headers
Костырев Александр Алексеевич | 11 Jun 2012 11:27
Picon

director: non standart ports at backends

hello,
I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends.
For example, pop3 is at 1110 and pop3s at 1995 (on backend side).
is it possible? 
how should I separate this ports in director's config?
it's easy for one port:
for example lmtp - you just use passdb in protocol lmtp {}
Permalink | Reply |
headers
Timo Sirainen | 11 Jun 2012 14:01
Picon
Picon
Favicon

Re: director: non standart ports at backends

On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:

> hello,
> I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends.
> For example, pop3 is at 1110 and pop3s at 1995 (on backend side).
> is it possible? 
> how should I separate this ports in director's config?
> it's easy for one port:
> for example lmtp - you just use passdb in protocol lmtp {}

The passdb needs to return the "port" field. You can't use static passdb for this, since it has no
conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting
engine - empty database) or checkpassword as your passdb.
Permalink | Reply |
headers
Костырев Александр Алексеевич | 11 Jun 2012 14:39
Picon

Re: director: non standart ports at backends

thanks Timo, for you time
but I still don't get it)
should I return "port" with just "port_num1,port_num2" value or how?
I've tried to google an example but with no success.

-----Original Message-----
From: Timo Sirainen [mailto:tss <at> iki.fi] 
Sent: Monday, June 11, 2012 11:01 PM
To: Костырев Александр Алексеевич
Cc: dovecot <at> dovecot.org
Subject: Re: [Dovecot] director: non standart ports at backends

On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:

> hello,
> I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends.
> For example, pop3 is at 1110 and pop3s at 1995 (on backend side).
> is it possible? 
> how should I separate this ports in director's config?
> it's easy for one port:
> for example lmtp - you just use passdb in protocol lmtp {}

The passdb needs to return the "port" field. You can't use static passdb for this, since it has no
conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting
engine - empty database) or checkpassword as your passdb.
Permalink | Reply |
headers
Timo Sirainen | 11 Jun 2012 14:47
Picon
Picon
Favicon

Re: director: non standart ports at backends

Looking at your old mails, you seem to be using passdb static for director, but userdb sql? So you could
switch to:

passdb {
 driver = sql
 args = /etc/dovecot/dovecot-sql.conf
}

password_query = select 'y' as proxy, 'y' as nopassword, if('%a'=143, 1430, 9930) as port

where you'd change the if() to something that handles %s=imap vs %s=pop3 vs %s=lmtp and %a=143 vs %a=993 vs
%a=110 vs %a=995. Maybe a "case" statement would be less ugly. Or simply make it a real table in sql. Anyway,
that's the basic idea.

On 11.6.2012, at 15.39, Костырев Александр Алексеевич wrote:

> thanks Timo, for you time
> but I still don't get it)
> should I return "port" with just "port_num1,port_num2" value or how?
> I've tried to google an example but with no success.
> 
> -----Original Message-----
> From: Timo Sirainen [mailto:tss <at> iki.fi] 
> Sent: Monday, June 11, 2012 11:01 PM
> To: Костырев Александр Алексеевич
> Cc: dovecot <at> dovecot.org
> Subject: Re: [Dovecot] director: non standart ports at backends
> 
> On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:
>
(Continue reading)

Permalink | Reply |
headers
Костырев Александр Алексеевич | 12 Jun 2012 09:29
Picon

Re: director: non standart ports at backends

Thanks, that worked!

I ended up with:
password_query = select 'y' as proxy, \
NULL AS password, \
'y' as nopassword, \
case '%a' \
when 110  then 2110  \
when 995  then 2995  \
when 143  then 2143  \
when 993  then 2993  \
when 24   then 224   \
when 4190 then 24190 end \
as port, \
case '%a' \
when 995 then 'any-cert' \
when 993 then 'any-cert' end \
as `ssl`;

-----Original Message-----
From: Timo Sirainen [mailto:tss <at> iki.fi] 
Sent: Monday, June 11, 2012 11:48 PM
To: Костырев Александр Алексеевич
Cc: dovecot <at> dovecot.org
Subject: Re: [Dovecot] director: non standart ports at backends

Looking at your old mails, you seem to be using passdb static for director, but userdb sql? So you could
switch to:

passdb {
(Continue reading)

Permalink | Reply |
headers
Dominic Malolepszy | 16 Jul 2012 05:02
Picon

Re: director: non standart ports at backends

Apologies for drudging up an old thread, but I was wondering if you 
experienced any issues with the way dovecot caches sql results using 
your discussed setup? I have used your thread as a guide to run dovecot 
backend on non standard ports.
 From what I understand Dovecot will auto index the cache using the %a 
variable (which is good), however the returned cache also contains the 
old username, which causes the dovecot proxy to rewrite the username 
prior to passing on the user/pass details to the backend.

I have discussed the issue here:
http://www.dovecot.org/list/dovecot/2012-July/067072.html

On 12/06/12 17:29, Костырев Александр Алексеевич wrote:
> Thanks, that worked!
>
> I ended up with:
> password_query = select 'y' as proxy, \
> NULL AS password, \
> 'y' as nopassword, \
> case '%a' \
> when 110  then 2110  \
> when 995  then 2995  \
> when 143  then 2143  \
> when 993  then 2993  \
> when 24   then 224   \
> when 4190 then 24190 end \
> as port, \
> case '%a' \
> when 995 then 'any-cert' \
> when 993 then 'any-cert' end \
(Continue reading)

Permalink | Reply |

Gmane