dovecot-proxy with managesieve, director and backend dovecot imap

Wed, 06 May 2015 14:49:34 -0700 

hi all,
I've been tasked to add sieve/managesieve to an existing dovecot cluster running 2.1.7 on debian wheezy which is made up of 2 dovecot-proxy hosts as directors and some back end dovecot imap hosts all running the same version. 


My problem is that I thought to put the service on the director/proxy 
hosts since they wouldn't have too much load on it, but when I do I get 
the following error:



Apr 28 11:00:28 master: Info: Dovecot v2.1.7 starting up (core dumps 
disabled)
Apr 28 11:00:28 config: Warning: service auth { client_limit=50000 } is 
lower than required under max. load (60000)
Apr 28 11:00:34 managesieve-login: Error: proxy: host not given: 
user=<mailchan...@mydomain.net>, method=PLAIN, rip=192.168.100.207, 
lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP>
Apr 28 11:00:34 managesieve-login: Info: Aborted login (internal 
failure, 1 succesful auths): user=<mailchan...@mydomain.net>, 
method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS, 
session=<3/zPY74UOgDAqGTP>



From searching around, only ever saw 1 result which was to add 
"executable =  managesieve-login director" to the managesieve service, 
but this made no difference at all and the error is the same.



So I tried to instead use the back end imap servers, but they throw 
errors expecting the users password to be the common proxy/director 
password as below:

passdb {
   driver = static
   args = user=%u password=crypticpasswordagain
}


Apr 28 12:03:37 auth: Debug: 
static(mailchan...@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): lookup
Apr 28 12:03:37 auth: Info: 
static(mailchan...@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): 
Password mismatch
Apr 28 12:03:37 auth: Debug: 
static(mailchan...@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): 
PLAIN(85387v92394jks) != 'crypticpasswordagain'
Apr 28 12:03:39 auth: Debug: client out: FAIL   1 
user=mailchan...@mydomain.net



So with configs below, how is it best to run managesieve that takes the 
correct login/password without directing to the cluster (or direct if 
it's easier but must use real user password)?


-- dovecot proxy config --

# dovecot version 2.1.7

instance_name        = dovecot-proxy
protocols            = imap pop3 lmtp sieve
mail_location        = maildir:~/
#listen            = 192.168.101.119
listen            = 0.0.0.0
#            = dovecot-proxy-1
director_servers    = 192.168.101.119
#            = dovecot-shared-7
director_mail_servers    = 192.168.100.101
base_dir        = /var/run/dovecot-proxy
login_greeting        = Welcome to IMAP.
default_internal_user    = webmail

lmtp_proxy = yes

disable_plaintext_auth = no

auth_mechanisms = plain login cram-md5

auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
auth_verbose_passwords=no

#log_path = syslog
log_path = /var/log/dovecot.log

default_process_limit = 10000
default_client_limit = 50000

ssl = no
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem

director_user_expire = 15 min

doveadm_proxy_port = 9292
doveadm_password = somecrypticpassword

auth_worker_max_count = 90

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-proxy-ldap.conf.ext
}

passdb {
    driver = checkpassword
    args = /etc/dovecot/checkpassword_migration.py
}

userdb {
    driver = prefetch
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

service director {
  unix_listener login/director {
    mode = 0666
  }
  fifo_listener login/proxy-notify {
    mode = 0666
  }
  unix_listener director-userdb {
    mode = 0600
  }
  inet_listener {
    port = 9191
  }
}

service imap-login {
  process_min_avail = 2
  service_count = 0
  executable = imap-login director
  inet_listener imap {
  port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

service pop3-login {
  process_min_avail = 2
  service_count = 0
  executable = pop3-login director
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service imap {
  process_min_avail = 2
  process_limit = 0
  service_count = 0
}

