On 22.6.2019 22.00, Reio Remma via dovecot wrote:

Hello!

I finally took the time and spent two days to set up replication for
my server and now I have a question or two.

I initially set noreplicate userdb field to 1 for all but a test user,
but I could still see in the logs that all mailboxes were trying to
connect to the other server via SSH. Is that normal?

Jun 22 16:55:22 host dovecot: dsync-local(user@host.ee)<>: Error:
Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l
vmail backup.host.ee doveadm dsync-server -D -u user@host.ee

Then I ended up setting mail_replica in userdb for only my test user,
but I could still see in the logs that it was trying to sync the
others as well, despite mail_replica being 0 for the rest.

Jun 22 20:52:59 host dovecot: doveadm(user@host.ee): Fatal: -N
parameter requires syncing with remote host

I also notice (and read from recent posts) that sieve script
replication doesn't work at all.

Dovecot v2.3.6 and Pigeonhole from the official Dovecot CentOS repo.

Thanks,
Reio
PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun
as usual. :)

Hi!

We are fixing this is 2.3.7, noreplicate works but causes errors. You
can try
https://github.com/dovecot/core/compare/6d5b4b5%5E..93945ec.patch if you
are compiling yourself.

Dovecot under selinux works, as long as you do it the way the policy
writer intended, see https://linux.die.net/man/8/dovecot_selinux

Aki

module selinux-dovecot-replication-ssh 1.0;

require {
        type ssh_exec_t;
        type ssh_home_t;
        type dovecot_t;
        class file { open read execute execute_no_trans };
        class dir { getattr search };
}

#============= dovecot_t ==============
allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans };
allow dovecot_t ssh_home_t:dir { getattr search };
allow dovecot_t ssh_home_t:file { open read };