dovecot
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
July 2020
- 79 participants
- 85 discussions
Hello,
I'm trying to configure roundcube / dovecot to work with keycloak.
I activated xoauth2 oauthbearer in dovecot.
But a problem occurs when dovecot tries to contact the keycloak server
(logs are below).
My problem looks like this one:
https://dovecot.org/pipermail/dovecot/2019-December/117768.html
The response to this problem was about a bug in oauth driver
(https://dovecot.org/pipermail/dovecot/2019-December/117787.html)
Mizuki was using Dovecot v2.2.36 (1f10bfa63)
I have Dovecot Dovecot v2.3.4.1 (f79e8e7e4)
I'm wondering if this bug is still present in my version or if I have
another problem.
Both my servers (dovecot and keycloak) are using let's encrypt certificates.
I tried to configure Keycloak with nginx proxy and without it (access
via port 8443) (in case the problem came from the ssl config on the
keycloak server), but still the same error.
If the bug is fixed, then could someone tell me what do I have to put in
the option tls_ca_cert_file?
I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I
got from let's encrypt website (https://letsencrypt.org/certificates/ /
tried ISRG Root X1 (self-signed) & Let’s Encrypt Authority X3 (IdenTrust
cross-signed) & Let’s Encrypt Authority X3 (Signed by ISRG Root X1))
But I always have the same error.
Thanks,
Kenny
My configs:
- I'm on a Debian Buster with Dovecot / postfix / roundcube
- dovecot -n :
---
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-5-cloud-amd64 x86_64 Debian 10.4
auth_debug = yes
auth_mechanisms = xoauth2 oauthbearer login
auth_verbose = yes
debug_log_path = /var/log/dovecot-debug.log
first_valid_gid = 10000
first_valid_uid = 10000
info_log_path = /var/log/dovecot.log
last_valid_gid = 20000
last_valid_uid = 20000
lda_mailbox_autocreate = yes
log_path = /var/log/dovecot.log
mail_debug = yes
mail_gid = mail
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
args = /etc/dovecot/dovecot-oauth2.conf.ext
driver = oauth2
mechanisms = xoauth2 oauthbearer
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0600
user = postfix
}
unix_listener auth-master {
mode = 0600
user = mail
}
unix_listener auth-userdb {
mode = 0600
user = mail
}
}
service stats {
unix_listener stats-reader {
mode = 0600
user = mail
}
unix_listener stats-writer {
mode = 0600
user = mail
}
}
ssl_cert = </etc/letsencrypt/live/my.host/fullchain.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_require_crl = no
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
userdb {
args = gid=mail home=/var/mail/%u
driver = static
}
verbose_ssl = yes
protocol lda {
info_log_path = /var/log/dovecot-deliver.log
log_path = /var/log/dovecot-deliver-errors.log
}
------
- dovecot-oauth2.conf.ext
-----
tokeninfo_url =
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/token
introspection_mode = post
introspection_url =
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…
username_attribute = email
tls_ca_cert_file = /etc/letsencrypt/live/my.host/chain.pem
#tls_ca_cert_file = /etc/ssl/certs/letsencrypt.pem
#active_attribute = enableMail
#active_value = TRUE
debug = yes
rawlog_dir = /tmp/oauth2
-----
* Logs:
-------
Jul 04 17:00:12 auth: Debug:
oauth2(my.mail@whatever,::1,<fG8uk6CpBJ0AAAAAAAAAAAAAAAAAAAAB>): oauth2:
Making token validation lookup to
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/token
Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: Host
created
Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: Host
session created
Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: IPs
have expired; need to refresh DNS lookup
Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host:
Performing asynchronous DNS lookup
Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…...