service pop3 {
  process_min_avail = 2
  process_limit = 0
  service_count = 0
}

service lmtp {
  inet_listener lmtp {
    port = 24
  }
}

service auth {
  client_limit=65000
  inet_listener {
    port = 5451
  }
}

service auth-worker {
  user = webmail
}

service doveadm {
  inet_listener {
    port = 9292
  }
}

protocol imap {
  mail_max_userip_connections = 10
}

protocol pop3 {
  mail_max_userip_connections = 10
}

protocol lmtp {
  auth_socket_path = director-userdb
  passdb {
    driver = ldap
    args = /etc/dovecot/dovecot-proxy-ldap.conf.ext
  }
}

protocol doveadm {
  auth_socket_path = director-userdb
}

plugin {
  # Used by both the Sieve plugin and the ManageSieve protocol
  sieve = file:~/sieve;active=~/.dovecot.sieve
}


-- dovecot backend config --


# dovecot version 2.1.7

protocols = imap pop3 lmtp #sieve
# OLDTEMP listen = 192.168.100.95
listen = 192.168.100.101

mail_location =  maildir:~/

namespace {
  prefix = INBOX.
  separator = .
  inbox = yes
}

base_dir = /var/run/dovecot/
login_greeting = Dovecot ready.
default_login_user = dovenull
default_internal_user = webmail
mail_access_groups = mail

postmaster_address = postmas...@mydomain.net

disable_plaintext_auth = no
auth_mechanisms = plain login

auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
auth_verbose_passwords=no

#log_path = syslog
log_path = /var/log/dovecot.log

default_process_limit = 10000
default_client_limit = 50000

mmap_disable = yes
mail_fsync = always
mail_nfs_storage = no
mail_nfs_index = no

#mail_plugin_dir = /usr/lib/dovecot
mail_plugin_dir = /usr/lib/dovecot/modules
# OLDTEMP mail_plugins = $mail_plugins quota fts fts_lucene
mail_plugins = $mail_plugins  quota fts fts_squat sieve

ssl = no
# OLDTEMP ssl_cert = </usr/local/dovecot/ssl/dovecot.pem
# OLDTEMP ssl_key = </usr/local/dovecot/ssl/dovecot.pem
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key  = </etc/ssl/private/dovecot.pem

doveadm_password = somecrypticpassword

userdb {
  driver = ldap
  # OLDTEMP args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

passdb {
   driver = static
   args = user=%u password=crypticpasswordagain
}

service imap-login {
  process_min_avail = 2
  service_count = 0
  inet_listener imap {
  port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

service pop3-login {
  process_min_avail = 2
  service_count = 0
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service imap {
  process_min_avail = 2
  process_limit = 0
  executable = imap #imap-postlogin
  vsz_limit = 384M
}

service pop3 {
  process_min_avail = 2
  process_limit = 0
  executable = pop3 #pop3-postlogin
  vsz_limit = 384M
}

service lmtp {
  inet_listener lmtp {
    port = 24
  }
  vsz_limit = 384M
}

service doveadm {
  inet_listener {
    port = 9292
  }
}

service director {
  unix_listener director-admin {
    mode = 0
  }
}

service quota-warning {
  executable = script /etc/dovecot/quota-warning.sh
  unix_listener quota-warning {
  user = webmail
  }
}

protocol imap {
  mail_plugins = $mail_plugins quota imap_quota
  mail_max_userip_connections = 10
}

protocol pop3 {
  mail_max_userip_connections = 10
}

plugin {
  fts = fts_squat
  fts_squat = partial=4 full=10
#  fts_lucene = whitespace_chars=@.
  quota = maildir:User quota
  quota_warning = storage=75%% quota-warning 75 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
}

-- managesieve config --

service managesieve-login {
  executable =  managesieve-login director
  service_count = 0
  process_min_avail = 0
  vsz_limit = 64M
}

service managesieve {
  process_count = 100
}

# Service configuration

protocol sieve {
  managesieve_max_line_length = 32768
  executable =  managesieve-login director
  mail_max_userip_connections = 5
  managesieve_max_compile_errors = 5
}














    











					Reply via email to