Cool Solution - Dovecot mail cluster with shared storage

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

Note: This article is not yet reviewed.

This Cool Solution describes how to set up a simple mail server cluster using a NFS share and DNS host records. The setup of course relies on one NFS share, so in case you're aiming for "true" HA, this is probably not be the perfect setup for you. Another important thing to note is that all servers need exactly the same UIDs and GIDs for the dovemail user, because this is the user accessing the NFS share later. We will also explain how to change these later.

For this scenario you need at least two servers, though we will use three, for the sake of clarifying things.

Create the share

First, set up a UCS master and join two UCS slaves into it's domain. Then you need to create the dovemail user on the share host.

adduser dovemail

The command will ask for further details and a password. It does not matter what you type in there, since the user only needs to exist on the system so that the dovemail users from the other server are recognized here. Now, switch to the Domain tab in the UMC and open the Shares module. Create a new NFS share by clicking on Add. Give it a name of your choice and define a proper path. In this example we will use /var/mailstorage. The owner and owner group can be left with root at this point in time. We have to change these on the command line, because the UMC does not know that there is a user/group called "dovemail", since it is not stored in the LDAP but locally. Give the group write access with the checkboxes at the bottom of the page and switch to Options then. Uncheck the box Export for Samba clients. If you want to, you can also limit the access to the share to IPs or hostnames in the NFS tab. Save your changes and exit the module.

Now you have to make dovemail the owner of the share. You can use chown for that:

chown dovemail:dovemail /var/mailstorage

Create the DNS record

Now you have to create a DNS host record, that leads to your mail servers. In the Domain tab, open the DNS module. Click Add to add a Host Record below your Forward Lookup Zone. Add a hostname of your choice (in our case mail) and the IP addresses of your mail servers. This Host Record will do the following:

Once someone requests the IP address for "mail.ucs.demo", DNS will return the IP addresses we just set in exchange. This is a very simple load balancing mechanism.

Mount the share

Then you have to follow these steps on both slaves to mount the NFS share to the right path in the filesystem and install Dovecot. Also, we will change the IDs of dovemail to match those on the server hosting the NFS share (in this case the master):

Edit /etc/fstab to mount the NFS share. Add a new line that looks like this:

<YOUR NFS HOST>:<PATH OF NFS SHARE>        /var/spool/dovecot      nfs4    defaults

So in our demo scenario the line would look like this:

master.ucs.demo:/var/mailstorage        /var/spool/dovecot      nfs4    defaults

Save the file and mount the share:

mount -a

Install the mail servers

Now the installation of the mail server is in order. Switch to the App Center module and use the wizard to install the mailserver app on both slaves.

Having installed the mail server, you need to change the ID of your dovemail user according to the one on the server hosting the share.

Get the uid and gid of dovemail on your NFS share host using:

id dovemail

This will output a line, which looks like this:

uid=1000(dovemail) gid=1000(dovemail) Gruppen=1000(dovemail)

As you can see both the uid and gid are 1000. Now, change the IDs on the slaves to match that ID using usermod and groupmod:

usermod -u <ID> dovemail
groupmod -g <ID> dovemail

Important notes

  • Since your users will be connected to two different servers in exchange with this setup, they will be asked to accept four certificates with the same hostname in total, in e.g. Thunderbird
  • Make sure the NFS share gets mounted automatically on your actual mail server in case they have to reboot
Personal tools