Hi,
I am a long-time dovecot user/admin for my family mail server, but
I had ventured into configuring replication only recently and I am not
sure about how it should work and what are the good practices. My intent
for replication was to have another instance to switch to in a short
time if something fails. I have daily backups, but it will take much
more time to rebuild and restore than just to switch to a good instance
while taking time to restore the bad one.
The setup seems to work just fine from IMAP client point of view (minus
sieve scripts - but I have worked it around as I am not yet ready to
upgrade dovecot beyond what's in stable Debian at the moment). I have my
clients configured to access instance A exclusively; instance B is just
sitting around with no clients routinely connected. Also only instance A
is receiving deliveries from both my primary and secondary MTAs. I have
some doubt however if this is the right thing to do and if it is correct
from the dovecot server point of view.
I have observed my mail storage directories on both instances and have
noticed that they diverge a little over time - the instance B not having
all the updates. However the moment I connect another client to instance
B and log in as a particular user, the state on instance B springs to the
correct state and I see the same content on both clients, and the storage
directories become identical as well.
I am afraid that, if instance A fails, I would not have the current state
on instance B. Is there anything I should have done differently?
Here is dovecot -n output of instance A. Instance B config is symmetrical
with imap1/2 hostnames switched.
FYI: actual domain is substituted for privacy. mail.mydomain.net is an
internal subdomain with private IP addresses. Instances of dovecot are
containerized with access to internal virtual bridge on which MTAs and
supporting processes are present as well. The access from outside is
provided by port forwarding/NAT, only for imaps and pop3s ports.
Other ports are only internally accessible for local clients (postfix,
mutt, doveadm command line tool etc.) or debug purposes.
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-9-cloud-amd64 x86_64
# Hostname: imap1.mail.mydomain.net
auth_failure_delay = 3 secs
auth_verbose = yes
auth_worker_max_count = 5
deliver_log_format = msgid=%m; from=%f: %$
disable_plaintext_auth = no
doveadm_password = # hidden, use -P to show it
doveadm_port = 4551
first_valid_uid = 100
login_greeting = # <redacted>
mail_attribute_dict = file:mail/dovecot-attributes
mail_gid = 122
mail_home = /var/vmail/%u
mail_location = maildir:~/mail:LAYOUT=fs:DIRNAME=.MailDir:UTF-8
mail_plugins = " notify replication"
mail_privileged_group = vmail
mail_uid = 113
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext editheader vnd.dovecot.debug
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext.local
driver = sql
}
plugin {
mail_replica = tcp:imap2.mail.mydomain.net
sieve = ~/.sieve
sieve_dir = ~/sieve
sieve_extensions = +vnd.dovecot.debug +editheader
sieve_user_log = ~/log/sieve.log
}
pop3_fast_size_lookups = yes
pop3_lock_session = yes
pop3_no_flag_updates = yes
pop3_save_uidl = yes
protocols = " imap lmtp sieve pop3"
replication_max_conns = 5
service aggregator {
fifo_listener replication-notify-fifo {
group = root
mode = 0660
user = vmail
}
unix_listener replication-notify {
group = root
mode = 0660
user = vmail
}
}
service auth-worker {
chroot = /etc/dovecot/db
process_limit = 10
unix_listener auth-worker {
mode = 0600
user = doveauth
}
user = doveauth
}
service auth {
client_limit = 64
inet_listener sasl {
address = imap1.mail.mydomain.net
port = 9192
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = doveauth
}
user = doveauth
}
service dict-async {
protocol = none
}
service dict {
protocol = none
}
service director {
protocol = none
}
service doveadm {
inet_listener doveadm {
address = imap1.mail.mydomain.net
port = 4551
}
}
service imap-hibernate {
protocol = none
}
service imap-login {
inet_listener imap {
address = imap1.mail.mydomain.net
port = 143
}
process_limit = 30
service_count = 1
}
service imap-urlauth-login {
protocol = none
}
service imap-urlauth-worker {
protocol = none
}
service imap-urlauth {
protocol = none
}
service imap {
chroot = /var/vmail
client_limit = 15
process_limit = 30
service_count = 32
user = vmail
}
service indexer-worker {
process_limit = 3
user = vmail
}
service indexer {
chroot = $base_dir
}
service lmtp {
client_limit = 1
extra_groups =
group = vmail
inet_listener lmtp {
address = imap1.mail.mydomain.net
port = 2306
}
process_limit = 6
