Hey all,
I'm experiencing a weird and annoying issue with my 2-node dovecot replication setup.
The setup is based on virtual users in a pgsql database, which is replicated from the master to a slave node. For the mails I rely on the dovecot builtin replication which has been working great for me thus far.
However I noticed something was off when looking through my journal yesterday:
dovecot[823]: doveadm: Error: Couldn't lock /var/vmail/foxxx0.de/qwer/.dovecot-sync.lock: safe_mkstemp(/var/vmail/foxxx0.de/qwer/.dovecot-sync.lock) failed: No such file or directory
In this case the domain directory /var/vmail/foxxx0.de was already existing on the slave, but dovecot didn't bother to create the user folder before trying to lock it.
The same happens when the entire domain folder is missing:
dovecot[823]: doveadm: Error: Couldn't lock /var/vmail/dj-orakel.de/booking/.dovecot-sync.lock: safe_mkstemp(/var/vmail/dj-orakel.de/booking/.dovecot-sync.lock) failed: No such file or directory
(in this case /var/vmail/dj-orakel.de is not existing yet)
A natural first though would be "permission problem" - which I suspected too but the filesystem permissions are identical on the master and the slave:
master (mx1):
root@valhalla ~ > stat /var/vmail/ File: /var/vmail/ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd06h/64774d Inode: 2 Links: 28 Access: (2770/drwxrws---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2016-09-04 13:04:33.837609018 +0200 Modify: 2018-03-17 18:22:47.506323895 +0100 Change: 2018-03-17 18:22:47.506323895 +0100 Birth: - root@valhalla ~ > id dovecot uid=76(dovecot) gid=76(dovecot) groups=76(dovecot) root@valhalla ~ > id vmail uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)
replication slave (mx2):
root@midgard ~ > stat /var/vmail File: /var/vmail Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fe02h/65026d Inode: 2 Links: 27 Access: (2770/drwxrws---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2017-10-15 12:09:56.174209161 +0200 Modify: 2018-03-06 15:43:41.463359651 +0100 Change: 2018-03-06 15:43:41.463359651 +0100 Birth: - root@midgard ~ > id dovecot uid=76(dovecot) gid=76(dovecot) groups=76(dovecot) root@midgard ~ > id vmail uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)
The replication service is configured in dovecot to run as user vmail, so it should not be a permission problem because the master is automatically creating the domain and user folders inside /var/vmail when new mails arrive.
I highly suspect that this is some kind of regression because I can't remember having to manually create the domain/user folders on the slave before it would replicate mails for these, and there are quite a number of domains/users being replicated already.
Please find the "doveconf -n" output of both servers below. If you need additional information, please let me know.
Cheers, Thore
doveconf -n (master/mx1):
# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.1 (d33dca20)
# OS: Linux 4.15.7-1-hardened x86_64 Arch Linux
auth_cache_negative_ttl = 10 secs
auth_cache_size = 50 M
auth_cache_ttl = 5 mins
auth_mechanisms = plain login
doveadm_password = # hidden, use -P to show it
doveadm_port = 12121
mail_home = /var/vmail/%Ld/%Ln
mail_location = mdbox:~/mdbox
mail_plugins = " acl zlib notify mail_log replication quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate
mdbox_rotate_size = 20 M
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
mail_replica = tcps:mx2.nano-srv.net
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
quota_grace = 1%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /etc/dovecot/sieve/global
sieve_global_path = /etc/dovecot/sieve/default.sieve
zlib_save = gz
zlib_save_level = 9
}
protocols = imap pop3 sieve lmtp
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
mode = 0600
user = vmail
}
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service doveadm {
inet_listener {
port = 12121
ssl = yes
}
vsz_limit = 1 G
}
service imap-login {
process_limit = 400
process_min_avail = 5
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12122
}
}
service quota-warning {
executable = script /var/vmail/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert =
doveconf -n (slave/mx2):
# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.1 (d33dca20)
# OS: Linux 4.15.7-1-hardened x86_64 Arch Linux
auth_cache_negative_ttl = 10 secs
auth_cache_size = 50 M
auth_cache_ttl = 5 mins
auth_mechanisms = plain login
doveadm_password = # hidden, use -P to show it
doveadm_port = 12121
mail_home = /var/vmail/%Ld/%Ln
mail_location = mdbox:~/mdbox
mail_plugins = " acl zlib notify mail_log replication quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate
mdbox_rotate_size = 20 M
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
mail_replica = tcps:mx1.nano-srv.net
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
quota_grace = 1%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /etc/dovecot/sieve/global
sieve_global_path = /etc/dovecot/sieve/default.sieve
zlib_save = gz
zlib_save_level = 9
}
protocols = imap pop3 sieve lmtp
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
mode = 0600
user = vmail
}
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service doveadm {
inet_listener {
port = 12121
ssl = yes
}
vsz_limit = 1 G
}
service imap-login {
process_limit = 400
process_min_avail = 5
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12122
}
}
service quota-warning {
executable = script /var/vmail/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert =
--