config contains a list of hostnames for the backends. (implicit list because of multiple A/AAAA records for a single hostname or explicit list of several host names) On connection setup from a client the director connects to the selected

On 14 Oct 2015, at 00:34, Heiko Schlittermann <hs at schlittermann.de> wrote: > > Hi Timo, > > Heiko Schlittermann <hs at schlittermann.de> (Di 13 Okt 2015 22:33:23 CEST): >>> Does the attached patch work? Compiles, but untested. >> I'm about to test it. > > It seems to update the struct mail_host, but it looks as if the data > in mail_host

On 13 Oct 2015, at 22:31, Heiko Schlittermann <hs at schlittermann.de> wrote: > > Hi, > > still using 2.2.9, I've two directors, and these directors > use both IPv4/IPv6 addresses. > > `host directors.<domain>` returns one A and AAA for each > of the two directors: > > directors.<domain> has address 149.x.y.96 (director1)

Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 00:46:11 CEST): ? > > And if I add -D to the director service, I can see "Debug: request <hash> refreshed timeout to ?", > but never I see "Debug: request <hash> added". And from what I > understand this would be the place where the mail_host info comes into > the game. > >

Hi, Using 2.2.9 (ubuntu 14.04 LTS) and sending the following command, the server crashes when I try to delete an annotation: ? login ? C: 2 setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL) Apr 27 09:29:16 backend1 dovecot: imap-login: Login: user=<heiko>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6651, secured Apr 27 09:29:16 backend1

On 27.04.2016 11:00, Heiko Schlittermann wrote: > Hi, > >> ? login ? >> C: 2 setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL) >> >> Apr 27 09:29:16 backend1 dovecot: imap-login: Login: user=<heiko>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=6651, secured >> Apr 27 09:29:16 backend1 dovecot: imap(heiko):

Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 23:49:20 CEST): ? > > Proxying in general does check that hostname matches the SSL certificate, because both the hostname and IP address are sent to login process. So it should work in a way that host=<hostname> and hostip=<ip> is sent. I thought my patch did that.. Normally auth_debug=yes would be enough to debug this, but

Hello, I'm using a dovecot as proxy, connecting to one or more backends. The backends use X.509 certificates. The proxy's passdb returns extra fields: user=foo proxy host=backend1.<domain> ssl=yes nopassword=y Thus the proxy connects to the backend but can't verify the backends certificate. The following comment suggests using ssl_client_ca_file for

Hi, I'm doing quota checks from a remote machine (the real setup is a bit more complex, if necessary I can explain it in more detail, but I just extracted the bits that are easily reproduceable) # nc backend1 24245 VERSION doveadm-server 1 0 PLAIN agrVMDvHgz0ya2HHzax5svwB2ZHS? + heiko quota get But since the backend is upgraded to 2.2.22 it's not

Hi Heiko, Here is the router: virtual_aliases: driver = redirect debug_print = "R: Check address using virtual_aliases for $local_part@$domain" allow_fail allow_defer hide data = CHECK_VIRTUAL_ALIASES user = vmail group = mail local_user: debug_print = "R: local_user for $local_part@$domain" driver = accept

On 11 Oct 2015, at 20:04, Heiko Schlittermann <hs at schlittermann.de> wrote: > > Hello, > > I'm using a dovecot as proxy, connecting to one or more backends. > The backends use X.509 certificates. > > The proxy's passdb returns > > extra fields: > user=foo > proxy > host=backend1.<domain> > ssl=yes > nopassword=y

Hi, Heiko Schlittermann <hs at schlittermann.de> (Mo 21 Nov 2016 11:50:13 CET): > a) Routing stage > You need to interact with the user database dovecot uses. > Either you access the user database directory (flat file, LDAP, > whatever) or you use the ${readsocket?} feature of Exim to talk to > dovecot. The readsocket trick doesn't seem to work anymore. Using $

> On May 30, 2016 at 10:26 PM Heiko Schlittermann <hs at schlittermann.de> wrote: > > > Heiko Schlittermann <hs at schlittermann.de> (Mo 30 Mai 2016 21:18:09 CEST): > > Hi Aki, > > > > aki.tuomi at dovecot.fi <aki.tuomi at dovecot.fi> (Mo 30 Mai 2016 20:57:58 CEST): > > ? > > > You can get packages from http://xi.dovecot.fi/debian/,

Hello, i have a setup with two director servers pointing to two backends. I don't care that much for load balancing, my main goal is high availability. CRAM-MD5 auth is working fine if I connect directly to the backends, but the director only supports AUTH=PLAIN because of the static passdb. director config: > passdb { > driver = static > args = nopassword=y proxy=y > } >

Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 21:36:40 CEST): ? > > I see: > > > > a) pass the host *names* to the director too, for CN verification > > purpose > > > > May be in struct mail_host could be a field for the original > > hostname we used to obtain the adress(es)? > > Does the attached patch work? Compiles,

Hi Timo Heiko Schlittermann <hs at schlittermann.de> (Mi 14 Okt 2015 01:10:20 CEST): ? > Ah, the information comes from the other director running. The other one > is using an unpatched version of dovecot. Your patch for backend-certificate verification works. Thank you for the good and fast work. Is there any chance that this will make it into Dovecot's next release? BTW: The

Hi, Peter Chiochetti <pch at myzel.net> (Di 31 Mai 2016 10:31:50 CEST): > Not having installed any of the two, I can say, as a Ubuntu user: > In ppa "/etc/init.d/dovecot" is a symlink to "/lib/init/upstart-job" The 2.2.24 on 16.04 installs both /etc/init.d/dovecot /lib/systemd/system/dovecot.service > While xi packages places its own init script