(long token)]: Submitted (requests left=1)
Jul 04 17:00:12 auth: Debug: http-client: host my.keycloak.host: DNS
lookup successful; got 1 IPs
Jul 04 17:00:12 auth: Debug: http-client: peer 151.62.56.14 (shared):
Peer created
Jul 04 17:00:12 auth: Debug: http-client: peer 151.62.56.14: Peer pool
created
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Peer created
Jul 04 17:00:12 auth: Debug: http-client[1]: queue
https://my.keycloak.host: Setting up connection to 151.62.56.14
(SSL=my.keycloak.host) (1 requests pending)
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Linked
queue https://my.keycloak.host (1 queues linked)
Jul 04 17:00:12 auth: Debug: http-client[1]: queue
https://my.keycloak.host: Started new connection to 151.62.56.14
(SSL=my.keycloak.host)
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Creating
1 new connections to handle requests (already 0 usable, connecting to 0,
closing 0)
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Making
new connection 1 of 1 (0 connections exist, 0 pending)
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
(151.62.56.14): Connecting
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
(151.62.56.14): Waiting for connect (fd=22) to finish for max 0 msecs
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
HTTPS connection created (1 parallel connections exist)
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
(151.62.56.14): Client connected (fd=22)
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
Connected
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
Starting SSL handshake
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x10, ret=1:
before SSL initialization
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
before SSL initialization
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS write client hello
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002,
ret=-1: SSLv3/TLS write client hello
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002,
ret=-1: SSLv3/TLS write client hello
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS write client hello
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS read server hello
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL error: Received
invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS read server certificate
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS read server key exchange
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS read server done
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS write client key exchange
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS write change cipher spec
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS write finished
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002,
ret=-1: SSLv3/TLS write finished
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002,
ret=-1: SSLv3/TLS write finished
==> dovecot.log <==
Jul 04 17:00:12 auth: Info: Received invalid SSL certificate: unable to
get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
==> dovecot-debug.log <==
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002,
ret=-1: SSLv3/TLS write finished
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS write finished
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS read change cipher spec
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1001, ret=1:
SSLv3/TLS read finished
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x20, ret=1:
SSL negotiation finished successfully
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL: where=0x1002, ret=1:
SSL negotiation finished successfully
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL error: Received
invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14:
Connection failed (1 connections exist, 0 pending)
Jul 04 17:00:12 auth: Debug: http-client: peer 151.62.56.14: Failed to
make connection (1 connections exist, 0 pending)
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Failed
to establish any connection within our peer pool: SSL handshaking with
151.62.56.14 failed: read(SSL 151.62.56.14) failed: Received invalid SSL
certificate: unable to get issuer certificate: /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3 (1 connections exist, 0 pending)
Jul 04 17:00:12 auth: Debug: http-client[1]: queue
https://my.keycloak.host: Failed to set up connection to 151.62.56.14
(SSL=my.keycloak.host): SSL handshaking with 151.62.56.14 failed:
read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable
to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3 (1 peers pending, 1 requests pending)
Jul 04 17:00:12 auth: Debug: http-client[1]: queue
https://my.keycloak.host: Failed to set up any connection; failing all
queued requests
Jul 04 17:00:12 auth: Debug: http-client[1]: peer 151.62.56.14: Unlinked
queue https://my.keycloak.host (0 queues linked)
Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…...
(long token)]: Error: 9003 SSL handshaking with 151.62.56.14 failed:
read(SSL 151.62.56.14) failed: Received invalid SSL certificate: unable
to get issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3
Jul 04 17:00:12 auth: Debug: http-client[1]: queue
https://my.keycloak.host: Dropping request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…...
(long token)]
Jul 04 17:00:12 auth: Debug:
oauth2(my.mail@whatever,::1,<fG8uk6CpBJ0AAAAAAAAAAAAAAAAAAAAB>): oauth2:
callback(-1, SSL handshaking with 151.62.56.14 failed: read(SSL
151.62.56.14) failed: Received invalid SSL certificate: unable to get
issuer certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3)
==> dovecot.log <==
Jul 04 17:00:12 auth: Error:
oauth2(my.mail@whatever,::1,<fG8uk6CpBJ0AAAAAAAAAAAAAAAAAAAAB>): oauth2
failed: SSL handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14)
failed: Received invalid SSL certificate: unable to get issuer
certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
==> dovecot-debug.log <==
Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…...
(long token)]: Destroy (requests left=1)
Jul 04 17:00:12 auth: Debug: http-client[1]: request [Req1: GET
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/toke…...
