NAMESPACE empty when logging via haproxy but populated properly when logging directly
Hello there.
I have a problem with newest dovecots (2.3 and 2.4). Dovecot server for some reason is not providing NAMESPACE via IMAP commands when logging via haproxy (rawlog provided below).
Server config: inet_listener imap { port = 143 haproxy = yes } inet_listener imap0 { port = 1143 haproxy = no }
When I login directly to dovecot server on port 1143 I get this response from server: 1747853284.039953 * NAMESPACE (("INBOX/" "/")) (("Shared/" "/")) (("Public/" "/")) 1747853284.039986 52 OK Namespace completed (0.001 + 0.000 secs).
However when I login to the exact same dovecot server but via haproxy host on port 143 I get this response from server: 1747853284.076121 * NAMESPACE (("" "/")) NIL NIL 1747853284.076160 27 OK Namespace completed (0.001 + 0.000 secs).
Tested on: - debian dovecot 2.3.21.1+dfsg1-1+b2 - debian dovecot 2.4.1+dfsg1-4
Could some dev look into it please? Clearly something is broken with dovecot haproxy listener. I just deployed dovecot 2.4 to check if it was fixed but the same problem exists there.
Greets. dk
Hello there. I have a problem with newest dovecots (2.3 and 2.4). Dovecot server for some reason is not providing NAMESPACE via IMAP commands when logging via haproxy (rawlog provided below). Server config: inet_listener imap { port = 143 haproxy = yes } inet_listener imap0 { port = 1143 haproxy = no }
When I login directly to dovecot server on port 1143 I get this response from server: 1747853284.039953 * NAMESPACE (("INBOX/" "/")) (("Shared/" "/")) (("Public/" "/ ")) 1747853284.039986 52 OK Namespace completed (0.001 + 0.000 secs).
However when I login to the exact same dovecot server but via haproxy host on port 143 I get this response from server: 1747853284.076121 * NAMESPACE (("" "/")) NIL NIL 1747853284.076160 27 OK Namespace completed (0.001 + 0.000 secs).
Tested on: - debian dovecot 2.3.21.1+dfsg1-1+b2 - debian dovecot 2.4.1+dfsg1-4 Could some dev look into it please? Clearly something is broken with dovecot haproxy listener. I just deployed dovecot 2.4 to check if it was fixed but the same problem exists there.
Greets. dk
On 21/05/2025 22:38 EEST via dovecot <dovecot@dovecot.org> wrote:
Hello there.
I have a problem with newest dovecots (2.3 and 2.4). Dovecot server for some reason is not providing NAMESPACE via IMAP commands when logging via haproxy (rawlog provided below).
Server config: inet_listener imap { port = 143 haproxy = yes } inet_listener imap0 { port = 1143 haproxy = no }
When I login directly to dovecot server on port 1143 I get this response from server: 1747853284.039953 * NAMESPACE (("INBOX/" "/")) (("Shared/" "/")) (("Public/" "/")) 1747853284.039986 52 OK Namespace completed (0.001 + 0.000 secs).
However when I login to the exact same dovecot server but via haproxy host on port 143 I get this response from server: 1747853284.076121 * NAMESPACE (("" "/")) NIL NIL 1747853284.076160 27 OK Namespace completed (0.001 + 0.000 secs).
Tested on: - debian dovecot 2.3.21.1+dfsg1-1+b2 - debian dovecot 2.4.1+dfsg1-4
Could some dev look into it please? Clearly something is broken with dovecot haproxy listener. I just deployed dovecot 2.4 to check if it was fixed but the same problem exists there.
Greets. dk
Hello there. I have a problem with newest dovecots (2.3 and 2.4). Dovecot server for some reason is not providing NAMESPACE via IMAP commands when logging via haproxy (rawlog provided below). Server config: inet_listener imap { port = 143 haproxy = yes } inet_listener imap0 { port = 1143 haproxy = no }
When I login directly to dovecot server on port 1143 I get this response from server: 1747853284.039953 * NAMESPACE (("INBOX/" "/")) (("Shared/" "/")) (("Public/" "/ ")) 1747853284.039986 52 OK Namespace completed (0.001 + 0.000 secs).
However when I login to the exact same dovecot server but via haproxy host on port 143 I get this response from server: 1747853284.076121 * NAMESPACE (("" "/")) NIL NIL 1747853284.076160 27 OK Namespace completed (0.001 + 0.000 secs).
Tested on: - debian dovecot 2.3.21.1+dfsg1-1+b2 - debian dovecot 2.4.1+dfsg1-4 Could some dev look into it please? Clearly something is broken with dovecot haproxy listener. I just deployed dovecot 2.4 to check if it was fixed but the same problem exists there.
Greets. dk
Hi, can you please post full doveconf -n?
Aki
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote:
Hi, can you please post full doveconf -n?
Hi Aki
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get:
NAMESPACE (("INBOX/" "/"))
vs
NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version
2.4.1-4 (0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0-global-dummy-passdb { driver = static } service imap-login { executable = imap-login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb-passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } }
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote: Hi, can you please post full doveconf -n?
Hi Aki
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get: NAMESPACE (("INBOX/" "/")) vs NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4
(0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0- global-dummy-passdb { driver = static } service imap-login { executable = imap- login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb- passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } }
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote:
Hi, can you please post full doveconf -n? Hi Aki.
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get:
NAMESPACE (("INBOX/" "/"))
vs
NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version
2.4.1-4 (0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0-global-dummy-passdb { driver = static } service imap-login { executable = imap-login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb-passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } }
Greets.
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote: Hi, can you please post full doveconf -n? Hi Aki.
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get: NAMESPACE (("INBOX/" "/")) vs NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4
(0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0- global-dummy-passdb { driver = static } service imap-login { executable = imap- login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb- passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } } Greets.
On 22/05/2025 17:31 EEST via dovecot <dovecot@dovecot.org> wrote:
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote:
Hi, can you please post full doveconf -n? Hi Aki.
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get:
NAMESPACE (("INBOX/" "/"))
vs
NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version
2.4.1-4 (0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0-global-dummy-passdb { driver = static } service imap-login { executable = imap-login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb-passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } }
Greets.
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote: Hi, can you please post full doveconf -n? Hi Aki.
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get: NAMESPACE (("INBOX/" "/")) vs NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4
(0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0- global-dummy-passdb { driver = static } service imap-login { executable = imap- login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb- passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } } Greets.
I see you a local 10.20.20.20 statement there, which changes how the inbox prefix behaves, and I'm guessing (?) you are testing from 10.20.20.20 as it's local, not remote.
Which would explain why.
Aki
On 22/05/2025 17:39 EEST Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
On 22/05/2025 17:31 EEST via dovecot <dovecot@dovecot.org> wrote:
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote:
Hi, can you please post full doveconf -n? Hi Aki.
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get:
NAMESPACE (("INBOX/" "/"))
vs
NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version
2.4.1-4 (0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0-global-dummy-passdb { driver = static } service imap-login { executable = imap-login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb-passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } }
Greets.
On 2025-05-22 06:40, Aki Tuomi via dovecot wrote: Hi, can you please post full doveconf -n? Hi Aki.
Here is config I use to reproduce this issue. Full doveconf -n below. Nothing fancy in passwd-file.
With this config I get: NAMESPACE (("INBOX/" "/")) vs NAMESPACE (("" "/"))
doveconf -n
2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf # Pigeonhole version 2.4.1-4
(0a86619f) # OS: Linux 6.1.0-34-cloud-amd64 x86_64 Debian trixie/sid # Hostname: secret.fqdn dovecot_config_version = 2.4.1 auth_mechanisms = cram-md5 dovecot_storage_version = 2.4.1 haproxy_trusted_networks = 10.10.10.10/32 mail_driver = maildir mail_gid = vmail mail_home = /var/vmail/home/%{user} mail_path = ~/Maildir mail_uid = vmail protocols { imap = yes } passdb 0- global-dummy-passdb { driver = static } service imap-login { executable = imap- login protocol = imap inet_listener imap { haproxy = yes port = 143 ssl = no listen = 10.20.20.20 } inet_listener imap1443 { haproxy = no port = 1143 ssl = no listen = 10.20.20.20 } inet_listener imaps { port = 0 } } protocol imap { passdb 0-imap-passdb-passwd-file-cram-md5 { driver = passwd-file passwd_file_path = /etc/dovecot/userdb/passwd-file } userdb 0-imap-userdb- passwd-file { passwd_file_path = /etc/dovecot/userdb/passwd-file driver = passwd-file } } local 10.20.20.20 { namespace ns_private_inbox { inbox = yes prefix = INBOX/ separator = / } } Greets.
I see you a local 10.20.20.20 statement there, which changes how the inbox prefix behaves, and I'm guessing (?) you are testing from 10.20.20.20 as it's local, not remote.
Which would explain why.
Aki
Also to add a bit that the "local_ip" (not real_local_ip) gets updated with haproxy proxy protocol (when enabled), so it will remote haproxy's local IP.
Aki
On 2025-05-22 16:55, Aki Tuomi via dovecot wr,ote:
I see you a local 10.20.20.20 statement there, which changes how the inbox prefix behaves, and I'm guessing (?) you are testing from 10.20.20.20 as it's local, not remote.
Which would explain why.
Also to add a bit that the "local_ip" (not real_local_ip) gets updated with haproxy proxy protocol (when enabled), so it will remote haproxy's local IP.
Aki, I have a little feature request to consider.
According to this: https://github.com/dovecot/core/blob/release-2.4.1/NEWS
- config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com.
- config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. }
"local_name" filter now supports multiple values, which is handy.
It would be also handy if "local" filter also support multiple values. Since it also matches on proxy IP in environment with front proxies, in environments where you have few proxies ahead of your dovecot server you have to add every IP or use subnet. In case your proxies are in different subnet then you have to make a copy of whole config and simply double/multiply whole config by number of proxies - which is not nice. By simply allowing user to add multiple IPs for "local" filter you could fix that pain easily. If it is worth in your opinion could you please also report this feature request? Many thanks in advance. Greets.
DK
participants (4)
-
Aki Tuomi
-
Damian Kaczkowski
-
DK
-
dk+lists.dovecot.org@7ns.eu