replication and .dovecot.lda-dupes

Patrick Cernko pcernko at mpi-klsb.mpg.de
Thu Feb 22 17:42:13 EET 2018 

Hi list,

this question was already posted a few years ago
(https://www.dovecot.org/list/dovecot/2014-November/098585.html). I
already asked the original queriest and he told me, that he never got an
solution or workaround but it was not important enough for him.


When using replication in conjunction with sieve vacations, the
.dovecot.lda-dupes file is not synced with the other server. So when
delivering to both servers (round-robin or randomized), senders might
get more vacation mails than configured as the other server does not
know, that the first one already sent a vacation message.

Is this a bug or intentional? If it is a bug, I hereby ask for a fix,
please.


We are using Dovecot version 2.2.27 on Debian/stretch.
This is dovecot -n (hostnames anonymized):

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.76.1.amd64-smp x86_64 Debian 9.3
auth_verbose = yes
default_vsz_limit = 2 G
doveadm_password =  # hidden, use -P to show it
doveadm_port = 12345
listen = *
login_log_format_elements = pid=%p user=<%u> method=%m rip=%r lip=%l
mpid=%e %c
mail_attachment_dir = /IMAP/mail/attachments
mail_attachment_fs = sis-queue /IMAP/mail/attachments/queue:posix
mail_home = /IMAP/mail/mailboxes/%u
mail_location = mdbox:~/mdbox
mail_log_prefix = "%s(%u[%p]): "
mail_max_userip_connections = 0
mail_plugins = " notify replication zlib fts fts_squat"
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/ldap.conf
  driver = ldap
}
plugin {
  fts = squat
  fts_autoindex = yes
  fts_squat = partial=4 full=10
  mail_replica = tcp:other-server
  sieve = file:~/sieve;active=~/.dovecot.sieve
  zlib_save = gz
  zlib_save_level = 3
}
postmaster_address = <>
protocols = " imap lmtp sieve"
service aggregator {
  fifo_listener replication-notify-fifo {
    mode = 0666
  }
  unix_listener replication-notify {
    mode = 0666
  }
}
service anvil {
  client_limit = 2250
}
service auth {
  client_limit = 2447
}
service doveadm {
  inet_listener doveadm-server {
    port = 12345
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  process_limit = 2047
}
service imap {
  process_limit = 2047
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 0
  }
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    mode = 0666
  }
}
ssl_cert = </etc/ssl/certificate.pem
ssl_key =  # hidden, use -P to show it
userdb {
  args = /etc/dovecot/userdb.overrides
  driver = passwd-file
}
userdb {
  args = /etc/dovecot/ldap.conf
  driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
  auth_username_format = %n
  mail_plugins = " notify replication zlib fts fts_squat sieve"
}
protocol lda {
  mail_plugins = " notify replication zlib fts fts_squat sieve"
}


And this is /etc/dovecot/ldap.conf (hostnames anonymized):

uris = ldaps://ldap1/ ldaps://ldap2/
base = dc=domain
user_filter = (&(objectClass=posixAccount)(uid=%u))
user_attrs = \
  =user=%{ldap:uid}, \
  =uid=%{ldap:uidNumber}, \
  =gid=%{ldap:gidNumber}
pass_filter = (&(objectClass=posixAccount)(uid=%u))
iterate_filter = (&(objectClass=posixAccount)(istMailHomeServer=servername))
auth_bind = yes


/etc/dovecot/userdb.override is currently an empty file.



P.S.: Although I do not think, that this has something to do with our
problem, I should mention that we run SIS with system uids. This needs
some permission and posixacl tweaks on /IMAP/mail/attachments to work:

# force all files created in this dir recursively) to have mode 0666
setfacl -d -m group::rwx -m o:rwx /IMAP/mail/attachments
(you have to enable posixacls for the corresponding filesystem!)

# trick dovecot to inherit parent dir's permissions (recursively)
chmod 2777 /IMAP/mail/attachments


Feel free to add these tweaks to the SIS documentation. ;-)

Best Regards,
-- 
Patrick Cernko <pcernko at mpi-klsb.mpg.de> +49 681 9325 5815
Joint Administration: Information Services and Technology
Max-Planck-Institute fuer Informatik & Softwaresysteme

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5090 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180222/ca5d653f/attachment.p7s>

More information about the dovecot mailing list