(long token)]: Free (requests left=0)
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]: SSL
handshaking with 151.62.56.14 failed: read(SSL 151.62.56.14) failed:
Received invalid SSL certificate: unable to get issuer certificate:
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
Connection close
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
Connection disconnect
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
(151.62.56.14): Disconnected: Connection closed: Received invalid SSL
certificate: unable to get issuer certificate: /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3 (fd=22)
Jul 04 17:00:12 auth: Debug: my.keycloak.host: SSL error: Received
invalid SSL certificate: unable to get issuer certificate: /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
Detached peer
Jul 04 17:00:12 auth: Debug: http-client[1]: conn 151.62.56.14 [0]:
Connection destroy
-------
2
4
3
3
Hi experts.
in the output of imapsync I found:
Host2: found quota, presented in raw IMAP
Sending: 7 GETQUOTAROOT INBOX
Sent 22 bytes
Read: * QUOTAROOT INBOX "User quota"
* QUOTA "User quota" (STORAGE 420325 1953125)
7 OK Getquotaroot completed (0.001 + 0.000 secs).
Host2: Quota current storage is 430412800 bytes. Limit is 2000000000 bytes. So 21.52 % full
Host2 is under my control and running dovecot-2.3.10.1.
I need to increase the quota above 2 GB but don't know where it comes from and therefor
don't know what to do.
This is the doveconf -a:
| # 2.3.10.1 (a3d0e1171): /usr/local/dovecot/etc/dovecot/dovecot.conf
| # OS: Linux 5.7.6-201.fc32.x86_64 x86_64 Fedora release 32 (Thirty Two) ext3
| # Hostname: christo.fritz.box
| # NOTE: Send doveconf -n output instead when asking for help.
| auth_anonymous_username = anonymous
| auth_cache_negative_ttl = 1 hours
| auth_cache_size = 0
| auth_cache_ttl = 1 hours
| auth_cache_verify_password_with_worker = no
| auth_debug = no
| auth_debug_passwords = no
| auth_default_realm =
| auth_failure_delay = 2 secs
| auth_gssapi_hostname =
| auth_krb5_keytab =
| auth_master_user_separator =
| auth_mechanisms = plain login
| auth_policy_check_after_auth = yes
| auth_policy_check_before_auth = yes
| auth_policy_hash_mech = sha256
| auth_policy_hash_nonce =
| auth_policy_hash_truncate = 12
| auth_policy_log_only = no
| auth_policy_reject_on_fail = no
| auth_policy_report_after_auth = yes
| auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
| auth_policy_server_api_header =
| auth_policy_server_timeout_msecs = 2000
| auth_policy_server_url =
| auth_proxy_self =
| auth_realms =
| auth_socket_path = auth-userdb
| auth_ssl_require_client_cert = no
| auth_ssl_username_from_cert = no
| auth_stats = no
| auth_use_winbind = no
| auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
| auth_username_format = %Lu
| auth_username_translation =
| auth_verbose = no
| auth_verbose_passwords = no
| auth_winbind_helper_path = /usr/bin/ntlm_auth
| auth_worker_max_count = 30
| base_dir = /var/run/dovecot
| config_cache_size = 1 M
| debug_log_path =
| default_client_limit = 1024
| default_idle_kill = 1 mins
| default_internal_group = dovecot
| default_internal_user = dovecot
| default_login_user = dovenull
| default_process_limit = 256
| default_vsz_limit = 512 M
| deliver_log_format = msgid=%m: %$
| dict_db_config =
| director_flush_socket =
| director_mail_servers =
| director_max_parallel_kicks = 100
| director_max_parallel_moves = 100
| director_output_buffer_size = 10 M
| director_ping_idle_timeout = 30 secs
| director_ping_max_timeout = 1 mins
| director_servers =
| director_user_expire = 15 mins
| director_user_kick_delay = 2 secs
| director_username_hash = %Lu
| disable_plaintext_auth = yes
| dotlock_use_excl = yes
| doveadm_allowed_commands =
| doveadm_api_key =
| doveadm_http_rawlog_dir =
| doveadm_password =
| doveadm_port = 0
| doveadm_socket_path = doveadm-server
| doveadm_ssl = no
| doveadm_username = doveadm
| doveadm_worker_count = 0
| dsync_alt_char = _
| dsync_commit_msgs_interval = 100
| dsync_features =
| dsync_hashed_headers = Date Message-ID
| dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
| first_valid_gid = 1
| first_valid_uid = 200
| haproxy_timeout = 3 secs
| haproxy_trusted_networks =
| hostname =
| imap_capability =
| imap_client_workarounds =
| imap_fetch_failure = disconnect-immediately
| imap_hibernate_timeout = 0
| imap_id_log =
| imap_id_retain = no
| imap_id_send = name *
| imap_idle_notify_interval = 2 mins
| imap_literal_minus = no
| imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes}
| imap_max_line_length = 64 k
| imap_metadata = no
| imap_urlauth_host =
| imap_urlauth_logout_format = in=%i out=%o
| imap_urlauth_port = 143
| imapc_cmd_timeout = 5 mins
| imapc_connection_retry_count = 1
| imapc_connection_retry_interval = 1 secs
| imapc_features =
| imapc_host =
| imapc_list_prefix =
| imapc_master_user =
| imapc_max_idle_time = 29 mins
| imapc_max_line_length = 0
| imapc_password =
| imapc_port = 143
| imapc_rawlog_dir =
| imapc_sasl_mechanisms =
| imapc_ssl = no
| imapc_ssl_verify = yes
| imapc_user =
| import_environment = TZ CORE_OUTOFMEM CORE_ERROR
| info_log_path =
| instance_name = dovecot
| last_valid_gid = 0
| last_valid_uid = 65534
| lda_mailbox_autocreate = no
| lda_mailbox_autosubscribe = no
| lda_original_recipient_header =
| libexec_dir = /usr/local/dovecot/libexec/dovecot
| listen = *
| lmtp_add_received_header = yes
| lmtp_client_workarounds =
| lmtp_hdr_delivery_address = final
| lmtp_proxy = no
| lmtp_proxy_rawlog_dir =
| lmtp_rawlog_dir =
| lmtp_rcpt_check_quota = no
| lmtp_save_to_detail_mailbox = yes
| lmtp_user_concurrency_limit = 0
| lock_method = fcntl
| log_core_filter =
| log_debug =
| log_path = syslog
| log_timestamp = "%b %d %H:%M:%S "
| login_access_sockets =
| login_greeting = m28a.ddns.net - IMAPs Service (dovecot) ready.
| login_log_format = %$: %s
| login_log_format_elements = %u %r %c
| login_plugin_dir = /usr/local/dovecot/lib/dovecot/login
| login_plugins =
| login_proxy_max_disconnect_delay = 0
| login_proxy_notify_path = proxy-notify
| login_source_ips =
| login_trusted_networks =
| mail_access_groups =
| mail_always_cache_fields =
| mail_attachment_detection_options =
| mail_attachment_dir =
| mail_attachment_fs = sis posix
| mail_attachment_hash = %{sha1}
| mail_attachment_min_size = 128 k
| mail_attribute_dict =
| mail_cache_compress_continued_percentage = 200
| mail_cache_compress_delete_percentage = 20
| mail_cache_compress_header_continue_count = 4
| mail_cache_compress_min_size = 32 k
| mail_cache_fields = flags
| mail_cache_min_mail_count = 0
| mail_cache_record_max_size = 64 k
| mail_cache_unaccessed_field_drop = 30 days
| mail_chroot =
| mail_debug = no
| mail_fsync = optimized
| mail_full_filesystem_access = no
| mail_gid =
| mail_home =
| mail_index_log2_max_age = 2 days
| mail_index_log_rotate_max_size = 1 M
| mail_index_log_rotate_min_age = 5 mins
| mail_index_log_rotate_min_size = 32 k
| mail_index_rewrite_max_log_bytes = 128 k
| mail_index_rewrite_min_log_bytes = 8 k
| mail_location = maildir:/var/spool/mail/%u:LAYOUT=fs
| mail_log_prefix = "%Us(%u,%r): "
| mail_max_keyword_length = 50
| mail_max_lock_timeout = 0
| mail_max_userip_connections = 10
| mail_never_cache_fields = imap.envelope
| mail_nfs_index = no
| mail_nfs_storage = no
| mail_plugin_dir = /usr/dovecot/lib/dovecot/
| mail_plugins = notify quota fts fts_squat acl
| mail_prefetch_count = 0
| mail_privileged_group =
