I'm trying to move from my exising server to a new site. In preparation for this I've set up the new server as per the first attachment. I've added additional (temporary) setting to the new site as per these instructions https://wiki2.dovecot.org/Migration/Dsync but when I try to do a backup with the following command from the old to the new site sudo doveadm -D -o imapc_user=user1 at oldserver? -o imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: I get ----------------------- Error: User initialization failed: imapc: Login to 'oldserver' failed: Disconnected from server ---------------------- I can connect to both sites without any issues openssl s_client -crlf -connect newserver:993 openssl s_client -crlf -connect oldserver:993 Not sure what I'm missing. Have also included the config for the old site Thanks, Leo -------------- next part -------------- llist at listsInWien:~$ dovecot -n # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-43-generic x86_64 Ubuntu 18.04.1 LTS ext4 auth_debug = yes auth_mechanisms = plain login cram-md5 dsync_features = empty-header-workaround imapc_features = rfc822.size fetch-headers imapc_host = llmail.zudiewiener.com imapc_list_prefix = INBOX imapc_port = 993 imapc_user = %u log_path = /var/log/dovecot.log mail_debug = yes mail_gid = vmail mail_location = maildir:/home/vmail/mailboxes/%d/%n mail_prefetch_count = 20 mail_privileged_group = vmail mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { imapsieve_mailbox1_before = file:/home/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/home/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * sieve = file:/home/vmail/sieve/%d/%n/scripts;active=/home/vmail/sieve/%d/%n/active-script.sieve sieve_before = /home/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = </etc/letsencrypt/live/zudiewiener.com/fullchain.pem ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA ssl_client_ca_dir = /etc/ssl ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = " sieve" postmaster_address = postmaster at mail2.zudiewiener.com } protocol imap { imap_idle_notify_interval = 29 mins mail_max_userip_connections = 20 mail_plugins = " quota imap_quota imap_sieve notify replication" } -------------- next part -------------- adovecot -n # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-43-generic x86_64 Ubuntu 18.04.1 LTS ext4 auth_debug_passwords = yes auth_mechanisms = plain cram-md5 auth_verbose = yes info_log_path = /var/log/dovecot.info log_path = /var/log/dovecot.log mail_location = maildir:/home/vmail/%d/%n namespace { inbox = yes location = prefix = INBOX. separator = . } namespace inbox { location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/passwd driver = passwd-file } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { chroot = login executable = /usr/lib/dovecot/imap-login user = dovecot } service pop3-login { chroot = login executable = /usr/lib/dovecot/pop3-login user = dovecot } ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key = # hidden, use -P to show it userdb { driver = prefetch } userdb { args = /etc/dovecot/users driver = passwd-file } protocol imap { mail_max_userip_connections = 40 } llist at llmail:~$
> On 27 December 2018 at 19:13 Subscription <leo1subscr at zudiewiener.com> wrote: > > > I'm trying to move from my exising server to a new site. In preparation > for this I've set up the new server as per the first attachment. > > I've added additional (temporary) setting to the new site as per these > instructions > > https://wiki2.dovecot.org/Migration/Dsync > > but when I try to do a backup with the following command from the old to > the new site > > sudo doveadm -D -o imapc_user=user1 at oldserver? -o > imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: > > I get > > ----------------------- > Error: User initialization failed: imapc: Login to 'oldserver' failed: > Disconnected from server > > ---------------------- > > I can connect to both sites without any issues > > openssl s_client -crlf -connect newserver:993 > > openssl s_client -crlf -connect oldserver:993 > > > Not sure what I'm missing. > > Have also included the config for the old site > > Thanks, > > Leo > >Did you check logs on the old server? Aki
