Results 1 to 13 of 13

Thread: Dovecot proxy server

  1. #1
    Join Date
    Jun 2017
    Posts
    16

    Question Dovecot proxy server

    Hello!

    For a bit more professional appearance i am trying to setup a dovecot proxy server for SMTP, IMAP and POP, as mentionned in this article (https://help.directadmin.com/item.php?id=2077). i have come a long way but i am stuck at point 3 b.

    Edit /etc/exim.conf and ensure:
    that it listens on 10025 port in our case:
    daemon_smtp_ports = 25 : 587 : 465 : 10025

    that it acl_smtp_mail is replace with:
    acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10026} {acl_smtp_mail_proxy}{acl_check_mail}}}}

    that exim overrides acl_smtp_mailauth(around 200 line):
    acl_smtp_mailauth = smtp_mailauth

    that overridden acls exist - after "begin acl" section:
    smtp_mailauth:
    accept
    hosts = <; 127.0.0.1 ; ::1
    condition = ${if eq{$interface_port}{10025}}
    log_message = Will accept MAIL AUTH parameter for $authenticated_sender
    deny
    acl_smtp_mail_proxy:
    deny
    condition = ${if eq{$interface_port}{10025}}
    condition = ${if eq{$authenticated_sender}{}}
    message = All connections on port $interface_port need MAIL AUTH sender
    Point i is quite clear, done. Point ii mentions poort 10026, shouldnt this be 10025?

    acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10026} {acl_smtp_mail_proxy}{acl_check_mail}}}}
    Point iii requires a line in exim.conf:

    acl_smtp_mailauth = smtp_mailauth
    This is missing in my exim.conf. Should i add this? or should this already be in my exim.conf? In point iv there is a acl that should exist or be created, it does not exist in mine, shoudl i create this?

    Could someone kindly advise me? or is there someone that already has this kind of setup?

    Kind regards,

    John.

  2. #2
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,251
    Thank you for the report https://help.directadmin.com/item.php?id=2077 has been updated, it has 10025 there now.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  3. #3
    Join Date
    Jun 2017
    Posts
    16
    Glad to be of help!
    Any suggestions on point iii and iv, if I may ask?

    Kind regards.

  4. #4
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,251
    Code:
    acl_smtp_mailauth = smtp_mailauth
    Should added below:
    Code:
    acl_smtp_mime = acl_check_mime
    IV: just as written on the page 'after "begin acl" section:', just, just find "begin acl" and paste the code 1 line below.
    Last edited by smtalk; 10-29-2018 at 02:18 PM.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  5. #5
    Join Date
    Jun 2017
    Posts
    16
    That did the trick! thank you!

    I am running into another small issue; i have multiple VPSses installed with DirectAdmin. Some of the engineers sometimes copy a user to another VPS to isolate issues or troubleshoot a website without messing up the "live" situation. If i where to do a hourly rsync of the files in /etc/virtual/ to the mailproxy, the VPS that goes last would get the redirect. My guess would be that the mailproxy redirects the connection based on the IP-address in the passwd file?

    Is there a simple or smart way to tackle this issue? Apart from learning my engineers to edit a bunch of settings after migrating a user or having a seperate VPS just for testing and troubleshooting?

  6. #6
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,251
    If you have the same domain on several VPS servers, I'd suggest scripting something instead of a plain rsync, to sync just the domains that point to that server, and skip the ones not pointing there.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  7. #7
    Join Date
    Jun 2017
    Posts
    16
    Ah ok, if i'm correct it will only need the passwd files in the corresponding domain directory to work. There is another issue i am currently experiencing; some of the servers can't connect through the proxy.

    When comparing the passwd files from the two i noticed that the domains where it doen't work is missing the proxy_maybe=y host=<IP-address> in the passwd files. I set the dovecot_proxy=1 and the system_user_to_virtual_passwd=1 options for the proxy to work. Restarted Dovecot, Exim and Directadmin but the lines refuse to appear. Is there another way to trigger this?

  8. #8
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,251
    Are you sure task.queue command mentioned in https://www.directadmin.com/features.php?id=2113 has been executed?
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  9. #9
    Join Date
    Jun 2017
    Posts
    16
    Yes, of course. Even the version with the user specified:

    Code:
    echo "action=rewrite&value=email_passwd&user=fred" >> /usr/local/directadmin/data/task.queue

  10. #10
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,251
    Hm.. What's the output of:
    Code:
    /usr/local/directadmin/directadmin c | grep dovecot_proxy
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  11. #11
    Join Date
    Jun 2017
    Posts
    16
    Eh, weird! the output was dovecot_proxy=0. So i checked directadmin.conf and at the bottom was dovecot_proxy=1. So I moved it below dovecot=1 and rebuild dovecot and ran the rewrite task again. Now the settings are exporterd correctly to the passwd file. Maybe a faulty character in my directadmin.conf?

    Anyway thank smtalk!

  12. #12
    Join Date
    Jun 2017
    Posts
    16
    Just a small follow-up question though. The communication through the proxy between the frontend and the endpoint now goes over port 10025. Is this data encrypted? or do i need to take extra steps for that?

  13. #13
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    7,251
    Quote Originally Posted by Paarsch View Post
    Eh, weird! the output was dovecot_proxy=0. So i checked directadmin.conf and at the bottom was dovecot_proxy=1. So I moved it below dovecot=1 and rebuild dovecot and ran the rewrite task again. Now the settings are exporterd correctly to the passwd file. Maybe a faulty character in my directadmin.conf?

    Anyway thank smtalk!
    Likely a newline symbol (\n) missing 10025 is used for SMTP only, by default (port 25) is also not encrypted, and data flows without encryption. For example, if I'd like to send you a message to your@email.com, it'd be delivered to port 25.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •