Hey all,
I'm experiencing a weird and annoying issue with my 2-node dovecot replication setup.
The setup is based on virtual users in a pgsql database, which is replicated from the master to a slave node. For the mails I rely on the dovecot builtin replication which has been working great for me thus far.
However I noticed something was off when looking through my journal yesterday:
dovecot[823]: doveadm: Error: Couldn't lock /var/vmail/foxxx0.de/qwer/.dovecot-sync.lock: safe_mkstemp(/var/vmail/foxxx0.de/qwer/.dovecot-sync.lock) failed: No such file or directory
In this case the domain directory /var/vmail/foxxx0.de was already existing on the slave, but dovecot didn't bother to create the user folder before trying to lock it.
The same happens when the entire domain folder is missing:
dovecot[823]: doveadm: Error: Couldn't lock /var/vmail/dj-orakel.de/booking/.dovecot-sync.lock: safe_mkstemp(/var/vmail/dj-orakel.de/booking/.dovecot-sync.lock) failed: No such file or directory
(in this case /var/vmail/dj-orakel.de is not existing yet)
A natural first though would be "permission problem" - which I suspected too but the filesystem permissions are identical on the master and the slave:
master (mx1):
root@valhalla ~ > stat /var/vmail/ File: /var/vmail/ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd06h/64774d Inode: 2 Links: 28 Access: (2770/drwxrws---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2016-09-04 13:04:33.837609018 +0200 Modify: 2018-03-17 18:22:47.506323895 +0100 Change: 2018-03-17 18:22:47.506323895 +0100 Birth: - root@valhalla ~ > id dovecot uid=76(dovecot) gid=76(dovecot) groups=76(dovecot) root@valhalla ~ > id vmail uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)
replication slave (mx2):
root@midgard ~ > stat /var/vmail File: /var/vmail Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fe02h/65026d Inode: 2 Links: 27 Access: (2770/drwxrws---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail) Access: 2017-10-15 12:09:56.174209161 +0200 Modify: 2018-03-06 15:43:41.463359651 +0100 Change: 2018-03-06 15:43:41.463359651 +0100 Birth: - root@midgard ~ > id dovecot uid=76(dovecot) gid=76(dovecot) groups=76(dovecot) root@midgard ~ > id vmail uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)
The replication service is configured in dovecot to run as user vmail, so it should not be a permission problem because the master is automatically creating the domain and user folders inside /var/vmail when new mails arrive.
I highly suspect that this is some kind of regression because I can't remember having to manually create the domain/user folders on the slave before it would replicate mails for these, and there are quite a number of domains/users being replicated already.
Please find the "doveconf -n" output of both servers below. If you need additional information, please let me know.
Cheers, Thore
doveconf -n (master/mx1):
# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0.1 (d33dca20) # OS: Linux 4.15.7-1-hardened x86_64 Arch Linux auth_cache_negative_ttl = 10 secs auth_cache_size = 50 M auth_cache_ttl = 5 mins auth_mechanisms = plain login doveadm_password = # hidden, use -P to show it doveadm_port = 12121 mail_home = /var/vmail/%Ld/%Ln mail_location = mdbox:~/mdbox mail_plugins = " acl zlib notify mail_log replication quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mdbox_rotate_size = 20 M namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcps:mx2.nano-srv.net quota = dict:user::file:/var/vmail/%d/%n/.quotausage quota_grace = 1%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/global sieve_global_path = /etc/dovecot/sieve/default.sieve zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 sieve lmtp service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener auth-client { group = postfix mode = 0660 user = postfix } user = root } service doveadm { inet_listener { port = 12121 ssl = yes } vsz_limit = 1 G } service imap-login { process_limit = 400 process_min_avail = 5 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12122 } } service quota-warning { executable = script /var/vmail/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = vmail } } ssl_cert = </etc/letsencrypt/live/nano-srv.net/fullchain.pem ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-SHA384:DHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes submission_host = 127.0.0.1:10027 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 30 mail_plugins = " acl zlib notify mail_log replication quota imap_quota" } protocol pop3 { mail_plugins = " acl zlib notify mail_log replication quota" pop3_uidl_format = %08Xu%08Xv } protocol lda { mail_plugins = " acl zlib notify mail_log replication quota sieve" postmaster_address = postmaster@nano-srv.net } protocol lmtp { mail_plugins = " acl zlib notify mail_log replication quota sieve" postmaster_address = postmaster@nano-srv.net } protocol sieve { managesieve_logout_format = bytes ( in=%i : out=%o ) }
doveconf -n (slave/mx2):
# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0.1 (d33dca20) # OS: Linux 4.15.7-1-hardened x86_64 Arch Linux auth_cache_negative_ttl = 10 secs auth_cache_size = 50 M auth_cache_ttl = 5 mins auth_mechanisms = plain login doveadm_password = # hidden, use -P to show it doveadm_port = 12121 mail_home = /var/vmail/%Ld/%Ln mail_location = mdbox:~/mdbox mail_plugins = " acl zlib notify mail_log replication quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mdbox_rotate_size = 20 M namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = tcps:mx1.nano-srv.net quota = dict:user::file:/var/vmail/%d/%n/.quotausage quota_grace = 1%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /etc/dovecot/sieve/global sieve_global_path = /etc/dovecot/sieve/default.sieve zlib_save = gz zlib_save_level = 9 } protocols = imap pop3 sieve lmtp service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { mode = 0600 user = vmail } } service auth { unix_listener auth-client { group = postfix mode = 0660 user = postfix } user = root } service doveadm { inet_listener { port = 12121 ssl = yes } vsz_limit = 1 G } service imap-login { process_limit = 400 process_min_avail = 5 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12122 } } service quota-warning { executable = script /var/vmail/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { group = vmail mode = 0660 user = vmail } } ssl_cert = </etc/letsencrypt/live/nano-srv.net/fullchain.pem ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-SHA384:DHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes submission_host = 127.0.0.1:10027 userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 30 mail_plugins = " acl zlib notify mail_log replication quota imap_quota" } protocol pop3 { mail_plugins = " acl zlib notify mail_log replication quota" pop3_uidl_format = %08Xu%08Xv } protocol lda { mail_plugins = " acl zlib notify mail_log replication quota sieve" postmaster_address = postmaster@nano-srv.net } protocol lmtp { mail_plugins = " acl zlib notify mail_log replication quota sieve" postmaster_address = postmaster@nano-srv.net } protocol sieve { managesieve_logout_format = bytes ( in=%i : out=%o ) }
--