Template:Dovecot:Main Page Information
Dovecot Pro Overview
Dovecot Pro provides a reliable and scalable Mail solution to customers with enterprise level stability and scalability on top of the open source version. This product is built based on the experience the Dovecot Team has made by working for many years with the largest ISPs of the world. Dovecot Pro license enables Object Storage Plugins supports various object storages.
Dovecot Pro supports easy change from many existing IMAP and POP3 servers by allowing transparent migration of users in to Dovecot platform.
Dovecot Pro Product Components
Main Dovecot Pro Product components are:
- Dovecot Pro Mail
- Dovecot Object Storage
- Dovecot Full Text Search
- Dovecot Pro Vault
- Dovecot Migration Framework
Dovecot Pro Mail
Depending the size of the installation Dovecot mail system contains servers in different roles: Proxies, Directors, Backends. Stateless design in Dovecot allows any of the components to be lost, shut down for maintenance or upgrade, without affecting the service availability. All the users on the same site will still receive service, only capacity providing the service is diminished, meaning that some speed of the service might be lost if system is under heavy load at that time. Dovecot architecture is possible to scale horizontally and vertically. The recommended network topology has:
- Dovecot Proxy in public network,
- Dovecot Director and Dovecot Backend in private network,
- Object storage typically in Storage network.
Backends can use independent local storages or extensible-shared storage, like NFS or object storage. All Dovecot components include the same application but are configured to become different components. The Dovecot components are explained below in more detail.
Dovecot Proxies act as a frontend IMAP/POP3/LMTP servers for client connections. Dovecot Proxies make the user database lookup to LDAP to validate the user and to lookup the user parameters. In multi-site installations, Dovecot Proxy servers’ main function is to forward user to the load balancer in front of the Dovecot Director of the site where the user is located. Dovecot proxy also decrypts TLS/SSL sessions, which are more CPU consuming than the user lookup and traffic forwarding.
Directors listen to IMAP/POP3/LMTP protocols and balance load and provide high-availability for the Dovecot Backends.
The main difference between a regular load balancer and Dovecot Director is that the director makes sure that a single user is never accessed by different Backends at the same time. This is needed in order to avoid user data corruption. Dovecot Directors are taking care of this as they are sharing information of the users and user sessions while the user sessions are active. Each Dovecot Director knows which Backend is taking care of existing user session for any user. In front of Dovecot Directors there needs to be a load balancer to provide High Availability (HA) for them. Dovecot Directors are stateless meaning that any one of them can be switched off for maintenance without user noticing. This also makes updating procedures for the Dovecot components possible without interrupting the user session, thus making the operation transparent to user.
Dovecot Backend does all the hard work of reading and writing mails to storage and handling all of the IMAP/POP3/LMTP protocols. Dovecot Backend is connected to mail storage, typically filesystem or cloud storage, where user mails and mail indexes are stored.
As an user is connecting to Dovecot for reading the mails the user’s mail indexes are fetched from the mail storage. The mail indexes are updated as long as the session is valid. This makes fetching of the user’s mail perform fast. As the session validity expires or the user logs off, the updated index is stored back to storage waiting for the next login. Dovecot Backends are stateless, making it possible for user connections to be connected to any Backend.
Dovecot Object Storage
Dovecot Pro supports mail storage to several object storage solutions. These solutions include the ability to host on a managed cloud storage service such as Amazon S3 or to locally hosted object storage solutions such as Scality.
If mails are stored to Object Storage, they can be accessed from any Backend, which are totally stateless as well as the other servers. All sessions of the same user are directed to the same Backend by Dovecot Director to prevent data corruption. As the user session reaches the Dovecot Backend the user’s indexes are loaded from object storage to local cache of the Backend. As the session is over, the indexes are loaded back to object storage. In the unlucky event of Backend failure the next Backend can continue where the other Backend left off since there are no locking problems (in comparison to NFS) and the indexes can be merged and updated by Dovecot Backend as soon as the servers are back on-line.
NFS storage is also supported, but this does not require Dovecot Object Storage plug-in.
