I'm trying to move from my exising server to a new site. In preparation
for this I've set up the new server as per the first attachment.
I've added additional (temporary) setting to the new site as per these
instructions
https://wiki2.dovecot.org/Migration/Dsync
but when I try to do a backup with the following command from the old to
the new site
sudo doveadm -D -o imapc_user=user1 at oldserver? -o
imapc_password=pw-oldserver backup -R -u user1 at newserver imapc:
I get
-----------------------
Error: User initialization failed: imapc: Login to 'oldserver' failed:
Disconnected from server
----------------------
I can connect to both sites without any issues
openssl s_client -crlf -connect newserver:993
openssl s_client -crlf -connect oldserver:993
Not sure what I'm missing.
Have also included the config for the old site
Thanks,
Leo
-------------- next part --------------
llist at listsInWien:~$ dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-43-generic x86_64 Ubuntu 18.04.1 LTS ext4
auth_debug = yes
auth_mechanisms = plain login cram-md5
dsync_features = empty-header-workaround
imapc_features = rfc822.size fetch-headers
imapc_host = llmail.zudiewiener.com
imapc_list_prefix = INBOX
imapc_port = 993
imapc_user = %u
log_path = /var/log/dovecot.log
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/home/vmail/mailboxes/%d/%n
mail_prefetch_count = 20
mail_privileged_group = vmail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
imapsieve_mailbox1_before = file:/home/vmail/sieve/global/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/home/vmail/sieve/global/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
sieve =
file:/home/vmail/sieve/%d/%n/scripts;active=/home/vmail/sieve/%d/%n/active-script.sieve
sieve_before = /home/vmail/sieve/global/spam-global.sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /usr/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
user = vmail
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = </etc/letsencrypt/live/zudiewiener.com/fullchain.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_client_ca_dir = /etc/ssl
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = " sieve"
postmaster_address = postmaster at mail2.zudiewiener.com
}
protocol imap {
imap_idle_notify_interval = 29 mins
mail_max_userip_connections = 20
mail_plugins = " quota imap_quota imap_sieve notify replication"
}
-------------- next part --------------
adovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-43-generic x86_64 Ubuntu 18.04.1 LTS ext4
auth_debug_passwords = yes
auth_mechanisms = plain cram-md5
auth_verbose = yes
info_log_path = /var/log/dovecot.info
log_path = /var/log/dovecot.log
mail_location = maildir:/home/vmail/%d/%n
namespace {
inbox = yes
location =
prefix = INBOX.
separator = .
}
namespace inbox {
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
chroot = login
executable = /usr/lib/dovecot/imap-login
user = dovecot
}
service pop3-login {
chroot = login
executable = /usr/lib/dovecot/pop3-login
user = dovecot
}
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = # hidden, use -P to show it
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/users
driver = passwd-file
}
protocol imap {
mail_max_userip_connections = 40
}
llist at llmail:~$
> On 27 December 2018 at 19:13 Subscription <leo1subscr at zudiewiener.com> wrote: > > > I'm trying to move from my exising server to a new site. In preparation > for this I've set up the new server as per the first attachment. > > I've added additional (temporary) setting to the new site as per these > instructions > > https://wiki2.dovecot.org/Migration/Dsync > > but when I try to do a backup with the following command from the old to > the new site > > sudo doveadm -D -o imapc_user=user1 at oldserver? -o > imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: > > I get > > ----------------------- > Error: User initialization failed: imapc: Login to 'oldserver' failed: > Disconnected from server > > ---------------------- > > I can connect to both sites without any issues > > openssl s_client -crlf -connect newserver:993 > > openssl s_client -crlf -connect oldserver:993 > > > Not sure what I'm missing. > > Have also included the config for the old site > > Thanks, > > Leo > >Did you check logs on the old server? Aki
