dsync dovecot / Failed connection refused
Dear all,
I am using VMWare and I have cloned my emails server. Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. Let's call them: server1.domain.ltd and server2.domain.ltd. I would like to sync both server using dsync.
Dovecot is working well except concerning the sync.
dsync config server1.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$rou.................... # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server2.domain.ltd # use doveadm_port mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
dsync config server2.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$ro............. # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server1.domain.ltd # use doveadm_port mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
To test both port I have open on my both servers port 12345 and 4711 :
Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
doveadm replicator status '*' username priority fast sync full sync failed user1@domain.ltd none 00:01:21 11:25:40 y user3@domain.ltd none 07:31:16 11:25:41 - user2@domain.ltd none 00:01:21 11:25:40 y user4@domain.ltd none 11:25:41 11:25:41 - user5@domain.ltd none 02:17:03 11:25:41 - user6@domain.ltd none 11:25:40 11:25:40 - user4@domain.ltd none 00:00:51 11:25:40 y
When doing, from server1: "doveadm sync -u user1@domain.ltd remote:server2.domain.ltd"
doveadm(user1@domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused doveadm(user1@domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) dsync-local(user1@domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received)
Thx for your help.
--
Cordialement,
Thierry e-mail : lenaigst@maelenn.org
PGP Key: 0xB7E3B9CD
Hello,
I might be wrong, but the port which will be used for the replicator port is the value of 'doveadm_port' which in your case is 4711.
Mike;
On 01/23/2017 05:58 PM, Thierry wrote:
Dear all,
I am using VMWare and I have cloned my emails server. Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. Let's call them: server1.domain.ltd and server2.domain.ltd. I would like to sync both server using dsync.
Dovecot is working well except concerning the sync.
dsync config server1.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$rou.................... # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server2.domain.ltd # use doveadm_port mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
dsync config server2.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$ro............. # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server1.domain.ltd # use doveadm_port mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
To test both port I have open on my both servers port 12345 and 4711 :
Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
doveadm replicator status '*' username priority fast sync full sync failed user1@domain.ltd none 00:01:21 11:25:40 y user3@domain.ltd none 07:31:16 11:25:41 - user2@domain.ltd none 00:01:21 11:25:40 y user4@domain.ltd none 11:25:41 11:25:41 - user5@domain.ltd none 02:17:03 11:25:41 - user6@domain.ltd none 11:25:40 11:25:40 - user4@domain.ltd none 00:00:51 11:25:40 y
When doing, from server1: "doveadm sync -u user1@domain.ltd remote:server2.domain.ltd"
doveadm(user1@domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused doveadm(user1@domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) dsync-local(user1@domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received)
Thx for your help.
Hi Mike,
Is the value of the 'doveadm_port' if I am choosing: mail_replica = tcp:server1.domain.ltd no ? I might be wrong too ;)
Thx
Le mardi 24 janvier 2017 à 11:41:28, vous écriviez :
Hello,
I might be wrong, but the port which will be used for the replicator port is the value of 'doveadm_port' which in your case is 4711.
Mike;
On 01/23/2017 05:58 PM, Thierry wrote:
Dear all,
I am using VMWare and I have cloned my emails server. Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. Let's call them: server1.domain.ltd and server2.domain.ltd. I would like to sync both server using dsync.
Dovecot is working well except concerning the sync.
dsync config server1.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$rou.................... # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server2.domain.ltd # use doveadm_port mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
dsync config server2.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$ro............. # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server1.domain.ltd # use doveadm_port mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
To test both port I have open on my both servers port 12345 and 4711 :
Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
doveadm replicator status '*' username priority fast sync full sync failed user1@domain.ltd none 00:01:21 11:25:40 y user3@domain.ltd none 07:31:16 11:25:41 - user2@domain.ltd none 00:01:21 11:25:40 y user4@domain.ltd none 11:25:41 11:25:41 - user5@domain.ltd none 02:17:03 11:25:41 - user6@domain.ltd none 11:25:40 11:25:40 - user4@domain.ltd none 00:00:51 11:25:40 y
When doing, from server1: "doveadm sync -u user1@domain.ltd remote:server2.domain.ltd"
doveadm(user1@domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused doveadm(user1@domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) dsync-local(user1@domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received)
Thx for your help.
-- Cordialement, Thierry e-mail : lenaigst@maelenn.org
Sorry, you are right, I was wrong. I missed you explicit configure the port at $mail_replica.
On 01/24/2017 10:45 AM, Thierry wrote:
Hi Mike,
Is the value of the 'doveadm_port' if I am choosing: mail_replica = tcp:server1.domain.ltd no ? I might be wrong too ;)
Thx
Le mardi 24 janvier 2017 à 11:41:28, vous écriviez :
Hello,
I might be wrong, but the port which will be used for the replicator port is the value of 'doveadm_port' which in your case is 4711.
Mike;
On 01/23/2017 05:58 PM, Thierry wrote:
Dear all,
I am using VMWare and I have cloned my emails server. Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. Let's call them: server1.domain.ltd and server2.domain.ltd. I would like to sync both server using dsync.
