Replication Slave is not auto-creating domain/user folders
Thore Bödecker
me at foxxx0.de
Mon Mar 19 12:18:55 EET 2018
Hey all,
I'm experiencing a weird and annoying issue with my 2-node dovecot
replication setup.
The setup is based on virtual users in a pgsql database, which is
replicated from the master to a slave node. For the mails I rely on
the dovecot builtin replication which has been working great for me
thus far.
However I noticed something was off when looking through my journal
yesterday:
dovecot[823]: doveadm: Error: Couldn't lock /var/vmail/foxxx0.de/qwer/.dovecot-sync.lock: safe_mkstemp(/var/vmail/foxxx0.de/qwer/.dovecot-sync.lock) failed: No such file or directory
In this case the domain directory /var/vmail/foxxx0.de was already
existing on the slave, but dovecot didn't bother to create the user
folder before trying to lock it.
The same happens when the entire domain folder is missing:
dovecot[823]: doveadm: Error: Couldn't lock /var/vmail/dj-orakel.de/booking/.dovecot-sync.lock: safe_mkstemp(/var/vmail/dj-orakel.de/booking/.dovecot-sync.lock) failed: No such file or directory
(in this case /var/vmail/dj-orakel.de is not existing yet)
A natural first though would be "permission problem" - which I
suspected too but the filesystem permissions are identical on the
master and the slave:
master (mx1):
----
root at valhalla ~ > stat /var/vmail/
File: /var/vmail/
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fd06h/64774d Inode: 2 Links: 28
Access: (2770/drwxrws---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail)
Access: 2016-09-04 13:04:33.837609018 +0200
Modify: 2018-03-17 18:22:47.506323895 +0100
Change: 2018-03-17 18:22:47.506323895 +0100
Birth: -
root at valhalla ~ > id dovecot
uid=76(dovecot) gid=76(dovecot) groups=76(dovecot)
root at valhalla ~ > id vmail
uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)
----
replication slave (mx2):
----
root at midgard ~ > stat /var/vmail
File: /var/vmail
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fe02h/65026d Inode: 2 Links: 27
Access: (2770/drwxrws---) Uid: ( 5000/ vmail) Gid: ( 5000/ vmail)
Access: 2017-10-15 12:09:56.174209161 +0200
Modify: 2018-03-06 15:43:41.463359651 +0100
Change: 2018-03-06 15:43:41.463359651 +0100
Birth: -
root at midgard ~ > id dovecot
uid=76(dovecot) gid=76(dovecot) groups=76(dovecot)
root at midgard ~ > id vmail
uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)
----
The replication service is configured in dovecot to run as user vmail,
so it should not be a permission problem because the master is
automatically creating the domain and user folders inside /var/vmail
when new mails arrive.
I highly suspect that this is some kind of regression because I can't
remember having to manually create the domain/user folders on the
slave before it would replicate mails for these, and there are quite a
number of domains/users being replicated already.
Please find the "doveconf -n" output of both servers below.
If you need additional information, please let me know.
Cheers,
Thore
doveconf -n (master/mx1):
----
# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.1 (d33dca20)
# OS: Linux 4.15.7-1-hardened x86_64 Arch Linux
auth_cache_negative_ttl = 10 secs
auth_cache_size = 50 M
auth_cache_ttl = 5 mins
auth_mechanisms = plain login
doveadm_password = # hidden, use -P to show it
doveadm_port = 12121
mail_home = /var/vmail/%Ld/%Ln
mail_location = mdbox:~/mdbox
mail_plugins = " acl zlib notify mail_log replication quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate
mdbox_rotate_size = 20 M
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
mail_replica = tcps:mx2.nano-srv.net
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
quota_grace = 1%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /etc/dovecot/sieve/global
sieve_global_path = /etc/dovecot/sieve/default.sieve
zlib_save = gz
zlib_save_level = 9
}
protocols = imap pop3 sieve lmtp
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
mode = 0600
user = vmail
}
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service doveadm {
inet_listener {
port = 12121
ssl = yes
}
vsz_limit = 1 G
}
service imap-login {
process_limit = 400
process_min_avail = 5
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12122
}
}
service quota-warning {
executable = script /var/vmail/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert = </etc/letsencrypt/live/nano-srv.net/fullchain.pem
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-SHA384:DHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
submission_host = 127.0.0.1:10027
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 30
mail_plugins = " acl zlib notify mail_log replication quota imap_quota"
}
protocol pop3 {
mail_plugins = " acl zlib notify mail_log replication quota"
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
mail_plugins = " acl zlib notify mail_log replication quota sieve"
postmaster_address = postmaster at nano-srv.net
}
protocol lmtp {
mail_plugins = " acl zlib notify mail_log replication quota sieve"
postmaster_address = postmaster at nano-srv.net
}
protocol sieve {
managesieve_logout_format = bytes ( in=%i : out=%o )
}
----
doveconf -n (slave/mx2):
----
# 2.3.0.1 (ffd8a29): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.1 (d33dca20)
# OS: Linux 4.15.7-1-hardened x86_64 Arch Linux
auth_cache_negative_ttl = 10 secs
auth_cache_size = 50 M
auth_cache_ttl = 5 mins
auth_mechanisms = plain login
doveadm_password = # hidden, use -P to show it
doveadm_port = 12121
mail_home = /var/vmail/%Ld/%Ln
mail_location = mdbox:~/mdbox
mail_plugins = " acl zlib notify mail_log replication quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate
mdbox_rotate_size = 20 M
namespace inbox {
hidden = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
mail_replica = tcps:mx1.nano-srv.net
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
quota_grace = 1%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /etc/dovecot/sieve/global
sieve_global_path = /etc/dovecot/sieve/default.sieve
zlib_save = gz
zlib_save_level = 9
}
protocols = imap pop3 sieve lmtp
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
mode = 0600
user = vmail
}
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service doveadm {
inet_listener {
port = 12121
ssl = yes
}
vsz_limit = 1 G
}
service imap-login {
process_limit = 400
process_min_avail = 5
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12122
}
}
service quota-warning {
executable = script /var/vmail/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert = </etc/letsencrypt/live/nano-srv.net/fullchain.pem
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-SHA384:DHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-ECDSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
submission_host = 127.0.0.1:10027
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 30
mail_plugins = " acl zlib notify mail_log replication quota imap_quota"
}
protocol pop3 {
mail_plugins = " acl zlib notify mail_log replication quota"
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
mail_plugins = " acl zlib notify mail_log replication quota sieve"
postmaster_address = postmaster at nano-srv.net
}
protocol lmtp {
mail_plugins = " acl zlib notify mail_log replication quota sieve"
postmaster_address = postmaster at nano-srv.net
}
protocol sieve {
managesieve_logout_format = bytes ( in=%i : out=%o )
}
----
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180319/b51c8e5e/attachment.sig>
More information about the dovecot
mailing list