user = vmail
}
service log {
user = $default_internal_user
}
service managesieve-login {
inet_listener sieve {
address = imap1.mail.mydomain.net
port = 4190
}
process_limit = 3
service_count = 1
}
service managesieve {
chroot = /var/vmail
process_limit = 3
service_count = 1
user = vmail
}
service pop3-login {
inet_listener pop3 {
port = 0
}
process_limit = 4
service_count = 1
}
service pop3 {
chroot = /var/vmail
process_limit = 4
service_count = 1
user = vmail
}
service replicator {
unix_listener replicator-doveadm {
group = root
mode = 0600
user = vmail
}
}
service submission-login {
protocol = none
}
service tcpwrap {
protocol = none
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext.local
driver = sql
}
valid_chroot_dirs = /var/vmail /etc/dovecot/db
verbose_proctitle = yes
protocol lmtp {
mail_plugins = " notify replication sieve"
}
protocol imap {
imap_metadata = yes
}
--
Piotr "Malgond" Auksztulewicz firstname at
lastname.net
On 16/10/2020 14:23, Piotr Auksztulewicz wrote:> Hi, > > I am a long-time dovecot user/admin for my family mail server, but > I had ventured into configuring replication only recently and I am not > sure about how it should work and what are the good practices. My intent > for replication was to have another instance to switch to in a short > time if something fails. I have daily backups, but it will take much > more time to rebuild and restore than just to switch to a good instance > while taking time to restore the bad one. > > The setup seems to work just fine from IMAP client point of view (minus > sieve scripts - but I have worked it around as I am not yet ready to > upgrade dovecot beyond what's in stable Debian at the moment). I have my > clients configured to access instance A exclusively; instance B is just > sitting around with no clients routinely connected. Also only instance A > is receiving deliveries from both my primary and secondary MTAs. I have > some doubt however if this is the right thing to do and if it is correct > from the dovecot server point of view. > > I have observed my mail storage directories on both instances and have > noticed that they diverge a little over time - the instance B not having > all the updates. However the moment I connect another client to instance > B and log in as a particular user, the state on instance B springs to the > correct state and I see the same content on both clients, and the storage > directories become identical as well.Are there any replication errors logged? Does doveadm replicator status or doveadm replicator status <mailbox> give any sign of errors? Can you give some example or evidence of the disalignment that is happening? John
On Sat, Oct 17, 2020 at 11:17:34PM +0200, John Fawcett wrote:> > I have observed my mail storage directories on both instances and have > > noticed that they diverge a little over time - the instance B not having > > all the updates. However the moment I connect another client to instance > > B and log in as a particular user, the state on instance B springs to the > > correct state and I see the same content on both clients, and the storage > > directories become identical as well. > > Are there any replication errors logged? Does doveadm replicator status or > doveadm replicator status <mailbox> give any sign of errors? > > Can you give some example or evidence of the disalignment that is happening?Thank you for response. I was asking if such difference in directories is normal or not and do I have the approach right or is there some obvious error in my configuration. I still have an example that prompted me to write this email. Instance B had three mails missing in comparison to instance A, when I listed the storage directories from the command line. They got replicated fine just after I connected a client to instance B. No difference since then, but I need to observe the servers for some more time, it seems like it happens over a few weeks or so. No errors in dovecot logs, doveadm replicator status output does not show any errors as well, but instances have been restarted, so it is not a goof indication. I am going to enable debug to see what's going on. Maybe it was some transient situation or human error on my part during setting it all up or tweaking the configuration. I will come back if I observe such thing again. Here are the listings. Hostnames etc. replaced for privacy. --- Instance A root at serverA:/var/vmail/user at example.net/mail/INBOX/.MailDir/cur# ll total 14684 drwx------ 2 vmail vmail 4096 Oct 16 13:15 . drwx------ 5 vmail vmail 4096 Oct 16 13:15 .. -rw------- 1 vmail