On 03/23/2012 02:12 PM, Luca Lesinigo wrote:
Il giorno 23/mar/2012, alle ore 11:50, Timo Sirainen ha scritto:
Are you thinking about actual "dummy" proxying (which is normally what Dovecot proxying
is about) or about the "imapc" backend
(http://www.dovecot.fi/products/105-dovecot-imap-adaptor.html)? If you're using Dovecot as backend
servers, there's really no reason to use imapc proxying.
I actually didn't know about the two different modes. I guess I would need imapc to
support the older Courier-IMAP server until I migrated everything away from it, and that
I could use "dummy" proxying for the newer dovecot backends.
I don't know if the two can be used at the same time (eg. imapc to the older
backend and dummy to the newer) and/or if there is any drawback in running
everything on imapc (old and new dovecot server). I'll be investigating this....
I'm using the dummy proxying with a very different backend, certainly
not dovecot, and it works great. For your needs (as I understand them)
It's a much simpler and robust solution than imapc. Try it out. The main
potential source of trouble is possible differences in the CAPABILITY
string, but it hasn't caused me any actual problems.
We'd like to support all the recent IMAP goodies to make modern users happy
(IMAP IDLE, LEMONADE, etc)
Dovecot doesn't support the full LEMONADE yet, but I don't know if there are
any LEMONADE clients either.
Oh well I included it in the list because I read about it somewhere, possibly on the
dovecot site. But what I really meant was simply "support the latest goodies" :)
Il giorno 23/mar/2012, alle ore 11:38, Miguel Tormo ha scritto:
- isolate the mailbox servers from direct external access and just run IMAP on
them, let other systems run ssl, pop3, smtp, webmail, etc...
I don't think I understand you here. You will need to run POP3 on the mailbox
servers if you want to give POP3 access to the mailboxes.
Don't ask me why, but I was thinking that a dovecot proxy could talk just imap
to the backends and use that to serve both POP3 and IMAP to clients. And it's
possibly what happens with the imapc backend, but I need to do some RTFM about
it.
The same proxy_maybe (dummy proxy) setup works great for POP3 too. Very
simple to set up, works like a charm. Nothing much to think about.
However, I can confirm you that IMAP IDLE does work with imap proxy.
That's great, I really want to provide the best possible "push-like" experience
to modern clients, and as far as I know IMAP IDLE on the protocol side plus some
notification mechanism (as opposed to regular polling) on the backend side is the way to
go.
It will work as well as it was working with your existing courier
server. But it will work great for accounts migrated to native dovecot.
You have my comments above, I think it is doable. In my opinion, the IMAP proxy
part is the easiest one. MTA configuration to distribute the mails among the
different mailbox servers can be trickier.
Actually that part is already there. Mail enters my systems via some MX servers
(with the usual antispam and so on) and it's finally delivered via SMTP to the
correct mail server via postfix recipient maps (that's because I already
receive on my MXes mail for domains not hosted on my mail server, the common
scenario is where I route a domain's mail to the customer's exchange server).
But right now the mail server also receives direct SMTP connections from the
clients in addition to incoming mail from my MXes and I'd really prefer to
separate the two things.
It's a very good idea to have completely separate machines for outgoing
mail. Once you have imap-only boxes, you can eliminate the need for an
MTA by using the dovecot LMTP server. Your postfix transport map can
send mail to either smtp:imap.yourdomain.com:25 or
lmtp:imap.yourdomain.com:2525 on a per account basis, and you can get
rid of the MTA in due time.
You could use dovecot LMTP proxy and make the MTA deliver mails through LMTP,
thus the dovecot proxy instance will handle the sharding for delivering and for
reading mail.
On the proxy system I plan to run postfix to implement authenticated SMTP (it
would authenticate on dovecot) and pop/imap-before-smtp (yes we still need to
support that :| ), but all mail will be reinjected through our MX servers to be
scanned before final delivery (either local or external).
Since you're sending everything back to the MX, you might as well have
your MX use LMTP, looking up the correct protocol and host from the
database, and spend the next couple of years telling your customers to
change their mail client configuration to use a dedicated outgoing mail
server. It's worth the trouble.
Thanks people for the suggestions, my next stop is getting to know imapc and
its details, and how the various other parts will fit with that (eg. giving
pop3 service to clients).
--
Luca Lesinigo
