On 03.06.2016 16:00, KT Walrus wrote:
btw, what is the reasong for NGINX proxy anyway? Since dovecot proxy can do
this for you too.
I want to do authentication using the IP that the IMAP client used to connect to the IMAP
server. That is, I have 50 IPs, one for each state my users live in, so the users can only
connect to the IMAP server using the domain name where their account is hosted (e.g.,
va.example.com <http://va.example.com/> for accounts in Virginia or ca.example.com
<http://ca.example.com/> for accounts in California). I figured it was fairly simple
to have NGINX listen on the different IPs for the different IMAP servers and do the
authentication based on the server IP that was used by the IMAP client and then route the
request to the proper Dovecot backend.
I actually plan on using HAProxy to listen on each of the IPs and then proxy to an
NGINX mail proxy listening on different ports (one for each proxied IP). NGINX would
then have mail server sections for each port that invokes a PHP script passing in the
domain name associated with the port (e.g., va.example.com
<http://va.example.com/>). The PHP script would then use this domain name along
with the user/password supplied by the mail client to do the auth check and backend
dovecot server selection.
The only problem I see with using HAProxy and NGINX mail proxy is I think I
will lose the client IP so the Dovecot logs won’t show this IP.
Dovecot supports real IP forwarding with HAproxy.
http://wiki2.dovecot.org/HAProxy
Aki
