Am 18.12.2013 15:36, schrieb Paul J Stevens:
> On 18-12-13 11:56, Daniel Schütze wrote:
>> Having run 3.1.8 overnight I’m afraid I’m still seeing spinning at 100%
>> cpu load and dbmail 3.1.8 not accepting connections.
> 
> I'm sorry to hear that. Fixing the network code is going to take some
> time, study and careful coding.
> 
> Until it is fixed I would strongly recommend putting a proxy in front of
> dbmail's IMAP and POP3 services.
> 
> The problems in DBMail all revolve around handling broken client
> connections, as far as I can tell. This is very difficult to test - at
> least I haven't found the correct way to test it yet. Simply dropping
> FIN packets has helped solving some of the problems, but apparently not
> all. Fixing it for good will take some careful refactoring and auditing
> of the network code. A proxy like nginx has a proven track record in
> this regard and will handle broken client connections gracefully without
> disturbing dbmail.
> 
> You will find example configs and code at:
> http://git.dbmail.eu/paul/dbmail/tree/contrib/nginx

i recommend dovecot for that because you get the additional benefit that
you can use it for client-smtp-authentication in postfix too and so
you have a single authentication layer with the same mechs for
SMTP/POP3/IMAP

we are using dovecot here from the very first start in 2009 and
happy with the proxy function and authentication, imapd/pop3d
are simply listening on 127.0.0.1, see config below from my
testserver with masked passwords

postfix:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
________________________________________________________

/etc/dovecot/dovecot.conf

# provided services
protocols                      = imap pop3

# configure ssl
ssl                            = yes
ssl_cert                       = </etc/postfix/certs/localhost.pem
ssl_key                        = </etc/postfix/certs/localhost.pem
ssl_cipher_list                =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
ssl_prefer_server_ciphers      = yes
ssl_parameters_regenerate      = 0

# configure imap-proxy
service imap-login {
  inet_listener imap {
    address                    = *your servers real IP*
    port                       = 143
  }
  inet_listener imaps {
    address                    = *your servers real IP*
    port                       = 993
  }
  vsz_limit                    = 128M
  service_count                = 0
  process_min_avail            = 1
  process_limit                = 1
  client_limit                 = 200
}

# configure pop3-proxy
service pop3-login {
  inet_listener pop3 {
    address                    = *your servers real IP*
    port                       = 110
  }
  inet_listener pop3s {
    address                    = *your servers real IP*
    port                       = 995
  }
  vsz_limit                    = 128M
  service_count                = 0
  process_min_avail            = 1
  process_limit                = 1
  client_limit                 = 200
}

# default settings
imap_capability                = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE 
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting                 =
login_log_format_elements      = %u %r %m %k
login_log_format               = %{login_status}: %s
mail_max_userip_connections    = 100
auth_mechanisms                = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN 
PLAIN
disable_plaintext_auth         = no
shutdown_clients               = no
version_ignore                 = yes

# Logging
syslog_facility                = mail

# authentication process
auth_worker_max_count          = 50
auth_cache_size                = 1024
auth_cache_ttl                 = 600
auth_cache_negative_ttl        = 600
auth_username_chars            = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation      = 
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz

# debug options
auth_debug                     = no
auth_debug_passwords           = no
auth_verbose                   = no
mail_debug                     = no
verbose_ssl                    = no

# configure proxy-database
passdb {
 driver                        = sql
 args                          = /etc/dovecot/sql.conf
}

# we are not using local users
userdb {
 driver                        = static
 args                          = static uid=10000 gid=10000 home=/dev/null
}

# configure backend for postfix sasl-auth
service auth {
  unix_listener /var/spool/postfix/private/auth {
  mode                         = 0660
  user                         = postfix
  group                        = postfix
 }
}
________________________________________________________

/etc/dovecot/sql.conf

driver              = mysql
connect             = host=/var/lib/mysql/mysqld_dbmail.sock dbname=dbmail 
user=dbmail password=*********
password_query      = SELECT passwd as password, '127.0.0.1' as host, userid as 
destuser, passwd AS pass, 'Y' AS
nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
default_pass_scheme = plain
________________________________________________________

/etc/dbmail.conf:

[DBMAIL]
dburi                 =
mysql://dbmail:*****@localhost/dbmail?unix-socket=/var/lib/mysql/mysqld_dbmail.sock&charset=utf8
authdriver            = sql
table_prefix          = dbmail_
max_db_connections    = 20

default_msg_encoding  = utf8
postmaster            = [email protected]
sendmail              = /usr/sbin/sendmail

syslog_logging_levels = 31
# file_logging_levels = 511
query_time_info       = 10
query_time_notice     = 20
query_time_warning    = 30
query_timeout         = 300

effective_user        = dbmail
effective_group       = dbmail

# tls_cafile          = /etc/pki/tls/certs/ca-bundle.crt
# tls_cert            = /etc/postfix/certs/localhost.pem
# tls_key             = /etc/postfix/certs/localhost.pem
# tls_ciphers         = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:!SSLv2:HIGH

backlog               = 256
timeout               = 300
login_timeout         = 60
resolve_ip            = no
authlog               = no
logfile               = /var/log/dbmail.log
errorlog              = /var/log/dbmail.err
pid_directory         = /run/dbmail

[LMTP]
bindip                = 127.0.0.1
port                  = 24
timeout               = 1800
banner                = LMTP
max_db_connections    = 1

[POP]
bindip                = 127.0.0.1
port                  = 110
pop_before_smtp       = no
banner                = POP3
timeout               = 1800
login_timeout         = 1800

[IMAP]
bindip                = 127.0.0.1
port                  = 143
timeout               = 4000
login_timeout         = 1800
imap_before_smtp      = no
idle_timeout          = 30
capability            = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE 
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
banner                = IMAP
max_message_size      = 36700160

[SIEVE]
bindip                = *
port                  = 2000
banner                = SIEVE

[DELIVERY]
auto_reply            = yes
suppress_duplicates   = yes
sieve                 = yes
subaddress            = yes
sieve_vacation        = no
sieve_notify          = no
sieve_debug           = no
auto_notify           = no
quota_failure         = hard

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
DBmail mailing list
[email protected]
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Reply via email to