vmail 303371 Oct 30 2019 '1572438988.M167729P10012.hostname.mydomain.net,S=303371,W=307546:2,S' -rw------- 1 vmail vmail 1789790 Oct 30 2019 '1572438998.M633142P10012.hostname.mydomain.net,S=1789790,W=1814325:2,S' -rw------- 1 vmail vmail 171191 Nov 17 2019 '1574012316.M188507P14607.hostname.mydomain.net,S=171191,W=173557:2,S' -rw------- 1 vmail vmail 3430888 Nov 29 2019 '1574956300.M308957P25339.hostname.mydomain.net,S=3430888,W=3475534:2,S' -rw------- 1 vmail vmail 7185 Mar 14 2020 '1584150674.M740366P21925.hostname.mydomain.net,S=7185,W=7294:2,S' -rw------- 1 vmail vmail 5543 Mar 25 2020 '1585148832.M609262P877.hostname.mydomain.net,S=5543,W=5674:2,S' -rw------- 1 vmail vmail 3052 Apr 19 22:23 '1587327803.M423484P19471.hostname.mydomain.net,S=3052,W=3122:2,S' -rw------- 1 vmail vmail 13690 Apr 23 14:47 '1587646046.M939301P22621.hostname.mydomain.net,S=13690,W=13886:2,S' -rw------- 1 vmail vmail 8917623 May 25 19:06 '1590426395.M585516P47979.hostname.mydomain.net,S=8917623,W=9033467:2,S' -rw------- 1 vmail vmail 5473 Jun 20 20:14 '1592676840.M810974P68188.hostname.mydomain.net,S=5473,W=5576:2,S' -rw------- 1 vmail vmail 8776 Jun 21 19:25 '1592760350.M765525P68795.hostname.mydomain.net,S=8776,W=8936:2,S' -rw------- 1 vmail vmail 4624 Jul 23 17:25 '1595517903.M310464P9504.hostname.mydomain.net,S=4624,W=4715:2,S' -rw------- 1 vmail vmail 4378 Aug 18 00:16 '1597702561.M109036P34930.hostname.mydomain.net,S=4378,W=4453:2,S' -rw------- 1 vmail vmail 14522 Sep 17 11:52 '1600336372.M982371P3862.hostname.mydomain.net,S=14522,W=14813:2,S' -rw------- 1 vmail vmail 30411 Sep 23 14:43 '1600865025.M865916P104.hostname.mydomain.net,S=30411,W=30850:2,S' -rw------- 1 vmail vmail 39928 Sep 30 08:27 '1601447231.M21429P464.hostname.mydomain.net,S=39928,W=40487:2,S' -rw------- 1 vmail vmail 8529 Oct 9 15:32 '1602250379.M823144P212.hostname.mydomain.net,S=8529,W=8701:2,S' -rw------- 1 vmail vmail 17972 Oct 15 00:59 '1602716371.M291521P5700.hostname.mydomain.net,S=17972,W=18407:2,S' -rw------- 1 vmail vmail 38528 Oct 15 08:24 '1602743049.M23930P5928.hostname.mydomain.net,S=38528,W=39224:2,S' -rw------- 1 vmail vmail 52350 Oct 15 12:05 '1602756328.M324186P6101.hostname.mydomain.net,S=52350,W=53436:2,S' -rw------- 1 vmail vmail 112458 Oct 16 13:05 '1602846323.M415371P7147.hostname.mydomain.net,S=112458,W=114768:2,S' --- Instance B root at serverB:/var/vmail/user at example.net/mail/INBOX/.MailDir/cur# ll total 14608 drwx------ 2 vmail vmail 12288 Oct 16 13:15 . drwx------ 5 vmail vmail 4096 Oct 16 13:15 .. -rw------- 1 vmail vmail 303371 Oct 30 2019 '1572438988.M167729P10012.hostname.mydomain.net,S=303371,W=307546:2,S' -rw------- 1 vmail vmail 1789790 Oct 30 2019 '1572438998.M633142P10012.hostname.mydomain.net,S=1789790,W=1814325:2,S' -rw------- 1 vmail vmail 171191 Nov 17 2019 '1574012316.M188507P14607.hostname.mydomain.net,S=171191,W=173557:2,S' -rw------- 1 vmail vmail 3430888 Nov 29 2019 '1574956300.M308957P25339.hostname.mydomain.net,S=3430888,W=3475534:2,S' -rw------- 1 vmail vmail 7185 Mar 14 2020 '1584150674.M740366P21925.hostname.mydomain.net,S=7185,W=7294:2,S' -rw------- 1 vmail vmail 5543 Mar 25 2020 '1585148832.M609262P877.hostname.mydomain.net,S=5543,W=5674:2,S' -rw------- 1 vmail vmail 3052 Apr 19 22:23 '1587327803.M423484P19471.hostname.mydomain.net,S=3052,W=3122:2,S' -rw------- 1 vmail vmail 13690 Apr 23 14:47 '1587646046.M939301P22621.hostname.mydomain.net,S=13690,W=13886:2,S' -rw------- 1 vmail vmail 8917623 May 25 19:06 '1590426395.M585516P47979.hostname.mydomain.net,S=8917623,W=9033467:2,S' -rw------- 1 vmail vmail 5473 Jun 20 20:14 '1592676840.M810974P68188.hostname.mydomain.net,S=5473,W=5576:2,S' -rw------- 1 vmail vmail 8776 Jun 21 19:25 '1592760350.M765525P68795.hostname.mydomain.net,S=8776,W=8936:2,S' -rw------- 1 vmail vmail 4624 Jul 23 17:25 '1595517903.M310464P9504.hostname.mydomain.net,S=4624,W=4715:2,S' -rw------- 1 vmail vmail 4378 Aug 18 00:16 '1597702561.M109036P34930.hostname.mydomain.net,S=4378,W=4453:2,S' -rw------- 1 vmail vmail 14522 Sep 17 11:52 '1600336372.M982371P3862.hostname.mydomain.net,S=14522,W=14813:2,S' -rw------- 1 vmail vmail 30411 Sep 23 14:43 '1600865025.M865916P104.hostname.mydomain.net,S=30411,W=30850:2,S' -rw------- 1 vmail vmail 39928 Sep 30 08:27 '1601447231.M21429P464.hostname.mydomain.net,S=39928,W=40487:2,S' -rw------- 1 vmail vmail 38528 Oct 15 08:24 '1602743049.M23930P5928.hostname.mydomain.net,S=38528,W=39224:2,S' -rw------- 1 vmail vmail 112458 Oct 16 13:05 '1602846323.M415371P7147.hostname.mydomain.net,S=112458,W=114768:2,S' -- Piotr "Malgond" Auksztulewicz firstname at lastname.net