ok please understand this if for 2.3.x - replication was removed in 2.4
also ssh does not work well, are you replicating on a private network connection (aka direct connection between servers on a different sub net) - i use 10.xx.xx.server1 & 10.xx.xx.server2 with a crossover cable.
ssh/ssl not needed for a direct connection.
anyways mine is setup to trigger a replication on a received email
both sides MUST be configured so any incoming email will trigger updating the other server
the config is from mine but is pretty straight forward
however it did take me a few months and a lot of help from AKI (Thanks) so sharing the info.
mail notify replication is the major chunk of the config but i found getting rid of ssh was overall better.
OTHER then the dsync command which uses ssh to start the command on the other side (make sure you can ssh between the servers)
also this is based on using mysql or postgresql databasing for auth, other auth mechs will be a crap shoot as dovecot uses a database entry to track the replication requests
this is for postgresql :
{{{
cat dovecot-pgsql.conf
driver = pgsql connect = host=localhost port=5433 dbname= user= password= default_pass_scheme = PLAIN password_query = SELECT username as user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
user_query = SELECT home, uid, gid FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
#iterate_query = SELECT user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
iterate_query = SELECT "username" as user, domain FROM email_users WHERE status = True and alias_flag = False }}}
again i use a private network for my databases as well - prevents hacking ?
{{{
mail_plugins = " virtual notify replication fts fts_lucene"
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u replication_dsync_parameters = -d -N -l 30 -U
plugin { ... mail_replica = tcp:server2:12345 OR tcp:server1:12345 #relative to the server ... }
protocol imap { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication }
protocol pop3 { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication }
protocol imaps { mail_max_userip_connections = 25 mail_plugins = $mail_plugins notify replication }
protocol pop3s { mail_max_userip_connections = 25 mail_plugins = $mail_plugins notify replication }
replication_max_conns = 300
replication_full_sync_interval = 1d
service replicator { client_limit = 0 drop_priv_before_exec = no idle_kill = 4294967295s process_limit = 1 process_min_avail = 0 service_count = 0 vsz_limit = 8g unix_listener replicator-doveadm { mode = 0666 user = vmail } vsz_limit = 8192M }
service aggregator { process_limit = 1000 #vsz_limit = 1g fifo_listener replication-notify-fifo { user = vmail group = vmail mode = 0666 } unix_listener replication-notify { user = vmail group = vmail mode = 0666 } }
}}}
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Wednesday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-06-09 10:41 PM, Jesus Cea via dovecot wrote:
Hi, there.
I am using dovecot 2.3.21.1.
I am experimenting with replication, currently doing it manually, using this:
doveadm -Dv sync -u jcea ssh email doveadm dsync-server -u prueba_backup; echo $?
It works fine so far, but I have a few hundreds of mailboxes in my imap4 account and an "empty" (no changes) sync takes 30 seconds, since apparently it compare every mailbox (according to the debug info printed).
I am using "mdbox" storage in both sides.
I would expect an event replication, where time is proportional to the volume of changes, not to the total data volume or number of mailboxes.
Am I doing anything wrong?. It would be faster to use "replicator" + "mail_replica". Can I improve this in some way?
Replication must be both ways, because in one server new emails are arriving and in the other imapserver I am doing my mail work. I want new email appearing in my work imapserver (living my own laptop) and my email processing to be replicated back to the server for backup/disaster recovery (lost laptop, broken HD) and access from a different laptop, phone, etc.
Thanks.
PS: By default dovecot sanitizes the environment and doesn't allow "SSH_AUTH_SOCK" for ssh-agent. Why?. That is very inconvenient.
I am using this environment variable to overcome that:
DOVECOT_PRESERVE_ENVS="HOME USER SSH_AUTH_SOCK SSH_AGENT_PID LOG_STDERR_TIMESTAMP TZ CORE_OUTOFMEM CORE_ERROR"
Is this the right way to do this?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org