Newbie question about replication

Piotr Auksztulewicz dcml at hasiok.net
Fri Oct 16 15:23:19 EEST 2020 

Hi,

I am a long-time dovecot user/admin for my family mail server, but
I had ventured into configuring replication only recently and I am not
sure about how it should work and what are the good practices. My intent
for replication was to have another instance to switch to in a short
time if something fails. I have daily backups, but it will take much
more time to rebuild and restore than just to switch to a good instance
while taking time to restore the bad one.

The setup seems to work just fine from IMAP client point of view (minus
sieve scripts - but I have worked it around as I am not yet ready to
upgrade dovecot beyond what's in stable Debian at the moment). I have my
clients configured to access instance A exclusively; instance B is just
sitting around with no clients routinely connected. Also only instance A
is receiving deliveries from both my primary and secondary MTAs. I have
some doubt however if this is the right thing to do and if it is correct
from the dovecot server point of view.

I have observed my mail storage directories on both instances and have
noticed that they diverge a little over time - the instance B not having
all the updates. However the moment I connect another client to instance
B and log in as a particular user, the state on instance B springs to the
correct state and I see the same content on both clients, and the storage
directories become identical as well.

I am afraid that, if instance A fails, I would not have the current state
on instance B. Is there anything I should have done differently?

Here is dovecot -n output of instance A. Instance B config is symmetrical
with imap1/2 hostnames switched.

FYI: actual domain is substituted for privacy. mail.mydomain.net is an
internal subdomain with private IP addresses. Instances of dovecot are
containerized with access to internal virtual bridge on which MTAs and
supporting processes are present as well. The access from outside is
provided by port forwarding/NAT, only for imaps and pop3s ports.
Other ports are only internally accessible for local clients (postfix,
mutt, doveadm command line tool etc.) or debug purposes.

# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-9-cloud-amd64 x86_64  
# Hostname: imap1.mail.mydomain.net
auth_failure_delay = 3 secs
auth_verbose = yes
auth_worker_max_count = 5
deliver_log_format = msgid=%m; from=%f: %$
disable_plaintext_auth = no
doveadm_password = # hidden, use -P to show it
doveadm_port = 4551
first_valid_uid = 100
login_greeting = # <redacted>
mail_attribute_dict = file:mail/dovecot-attributes
mail_gid = 122
mail_home = /var/vmail/%u
mail_location = maildir:~/mail:LAYOUT=fs:DIRNAME=.MailDir:UTF-8
mail_plugins = " notify replication"
mail_privileged_group = vmail
mail_uid = 113
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader vnd.dovecot.debug
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext.local
  driver = sql
}
plugin {
  mail_replica = tcp:imap2.mail.mydomain.net
  sieve = ~/.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +vnd.dovecot.debug +editheader
  sieve_user_log = ~/log/sieve.log
}
pop3_fast_size_lookups = yes
pop3_lock_session = yes
pop3_no_flag_updates = yes
pop3_save_uidl = yes
protocols = " imap lmtp sieve pop3"
replication_max_conns = 5
service aggregator {
  fifo_listener replication-notify-fifo {
    group = root
    mode = 0660
    user = vmail
  }
  unix_listener replication-notify {
    group = root
    mode = 0660
    user = vmail
  }
}
service auth-worker {
  chroot = /etc/dovecot/db
  process_limit = 10
  unix_listener auth-worker {
    mode = 0600
    user = doveauth
  }
  user = doveauth
}
service auth {
  client_limit = 64
  inet_listener sasl {
    address = imap1.mail.mydomain.net
    port = 9192
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = doveauth
  }
  user = doveauth
}
service dict-async {
  protocol = none
}
service dict {
  protocol = none
}
service director {
  protocol = none
}
service doveadm {
  inet_listener doveadm {
    address = imap1.mail.mydomain.net
    port = 4551
  }
}
service imap-hibernate {
  protocol = none
}
service imap-login {
  inet_listener imap {
    address = imap1.mail.mydomain.net
    port = 143
  }
  process_limit = 30
  service_count = 1
}
service imap-urlauth-login {
  protocol = none
}
service imap-urlauth-worker {
  protocol = none
}
service imap-urlauth {
  protocol = none
}
service imap {
  chroot = /var/vmail
  client_limit = 15
  process_limit = 30
  service_count = 32
  user = vmail
}
service indexer-worker {
  process_limit = 3
  user = vmail
}
service indexer {
  chroot = $base_dir
}
service lmtp {
  client_limit = 1
  extra_groups = 
  group = vmail
  inet_listener lmtp {
    address = imap1.mail.mydomain.net
    port = 2306
  }
  process_limit = 6
  user = vmail
}
service log {
  user = $default_internal_user
}
service managesieve-login {
  inet_listener sieve {
    address = imap1.mail.mydomain.net
    port = 4190
  }
  process_limit = 3
  service_count = 1
}
service managesieve {
  chroot = /var/vmail
  process_limit = 3
  service_count = 1
  user = vmail
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  process_limit = 4
  service_count = 1
}
service pop3 {
  chroot = /var/vmail
  process_limit = 4
  service_count = 1
  user = vmail
}
service replicator {
  unix_listener replicator-doveadm {
    group = root
    mode = 0600
    user = vmail
  }
}
service submission-login {
  protocol = none
}
service tcpwrap {
  protocol = none
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext.local
  driver = sql
}
valid_chroot_dirs = /var/vmail /etc/dovecot/db
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = " notify replication sieve"
}
protocol imap {
  imap_metadata = yes
}


-- 
Piotr "Malgond" Auksztulewicz                     firstname at lastname.net

More information about the dovecot mailing list