> Dovecot supports real IP forwarding with HAproxy. Yes. I was aware of this, but that doesn’t answer my question of how to configure a Dovecot proxy to listen on many IPs/ports and do authentication based on the incoming IP/port. If I could do this without having to run 50 Dovecot proxies (one for each incoming IP/port), I would probably use the HAProxy/Dovecot Proxy solution.
Or is Dovecot proxy light-weight enough to run a 100 instances or more on a single cloud VM (limited cores/memory) with an HAProxy front-end? > On Jun 3, 2016, at 9:14 AM, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > > > On 03.06.2016 16:00, KT Walrus wrote: >>> btw, what is the reasong for NGINX proxy anyway? Since dovecot proxy can do >>> this for you too. >> I want to do authentication using the IP that the IMAP client used to >> connect to the IMAP server. That is, I have 50 IPs, one for each state my >> users live in, so the users can only connect to the IMAP server using the >> domain name where their account is hosted (e.g., va.example.com >> <http://va.example.com/> for accounts in Virginia or ca.example.com >> <http://ca.example.com/> for accounts in California). I figured it was >> fairly simple to have NGINX listen on the different IPs for the different >> IMAP servers and do the authentication based on the server IP that was used >> by the IMAP client and then route the request to the proper Dovecot backend. >> >> I actually plan on using HAProxy to listen on each of the IPs and then proxy >> to an NGINX mail proxy listening on different ports (one for each proxied >> IP). NGINX would then have mail server sections for each port that invokes a >> PHP script passing in the domain name associated with the port (e.g., >> va.example.com <http://va.example.com/>). The PHP script would then use this >> domain name along with the user/password supplied by the mail client to do >> the auth check and backend dovecot server selection. >> >> The only problem I see with using HAProxy and NGINX mail proxy is I think I >> will lose the client IP so the Dovecot logs won’t show this IP. >> > Dovecot supports real IP forwarding with HAproxy. > > http://wiki2.dovecot.org/HAProxy > > Aki
