[Dovecot] Replication -- multiple users, three or more servers?

Rich Wales richw at richw.org
Wed Apr 24 20:31:13 EEST 2013 

I've ALMOST got this to work, but I'm still running into a problem.

First, here's what I'm doing so far.  If my understanding of what's
going on (described below) is off, I trust someone will correct me.
Also, when/if I get these details straight, I'm willing to help update
the "Replication" wiki page to make it clearer and more accurate.

I followed Obi-wan's admonition ("Use the source, Luke") and figured out
that when the "mail_replica" value starts with "remoteprefix:", the
behaviour is identical to "remote:" EXCEPT that the data stream sent to
the remote server starts with a line containing the mail account name
followed by a newline character.

Also, it appears that the "dsync_remote_cmd" is run by default as "root"
on the local server.  I'm assuming for the moment that %{user} and
%{host} in "dsync_remote_cmd" are being replaced by the user and host
information in the "mail_replica" value.

If the public key value included in "authorized_keys" for the target
account on the remote server contains a command= parameter, the "ssh"
documentation says that this command will override any command given on
the "ssh" command line on the local server.  Thus, it should not really
be necessary to include a remote command on the tail end of the "ssh"
specified in "dsync_remote_cmd".

Note, BTW, that the "authorized_keys2" file (mentioned in the current
documentation) is deprecated now in SSH; all public keys on the remote
server should be in "authorized_keys" now.

I also discovered that in order to get "ssh" to work properly in a
non-interactive scenario -- without any prompting for typed input (which
would break things) -- I needed to run the "ssh" command once by hand,
to cache the remote server's host key information in the local
"known_hosts" file.

So, with all the above in mind, I added the following to the Dovecot
configuration on the local host.  (My local host is named "richatwork",
and my remote host is named "pigeon".)

mail_plugins = $mail_plugins notify replication
service replicator {
  process_min_avail = 1
}
dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/dsync_dsa %{user}@%{host}
plugin {
  mail_replica = remoteprefix:root at pigeon.richw.org
}

I added the public key value (from /root/.ssh/dsync_dsa.pub) to the
/root/.ssh/authorized_keys file on the remote host (pigeon), with the
command= parameter set to the name of a script on the remote host with
the following content:

#! /bin/sh
read username
exec /usr/bin/doveadm dsync-server -u $username

With the above setup, replication ALMOST seems to work, EXCEPT that it's
failing with the following error in the local host's mail.log:

richatwork dovecot: doveadm: Error: dsync-remote(richatwork): Error:
dsync(local): Remote dsync doesn't use compatible protocol

Both servers are running the identical version of Dovecot (2.2.1), so
I'm confused as to why I would be getting a protocol mismatch.  Is there
some other configuration option I need to check?

Rich Wales
richw at richw.org

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

"dovecot -n" output on the local server (richatwork):

# 2.2.1 (e819374de157): /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-40-generic-pae i686 Ubuntu 12.04.2 LTS
auth_username_format = %Ln
auth_verbose = yes
dsync_remote_cmd = /usr/bin/ssh -i /root/.ssh/dsync_dsa %{user}@%{host}
login_greeting = richatwork.richw.org (%{lip}) Dovecot ready; hello, %{rip}
mail_location = maildir:~/Maildir
mail_plugins = " notify replication"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  separator = .
}
passdb {
  args = scheme=crypt username_format=%n /etc/dovecot/private/userdb
  driver = passwd-file
}
plugin {
  mail_replica = remoteprefix:root at pigeon.richw.org
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_max_actions = 1000
}
protocols = " imap lmtp sieve"
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    group =
    user =
  }
}
service imap {
  executable = imap postlogin
}
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
  process_min_avail = 5
}
service postlogin {
  executable = script-login -d rawlog -t
}
service replicator {
  process_min_avail = 1
}
ssl_cert = </etc/apache2/ssl/richatwork.pem
ssl_key = </etc/apache2/ssl/richatwork.pem
userdb {
  args = username_format=%n /etc/dovecot/private/userdb
  driver = passwd-file
}
protocol lmtp {
  mail_plugins = " notify replication sieve"
}
protocol lda {
  mail_plugins = " notify replication sieve"
}
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
  mail_plugins = " notify replication mail_log notify"
}

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

"dovecot -n" output on the remote server (pigeon):

# 2.2.1 (e819374de157): /etc/dovecot/dovecot.conf
# OS: Linux 3.5.0-27-generic x86_64 Ubuntu 12.04.2 LTS
auth_username_format = %Ln
auth_verbose = yes
login_greeting = pigeon.richw.org (%{lip}) Dovecot ready; hello, %{rip}
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  separator = .
}
passdb {
  args = scheme=crypt username_format=%n /etc/dovecot/private/userdb
  driver = passwd-file
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_max_actions = 1000
}
protocols = " imap lmtp sieve"
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    group =
    user =
  }
}
service imap {
  executable = imap postlogin
}
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
  process_min_avail = 5
}
service postlogin {
  executable = script-login -d rawlog -t
}
ssl_cert = </etc/apache2/ssl/pigeon.pem
ssl_key = </etc/apache2/ssl/pigeon.pem
userdb {
  args = username_format=%n /etc/dovecot/private/userdb
  driver = passwd-file
}
protocol lmtp {
  mail_plugins = " sieve"
}
protocol lda {
  mail_plugins = " sieve"
}
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
  mail_plugins = " mail_log notify"
}

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More information about the dovecot mailing list