LMTP during dsync migration

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Jul 31 06:39:12 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 30 Jul 2014, Jogi Hofmüller wrote:

>> Or better - disable LMTP service in Dovecot. Incoming mail will stay on
>> your MTA and when you're done, you just tell it to deliver everything
>> that piled up in the queue in the meantime
>
> Better but still not perfect ;)  We have users that work late and I am
> sure they would complain when they don't receive email during migration
> nights.
>
> Still thinking ...

In your original post you've wrote "While migrating a mailbox". So you 
migrate one user after another. Also, if you want to disable LMTP for that 
user, you want to disable IMAP and POP3, too, for the very same reason -> 
or at least put them in read-only mode.

1) So, IMHO, your goal is to make the mail storage of one user read-only.
Experiment with ACLs. Make all the mailboxes of the user read-only. After 
migration remove the ACLs.

2) Make the mail storage inaccessable during backup for just one user:

How about adding another userdb { driver = passwd-file args = /.../%s/file 
} as the first one, which disables the access to the one user's mail 
storage currently migrated. %s would be lmtp, imap, pop3 and doveadm, 
IMHO. Make sure, doveadm sees no user in this userdb, but the others do, 
e.g. symlink the appropriate files and keep /.../doveadm/file 
zero-length, in order to fall back to LDAP always.

In short: doveadm must know the real path, all other services a faked one.

The migration of one user would be:
put user in /.../{imap,pop3,lmtp}/file # or overwrite file with user
doveadm auth cache flush # make sure, user info is not cached already
migrate
remove user from /.../file

a)
Besides the %s-way, there must be a way to have doveadm override the 
settings in:

userdb {
 	driver = passwd-file
 	args = /.../file
}

in the line of:
doveadm -o userdb[*]/args=/dev/null ....

[*] IMHO you can specify which userdb section is meant by a number or 
something like that.

b)
Instead of to put/remove the user, you can overwrite the file, if there is 
just one user, and remove the file at the very end.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU9nkkHz1H7kL/d9rAQJ+VQf+Ns/nm/T95z0iq+LC7YlYZTZi7JShHLhh
DOAfLZ/DEl2ca1S7ed3SzdHYJu6JLZyU6U//BcRzCCtjmrgHMURNPSlpzFDHKi0O
2kRstMoj0DfMb7r9YO1YG4EQkhWpkkie2ORtN0pubAowcucpwieOPnEcDDipp+Wo
lDlxzZ1gTP+hInYGQLvB8cWF8QN2MuwNuUPXBCq3AUrOAoSRh91ALWbEJJ4TXqZE
Y3SbGkkZF5cEPqtMULAm+kEd7bKjty0Drsa52LSdlcrQvje+QZmqfe6t3E60tz/I
GrNzi2EPMbw5iJqHeYVupqPJWslopxDIZdSP5kboX1eNeaoEJFUGMw==
=N8uo
-----END PGP SIGNATURE-----

More information about the dovecot mailing list