Dovecot proxy server

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
Hello!

For a bit more professional appearance i am trying to setup a dovecot proxy server for SMTP, IMAP and POP, as mentionned in this article (https://help.directadmin.com/item.php?id=2077). i have come a long way but i am stuck at point 3 b.

Edit /etc/exim.conf and ensure:
that it listens on 10025 port in our case:
daemon_smtp_ports = 25 : 587 : 465 : 10025

that it acl_smtp_mail is replace with:
acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10026} {acl_smtp_mail_proxy}{acl_check_mail}}}}

that exim overrides acl_smtp_mailauth(around 200 line):
acl_smtp_mailauth = smtp_mailauth

that overridden acls exist - after "begin acl" section:
smtp_mailauth:
accept
hosts = <; 127.0.0.1 ; ::1
condition = ${if eq{$interface_port}{10025}}
log_message = Will accept MAIL AUTH parameter for $authenticated_sender
deny
acl_smtp_mail_proxy:
deny
condition = ${if eq{$interface_port}{10025}}
condition = ${if eq{$authenticated_sender}{}}
message = All connections on port $interface_port need MAIL AUTH sender
Point i is quite clear, done. Point ii mentions poort 10026, shouldnt this be 10025?

acl_smtp_mail = ${if ={$interface_port}{587} {accept} {${if ={$interface_port}{10026} {acl_smtp_mail_proxy}{acl_check_mail}}}}
Point iii requires a line in exim.conf:

acl_smtp_mailauth = smtp_mailauth
This is missing in my exim.conf. Should i add this? or should this already be in my exim.conf? In point iv there is a acl that should exist or be created, it does not exist in mine, shoudl i create this?

Could someone kindly advise me? or is there someone that already has this kind of setup?

Kind regards,

John.
 

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
Glad to be of help!
Any suggestions on point iii and iv, if I may ask?

Kind regards.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,917
Location
LT, EU
Code:
acl_smtp_mailauth = smtp_mailauth
Should added below:
Code:
acl_smtp_mime = acl_check_mime
IV: just as written on the page 'after "begin acl" section:', just, just find "begin acl" and paste the code 1 line below.
 
Last edited:

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
That did the trick! thank you!

I am running into another small issue; i have multiple VPSses installed with DirectAdmin. Some of the engineers sometimes copy a user to another VPS to isolate issues or troubleshoot a website without messing up the "live" situation. If i where to do a hourly rsync of the files in /etc/virtual/ to the mailproxy, the VPS that goes last would get the redirect. My guess would be that the mailproxy redirects the connection based on the IP-address in the passwd file?

Is there a simple or smart way to tackle this issue? Apart from learning my engineers to edit a bunch of settings after migrating a user or having a seperate VPS just for testing and troubleshooting?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,917
Location
LT, EU
If you have the same domain on several VPS servers, I'd suggest scripting something instead of a plain rsync, to sync just the domains that point to that server, and skip the ones not pointing there.
 

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
Ah ok, if i'm correct it will only need the passwd files in the corresponding domain directory to work. There is another issue i am currently experiencing; some of the servers can't connect through the proxy.

When comparing the passwd files from the two i noticed that the domains where it doen't work is missing the proxy_maybe=y host=<IP-address> in the passwd files. I set the dovecot_proxy=1 and the system_user_to_virtual_passwd=1 options for the proxy to work. Restarted Dovecot, Exim and Directadmin but the lines refuse to appear. Is there another way to trigger this?
 

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
Yes, of course. Even the version with the user specified:

Code:
echo "action=rewrite&value=email_passwd&user=fred" >> /usr/local/directadmin/data/task.queue
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,917
Location
LT, EU
Hm.. What's the output of:
Code:
/usr/local/directadmin/directadmin c | grep dovecot_proxy
 

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
Eh, weird! the output was dovecot_proxy=0. So i checked directadmin.conf and at the bottom was dovecot_proxy=1. So I moved it below dovecot=1 and rebuild dovecot and ran the rewrite task again. Now the settings are exporterd correctly to the passwd file. Maybe a faulty character in my directadmin.conf?

Anyway thank smtalk!
 

Paarsch

Verified User
Joined
Jun 9, 2017
Messages
17
Just a small follow-up question though. The communication through the proxy between the frontend and the endpoint now goes over port 10025. Is this data encrypted? or do i need to take extra steps for that?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,917
Location
LT, EU
Eh, weird! the output was dovecot_proxy=0. So i checked directadmin.conf and at the bottom was dovecot_proxy=1. So I moved it below dovecot=1 and rebuild dovecot and ran the rewrite task again. Now the settings are exporterd correctly to the passwd file. Maybe a faulty character in my directadmin.conf?

Anyway thank smtalk!
Likely a newline symbol (\n) missing :) 10025 is used for SMTP only, by default (port 25) is also not encrypted, and data flows without encryption. For example, if I'd like to send you a message to your@email.com, it'd be delivered to port 25.
 
Top