Hi all; I've setup dovecot (2.1.10) in a cluster configuration. We have two servers acting as frontend which authenticates users and proxy them to other two servers which handles the "real" work.
Users credentials are on a mysql cluster; we have one master, in which
read/write queries are processed, and many replicated slave, which process
read-only queries.
The frontend servers reads users credentials from the read-only mysql slaves.
I'd like to execute a query once the client is verified to update the last
login data.
Right now, that query is executed on the backend servers, via a post-login
service:
protocols = imap
service imap-postlogin {
executable = script-login /usr/local/etc/dovecot/postlogin.sh
unix_listener imap-postlogin {
group = vchkpw
mode = 0600
user = vpopmail
}
}
service imap {
executable = imap imap-postlogin
process_limit = 2048
}
Problem is, if I execute the update on the backend, I miss the information
regarding the original IP, as I only see the IP of the proxies.
I haven't been able to launch the postlogin service on the frontend, so I
figured that I can try to write a plugin - that also seems to me the cleanest
solution.
Looking in the dovecot source code, I noticed that there aren't any hooks in
the execution path used by the proxies; I am missing something ? I am the only
one missing the presence of this hooks in the auth/proxy process ?
I've also thought of a workaround for this problem. One way is to monitor the
dovecot logs on the frontend and execute the update asyncronously. One other
way is to query directly the main mysql server of the cluster and adjust the
query making it call a stored procedure that updates the information in case
of successful login.
But I'd really prefer to create a plugin, that I'd be willing to share.
I attach the configuration of the servers (front and back) generated via
postfix -n.
Thanks in advance for any help.
--
Simone Lazzaris | Responsabile aree datacenter e VoIP Interactive Network srl
| via Roggia Vignola 9, 24047 Treviglio (BG) Tel. 0363 1970352 | Fax
0363.1971971 | www.interactive.eu
# 2.1.10: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-686-bigmem i686 Debian 6.0.2
auth_debug = yes
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
default_login_user = nobody
director_doveadm_port = 9091
director_mail_servers = AAA.BBB.CCC.DDD EEE.FFF.GGG.HHH
director_servers = XXX.YYY.ZZZ.WWW
disable_plaintext_auth = no
listen = *
log_path = /var/log/dovecot
passdb {
args = /usr/local/etc/dovecot/sql.conf
driver = sql
}
protocols = imap
service director {
fifo_listener login/proxy-notify {
mode = 0666
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
executable = imap-login director
service_count = 0
}
ssl_cert = </usr/local/etc/dovecot/imapd.pem
ssl_key = </usr/local/etc/dovecot/imapd.pem
userdb {
driver = prefetch
}
# 2.0.13: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-686-bigmem i686 Debian 6.0.2
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
default_login_user = nobody
disable_plaintext_auth = no
listen = *
log_path = /var/log/dovecot
mail_gid = 2109
mail_location =
maildir:~/Maildir:INDEX=/var/indexes/%1d/%d/%1n/%n:INBOX=~/Maildir
mail_plugins = quota
mail_uid = 7797
namespace {
inbox = yes
location =
prefix = INBOX.
separator = .
type = private
}
namespace {
hidden = yes
list = no
location =
prefix =
separator = .
type = private
}
passdb {
args = /usr/local/etc/dovecot/sql.conf
driver = sql
}
plugin {
quota = maildir:User quota
}
protocols = imap
service imap-postlogin {
executable = script-login /usr/local/etc/dovecot/postlogin.sh
unix_listener imap-postlogin {
group = vchkpw
mode = 0600
user = vpopmail
}
}
service imap {
executable = imap imap-postlogin
process_limit = 2048
}
ssl_cert = </usr/local/etc/dovecot/imapd.pem
ssl_key = </usr/local/etc/dovecot/imapd.pem
userdb {
driver = prefetch
}
protocol imap {
mail_plugins = quota imap_quota
}
signature.asc
Description: This is a digitally signed message part.
