ok please understand this if for 2.3.x - replication was removed in 2.4
also ssh does not work well, are you replicating on a private network
connection (aka direct connection between servers on a different sub
net) - i use 10.xx.xx.server1 & 10.xx.xx.server2 with a crossover cable.
ssh/ssl not needed for a direct connection.
anyways mine is setup to trigger a replication on a received email
both sides MUST be configured so any incoming email will trigger
updating the other server
the config is from mine but is pretty straight forward
however it did take me a few months and a lot of help from AKI (Thanks)
so sharing the info.
mail notify replication is the major chunk of the config but i found
getting rid of ssh was overall better.
OTHER then the dsync command which uses ssh to start the command on the
other side (make sure you can ssh between the servers)
also this is based on using mysql or postgresql databasing for auth,
other auth mechs will be a crap shoot as dovecot uses a database entry
to track the replication requests
this is for postgresql :
{{{
# cat dovecot-pgsql.conf
driver = pgsql
connect = host=localhost port=5433 dbname= user= password=
default_pass_scheme = PLAIN
password_query = SELECT username as user, password FROM email_users
WHERE username = '%u' and password <> 'alias' and status = True and
destination = '%u'
user_query = SELECT home, uid, gid FROM email_users WHERE username =
'%u' and password <> 'alias' and status = True and destination = '%u'
#iterate_query = SELECT user, password FROM email_users WHERE username =
'%u' and password <> 'alias' and status = True and destination = '%u'
iterate_query = SELECT "username" as user, domain FROM email_users WHERE
status = True and alias_flag = False
}}}
again i use a private network for my databases as well - prevents hacking ?
{{{
mail_plugins = " virtual notify replication fts fts_lucene"
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
replication_dsync_parameters = -d -N -l 30 -U
plugin {
...
mail_replica = tcp:server2:12345 OR tcp:server1:12345 #relative to the
server
...
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = $mail_plugins notify replication
}
protocol pop3 {
mail_max_userip_connections = 50
mail_plugins = $mail_plugins notify replication
}
protocol imaps {
mail_max_userip_connections = 25
mail_plugins = $mail_plugins notify replication
}
protocol pop3s {
mail_max_userip_connections = 25
mail_plugins = $mail_plugins notify replication
}
replication_max_conns = 300
replication_full_sync_interval = 1d
service replicator {
client_limit = 0
drop_priv_before_exec = no
idle_kill = 4294967295s
process_limit = 1
process_min_avail = 0
service_count = 0
vsz_limit = 8g
unix_listener replicator-doveadm {
mode = 0666
user = vmail
}
vsz_limit = 8192M
}
service aggregator {
process_limit = 1000
#vsz_limit = 1g
fifo_listener replication-notify-fifo {
user = vmail
group = vmail
mode = 0666
}
unix_listener replication-notify {
user = vmail
group = vmail
mode = 0666
}
}
}}}
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Wednesday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca>
104-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]
On 2026-06-09 10:41 PM, Jesus Cea via dovecot wrote:
Hi, there.
I am using dovecot 2.3.21.1.
I am experimenting with replication, currently doing it manually, using
this:
doveadm -Dv sync -u jcea ssh email doveadm dsync-server -u
prueba_backup; echo $?
It works fine so far, but I have a few hundreds of mailboxes in my imap4
account and an "empty" (no changes) sync takes 30 seconds, since
apparently it compare every mailbox (according to the debug info printed).
I am using "mdbox" storage in both sides.
I would expect an event replication, where time is proportional to the
volume of changes, not to the total data volume or number of mailboxes.
Am I doing anything wrong?. It would be faster to use "replicator" +
"mail_replica". Can I improve this in some way?
Replication must be both ways, because in one server new emails are
arriving and in the other imapserver I am doing my mail work. I want new
email appearing in my work imapserver (living my own laptop) and my
email processing to be replicated back to the server for backup/disaster
recovery (lost laptop, broken HD) and access from a different laptop,
phone, etc.
Thanks.
PS: By default dovecot sanitizes the environment and doesn't allow
"SSH_AUTH_SOCK" for ssh-agent. Why?. That is very inconvenient.
I am using this environment variable to overcome that:
DOVECOT_PRESERVE_ENVS="HOME USER SSH_AUTH_SOCK SSH_AGENT_PID
LOG_STDERR_TIMESTAMP TZ CORE_OUTOFMEM CORE_ERROR"
Is this the right way to do this?
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
