Sync'ing two dovecot servers
Greetings,
I was pleased to see that dovecot has a sync function in doveadm. So far, other tools for moving mailbox contents from one server to another has not been successful.
However.
Perhaps I don't understand how this should work. I have a new containerized dovecot v2.4.2
# 2.4.2 (0962ed2104): /etc/dovecot/dovecot.conf
# OS: Linux 6.12.63+deb13-amd64 x86_64and I have an existing dovecot running in a VPS:
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 6.1.0-35-amd64 x86_64 Debian 12.11I want to move one user, as a test. I execute this in the container.
# doveadm sync -R1 -u USER tcps:OLD_SERVER:993
doveadm(USER): Error: conn OLD_SERVER:993 (IP:993): doveadm server
sent invalid handshake: * OK [CAPABILITY IMAP4rev1 SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN]
Dovecot (Debian) ready.
doveadm(USER): Error: cmd sync: Disconnected from remote: Connection
closedI'm pretty sure that doveadm sync was able to negotiate the TLS connection. I don't see what it could object to in the sign-on. What am I missing?
Cheers
-- /Marc Oscar Singer/ *Woollysoft* Dial 817.1823.602.1+ from right to left.
Greetings,
I was pleased to see that dovecot has a sync function in doveadm. So far, other tools for moving mailbox contents from one server to another has not been successful.
However.
Perhaps I don't understand how this should work. I have a new containerized dovecot v2.4.2
# 2.4.2 (0962ed2104): /etc/dovecot/dovecot.conf
# OS: Linux 6.12.63+deb13-amd64 x86_64and I have an existing dovecot running in a VPS:
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 6.1.0-35-amd64 x86_64 Debian 12.11I want to move one user, as a test. I execute this in the container.
# doveadm sync -R1 -u USER tcps:OLD_SERVER:993
doveadm(USER): Error: conn OLD_SERVER:993 (IP:993): doveadm server sent
invalid handshake: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.
doveadm(USER): Error: cmd sync: Disconnected from remote: Connection
closedI'm pretty sure that doveadm sync was able to negotiate the TLS connection. I don't see what it could object to in the sign-on. What am I missing?
Cheers
-- Marc Oscar Singer Woollysoft Dial 817.1823.602.1+ from right to left.
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless you buy a contract)
basic replication is as follows :
on each server ifconfig
mail_plugins = " virtual notify replication fts fts_lucene listescape "
replication_dsync_parameters = -d -N -l 300 -U
plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid, box, msgid, from, subject, size, vsize, flags push_notification_driver = dlog
sieve = file:~/sieve;active=~/sieve/.dovecot.sieve #sieve = ~/.dovecot.sieve sieve_duplicate_default_period = 1h sieve_duplicate_max_period = 1h sieve_extensions = +duplicate +notify +imapflags +vacation-seconds sieve_global_dir = /usr/local/etc/dovecot/sieve sieve_before = /usr/local/etc/dovecot/sieve/duplicates.sieve sieve_max_redirects = 64 #sieve_vacation_send_from_recipient = yes
mail_replica = tcp:10.221.0.19:12345
< dedicated replication ip address and port each server points to the other server >
ie my other server is :
mail_replica = tcp:10.221.0.18:12345
when a received email or imap fuction occurs it send an explation of what to do to the other server.
i need to run a mysql or pgsql database for this to work
dovecot-pgsql.conf driver = pgsql connect = host=localhost port=5433 dbname=scom_billing user=pgsql password=xxxxx default_pass_scheme = PLAIN password_query = SELECT username as user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
user_query = SELECT home, uid, gid FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
#iterate_query = SELECT user, password FROM email_users WHERE username = '%u' and password <> 'alias' and status = True and destination = '%u'
iterate_query = SELECT "username" as user, domain FROM email_users WHERE status = True and alias_flag = False
}
...
iterate_query returns what is to be replicated / synced
...
protocol imap { imap_literal_minus = yes imap_idle_notify_interval = 30 seconds imapc_max_idle_time = 1440 mins mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication }
protocol pop3 { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication }
protocol imaps { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication }
protocol pop3s { mail_max_userip_connections = 50 mail_plugins = $mail_plugins notify replication }
replication_max_conns = 100
replication_full_sync_interval = 3d
service replicator { client_limit = 0 drop_priv_before_exec = no idle_kill = 4294967295s process_limit = 1 process_min_avail = 0 service_count = 0 vsz_limit = 8g unix_listener replicator-doveadm { mode = 0600 user = vmail } vsz_limit = 8192M }
service aggregator { process_limit = 1000 #vsz_limit = 1g fifo_listener replication-notify-fifo { user = vmail group = vmail mode = 0666 }
Hopes this helps.
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Wednesday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca> 104-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 2026-03-04 12:30 p.m., Marc Singer via dovecot wrote:
Greetings, I was pleased to see that dovecot has a sync function in doveadm. So far, other tools for moving mailbox contents from one server to another has not been successful. However. Perhaps I don't understand how this should work. I have a new containerized dovecot v2.4.2 # 2.4.2 (0962ed2104): /etc/dovecot/dovecot.conf # OS: Linux 6.12.63+deb13-amd64 x86_64 and I have an existing dovecot running in a VPS: # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 6.1.0-35-amd64 x86_64 Debian 12.11 I want to move one user, as a test. I execute this in the container. # doveadm sync -R1 -u USER tcps:OLD_SERVER:993 doveadm(USER): Error: conn OLD_SERVER:993 (IP:993): doveadm server sent invalid handshake: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready. doveadm(USER): Error: cmd sync: Disconnected from remote: Connection closed I'm pretty sure that doveadm sync was able to negotiate the TLS connection. I don't see what it could object to in the sign-on. What am I missing? Cheers -- Marc Oscar Singer Woollysoft Dial 817.1823.602.1+ from right to left.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
On 04/03/2026 20:19 EET Paul Kudla via dovecot <dovecot@dovecot.org> wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless you buy a contract)
Paul, replication is not available even with contract. There are some open source alternatives if you want to use replication, e.g. wormhole plugin.
Marc, your problem is that you are trying to setup sync over IMAP. If you are attempting to do this for migration, see https://doc.dovecot.org/2.4.2/core/admin/migration.html
If you are indeed trying to do bidirectional sync with tcps you need to configure, on both servers
service doveadm { inet_listener 12345 { ssl = yes } }
doveadm_password = foobar
and then use
doveadm sync -R1 -u USER tcps:OLD_SERVER:12345
Aki
On 3/4/26 10:41, Aki Tuomi via dovecot wrote:
On 04/03/2026 20:19 EET Paul Kudla via dovecot<dovecot@dovecot.org> wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless you buy a contract)
Paul, replication is not available even with contract. There are some open source alternatives if you want to use replication, e.g. wormhole plugin.
I tried a couple of the open-source replicators. Neither worked and probably for different reasons.
Marc, your problem is that you are trying to setup sync over IMAP. If you are attempting to do this for migration, seehttps://doc.dovecot.org/2.4.2/core/admin/migration.html
I'll work with those instructions. Thanks. Sometimes, the problem is knowing what this thing is called that one wants to do.
Cheers
If you are indeed trying to do bidirectional sync with tcps you need to configure, on both servers
service doveadm { inet_listener 12345 { ssl = yes } }
doveadm_password = foobar
and then use
doveadm sync -R1 -u USER tcps:OLD_SERVER:12345
Aki
dovecot mailing list --dovecot@dovecot.org To unsubscribe send an email todovecot-leave@dovecot.org
-- /Marc Oscar Singer/ *Woollysoft* Dial 817.1823.602.1+ from right to left.
On 3/4/26 10:41, Aki Tuomi via dovecot wrote:
On 04/03/2026 20:19 EET Paul Kudla via dovecot [1]<dovecot@dovecot.org> wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless you buy a contract)
Paul, replication is not available even with contract. There are some open source alternatives if you want to use replication, e.g. wormhole plugin.
I tried a couple of the open-source replicators. Neither worked and probably for different reasons.
Marc, your problem is that you are trying to setup sync over IMAP. If you are attempting to do this for migration, see [2]https://doc.dovecot.org/2.4.2/core/admin/migration.html
I'll work with those instructions. Thanks. Sometimes, the problem is knowing what this thing is called that one wants to do.
Cheers
If you are indeed trying to do bidirectional sync with tcps you need to configure, on both servers
service doveadm { inet_listener 12345 { ssl = yes } }
doveadm_password = foobar
and then use
doveadm sync -R1 -u USER tcps:OLD_SERVER:12345
Aki
dovecot mailing list -- [3]dovecot@dovecot.org To unsubscribe send an email to [4]dovecot-leave@dovecot.org
-- Marc Oscar Singer Woollysoft Dial 817.1823.602.1+ from right to left.
References
Visible links
- mailto:dovecot@dovecot.org
- https://doc.dovecot.org/2.4.2/core/admin/migration.html
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
I am so sad native replication has gone. It is the perfect HA solution because all others depend on HA-storage and that is far less easy to setup than this simple replication. So far, I haven’t found a reasonable solution for small setups such as mine.
I really would like to see it come back in some form, but only ‘live’ (i.e. it doesn’t matter which of the two servers you talk to)
G
On 4 Mar 2026, at 20:40, Marc Singer via dovecot <dovecot@dovecot.org> wrote:
On 3/4/26 10:41, Aki Tuomi via dovecot wrote:
On 04/03/2026 20:19 EET Paul Kudla via dovecot [1]<dovecot@dovecot.org <mailto:dovecot@dovecot.org>> wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless you buy a contract)
Paul, replication is not available even with contract. There are some open source alternatives if you want to use replication, e.g. wormhole plugin.
I tried a couple of the open-source replicators. Neither worked and probably for different reasons.
Marc, your problem is that you are trying to setup sync over IMAP. If you are attempting to do this for migration, see [2]https://doc.dovecot.org/2.4.2/core/admin/migration.html
I'll work with those instructions. Thanks. Sometimes, the problem is knowing what this thing is called that one wants to do.
Cheers
If you are indeed trying to do bidirectional sync with tcps you need to configure, on both servers
service doveadm { inet_listener 12345 { ssl = yes } }
doveadm_password = foobar
and then use
doveadm sync -R1 -u USER tcps:OLD_SERVER:12345
Aki
dovecot mailing list -- [3]dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to [4]dovecot-leave@dovecot.org <mailto:dovecot-leave@dovecot.org>
-- Marc Oscar Singer Woollysoft Dial 817.1823.602.1+ from right to left.
References
Visible links
- mailto:dovecot@dovecot.org
- https://doc.dovecot.org/2.4.2/core/admin/migration.html
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to dovecot-leave@dovecot.org <mailto:dovecot-leave@dovecot.org> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>) R&A Enterprise Architecture <https://ea.rna.nl/> (main site) Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/> Book: Mastering ArchiMate <https://ea.rna.nl/mastering-archimate-edition-3-2/>
I am so sad native replication has gone. It is the perfect HA solution because all others depend on HA-storage and that is far less easy to setup than this simple replication. So far, I haven't found a reasonable solution for small setups such as mine. I really would like to see it come back in some form, but only `live' (i.e. it doesn't matter which of the two servers you talk to) G
On 4 Mar 2026, at 20:40, Marc Singer via dovecot <dovecot@dovecot.org>
wrote:
On 3/4/26 10:41, Aki Tuomi via dovecot wrote:
On 04/03/2026 20:19 EET Paul Kudla via dovecot
[1]<[1]dovecot@dovecot.org> wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless
you buy a contract)
Paul, replication is not available even with contract. There are some
open source alternatives if you want to use replication, e.g. wormhole
plugin.
I tried a couple of the open-source replicators. Neither worked and
probably for different reasons.
Marc, your problem is that you are trying to setup sync over IMAP. If
you are attempting to do this for migration, see
[2][2]https://doc.dovecot.org/2.4.2/core/admin/migration.html
I'll work with those instructions. Thanks. Sometimes, the problem is
knowing what this thing is called that one wants to do.
Cheers
If you are indeed trying to do bidirectional sync with tcps you need to
configure, on both servers
service doveadm {
inet_listener 12345 {
ssl = yes
}
}
doveadm_password = foobar
and then use
doveadm sync -R1 -u USER tcps:OLD_SERVER:12345
Aki
_______________________________________________
dovecot mailing list -- [3][3]dovecot@dovecot.org
To unsubscribe send an email to [4][4]dovecot-leave@dovecot.org
--
Marc Oscar Singer
Woollysoft
Dial 817.1823.602.1+ from right to left.