Object Storage Advantages
The obox plugin is optimized for cloud technologies by enabling long-term email data storage into cloud storage solutions. The obox plugin tracks which index files have been altered or are needed locally and uploads / downloads them to object storage only as necessary. This usage pattern most efficiently leverages the object storage paradigm, as opposed to a more traditional black storage strategy. The obox plugin consists of three major components. The first component is a sdbox-like mailbox format. Each message is stored in its own “file” (a discrete object)I. Indexes are bundled into separate discrete objects stored in objects storage. The second component is a collection of drivers, that implement support for various object storages, such as Amazon S3 and Scality sproxyd. There is additionally a "fscache" driver that implements a local filesystem cache for mail objects. The third component is metadata storage for index files and and other metadata, such as Sieve scripts. It synchronizes these files between a local cache and the object storage.
Dovecot Full Text Search
As the amount and importance of information stored in email messages is increasing in people’s everyday lives, searching through those messages is becoming ever more important. At the same time mobile clients add their own restrictions for what can be done on the client side.
The ever-diversifying client software also tests the limits of the IMAP protocol and current server implementations. When an indexing Backend is not present, searches fall back on slow sequential searches through all message headers or text. Thus efficient and feature rich server side searching has grown in importance.
A two-part reimplementation of the Dovecot indexing and search architecture has been designed. This is to provide more customizability for searching and a more unified range of features for all existing FTS plugins. Additionally a renewed Dovecot native implementation of the full FTS stack is provided for better performance and scaling for large mail volumes.
Full text indexing and search
Triggers for Full Text Search (FTS) indexing are configurable. It can be started on demand when searching, automatically when new messages arrive or as a batch job. Full text search has the following features:
- Indexes can be stored in the Object Storage
- Smaller indexes compared to all current search Backends to improve search
- Avoid indexing duplicate data by using word stemming and normalization and skipping
bad character and stop words
- Part of Dovecot mail server Backend, no 3rd party software needed
- No extra java virtual machine needed for search sing word stemming and normalizat
- Substring search for partial word search
Dovecot's standard IMAP SEARCH TEXT/BODY parameters use the FTS indexes. Searches through message headers benefit from Dovecot's fast message index cache implementation, which often contains the necessary information. Optionally header searches can also be done from FTS indexes.
The following are specified as the search parameters to be used in the webmail User Interface to be passed on to the Dovecot Search Backend:
Details of the possible search queries can be found from here: http://wiki.dovecot.org/Tools/Doveadm/SearchQuery
Dovecot Pro Vault
The storage for Dovecot Vault is based on an existing cluster based on Obox. Emails are stored in a read-only namespace. Apart from the regular Obox configuration of the storage cluster, the namespace is configured as hidden and the containing mailbox is automatically created.
Read-only access to Vault e-mails
All mails stored in the archive namespace have to be read only. This is achieved using the “ACL” plugin to prevent deleting emails.
Incoming e-mails are delivered to Dovecot via LMTP. The “Vault” plugin performs the job of storing the emails in the archive namespace first, and if that succeeds it begins the actual mail delivery, including running any Sieve scripts.
The SMTP submission server (e.g. Postfix) is used to catch outgoing e-mails and then BCCed to Dovecot’s LMTP via another port. LMTP will, then, deliver these e-mails to the archive namespace, as usual. The LMTP service for the outgoing e-mails will be configured to execute a sieve filtering script to store the email to the archive namespace and add the “\Seen” flag to it.
Emails stored in the archive namespace can be encrypted using the “mail-crypt” plugin. Encryption will be done using Elliptic Curve Cryptography.
Dovecot Migration Framework
Dovecot migration framework is a framework of controlling mailbox content migration from a centralized management system. Framework provides centralized repository to limit number of Backends running mailbox dsync processes and number of parallel dsync processes each Backend is allowed to run. It also gathers statistics from each Backend. Framework provides JSON/RESTAPI interface for integration into customers existing environment and management tools. Framework also optionally sends statistics information to Graphite server for progress visualisation.
The Migration Framework can be used for both Content and User Migration phases.
- Queuing and distribution of accounts to migrate with locking for multiple Backends running the actual migration.
- Centralized status display
- Centralized statistics collection
- Centralized control of number of Backends doing the actual content copy
- Centralized control on number of parallel copies each Backend is allowed to run
- Centralized log collection
- Progress visualization with 3rd party Graphite possible