Enable HAPROXY protocol in between front and imap

With this we avoid running into the limitations of
 mail_max_userip_connections (see #894 amd #1364) and the
 logfiles as well as ``doveadm who`` give an accurate picture.
main
Florent Daigniere 2 years ago
parent c729954b4a
commit 4ae0d7d768

@ -17,7 +17,7 @@ def dovecot_passdb_dict(user_email):
return flask.jsonify({
"password": None,
"nopassword": "Y",
"allow_nets": ",".join(allow_nets)
"allow_real_nets": ",".join(allow_nets)
})
@internal.route("/dovecot/userdb/")

@ -11,6 +11,8 @@ default_internal_user = dovecot
default_login_user = mail
default_internal_group = dovecot
haproxy_trusted_networks = {{ SUBNET }} {{ SUBNET6 }}
###############
# Mailboxes
###############
@ -109,6 +111,7 @@ protocol pop3 {
service imap-login {
inet_listener imap {
port = 143
haproxy = yes
}
}

@ -338,6 +338,7 @@ mail {
starttls only;
{% endif %}
protocol imap;
proxy_protocol on;
imap_auth plain;
auth_http_header Auth-Port 143;
}
@ -349,6 +350,7 @@ mail {
starttls only;
{% endif %}
protocol pop3;
proxy_protocol on;
pop3_auth plain;
auth_http_header Auth-Port 110;
}
@ -377,6 +379,7 @@ mail {
listen 993 ssl;
listen [::]:993 ssl;
protocol imap;
proxy_protocol on;
imap_auth plain;
auth_http_header Auth-Port 993;
}
@ -385,6 +388,7 @@ mail {
listen 995 ssl;
listen [::]:995 ssl;
protocol pop3;
proxy_protocol on;
pop3_auth plain;
auth_http_header Auth-Port 995;
}

Loading…
Cancel
Save