The logs on the old server are as follows ------- Dec 28 19:05:29 imap-login: Info: Disconnected (no auth attempts in 30 secs): user=<>, rip=207.180.228.225, lip=103.4.235.252, TLS handshaking: SSL_accept() syscall failed: Success Dec 28 19:05:29 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:05:29 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:05:29 auth: Debug: auth client connected (pid=5531) Dec 28 19:05:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:05:29 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:05:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:05:59 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:05:59 imap-login: Debug: SSL error: SSL_accept() syscall failed: Success Dec 28 19:05:59 imap-login: Info: Disconnected (no auth attempts in 30 secs): user=<>, rip=207.180.228.225, lip=103.4.235.252, TLS handshaking: SSL_accept() syscall failed: Success Dec 28 19:08:00 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:00 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:00 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:00 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:00 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:08:00 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Dec 28 19:08:00 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so Dec 28 19:08:00 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 28 19:08:00 auth: Debug: passwd-file /etc/dovecot/passwd: Read 10 users in 0 secs Dec 28 19:08:00 auth: Debug: passwd-file /etc/dovecot/users: Read 10 users in 0 secs Dec 28 19:08:00 auth: Debug: auth client connected (pid=5625) Dec 28 19:08:30 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:08:30 imap-login: Debug: SSL error: SSL_accept() syscall failed: Success Dec 28 19:08:30 imap-login: Info: Disconnected (no auth attempts in 30 secs): user=<>, rip=207.180.228.225, lip=103.4.235.252, TLS handshaking: SSL_accept() syscall failed: Success Dec 28 19:08:30 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:30 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:30 auth: Debug: auth client connected (pid=5644) Dec 28 19:08:30 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:30 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:30 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] ------ On 27/12/18 6:28 pm, Aki Tuomi wrote:>> On 27 December 2018 at 19:13 Subscription <leo1subscr at zudiewiener.com> wrote: >> >> >> I'm trying to move from my exising server to a new site. In preparation >> for this I've set up the new server as per the first attachment. >> >> I've added additional (temporary) setting to the new site as per these >> instructions >> >> https://wiki2.dovecot.org/Migration/Dsync >> >> but when I try to do a backup with the following command from the old to >> the new site >> >> sudo doveadm -D -o imapc_user=user1 at oldserver? -o >> imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: >> >> I get >> >> ----------------------- >> Error: User initialization failed: imapc: Login to 'oldserver' failed: >> Disconnected from server >> >> ---------------------- >> >> I can connect to both sites without any issues >> >> openssl s_client -crlf -connect newserver:993 >> >> openssl s_client -crlf -connect oldserver:993 >> >> >> Not sure what I'm missing. >> >> Have also included the config for the old site >> >> Thanks, >> >> Leo >> >> > Did you check logs on the old server? > > Aki
> On 27 Dec 2018, at 19.13, Subscription <leo1subscr at zudiewiener.com> wrote: > > but when I try to do a backup with the following command from the old to the new site > > sudo doveadm -D -o imapc_user=user1 at oldserver -o imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: >Since both of your servers are running dovecot it would be probably better to use native doveadm protocol (over ssh pipe if required) to do the migration instead of using imapc. something like: doveadm backup -u user1 at newserver -R ssh oldserver sudo /usr/bin/doveadm dsync-server -u user1 at oldserver allowing sudo and ssh login with keys. Sami
Thanks for you suggestion, but I couldn't quite get it to work. I ended up rsyncing the mail folders (there were only a few email accounts) a temporary folder on the new server and then used dsync to restore the mailfolders. Thanks again for your help Leo On 28/12/18 10:07 am, Sami Ketola wrote:> >> On 27 Dec 2018, at 19.13, Subscription <leo1subscr at zudiewiener.com> wrote: >> >> but when I try to do a backup with the following command from the old to the new site >> >> sudo doveadm -D -o imapc_user=user1 at oldserver -o imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: >> > > Since both of your servers are running dovecot it would be probably better to use native doveadm protocol (over ssh pipe if required) to do the migration instead of using imapc. > > something like: > > doveadm backup -u user1 at newserver -R ssh oldserver sudo /usr/bin/doveadm dsync-server -u user1 at oldserver > > allowing sudo and ssh login with keys. > > Sami