Hello! I finally took the time and spent two days to set up replication for my server and now I have a question or two. I initially set noreplicate userdb field to 1 for all but a test user, but I could still see in the logs that all mailboxes were trying to connect to the other server via SSH. Is that normal? Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l vmail backup.host.ee doveadm dsync-server -D -u user at host.ee Then I ended up setting mail_replica in userdb for only my test user, but I could still see in the logs that it was trying to sync the others as well, despite mail_replica being 0 for the rest. Jun 22 20:52:59 host dovecot: doveadm(user at host.ee): Fatal: -N parameter requires syncing with remote host I also notice (and read from recent posts) that sieve script replication doesn't work at all. Dovecot v2.3.6 and Pigeonhole from the official Dovecot CentOS repo. Thanks, Reio PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun as usual. :)
On 22.6.2019 22.00, Reio Remma via dovecot wrote:> Hello! > > I finally took the time and spent two days to set up replication for > my server and now I have a question or two. > > I initially set noreplicate userdb field to 1 for all but a test user, > but I could still see in the logs that all mailboxes were trying to > connect to the other server via SSH. Is that normal? > > Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: > Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l > vmail backup.host.ee doveadm dsync-server -D -u user at host.ee > > Then I ended up setting mail_replica in userdb for only my test user, > but I could still see in the logs that it was trying to sync the > others as well, despite mail_replica being 0 for the rest. > > Jun 22 20:52:59 host dovecot: doveadm(user at host.ee): Fatal: -N > parameter requires syncing with remote host > > I also notice (and read from recent posts) that sieve script > replication doesn't work at all. > > Dovecot v2.3.6 and Pigeonhole from the official Dovecot CentOS repo. > > Thanks, > Reio > PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun > as usual. :)Hi! We are fixing this is 2.3.7, noreplicate works but causes errors. You can try https://github.com/dovecot/core/compare/6d5b4b5%5E..93945ec.patch if you are compiling yourself. Dovecot under selinux works, as long as you do it the way the policy writer intended, see https://linux.die.net/man/8/dovecot_selinux Aki
On 24.06.2019 8:21, Aki Tuomi wrote:> On 22.6.2019 22.00, Reio Remma via dovecot wrote: >> Hello! >> >> I finally took the time and spent two days to set up replication for >> my server and now I have a question or two. >> >> I initially set noreplicate userdb field to 1 for all but a test user, >> but I could still see in the logs that all mailboxes were trying to >> connect to the other server via SSH. Is that normal? >> >> Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: >> Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l >> vmail backup.host.ee doveadm dsync-server -D -u user at host.ee >> >> Then I ended up setting mail_replica in userdb for only my test user, >> but I could still see in the logs that it was trying to sync the >> others as well, despite mail_replica being 0 for the rest. >> >> Jun 22 20:52:59 host dovecot: doveadm(user at host.ee): Fatal: -N >> parameter requires syncing with remote host >> >> I also notice (and read from recent posts) that sieve script >> replication doesn't work at all. >> >> Dovecot v2.3.6 and Pigeonhole from the official Dovecot CentOS repo. >> >> Thanks, >> Reio >> PS: Getting SSH for Dovecot to work with SELinux on CentOS 7 was fun >> as usual. :) > > Hi! > > We are fixing this is 2.3.7, noreplicate works but causes errors. You > can try > https://github.com/dovecot/core/compare/6d5b4b5%5E..93945ec.patch if you > are compiling yourself. > > Dovecot under selinux works, as long as you do it the way the policy > writer intended, see https://linux.die.net/man/8/dovecot_selinux > > AkiFor replication over SSH I had to add the following module: module selinux-dovecot-replication-ssh 1.0; require { type ssh_exec_t; type ssh_home_t; type dovecot_t; class file { open read execute execute_no_trans }; class dir { getattr search }; } #============= dovecot_t =============allow dovecot_t ssh_exec_t:file { open read execute execute_no_trans }; allow dovecot_t ssh_home_t:dir { getattr search }; allow dovecot_t ssh_home_t:file { open read }; ssh_exec_t to allow Dovecot to use ssh executable in the first place and ssh_home_t:dir + ssh_home_t:file for it to be able to read known_hosts from /root/.ssh Reio -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190624/04e2e4e7/attachment.html>