I'm preparing a migration of several mailboxes to another machine. The different useraccounts are distributed to different backend machines by means of a dovecot LMTP/IMAP/POP proxy.
Proxying is working really well (now that the kernel does as it should).
But how can I "lock" a user during migration?
The plan is:
- lock the user
- kick the user (doveadm kick)
- migrate mailbox (some rsync magic)
- unlock the user again
But how would I lock the user?
What locking needs to achieve:
- Disallow IMAP/POP login (that's easy!)
- defer LMTP delivery somehow (Postfix is talking to dovecot's LMTP server)
Because currently, we're seeing dovecot trying local delivery on the proxy machine once an account is locked (probably because LMTP proxying uses passdb lookups, and since that one is failing it's using the userdb lookup?):
Oct 21 20:15:27 lmtp(87892): Error: user sys4@test.invalid: Initialization failed: Namespace '': mkdir(/var/mail/test.invalid/sys4/mdbox/mailboxes) failed: Permission denied (euid=10000(vmail) egid=10000(vmail) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
Admittedly, this is somehow working. But it's not very elegant to use a side-effect. Is the a reserved userdb/passwd return value which will let dovecot "tempfail" in a n elegant fashion?
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein