Replication warnings
Hi list,
I get these warnings quite frequently.
Warning: Failed to do incremental sync for mailbox INBOX, retry with a
full sync
Is this something to worry about? Otherwise the replication works
perfectly.
Cheers Jan
--
MAX-PLANCK-INSTITUT fuer Radioastronomie
Jan Behrend - Rechenzentrum
Auf dem Huegel 69, D-53121 Bonn
Tel: +49 (228) 525 359, Fax: +49 (228) 525 229
jbehr...@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 xfs
auth_gssapi_hostname = imap.mpifr-bonn.mpg.de
auth_krb5_keytab = /etc/krb5-ha.keytab
auth_mechanisms = plain login gssapi
auth_verbose = yes
default_process_limit = 1024
default_vsz_limit = 512 M
dict {
acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
doveadm_password = xxx
doveadm_port = 50222
listen = 134.104.18.77
lmtp_save_to_detail_mailbox = yes
mail_location = mdbox:/var/mail/%Ln/maildrop
mail_plugins = acl zlib notify replication
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave imapflags notify
mdbox_rotate_size = 10 M
namespace mpifr_private {
inbox = yes
location =
prefix =
separator = .
}
namespace mpifr_shared {
inbox = no
list = children
location = mdbox:/var/mail/%%n/maildrop
prefix = shared.%%n.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
driver = ldap
}
plugin {
acl = vfile
acl_defaults_from_inbox = yes
acl_shared_dict = proxy::acl
mail_replica = tcp:192.168.42.173:50222
sieve = ~/.dovecot.sieve
sieve_after = /var/mail/global-after.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_dir = /var/mail
zlib_save = gz
zlib_save_level = 6
}
protocols = imap lmtp sieve pop3
replication_dsync_parameters = -d -l 30 -U -n mpifr_private -n mpifr_shared
replication_max_conns = 6
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
user = vmail
}
}
service anvil {
client_limit = 8192
}
service auth {
client_limit = 8192
unix_listener auth-userdb {
group = vmail
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
user = vmail
}
}
service doveadm {
inet_listener {
address = 192.168.42.105
port = 50222
}
}
service imap-login {
process_min_avail = 5
service_count = 1
}
service imap {
vsz_limit = 512 M
}
service indexer-worker {
client_limit = 1
process_limit = 10
user = root
}
service lmtp {
inet_listener lmtp {
address = 134.104.18.105
port = 24
}
}
service managesieve-login {
inet_listener sieve {
address = 134.104.18.77
port = 4190
}
service_count = 1
}
service pop3-login {
process_min_avail = 5
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl = required
ssl_cert = /etc/dovecot/imap.pem
ssl_cipher_list = ALL:HIGH:!SSLv2:!LOW:!EXP:!RC4:!MD5:!aNULL
ssl_key = /etc/dovecot/private/imap.key
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = acl zlib notify replication sieve
}
protocol imap {
imap_client_workarounds = tb-lsub-flags
mail_max_userip_connections = 20
mail_plugins = acl zlib notify replication imap_acl imap_zlib
ssl_cert = /etc/dovecot/imap.pem
ssl_key = /etc/dovecot/private/imap.key
}
protocol pop3 {
ssl_cert = /etc/dovecot/pop3.pem
ssl_key = /etc/dovecot/private/imap.key
}
smime.p7s
Description: S/MIME cryptographic signature
Re: Replication warnings
On Mon, 24 Nov 2014 09:37:27 +0100 Jan Behrend jbehr...@mpifr-bonn.mpg.de wrote: Hi list, I get these warnings quite frequently. Warning: Failed to do incremental sync for mailbox INBOX, retry with a full sync Is this something to worry about? Otherwise the replication works perfectly. Cheers Jan We saw this too with 2.2.13. After we updated to 2.2.15 the warnings went away. Cheers Oli
Possible to adjust username used to determine the proxy destination?
I'm in a fairly standard cluster environment: shared storage, bunch of
servers each acting as both proxies and backends.
We do /bin/checkpassword authentication, allowing a great deal of
flexibility...protection against brute force, billing mechanisms, but
relevant to this issue, I have it set up to allow users to login with
either their username (if they are in one of our default domains) or their
email address.
I'm realizing now that as a consequence of this, joe and j...@xecu.net
are unique as far as dovecot is concerned. Users who login with just their
username (and not the full email address) can get assigned to a different
backend server than when they login with the full email address (which
would also include LMTP deliveries). This has been happening for years, a
few broken indexes here and there that seem to resolve themselves, so it
hasn't been impacting the service, but I'd like to correct it properly.
Is there a way to manipulate this? For example, if I moved the
authentication to the proxy layer (it's currently proxy=y nopassword=y),
and set $ENV{USER} to the full email address, will director use that for
selection instead of the user-supplied username?
I'm open to suggestions on how best to accomplish this.
Thanks,
Andy
---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---
doveadm backup for all users to file system
The wiki says that doveadm backup supports the -A option for all users, but when I specify a file-system destination (like /tmp, or an NFS mounted folder), it just rewrites each user backup to the same location overwriting the previous user's content. You end up with just the content for the last user processed. I tried the typical %u substitution but that just created folder named '%u' and had the same overwrite problem. My userdb is LDAP which works just fine for other doveadm commands. The verbose/debug output from doveadm backup shows that it is processing every user. Example: doveadm -vD backup -A sdbox:/tmp/backup My understanding is that doveadm backup is just a front-end for dsync. The dsync manpage on the other hand says dsync can currently sync only one user at a time. If you want to dsync all users, you'll need to get a list of all users and execute dsync separately... It appears that doveadm backup -A is doing the iteration for me, but it's not generating individual destination paths for each user. So, is this is a documentation problem for doveadm backup? Or am I missing something here? Is there some secret sauce for doveadm backup -A that I'm not finding? If all else fails, I know I can write a script to iterate over the available users and run the backup repeatedly, but I would like to keep this as simple as possible. Thanks, Jeff
Re: Possible to adjust username used to determine the proxy destination?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 24 Nov 2014, Andy Dills wrote:
I'm in a fairly standard cluster environment: shared storage, bunch of
servers each acting as both proxies and backends.
We do /bin/checkpassword authentication, allowing a great deal of
flexibility...protection against brute force, billing mechanisms, but
relevant to this issue, I have it set up to allow users to login with
either their username (if they are in one of our default domains) or their
email address.
I'm realizing now that as a consequence of this, joe and j...@xecu.net
are unique as far as dovecot is concerned. Users who login with just their
username (and not the full email address) can get assigned to a different
backend server than when they login with the full email address (which
would also include LMTP deliveries). This has been happening for years, a
few broken indexes here and there that seem to resolve themselves, so it
hasn't been impacting the service, but I'd like to correct it properly.
Can return Dovecot Extra Fields as describes in:
http://wiki2.dovecot.org/AuthDatabase/CheckPassword
? userdb_user should change the username.
Is there a way to manipulate this? For example, if I moved the
authentication to the proxy layer (it's currently proxy=y nopassword=y),
and set $ENV{USER} to the full email address, will director use that for
selection instead of the user-supplied username?
Dunno
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVHQtRXz1H7kL/d9rAQIK+Af/XxO7G4IqGMUW0vv7alg778x+hipYrz8G
lIIfHdEGhmWcniiqKdVvkA+/UhsWTfjz9ZDaVt/aYRqAXBrXvMZEjntD9cyssz6D
rxBdKyQR5bVPOSFBJPOkg/CnRznTsFt8LY4T+OEO59vljyzNXi5um1ehtgsOqYsL
5iB+oO/oBkwObewpHRQFasjoA/lV1k2kJ5YA+Jsb5/+EgF8A78ZrSbQ6XEES89YD
o9MZQUmWUVvAHn7plWd4aC3OoCmZV49Oq/q8su2x0fP4jkzIyGDOxre5CJ2uN6s6
tFb2Qo6Ns8ZKf5Zh26BV0mKpSGcfK4KOQW7hyFkdC1i4KnujMNxjoA==
=TMrx
-END PGP SIGNATURE-
