thr3ads.net - dovecot - TCP replication: high connection rate and looping in incomplete state [Jun 2018]

If this information is useful, please help other people find it:
Share via:

tok

2018-Jun-16 19:09 UTC

TCP replication: high connection rate and looping in incomplete state

Hi,

I am trying to establish TCP(s)-based replication between two FreeBSD 11.1
machines, both running Dovecot 2.2.35 (via pkg) with 10 virtual users and 1.2GB
maildir. I followed the Wiki description
(https://wiki2.dovecot.org/Replication), just skipped the SSH part. My resulting
configurations are attached below.

Problem: After reloading both Dovecot instances, a few seconds later they start
to initiate connections in an absurdly high rate (30-50 new connections during
10 secs, closing old ones after 2-3 secs) and even after 1 hour they do not
?calm down". E-mails are copied, but judging by size and file count, not
completely (approx. 1GB and maybe 90% of files are getting synced). What is
going on here?

On the destination host (with empty storage before replication) I see
"incremental - Waiting for dsync to finish? in dsync-status, constantly
flipping between handshake and waiting, for solely 4 out of 10 accounts.
Replicator status says 0 requests and 10 total users.

On the source host, replicator status says 4 queued full resyncs, 3 waiting
failed and 10 total users.

I already tried both tcps and tcp; activating debug log did not reveal any
errors (e.g. SSL). Would be happy for any advice to track this down.

Best regards,
tok


Config source host:
-----
# 2.2.35 (b1cb664): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.23 (b2e41927)
# OS: FreeBSD 11.1-RELEASE-p10 amd64  zfs
# Hostname: srv1.TLD
auth_mechanisms = plain login
doveadm_password =  # hidden, use -P to show it
doveadm_port = 12345
lmtp_save_to_detail_mailbox = yes
login_trusted_networks = 172.16.1.110/32
mail_location = maildir:/srv/mail/vhosts/%d/%n
mail_plugins = quota mailbox_alias notify replication

namespace inbox {
  [?]
}
passdb {
  args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users
  driver = passwd-file
}
plugin {
  mail_replica = tcps:srv2.TLD:12345
  quota = maildir:User quota
  quota_grace = 10%%
  quota_max_mail_size = 50M
  quota_rule = *:storage=1G
  quota_rule2 = Trash:storage=+10%%
  quota_rule3 = Junk:storage=+20%%
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is over quota / full
  quota_status_success = DUNNO
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below %u
  [...]
}
postmaster_address = postmaster at TLD
quota_full_tempfail = yes
service aggregator {
  fifo_listener replication-notify-fifo {
    mode = 0666
    user = vmail
  }
  unix_listener replication-notify {
    mode = 0666
    user = vmail
  }
}
service auth-worker {
  user = $default_internal_user
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service config {
  unix_listener config {
    user = vmail
  }
}
service doveadm {
  inet_listener {
    port = 12345
    ssl = yes
  }
}
service imap-login {
  process_min_avail = 1
  service_count = 1
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  process_min_avail = 1
  service_count = 1
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 12340
  }
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  user = vmail
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    group = vmail
    mode = 0666
  }
}
ssl_cert = </usr/local/etc/ssl/acme.sh/srv1.TLD/fullchain.pem
ssl_client_ca_file = /etc/ssl/cert.pem
userdb {
  args = username_format=%u /usr/local/etc/dovecot/users
  driver = passwd-file
}
protocol lmtp {
  mail_plugins = quota mailbox_alias notify replication quota sieve
}
protocol lda {
  mail_plugins = quota mailbox_alias notify replication sieve
}
protocol imap {
  mail_plugins = quota mailbox_alias notify replication imap_quota imap_sieve
}

-----

Diff config of destination host:
-----
4c4
< # Hostname: srv2.TLD
---> # Hostname: srv1.TLD
9a10> login_trusted_networks = 172.16.1.110/3260c61
<   mail_replica = tcps:srv1.TLD:12345
--->   mail_replica = tcps:srv2.TLD:12345156c157
< ssl_cert = </usr/local/etc/ssl/acme.sh/srv1.TLD/fullchain.pem
---> ssl_cert = </usr/local/etc/ssl/acme.sh/srv1.TLD/fullchain.pem-----

Maybe Matching Threads

Search for more apparently analagous threads

dovecot - Jun 2018 - TCP replication: high connection rate and looping in incomplete state

TCP replication: high connection rate and looping in incomplete state

Maybe Matching Threads

Wisdom of the Ancients