Am 18.12.2013 15:36, schrieb Paul J Stevens: > On 18-12-13 11:56, Daniel Schütze wrote: >> Having run 3.1.8 overnight I’m afraid I’m still seeing spinning at 100% >> cpu load and dbmail 3.1.8 not accepting connections. > > I'm sorry to hear that. Fixing the network code is going to take some > time, study and careful coding. > > Until it is fixed I would strongly recommend putting a proxy in front of > dbmail's IMAP and POP3 services. > > The problems in DBMail all revolve around handling broken client > connections, as far as I can tell. This is very difficult to test - at > least I haven't found the correct way to test it yet. Simply dropping > FIN packets has helped solving some of the problems, but apparently not > all. Fixing it for good will take some careful refactoring and auditing > of the network code. A proxy like nginx has a proven track record in > this regard and will handle broken client connections gracefully without > disturbing dbmail. > > You will find example configs and code at: > http://git.dbmail.eu/paul/dbmail/tree/contrib/nginx
i recommend dovecot for that because you get the additional benefit that
you can use it for client-smtp-authentication in postfix too and so
you have a single authentication layer with the same mechs for
SMTP/POP3/IMAP
we are using dovecot here from the very first start in 2009 and
happy with the proxy function and authentication, imapd/pop3d
are simply listening on 127.0.0.1, see config below from my
testserver with masked passwords
postfix:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
________________________________________________________
/etc/dovecot/dovecot.conf
# provided services
protocols = imap pop3
# configure ssl
ssl = yes
ssl_cert = </etc/postfix/certs/localhost.pem
ssl_key = </etc/postfix/certs/localhost.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
ssl_prefer_server_ciphers = yes
ssl_parameters_regenerate = 0
# configure imap-proxy
service imap-login {
inet_listener imap {
address = *your servers real IP*
port = 143
}
inet_listener imaps {
address = *your servers real IP*
port = 993
}
vsz_limit = 128M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address = *your servers real IP*
port = 110
}
inet_listener pop3s {
address = *your servers real IP*
port = 995
}
vsz_limit = 128M
service_count = 0
process_min_avail = 1
process_limit = 1
client_limit = 200
}
# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
login_log_format_elements = %u %r %m %k
login_log_format = %{login_status}: %s
mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN
PLAIN
disable_plaintext_auth = no
shutdown_clients = no
version_ignore = yes
# Logging
syslog_facility = mail
# authentication process
auth_worker_max_count = 50
auth_cache_size = 1024
auth_cache_ttl = 600
auth_cache_negative_ttl = 600
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=10000 gid=10000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
________________________________________________________
/etc/dovecot/sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysqld_dbmail.sock dbname=dbmail
user=dbmail password=*********
password_query = SELECT passwd as password, '127.0.0.1' as host, userid as
destuser, passwd AS pass, 'Y' AS
nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
default_pass_scheme = plain
________________________________________________________
/etc/dbmail.conf:
[DBMAIL]
dburi =
mysql://dbmail:*****@localhost/dbmail?unix-socket=/var/lib/mysql/mysqld_dbmail.sock&charset=utf8
authdriver = sql
table_prefix = dbmail_
max_db_connections = 20
default_msg_encoding = utf8
postmaster = [email protected]
sendmail = /usr/sbin/sendmail
syslog_logging_levels = 31
# file_logging_levels = 511
query_time_info = 10
query_time_notice = 20
query_time_warning = 30
query_timeout = 300
effective_user = dbmail
effective_group = dbmail
# tls_cafile = /etc/pki/tls/certs/ca-bundle.crt
# tls_cert = /etc/postfix/certs/localhost.pem
# tls_key = /etc/postfix/certs/localhost.pem
# tls_ciphers = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:!SSLv2:HIGH
backlog = 256
timeout = 300
login_timeout = 60
resolve_ip = no
authlog = no
logfile = /var/log/dbmail.log
errorlog = /var/log/dbmail.err
pid_directory = /run/dbmail
[LMTP]
bindip = 127.0.0.1
port = 24
timeout = 1800
banner = LMTP
max_db_connections = 1
[POP]
bindip = 127.0.0.1
port = 110
pop_before_smtp = no
banner = POP3
timeout = 1800
login_timeout = 1800
[IMAP]
bindip = 127.0.0.1
port = 143
timeout = 4000
login_timeout = 1800
imap_before_smtp = no
idle_timeout = 30
capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
banner = IMAP
max_message_size = 36700160
[SIEVE]
bindip = *
port = 2000
banner = SIEVE
[DELIVERY]
auto_reply = yes
suppress_duplicates = yes
sieve = yes
subaddress = yes
sieve_vacation = no
sieve_notify = no
sieve_debug = no
auto_notify = no
quota_failure = hard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