References
Visible links
1. [5]mailto:dovecot@dovecot.org
2. [6]https://doc.dovecot.org/2.4.2/core/admin/migration.html
3. [7]mailto:dovecot@dovecot.org
4. [8]mailto:dovecot-leave@dovecot.org
_______________________________________________
dovecot mailing list -- [9]dovecot@dovecot.org
To unsubscribe send an email to [10]dovecot-leave@dovecot.orgGerben Wierda ([11]LinkedIn) [12]R&A Enterprise Architecture (main site) Book: [13]Chess and the Art of Enterprise Architecture Book: [14]Mastering ArchiMate
References
Visible links
- mailto:dovecot@dovecot.org
- https://doc.dovecot.org/2.4.2/core/admin/migration.html
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
- mailto:dovecot@dovecot.org
- https://doc.dovecot.org/2.4.2/core/admin/migration.html
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
- https://www.linkedin.com/in/gerbenwierda
- https://ea.rna.nl/
- https://ea.rna.nl/the-book/
- https://ea.rna.nl/mastering-archimate-edition-3-2/
Hi Gerben,
On 2026-05-12 13:14:40, Gerben Wierda via dovecot wrote:
I am so sad native replication has gone. It is the perfect HA solution because all others depend on HA-storage and that is far less easy to setup than this simple replication. So far, I haven't found a reasonable solution for small setups such as mine. I really would like to see it come back in some form, but only `live' (i.e. it doesn't matter which of the two servers you talk to)
please check my wormhole addon: https://codeberg.org/errror/wormhole
Patrick Cernko <pcernko@mpi-klsb.mpg.de> +49 681 9325 5815 Joint Scientific IT and Technical Service Max-Planck-Institute für Informatik & Softwaresysteme
Well, that looks promising.
Now I only have to look at how to get this (also) to MacPorts on macOS (which is one of my mail servers)
Mit freundlichem Gruß,
G
On 12 May 2026, at 13:46, Patrick Cernko <pcernko@mpi-klsb.mpg.de> wrote:
Hi Gerben,
On 2026-05-12 13:14:40, Gerben Wierda via dovecot wrote:
I am so sad native replication has gone. It is the perfect HA solution because all others depend on HA-storage and that is far less easy to setup than this simple replication. So far, I haven't found a reasonable solution for small setups such as mine. I really would like to see it come back in some form, but only `live' (i.e. it doesn't matter which of the two servers you talk to)
please check my wormhole addon: https://codeberg.org/errror/wormhole
Patrick Cernko <pcernko@mpi-klsb.mpg.de> +49 681 9325 5815 Joint Scientific IT and Technical Service Max-Planck-Institute für Informatik & Softwaresysteme
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>) R&A Enterprise Architecture <https://ea.rna.nl/> (main site) Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/> Book: Mastering ArchiMate <https://ea.rna.nl/mastering-archimate-edition-3-2/>
Well, that looks promising. Now I only have to look at how to get this (also) to MacPorts on macOS (which is one of my mail servers) Mit freundlichem Gruss, G
On 12 May 2026, at 13:46, Patrick Cernko <pcernko@mpi-klsb.mpg.de>
wrote:
Hi Gerben,
On 2026-05-12 13:14:40, Gerben Wierda via dovecot wrote:
I am so sad native replication has gone. It is the perfect HA
solution
because all others depend on HA-storage and that is far less easy
to setup
than this simple replication. So far, I haven't found a reasonable
solution for small setups such as mine.
I really would like to see it come back in some form, but only
`live'
(i.e. it doesn't matter which of the two servers you talk to)
please check my wormhole addon: https://codeberg.org/errror/wormhole
--
Patrick Cernko <pcernko@mpi-klsb.mpg.de> +49 681 9325 5815
Joint Scientific IT and Technical Service
Max-Planck-Institute fuer Informatik & SoftwaresystemeGerben Wierda ([1]LinkedIn) [2]R&A Enterprise Architecture (main site) Book: [3]Chess and the Art of Enterprise Architecture Book: [4]Mastering ArchiMate
References
Visible links
Oh, OK. That explains why it doesn't work.
I don't need replication, per-se. I only need to move mail one time.
Cheers
On 3/4/26 10:19, Paul Kudla via dovecot wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless you buy a contract)
-- /Marc Oscar Singer/ *Woollysoft* Dial 817.1823.602.1+ from right to left.
Oh, OK. That explains why it doesn't work.
I don't need replication, per-se. I only need to move mail one time.
Cheers
On 3/4/26 10:19, Paul Kudla via dovecot wrote:
what you are trying to do is enable replication
2.3 is supported it is my understanding this was removed in 2.4 (unless
you buy a contract)-- Marc Oscar Singer Woollysoft Dial 817.1823.602.1+ from right to left.
participants (5)
-
Aki Tuomi
-
Gerben Wierda
-
Marc Singer
-
Patrick Cernko
-
Paul Kudla