You said you have huge mailboxes - even replicating only one mailbox can maxing out your line, because that's the nature of tcp/ip.
The more data you have to transmit the longer your line will be full.
Depending how you have your VPN tunnel build you might be able to limit the bandwidth on the tunnel endpoint if that's a separate firewall/router/.. or you can do rate limiting with iptables as well.

hth,
Alex

On 10/11/21 6:08 PM, Claudio Corvino wrote:

Hi all,

I have two IMAP/LMTP Dovecot server in replica (version 2.3.4.1) for testing purposes, both connected through an IPsec tunnel, I use LDAP/AD for userdb, all seems to work fine.

Now I would like to go in production where at the moment I have only one server active and setup the replica too ... but! I need to know how I can exclude all the users from replication (help/examples appreciated!) and doing replication one user at a time, in order to not saturate bandwidth on the IPsec tunnel.

I read https://wiki.dovecot.org/Replication:

"Since v2.3.1 you can disable replication for a user by providing 'noreplicate' user database field. Another way to disable replication for some users is to return mail_replica field from userdb for users you want to replicate."

but I can't figure out how to do it.

One last question: since I have to deal with huge mailboxes, if prior to activate replication I do an rsync between the two Dovecot filesystems, does the replication will work?

Thanks in advance!

Cheers

--

Claudio Corvino
IT Systems Administrator