| mail_save_crlf = no
| mail_server_admin =
| mail_server_comment =
| mail_shared_explicit_inbox = no
| mail_sort_max_read_count = 0
| mail_temp_dir = /tmp
| mail_temp_scan_interval = 1 weeks
| mail_uid =
| mail_vsize_bg_after_count = 0
| mailbox_idle_check_interval = 30 secs
| mailbox_list_index = yes
| mailbox_list_index_include_inbox = no
| mailbox_list_index_very_dirty_syncs = no
| maildir_broken_filename_sizes = no
| maildir_copy_with_hardlinks = yes
| maildir_empty_new = no
| maildir_stat_dirs = no
| maildir_very_dirty_syncs = no
| master_user_separator =
| mbox_dirty_syncs = yes
| mbox_dotlock_change_timeout = 2 mins
| mbox_lazy_writes = yes
| mbox_lock_timeout = 5 mins
| mbox_md5 = apop3d
| mbox_min_index_size = 0
| mbox_read_locks = fcntl
| mbox_very_dirty_syncs = no
| mbox_write_locks = dotlock fcntl
| mdbox_preallocate_space = no
| mdbox_rotate_interval = 0
| mdbox_rotate_size = 10 M
| mmap_disable = no
| namespace inbox {
| disabled = no
| hidden = no
| ignore_on_failure = no
| inbox = yes
| list = yes
| location =
| mailbox Drafts {
| auto = no
| autoexpunge = 0
| autoexpunge_max_mails = 0
| comment =
| driver =
| special_use = \Drafts
| }
| mailbox Gesendet {
| auto = no
| autoexpunge = 0
| autoexpunge_max_mails = 0
| comment =
| driver =
| special_use = \Sent
| }
| mailbox SPAM {
| auto = no
| autoexpunge = 0
| autoexpunge_max_mails = 0
| comment =
| driver =
| special_use = \Junk
| }
| mailbox Sent {
| auto = no
| autoexpunge = 0
| autoexpunge_max_mails = 0
| comment =
| driver =
| special_use = \Sent
| }
| mailbox Trash {
| auto = no
| autoexpunge = 0
| autoexpunge_max_mails = 0
| comment =
| driver =
| special_use = \Trash
| }
| order = 0
| prefix =
| separator =
| subscriptions = yes
| type = private
| }
| old_stats_carbon_interval = 30 secs
| old_stats_carbon_name =
| old_stats_carbon_server =
| old_stats_command_min_time = 1 mins
| old_stats_domain_min_time = 12 hours
| old_stats_ip_min_time = 12 hours
| old_stats_memory_limit = 16 M
| old_stats_session_min_time = 15 mins
| old_stats_user_min_time = 1 hours
| passdb {
| args = dovecot
| auth_verbose = default
| default_fields =
| deny = no
| driver = pam
| master = no
| mechanisms =
| name =
| override_fields =
| pass = no
| result_failure = continue
| result_internalfail = continue
| result_success = return-ok
| skip = never
| username_filter =
| }
| plugin {
| fts = squat
| fts_squat = partial=4 full=10
| mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append
| mail_log_fields = uid box from subject msgid size flags
| mail_log_group_events = yes
| quota = maildir:User quota
| quota_rule = ?:storage=5G
| quota_rule2 = Trash:storage=+100M
| }
| pop3_client_workarounds =
| pop3_delete_type = default
| pop3_deleted_flag =
| pop3_enable_last = no
| pop3_fast_size_lookups = no
| pop3_lock_session = no
| pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
| pop3_no_flag_updates = no
| pop3_reuse_xuidl = no
| pop3_save_uidl = no
| pop3_uidl_duplicates = allow
| pop3_uidl_format = %08Xu%08Xv
| pop3c_features =
| pop3c_host =
| pop3c_master_user =
| pop3c_password =
| pop3c_port = 110
| pop3c_quick_received_date = no
| pop3c_rawlog_dir =
| pop3c_ssl = no
| pop3c_ssl_verify = yes
| pop3c_user = %u
| postmaster_address = mailonator(a)mailbox.org
| protocols = imap
| quota_full_tempfail = no
| rawlog_dir =
| recipient_delimiter = +
| rejection_reason = Your message to <%t> was automatically rejected:%n%r
| rejection_subject = Rejected: %s
| replication_dsync_parameters = -d -N -l 30 -U
| replication_full_sync_interval = 1 days
| replication_max_conns = 10
| replicator_host = replicator
| replicator_port = 0
| sendmail_path = /usr/sbin/sendmail
| service aggregator {
| chroot = .
