[Dovecot] replicator/dsync over tcp

Timo Sirainen tss at iki.fi
Mon Apr 8 00:40:08 EEST 2013


On 6.4.2013, at 15.20, Michael Grimm <trashcan at odo.in-berlin.de> wrote:

> My point has been, that I needed to add ...
> 
> | local 1.2.3.4 {
> |         doveadm_password = secret
> | }
> 
> ... besides ...
> 
> | service doveadm {
> |         inet_listener {
> |                 address = 1.2.3.4
> |                 port = 12345
> |         }
> | }
> 
> ... which I cannot find at http://master.wiki2.dovecot.org/Replication if I am not mistaken.

doveadm_password is there as a global setting, which works too.

> I did get tcps running in the meantime following:
> 
> 1. http://www.zytrax.com/tech/survival/ssl.html ("Method 3" plus "Multi-Server Certificates")
> 2. postfix' documentation at http://www.postfix.org/TLS_README.html#server_cert_key (here I had to reverse order, meaning CA first)
> 3. pointing ssl_cert, ssl_key to relevant files in /<path-to>/ssl/ca/certs and /<path-to>/ssl/ca/private, respectively
> 4. ssl_client_ca_dir = /<path-to>/ssl/ca/certs
> 
> 
> Question: Why is it neccessary to use ssl_cert/key settings from my CA although you state:
>> ssl_cert/key settings are irrelevant here.

Oh, yeah, for doveadm server you need ssl_cert/key of course.

> Besides dovecot is synchronising as expected, I do get a lot of logfile entries like ...
> 
> | dovecot: dsync-local(test): Warning: I/O leak: 0x10b8cf20 (line 341, fd 14)

Seems like a bug. A bit difficult to debug though. Do you see any errors before those warnings (or any errors at all)?

> ... and in addition if "verbose_ssl = yes" is set:
> 
> | dsync-remote(test): Warning: SSL alert: where=0x4004, ret=256: warning close notify

I think that's normal.



More information about the dovecot mailing list