Ciao Fabrizio,
set login_trusted_networks to point to the proxies in the backends. This
way you’ll get the clients’ actual IP addresses logged instead of the
proxy’s.
https://doc.dovecot.org/settings/core/#core_setting-login_trusted_networks
Il 19/04/23 09:18, Fabrizio Cuseo ha scritto:
Good morning.
I am planning a dovecot system with:
- 3 x glusterfs servers (with 2 volumes, 1 ssd for short term mail, and 1 with
bigger hdd for long term archive mail)
- 1 x mysql server (another server with active replica will be added)
- 3 x mbox servers (with dovecot pop/imap/lmpt/sieve/postfix)
- 3 x dovecot proxy/directors for pop3/imap/smtp
- 4 x proxmox mail gateway for antispam/antivirus in front of smtp servers
- 1 x centralized syslog server
All have private ip addresses, and in front there is a firewall with HA_proxy
to make high availability and load balancing.
My only problem now is using last_login plugin; i have configured on the
mailbox servers on pop3/imap, but the ip address that is written on mysql is
the proxy/director address, not the real client ip address.
No results using real_remote_ip.
Apr 19 09:14:31 mailbox-01 dovecot: pop3-login: Login: user=<usern...@domain.it>,
method=PLAIN, rip=172.16.27.31, lip=172.16.27.21, mpid=19723,
session=<42nHLKv5JsqsEBsf>
Apr 19 09:14:31 mailproxy-01 dovecot: pop3-login:
proxy(usern...@domain.it,172.16.27.21:110): Started proxying to 172.16.27.21 (1.978 secs):
user=<usern...@domain.it>, method=PLAIN, rip=212.66.96.188, lip=172.16.27.31,
session=<u4+wLKv5ZUjUQmC8>
Apr 19 09:14:34 mailbox-01 dovecot:
pop3(usern...@domain.it)<19723><42nHLKv5JsqsEBsf>: Disconnected: Logged out
top=0/0, retr=0/0, del=0/37, size=115779706
Apr 19 09:14:34 mailproxy-01 dovecot: pop3-login:
proxy(usern...@domain.it,172.16.27.21:110): Disconnected by server (0s idle, in=45,
out=82): user=<usern...@domain.it>, method=PLAIN, rip=212.66.96.188,
lip=172.16.27.31, session=<u4+wLKv5ZUjUQmC8>
in db I have last_ip: 172.16.27.31, not 212.66.96.188
-------------
dovecot -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-69-generic x86_64 Ubuntu 22.04.2 LTS
# Hostname: mailbox-01
auth_default_realm = XXXXXXXX.it
default_client_limit = 2500
dict {
mysql = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
sieve = mysql:/etc/dovecot/dict-sieve-sql.conf
sql = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
doveadm_api_key = # hidden, use -P to show it
first_valid_gid = 89
first_valid_uid = 89
imap_client_workarounds = tb-extra-mailbox-sep delay-newmail
login_greeting = Welcome to mail server
mail_fsync = always
mail_gid = 89
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = quota
mail_privileged_group = mail
mail_uid = 89
mailbox_list_index_very_dirty_syncs = yes
mdbox_rotate_size = 128 M
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = .
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
last_login_dict = proxy::sql
last_login_key = # hidden, use -P to show it
last_login_precision = ms
quota = count:User quota
quota_clone_dict = proxy::mysql
quota_grace = 50M
quota_rule2 = Trash:storage=+100M
quota_vsizes = yes
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = dict:proxy::sieve;name=active
sieve_extensions = +vacation-seconds
sieve_vacation_default_period = 7d
sieve_vacation_max_period = 30d
sieve_vacation_min_period = 1h
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
protocols = " imap lmtp pop3"
service dict {
unix_listener dict {
group = mail2023
mode = 0660
user = mail2023
}
}
service doveadm {
inet_listener {
port = 2425
}
inet_listener http {
port = 8080
}
unix_listener doveadm-server {
user = mail2023
}
}
service imap {
process_limit = 1024
}
service lmtp {
inet_listener lmtp {
port = 24
}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = mail2023
mode = 0666
user = mail2023
}
}
service pop3 {
process_limit = 250
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
mode = 0666
user = mail2023
}
user = mail2023
}
service stats {
unix_listener stats-reader {
group = mail2023
mode = 0660
user = mail2023
}
unix_listener stats-writer {
group = mail2023
mode = 0660
user = mail2023
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = quota sieve quota quota_clone
}
protocol !indexer-worker {
mail_vsize_bg_after_count = 100
}
protocol lda {
mail_plugins = quota sieve quota quota_clone
}
protocol imap {
mail_max_userip_connections = 10
mail_plugins = quota quota imap_quota quota_clone last_login
}
protocol pop3 {
mail_max_userip_connections = 2
mail_plugins = quota quota quota_clone last_login
}
in dovecot-dict-sql.conf.ext there is:
map {
pattern = shared/last-login/$service/$user/$remote_ip
table = mail_last_login
value_field = last_access
value_type = uint
fields {
userid = $user
service = $service
last_ip = $remote_ip
}
}
--
Alessio Cecchi
Postmaster @http://www.qboxmail.it
https://www.linkedin.com/in/alessice
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org