| client_limit = 0
| drop_priv_before_exec = no
| executable = aggregator
| extra_groups =
| fifo_listener replication-notify-fifo {
| group =
| mode = 0600
| user =
| }
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener replication-notify {
| group =
| mode = 0600
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service anvil {
| chroot = empty
| client_limit = 1024
| drop_priv_before_exec = no
| executable = anvil
| extra_groups =
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 1
| process_min_avail = 1
| protocol =
| service_count = 0
| type = anvil
| unix_listener anvil-auth-penalty {
| group =
| mode = 0600
| user =
| }
| unix_listener anvil {
| group =
| mode = 0600
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service auth-worker {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = auth -w
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 1
| type =
| unix_listener auth-worker {
| group =
| mode = 0600
| user = $default_internal_user
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service auth {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = auth
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener auth-client {
| group = exim
| mode = 0660
| user = exim
| }
| unix_listener auth-login {
| group =
| mode = 0600
| user = $default_internal_user
| }
| unix_listener auth-master {
| group =
| mode = 0600
| user =
| }
| unix_listener auth-userdb {
| group =
| mode = 0666
| user = $default_internal_user
| }
| unix_listener login/login {
| group =
| mode = 0666
| user =
| }
| unix_listener token-login/tokenlogin {
| group =
| mode = 0666
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service config {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = config
| extra_groups =
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type = config
| unix_listener config {
| group =
| mode = 0600
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service dict-async {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = dict
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener dict-async {
| group = $default_internal_group
| mode = 0660
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service dict {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = dict
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener dict {
| group = $default_internal_group
| mode = 0660
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service director {
| chroot = .
| client_limit = 0
| drop_priv_before_exec = no
| executable = director
| extra_groups =
| fifo_listener login/proxy-notify {
| group =
| mode = 00
| user =
| }
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener director-admin {
| group =
| mode = 0600
| user =
| }
| unix_listener login/director {
| group =
| mode = 00
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service dns_client {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = dns-client
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener dns-client {
| group =
| mode = 0666
| user =
| }
| unix_listener login/dns-client {
| group =
| mode = 0666
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service doveadm {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = doveadm-server
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 1
| type =
| unix_listener doveadm-server {
| group =
| mode = 0600
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service health-check {
| chroot =
| client_limit = 1
| drop_priv_before_exec = yes
| executable = script -p health-check.sh
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service imap-hibernate {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = imap-hibernate
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol = imap
| service_count = 0
| type =
| unix_listener imap-hibernate {
| group = $default_internal_group
| mode = 0660
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service imap-login {
| chroot = login
| client_limit = 0
| drop_priv_before_exec = no
| executable = imap-login
| extra_groups =
| group =
| idle_kill = 0
| inet_listener imap {
| address =
| haproxy = no
| port = 143
| reuse_port = no
| ssl = no
| }
| inet_listener imaps {
| address =
| haproxy = no
| port = 993
| reuse_port = no
| ssl = yes
| }
| privileged_group =
| process_limit = 512
| process_min_avail = 3
| protocol = imap
| service_count = 1
| type = login
| user = $default_login_user
| vsz_limit = 18446744073709551615 B
| }
| service imap-postlogin {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = script-login /usr/local/sbin/dovecot-imap-post-login
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| user =
| vsz_limit = 18446744073709551615 B
| }
| service imap-urlauth-login {
| chroot = token-login
| client_limit = 0
| drop_priv_before_exec = no
| executable = imap-urlauth-login
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol = imap
| service_count = 1
| type = login
| unix_listener imap-urlauth {
| group =
| mode = 0666
| user =
| }
| user = $default_login_user
| vsz_limit = 18446744073709551615 B
| }
| service imap-urlauth-worker {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = imap-urlauth-worker
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 1024
| process_min_avail = 0
| protocol = imap
| service_count = 1
| type =
| unix_listener imap-urlauth-worker {
| group =
| mode = 0600
| user = $default_internal_user
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service imap-urlauth {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = imap-urlauth
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 1024
| process_min_avail = 0
| protocol = imap
| service_count = 1
| type =
| unix_listener token-login/imap-urlauth {
| group =
| mode = 0666
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service imap {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = imap
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 128
| process_min_avail = 0
| protocol = imap
| service_count = 1
| type =
| unix_listener imap-master {
| group =
| mode = 0600
| user =
| }
| unix_listener login/imap {
| group =
| mode = 0666
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service indexer-worker {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = indexer-worker
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 10
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener indexer-worker {
