-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 30 Jul 2014, Jogi Hofmüller wrote:
Or better - disable LMTP service in Dovecot. Incoming mail will stay on your MTA and when you're done, you just tell it to deliver everything that piled up in the queue in the meantime
Better but still not perfect ;) We have users that work late and I am sure they would complain when they don't receive email during migration nights.
Still thinking ...
In your original post you've wrote "While migrating a mailbox". So you migrate one user after another. Also, if you want to disable LMTP for that user, you want to disable IMAP and POP3, too, for the very same reason -> or at least put them in read-only mode.
So, IMHO, your goal is to make the mail storage of one user read-only. Experiment with ACLs. Make all the mailboxes of the user read-only. After migration remove the ACLs.
Make the mail storage inaccessable during backup for just one user:
How about adding another userdb { driver = passwd-file args = /.../%s/file } as the first one, which disables the access to the one user's mail storage currently migrated. %s would be lmtp, imap, pop3 and doveadm, IMHO. Make sure, doveadm sees no user in this userdb, but the others do, e.g. symlink the appropriate files and keep /.../doveadm/file zero-length, in order to fall back to LDAP always.
In short: doveadm must know the real path, all other services a faked one.
The migration of one user would be: put user in /.../{imap,pop3,lmtp}/file # or overwrite file with user doveadm auth cache flush # make sure, user info is not cached already migrate remove user from /.../file
a) Besides the %s-way, there must be a way to have doveadm override the settings in:
userdb { driver = passwd-file args = /.../file }
in the line of: doveadm -o userdb[*]/args=/dev/null ....
[*] IMHO you can specify which userdb section is meant by a number or something like that.
b) Instead of to put/remove the user, you can overwrite the file, if there is just one user, and remove the file at the very end.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU9nkkHz1H7kL/d9rAQJ+VQf+Ns/nm/T95z0iq+LC7YlYZTZi7JShHLhh DOAfLZ/DEl2ca1S7ed3SzdHYJu6JLZyU6U//BcRzCCtjmrgHMURNPSlpzFDHKi0O 2kRstMoj0DfMb7r9YO1YG4EQkhWpkkie2ORtN0pubAowcucpwieOPnEcDDipp+Wo lDlxzZ1gTP+hInYGQLvB8cWF8QN2MuwNuUPXBCq3AUrOAoSRh91ALWbEJJ4TXqZE Y3SbGkkZF5cEPqtMULAm+kEd7bKjty0Drsa52LSdlcrQvje+QZmqfe6t3E60tz/I GrNzi2EPMbw5iJqHeYVupqPJWslopxDIZdSP5kboX1eNeaoEJFUGMw== =N8uo -----END PGP SIGNATURE-----