The logs on the old server are as follows ------- Dec 28 19:05:29 imap-login: Info: Disconnected (no auth attempts in 30 secs): user=<>, rip=207.180.228.225, lip=103.4.235.252, TLS handshaking: SSL_accept() syscall failed: Success Dec 28 19:05:29 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:05:29 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:05:29 auth: Debug: auth client connected (pid=5531) Dec 28 19:05:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:05:29 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:05:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:05:59 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:05:59 imap-login: Debug: SSL error: SSL_accept() syscall failed: Success Dec 28 19:05:59 imap-login: Info: Disconnected (no auth attempts in 30 secs): user=<>, rip=207.180.228.225, lip=103.4.235.252, TLS handshaking: SSL_accept() syscall failed: Success Dec 28 19:08:00 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:00 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:00 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:00 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:00 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:08:00 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Dec 28 19:08:00 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so Dec 28 19:08:00 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 28 19:08:00 auth: Debug: passwd-file /etc/dovecot/passwd: Read 10 users in 0 secs Dec 28 19:08:00 auth: Debug: passwd-file /etc/dovecot/users: Read 10 users in 0 secs Dec 28 19:08:00 auth: Debug: auth client connected (pid=5625) Dec 28 19:08:30 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] Dec 28 19:08:30 imap-login: Debug: SSL error: SSL_accept() syscall failed: Success Dec 28 19:08:30 imap-login: Info: Disconnected (no auth attempts in 30 secs): user=<>, rip=207.180.228.225, lip=103.4.235.252, TLS handshaking: SSL_accept() syscall failed: Success Dec 28 19:08:30 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:30 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 28 19:08:30 auth: Debug: auth client connected (pid=5644) Dec 28 19:08:30 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:30 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [207.180.228.225] Dec 28 19:08:30 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [207.180.228.225] ------ On 27/12/18 6:28 pm, Aki Tuomi wrote:>> On 27 December 2018 at 19:13 Subscription <leo1subscr at zudiewiener.com> wrote: >> >> >> I'm trying to move from my exising server to a new site. In preparation >> for this I've set up the new server as per the first attachment. >> >> I've added additional (temporary) setting to the new site as per these >> instructions >> >> https://wiki2.dovecot.org/Migration/Dsync >> >> but when I try to do a backup with the following command from the old to >> the new site >> >> sudo doveadm -D -o imapc_user=user1 at oldserver? -o >> imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: >> >> I get >> >> ----------------------- >> Error: User initialization failed: imapc: Login to 'oldserver' failed: >> Disconnected from server >> >> ---------------------- >> >> I can connect to both sites without any issues >> >> openssl s_client -crlf -connect newserver:993 >> >> openssl s_client -crlf -connect oldserver:993 >> >> >> Not sure what I'm missing. >> >> Have also included the config for the old site >> >> Thanks, >> >> Leo >> >> > Did you check logs on the old server? > > Aki
> On 27 Dec 2018, at 19.13, Subscription <leo1subscr at zudiewiener.com> wrote: > > but when I try to do a backup with the following command from the old to the new site > > sudo doveadm -D -o imapc_user=user1 at oldserver -o imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: >Since both of your servers are running dovecot it would be probably better to use native doveadm protocol (over ssh pipe if required) to do the migration instead of using imapc. something like: doveadm backup -u user1 at newserver -R ssh oldserver sudo /usr/bin/doveadm dsync-server -u user1 at oldserver allowing sudo and ssh login with keys. Sami
Thanks for you suggestion, but I couldn't quite get it to work. I ended up rsyncing the mail folders (there were only a few email accounts) a temporary folder on the new server and then used dsync to restore the mailfolders. Thanks again for your help Leo On 28/12/18 10:07 am, Sami Ketola wrote:> >> On 27 Dec 2018, at 19.13, Subscription <leo1subscr at zudiewiener.com> wrote: >> >> but when I try to do a backup with the following command from the old to the new site >> >> sudo doveadm -D -o imapc_user=user1 at oldserver -o imapc_password=pw-oldserver backup -R -u user1 at newserver imapc: >> > > Since both of your servers are running dovecot it would be probably better to use native doveadm protocol (over ssh pipe if required) to do the migration instead of using imapc. > > something like: > > doveadm backup -u user1 at newserver -R ssh oldserver sudo /usr/bin/doveadm dsync-server -u user1 at oldserver > > allowing sudo and ssh login with keys. > > Sami