Re: Dovecot infrastructure
Hi Sounds a bit less good. If you only have one server now, then partitioning out by function will probably be *much* easier. Everything except dovecot is very easy to spread out across servers, so to take the easy route I would probably keep dovecot where it is, and spread out the other functions on new servers. You can have one or two sendmail servers, two or more AV servers, and add to those as needed. I'll bet that your "not enough" problems are more related to the AV functions than to dovecot. It's not completely true. The trend in recent years has seen the increase in the size of the mailboxes as well as their number. It's true what you say, so you partially won, but consider that virtual server provider I will use offers machines with a fixed mix of resources (instance A with 4vCPU/8GB RAM /100GB SDD, B with 6vCPU/16GB RAM /200GB SDD etc), no block storage available, and that I'm actually hitting low disk space with 1.5TB, I will waste vCPU for storage/dovecot instances. P.S. BTW... Sendmail? I'm using sendmail but I thought that in an environment like the one proposed was better postfix with virtual users, any suggestions? Thank you. Simone.
Dovecot infrastructure
Hi, I would need some suggestion for a dovecot based mail infrastructure. Actually, only one server (with dovecot sendmail amavis spamassassin clamav etc etc) is no longer enouth, so I thought I would put on a more complex infrastructure on different servers. But I do not know a few things. I was thinking about partitioning users on 3-4 servers with dovecot (imap / pop3) and dovecot-lda (no networked filesystem between them) and then configuring 1-2 servers with dovecot director and 1-2 servers for SMTP with postfix. It is not clear how the director will map user -> server to be used and, in a user virtualization context (maybe on MySQL) what is the owner / permissions I should give to home folders where I will store mail Thank you. Simone.
Re: [Dovecot] Enable IMAP only for certain users/IP
what about using some kind of http://wiki2.dovecot.org/PostLoginScripting You got it, a script call for post-login does the trick. Thank you, Robert. Sincerely, Simone.
Re: [Dovecot] Enable IMAP only for certain users/IP
Hi Robert, thank you for your answer. My prevoius mail is based on the wiki page you specified. Also, the allow_nets parameter seems not to do what I want. I want to combime remote IP address check (system wide - common for all users) and single user permission check. The problem is that I would specify for the IP section something similar to: 127.0.0.1 1.2.0.0/21 and not: 127.0.0.1 1.2.0.1 1.2.0.2 1.2.0.3 1.2.0.4 1.2.0.5 . . . 1.2.7.254 Thank you. Sincerely, Simone.
[Dovecot] Enable IMAP only for certain users/IP
Hi, I'm trying to config dovecot to enable IMAP protocol only for certain IPs and users. The logical steps I've followed are: 1. If a user is trying to login from an IP that I've authorized ( listed in a file) the request is authorized. 2. If not, if the user is listed in a second file the request is authorized. 3. If also this check fails the request is rejected. I'm using PAM for passdb and a passwd-file for userdb: passdb { driver = pam args = session=yes failure_show_msg=yes max_requests=16 cache_key=%u%r%l dovecot-%s } userdb { driver = passwd-file args = /etc/passwd-dovecot } In /etc/pam.d/ there are two files: dovecot-pop3 dovecot-imap dovecot-pop3: #%PAM-1.0 @include common-auth @include common-account @include common-session (for this protocol everything works fine, I don't want to limit it.) dovecot-imap: #%PAM-1.0 @include common-auth authsufficient pam_listfile.so item=rhost sense=allow file=/etc/dovecot/imaphosts onerr=fail authrequiredpam_listfile.so item=user sense=allow file=/etc/dovecot/imapusers onerr=fail @include common-account @include common-session If I'm not wrong, once the user is authenticated, PAM checks if the remote IP address is in imaphosts; if it's true, it returns PAM_SUCCESS and stops the execution of the auth block, else if it's false, PAM executes the next line, verifying the presence of the username in imapusers file; if found, then return PAM_SUCCESS, else fail. If this can work, I've a problem with pam_listfile.so and IP addresses: I want to do something smarter than specifying 2^11 IP addresses instead a /21 or IP/netmask Are there alternatives for doing it better? Thanks. Sincerely, Simone Marx.