I'm trying to use dsync to upgrade from an existing 2.3 server running native on MacOS to a 2.4.1 server running inside a Docker container on the same machine, using the official Dovecot 2.4.1 Docker image from DockerHub.
For testing, I decided to set up a new hostname (CNAME) record in DNS pointing to the same IP, since both Dovecot instances are running on the same host.
The new 2.4.1 Docker-containerized instance is working fine so far, which is to say I can connect to it from a mail client (the Mac Mail app) using TLS/SSL, and I'm able to move mail messages in, delete them, create folders, etc.
For the next phase of testing, I want to migrate a single folder of a single user's email from the 2.3 instance to the new 2.4.1 Docker instance. I recently found out about dsync and thought I'd give it a try.
The test Dockerized instance exposes its IMAPS port to a different port than the legacy instance (of course).
I found that dsync seems to behave differently than the IMAP service wrt the certficate chain: Whereas the Mail client was able to negotiate the encrypted connection with the LetsEncrypt server cert alone in the dovecot cert file, with dsync, the 2.3 server seemed to require the entire cert chain to reside in the file. (?)
After resolving that, the source dsync could at least get past the certificate validation phase, but then complained thusly:
Oct 19 21:52:11 doveadm(myuser@mydomain.net): Error: doveadm server sent invalid handshake: * OK [CAPABILITY IMAP4rev1 LOGIN-REFERRALS ID ENABLE IDLE SASL-IR LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready. Oct 19 21:52:11 doveadm(myuser@mydomain.net): Error: Disconnected from remote: EOF Oct 19 21:52:11 doveadm(myuser@mydomain.net): Debug: auth-master: conn unix:/usr/local/var/run/dovecot/auth-userdb (uid=0): Disconnected: Connection closed (fd=8)
I can't tell from that error message what the source dsync doesn't like about the destination dsync, or for that matter, whether it might be the destination dsync that doesn't like what the source dsync is saying??
Anyway, I'm invoking dsync like this, to sync just a single folder:
$ sudo doveadm -D -v backup -u myuser@mydomain.net -m FolderName tcps:testserver.mydomain.net:31993
ALSO: I confess that I also don't understand how dsync can work without asking for user account passwords, if it's indeed running over the IMAPS service. How can the destination service trust the incoming dsync connection? I assume it's running over a normal IMAPS connection, since that's the only port that I've given to the source dsync command, but maybe that's not the case?
The docs are pretty unclear about this aspect, but I'm no expert, so maybe this is just obvious to others. (?)