Hi --
I am testing replicator/dsync over tcp, and I did run into some issues.
First of all I did need to extend http://wiki2.dovecot.org/Replication to get dsync over tcp running without ssl:
| # dsync over tcp default port
| #
| doveadm_port = 12345
| service doveadm {
| # running dsync over tcp and using ssl
| #added-->| user = vmail | inet_listener { added-->| address = 1.2.3.4 | port = 12345 | # ssl = yes | } | }
| plugin {
| # this host replicates to remote host
| #
| mail_replica = tcp:SERVER-A.TLDThat didn't work ...
| dovecot: doveadm(test): Error: doveadm_password not set, can't authenticate to remote server
... thus, I needed to add:
added-->| local 1.2.3.4 { added-->| # password for client authentication by doveadm server added-->| # added-->| doveadm_password = secret added-->| # allow client to only use specified list of commands (default is all): added-->| # added-->| #doveadm_allowed_commands = added-->| }
- Question: may one include "secret" from a file?
Well, that runs like a charm!
Now, I did try to add ssl by activating "ssl = yes" in 'service doveadm' (see above) and adding ...
| # used by replicator/dsync over tcp | # | ssl_client_ca_dir = /<path-to>/ssl/certs
... and ...
| mail_replica = tcps:SERVER-A.TLD
But, this didn't work (logfile at remote server):
| dovecot: doveadm(test): Invalid certificate: self signed certificate: /OU=dovecot server/CN=OTHER-NAME.TLD/emailAddress=postmaster@OTHER-NAME.TLD | dovecot: doveadm(test): Error: SERVER-A.TLD: Received invalid SSL certificate | dovecot: doveadm(test): Error: sync: Disconnected from remote
The OTHER-NAME.TLD is served by my additional settings used by my MUAs:
| ssl_cert =
I did supply SERVER-A.TLD certs and private certificates at both servers as well, but dovecot seems to use those of OTHER-NAME.TLD for replicator/dsync instead :-(
- Question: May I config the certificate that should be used for replicator/dsync and that might be different from those used by my MUAs (other then pointing to '/<path-to>/ssl/certs')?
I am quite sure that I screwed my config somehow, but I cannot find the cause. Thus, someone?
Thanks, and with kind regards, Michael