I've ALMOST got this to work, but I'm still running into a problem.
First, here's what I'm doing so far. If my understanding of what's going on (described below) is off, I trust someone will correct me. Also, when/if I get these details straight, I'm willing to help update the "Replication" wiki page to make it clearer and more accurate.
I followed Obi-wan's admonition ("Use the source, Luke") and figured out that when the "mail_replica" value starts with "remoteprefix:", the behaviour is identical to "remote:" EXCEPT that the data stream sent to the remote server starts with a line containing the mail account name followed by a newline character.
Also, it appears that the "dsync_remote_cmd" is run by default as "root" on the local server. I'm assuming for the moment that %{user} and %{host} in "dsync_remote_cmd" are being replaced by the user and host information in the "mail_replica" value.
If the public key value included in "authorized_keys" for the target account on the remote server contains a command= parameter, the "ssh" documentation says that this command will override any command given on the "ssh" command line on the local server. Thus, it should not really be necessary to include a remote command on the tail end of the "ssh" specified in "dsync_remote_cmd".
Note, BTW, that the "authorized_keys2" file (mentioned in the current documentation) is deprecated now in SSH; all public keys on the remote server should be in "authorized_keys" now.
I also discovered that in order to get "ssh" to work properly in a non-interactive scenario -- without any prompting for typed input (which would break things) -- I needed to run the "ssh" command once by hand, to cache the remote server's host key information in the local "known_hosts" file.
So, with all the above in mind, I added the following to the Dovecot configuration on the local host. (My local host is named "richatwork", and my remote host is named "pigeon".)
mail_plugins = $mail_plugins notify replication service replicator { process_min_avail = 1 } dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/dsync_dsa %{user}@%{host} plugin { mail_replica = remoteprefix:root@pigeon.richw.org }
I added the public key value (from /root/.ssh/dsync_dsa.pub) to the /root/.ssh/authorized_keys file on the remote host (pigeon), with the command= parameter set to the name of a script on the remote host with the following content:
#! /bin/sh read username exec /usr/bin/doveadm dsync-server -u $username
With the above setup, replication ALMOST seems to work, EXCEPT that it's failing with the following error in the local host's mail.log:
richatwork dovecot: doveadm: Error: dsync-remote(richatwork): Error: dsync(local): Remote dsync doesn't use compatible protocol
Both servers are running the identical version of Dovecot (2.2.1), so I'm confused as to why I would be getting a protocol mismatch. Is there some other configuration option I need to check?
Rich Wales richw@richw.org
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"dovecot -n" output on the local server (richatwork):
# 2.2.1 (e819374de157): /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-40-generic-pae i686 Ubuntu 12.04.2 LTS auth_username_format = %Ln auth_verbose = yes dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/dsync_dsa %{user}@%{host} login_greeting = richatwork.richw.org (%{lip}) Dovecot ready; hello, %{rip} mail_location = maildir:~/Maildir mail_plugins = " notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = scheme=crypt username_format=%n /etc/dovecot/private/userdb driver = passwd-file } plugin { mail_replica = remoteprefix:root@pigeon.richw.org sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_actions = 1000 } protocols = " imap lmtp sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = user = } } service imap { executable = imap postlogin } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 } service postlogin { executable = script-login -d rawlog -t } service replicator { process_min_avail = 1 } ssl_cert = </etc/apache2/ssl/richatwork.pem ssl_key = </etc/apache2/ssl/richatwork.pem userdb { args = username_format=%n /etc/dovecot/private/userdb driver = passwd-file } protocol lmtp { mail_plugins = " notify replication sieve" } protocol lda { mail_plugins = " notify replication sieve" } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_plugins = " notify replication mail_log notify" }
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"dovecot -n" output on the remote server (pigeon):
# 2.2.1 (e819374de157): /etc/dovecot/dovecot.conf # OS: Linux 3.5.0-27-generic x86_64 Ubuntu 12.04.2 LTS auth_username_format = %Ln auth_verbose = yes login_greeting = pigeon.richw.org (%{lip}) Dovecot ready; hello, %{rip} mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = scheme=crypt username_format=%n /etc/dovecot/private/userdb driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_max_actions = 1000 } protocols = " imap lmtp sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = user = } } service imap { executable = imap postlogin } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 } service postlogin { executable = script-login -d rawlog -t } ssl_cert = </etc/apache2/ssl/pigeon.pem ssl_key = </etc/apache2/ssl/pigeon.pem userdb { args = username_format=%n /etc/dovecot/private/userdb driver = passwd-file } protocol lmtp { mail_plugins = " sieve" } protocol lda { mail_plugins = " sieve" } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_plugins = " mail_log notify" }
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=