| group =
| mode = 0600
| user = $default_internal_user
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service indexer {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = indexer
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener indexer {
| group =
| mode = 0666
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service ipc {
| chroot = empty
| client_limit = 0
| drop_priv_before_exec = no
| executable = ipc
| extra_groups =
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener ipc {
| group =
| mode = 0600
| user = $default_internal_user
| }
| unix_listener login/ipc-proxy {
| group =
| mode = 0600
| user = $default_login_user
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service lmtp {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = lmtp
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol = lmtp
| service_count = 0
| type =
| unix_listener lmtp {
| group =
| mode = 0666
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service log {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = log
| extra_groups =
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type = log
| unix_listener log-errors {
| group =
| mode = 0600
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service old-stats {
| chroot = empty
| client_limit = 0
| drop_priv_before_exec = no
| executable = old-stats
| extra_groups =
| fifo_listener old-stats-mail {
| group =
| mode = 0600
| user =
| }
| fifo_listener old-stats-user {
| group =
| mode = 0600
| user =
| }
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener old-stats {
| group =
| mode = 0600
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service pop3-login {
| chroot = login
| client_limit = 0
| drop_priv_before_exec = no
| executable = pop3-login
| extra_groups =
| group =
| idle_kill = 0
| inet_listener pop3 {
| address =
| haproxy = no
| port = 110
| reuse_port = no
| ssl = no
| }
| inet_listener pop3s {
| address =
| haproxy = no
| port = 995
| reuse_port = no
| ssl = yes
| }
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol = pop3
| service_count = 1
| type = login
| user = $default_login_user
| vsz_limit = 18446744073709551615 B
| }
| service pop3 {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = pop3
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 128
| process_min_avail = 0
| protocol = pop3
| service_count = 1
| type =
| unix_listener login/pop3 {
| group =
| mode = 0666
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service replicator {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = replicator
| extra_groups =
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener replicator-doveadm {
| group =
| mode = 00
| user = $default_internal_user
| }
| unix_listener replicator {
| group =
| mode = 0600
| user = $default_internal_user
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| service stats {
| chroot =
| client_limit = 0
| drop_priv_before_exec = no
| executable = stats
| extra_groups =
| group =
| idle_kill = 4294967295 secs
| privileged_group =
| process_limit = 1
| process_min_avail = 0
| protocol =
| service_count = 0
| type =
| unix_listener stats-reader {
| group =
| mode = 0600
| user =
| }
| unix_listener stats-writer {
| group = $default_internal_group
| mode = 0660
| user =
| }
| user = $default_internal_user
| vsz_limit = 18446744073709551615 B
| }
| service submission-login {
| chroot = login
| client_limit = 0
| drop_priv_before_exec = no
| executable = submission-login
| extra_groups =
| group =
| idle_kill = 0
| inet_listener submission {
| address =
| haproxy = no
| port = 587
| reuse_port = no
| ssl = no
| }
| privileged_group =
| process_limit = 0
| process_min_avail = 0
| protocol = submission
| service_count = 1
| type = login
| user = $default_login_user
| vsz_limit = 18446744073709551615 B
| }
| service submission {
| chroot =
| client_limit = 1
| drop_priv_before_exec = no
| executable = submission
| extra_groups = $default_internal_group
| group =
| idle_kill = 0
| privileged_group =
| process_limit = 1024
| process_min_avail = 0
| protocol = submission
| service_count = 1
| type =
| unix_listener login/submission {
| group =
| mode = 0666
| user =
| }
| user =
| vsz_limit = 18446744073709551615 B
| }
| shutdown_clients = yes
| ssl = yes
| ssl_alt_cert =
| ssl_alt_key =
| ssl_ca =
| ssl_cert = </usr/local/etc/Certs/m28a.crt
| ssl_cert_username_field = commonName
| ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
| ssl_client_ca_dir =
| ssl_client_ca_file =
| ssl_client_cert =
| ssl_client_key =
| ssl_client_require_valid_cert = yes
| ssl_crypto_device =
| ssl_curve_list =
| ssl_dh = # hidden, use -P to show it
| ssl_key = # hidden, use -P to show it
| ssl_key_password =
| ssl_min_protocol = TLSv1
| ssl_options =
| ssl_prefer_server_ciphers = no
| ssl_require_crl = yes
| ssl_verify_client_cert = no
| state_dir = /var/lib/dovecot
| stats_writer_socket_path = stats-writer
| submission_client_workarounds =
| submission_host =
| submission_logout_format = in=%i out=%o
| submission_max_mail_size = 0
| submission_max_recipients = 0
| submission_relay_command_timeout = 5 mins
| submission_relay_connect_timeout = 30 secs
| submission_relay_host =
| submission_relay_master_user =
| submission_relay_max_idle_time = 29 mins
| submission_relay_password =
| submission_relay_port = 25
| submission_relay_rawlog_dir =
| submission_relay_ssl = no
| submission_relay_ssl_verify = yes
| submission_relay_trusted = no
| submission_relay_user =
| submission_ssl = no
| submission_timeout = 30 secs
| syslog_facility = mail
| userdb {
| args =
| auth_verbose = default
| default_fields =
| driver = passwd
| name =
| override_fields =
| result_failure = continue
| result_internalfail = continue
| result_success = return-ok
| skip = never
| }
| valid_chroot_dirs =
| verbose_proctitle = yes
| verbose_ssl = no
| version_ignore = no
| protocol lmtp {
| mail_plugins = notify quota fts fts_squat acl
| }
| protocol lda {
| mail_plugins = notify quota fts fts_squat acl
| }
| protocol imap {
| imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
| imap_id_log = *
| imap_logout_format = [%i/%o]
| mail_max_userip_connections = 0
| mail_plugins = notify quota fts fts_squat acl quota imap_quota listescape fts fts_squat
| }
The config may be sub-optimal. Please concentrate on my quota problem.
Stay healthy,
Frank Elsner
1
0
Hello,
I have two installations of dovecot configured to replicate mailboxes
between them. recently, i upgraded the operating system on one of them
(mx2.example.com) and now i'm running one installation on version 2.2.27
(debian stretch) and another on version 2.3.4.1 (mx1.example.com debian
buster).
My setup includes 3 shared namespaces that point to the mailboxes of 3
accounts. these accounts are setup to use maildir format.
After upgrading one of the hosts, i started having issues with failed
replications on those mailboxes.
I tried running the replication manually and repeatedly by issuing the
following on mx1.example.com:
doveadv -d sync -u exception_bucket(a)example.com -d -l 30 -n -u
and the logs on mx2.example.com included the following lines consistently:
Jul 02 14:21:58 dsync-server(exception_bucket(a)example.com): Debug: brain
S: Change during sync: Mailbox GUID 2d32711ddfd27250390e0000a712b6e3 was
lost
Jul 02 14:21:58 dsync-server(exception_bucket(a)example.com): Debug: brain
S: We don't have mailbox 2d32711ddfd27250390e0000a712b6e3
I double checked for the existance of the mailbox with that guid (that
guid points to the inbox) and the mailbox existed on both servers but,
the contents of the mailbox on the two servers where different (missing
e-mails on both servers).
I attempted running a force-resync command as follows but with no luck.
doveadm -d force-resync -u exception_bucket(a)example.com inbox
but the issue persisted. admittedly, i didn't run the command on both
servers because i read it doesn't replicate after figuring a workaround.
The next thing i tried was attempting replication without the -n flag,
given that you mention that there are some issues replicating shared
namespaces. That didn't fix the replication status either.
After looking around, i came onto the solution on this thread:
https://dovecot.org/pipermail/dovecot/2017-october/109620.html
which proposed setting mailbox_list_index = no.
This was the default setting on version 2.2.27, so i changed that
setting on mx2.example.com which was running version 2.3.4.1.
This allowed the replication to work but i don't think it is a setting i
want in my configuration.
Is there something i can do to re-enable dovecot to check index files
instead of mailboxes? Could that be an issue when replicating between
those two different versions?
I'm attaching the configuration files for both the mailservers, a
separate configuration file is included since mail_replica settings are
set from there, and a link to the compressed log file i pulled during
the operation.
https://filebin.net/d9yygnq8jg74unwb/replication_debug.log.bz2?t=vv2o81ka
Thank you in advance,
Apostolis Hardalias
1
0
I have a mail server with multiple IP addresses and associated DNS names
In the dovecot configuration I have a listen directive:
listen = mail.example.com.com,mail.otherexample.com,localhost
Multiple local stanzas are of the form:
local mail.example.com {
protocol imap {
ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem
service imaps_login {
inet_listener imaps {
address=mail.example.com
}
inet_listener imap {
address=mail.example.com
}
}
}
}
mail.example.com has IPv4 and IPv6 addresses in DNS
When I run doveconf -n the local configuration is only generated for the
IPv6 address. I can test the operation on IPv6 using openSSL and see
different server certificates on different IP addresses as expected.
How do I force local generation for both IPv4 and IPv6 ?
3
4