Dovecot is working well except concerning the sync.
dsync config server1.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$rou.................... # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server2.domain.ltd # use doveadm_port mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
dsync config server2.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$ro............. # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server1.domain.ltd # use doveadm_port mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
To test both port I have open on my both servers port 12345 and 4711 :
Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
doveadm replicator status '*' username priority fast sync full sync failed user1@domain.ltd none 00:01:21 11:25:40 y user3@domain.ltd none 07:31:16 11:25:41 - user2@domain.ltd none 00:01:21 11:25:40 y user4@domain.ltd none 11:25:41 11:25:41 - user5@domain.ltd none 02:17:03 11:25:41 - user6@domain.ltd none 11:25:40 11:25:40 - user4@domain.ltd none 00:00:51 11:25:40 y
When doing, from server1: "doveadm sync -u user1@domain.ltd remote:server2.domain.ltd"
doveadm(user1@domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused doveadm(user1@domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) dsync-local(user1@domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received)
Thx for your help.
Hi,
Jan 26 17:21:40 doveadm(user7@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:23:59 doveadm(user3@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user5@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user4@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user2@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user1@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused Jan 26 17:24:44 doveadm(user6@domain.ltd): Fatal: connect(ip_server_target:4711) failed: Connection refused
The config is the same for both server.
When checking the FW on both server :
ACCEPT tcp -- anywhere anywhere tcp dpt:4711
Is it the FW who is really blocking this port ? Or something else ??
Any ideas ?
Thx for your support.
Le mardi 24 janvier 2017 à 11:45:14, vous écriviez :
Hi Mike,
Is the value of the 'doveadm_port' if I am choosing: mail_replica = tcp:server1.domain.ltd no ? I might be wrong too ;)
Thx
Le mardi 24 janvier 2017 à 11:41:28, vous écriviez :
Hello,
I might be wrong, but the port which will be used for the replicator port is the value of 'doveadm_port' which in your case is 4711.
Mike;
On 01/23/2017 05:58 PM, Thierry wrote:
Dear all,
I am using VMWare and I have cloned my emails server. Now I do have two identicals servers, both running the same version of dovecot (2.2.13) and imap. Let's call them: server1.domain.ltd and server2.domain.ltd. I would like to sync both server using dsync.
Dovecot is working well except concerning the sync.
dsync config server1.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$rou.................... # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server2.domain.ltd # use doveadm_port mail_replica = tcp:server2.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
dsync config server2.domain.ltd
# Enable the replication plugin globally mail_plugins = $mail_plugins notify replication
# The mail processes need to have access to the replication-notify fifo and socket. service aggregator { fifo_listener replication-notify-fifo { user = vmail mode = 0666 } unix_listener replication-notify { user = vmail mode = 0666 } }
# Enable doveadm replicator commands service replicator { unix_listener replicator-doveadm { mode = 0666 } }
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 } }
# configure how many dsyncs can be run in parallel (10 by default) replication_max_conns = 10
# tell doveadm client to use this port by default doveadm_port = 4711
#Both the client and the server also need to have a shared secret doveadm_password = {SHA512-CRYPT}$6$ro............. # use tcp:hostname as the dsync target plugin { #mail_replica = tcp:server1.domain.ltd # use doveadm_port mail_replica = tcp:server1.domain.ltd:12345 # use port 12345 explicitly }
service config { unix_listener config { user = vmail } }
To test both port I have open on my both servers port 12345 and 4711 :
Iptables server1: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
Iptables server2: ACCEPT tcp -- anywhere anywhere tcp dpt:4711 ACCEPT tcp -- anywhere anywhere tcp dpt:12345
doveadm replicator status '*' username priority fast sync full sync failed user1@domain.ltd none 00:01:21 11:25:40 y user3@domain.ltd none 07:31:16 11:25:41 - user2@domain.ltd none 00:01:21 11:25:40 y user4@domain.ltd none 11:25:41 11:25:41 - user5@domain.ltd none 02:17:03 11:25:41 - user6@domain.ltd none 11:25:40 11:25:40 - user4@domain.ltd none 00:00:51 11:25:40 y
When doing, from server1: "doveadm sync -u user1@domain.ltd remote:server2.domain.ltd"
doveadm(user1@domain.ltd): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused doveadm(user1@domain.ltd): Fatal: /var/run/dovecot/auth-userdb: passdb lookup failed (to see if user is proxied, because doveadm_port is set) dsync-local(user1@domain.ltd): Error: read(server2.domain.ltd) failed: EOF (version not received)
Thx for your help.
-- Cordialement, Thierry e-mail : lenaigst@maelenn.org
Hi,
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2085 476K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 16 960 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:444 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2146 packets, 517K bytes) pkts bytes target prot opt in out source destination
Le jeudi 26 janvier 2017 à 19:41:31, vous écriviez :
Your output looks like iptables -L -n. Can you add the -v option to check if the rule did handle packages?
On 01/26/2017 05:39 PM, Thierry wrote:
ACCEPT tcp -- anywhere anywhere tcp dpt:4711
-- Cordialement, Thierry e-mail : lenaigst@maelenn.org
participants (2)
-
Mike Fröhner
-
Thierry