Discussion:
Question wrt. dovecot replicator
Remko Lodder
2014-10-01 23:40:17 UTC
Permalink
Hi People,

I recently setup a replication service within dovecot between two machines in different datacenters, which has the following configuration;
(yes it is hashed out, because I needed to)

#service replicator {
# unix_listener replicator-doveadm {
# mode = 0666
# }
# process_min_avail = 1
#}
#
#service aggregator {
# fifo_listener replication-notify-fifo {
# mode = 0666
# #user = vmail
# }
# unix_listener replication-notify {
# mode = 0666
# #user = vmail
# }
#}
#
#service doveadm {
# inet_listener {
# port = 12346
# }
#}
#
##doveadm_port = 12346
#doveadm_password = XXXXXXX
#replication_max_conns = 30
#

and a mail_replica = tcp:host{a,b}:12346 configuration on each host so that they are pointing to eachother; This seems to work fine for most accounts, for example: I never experienced issues with this. However, several other accounts (with a large variety of clients) got duplicated emails. Looking with doveadm I only noticed that the numbers of the messages are closely related to eachother but one number incremented. So they cannot be deleted with the deduplicator function.

The replication is provided over TCP only, the connection streams over an OpenVPN tunnel so that the contents are protected, the machines are located in different Datacenters but close to eachother.

How can I determine why there are duplicated emails?
What kind of messages should I specifically look for?

Can I set this up for a few selected accounts instead of all accounts like it was currently? To make sure I do not make things worse for others then needs to be :-)
The service had been disabled for the time being to prevent the other users from getting duplicated emails.

Thanks for the advice in advance!

Cheers
Remko
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141002/931f0192/attachment.sig>
Teemu Huovila
2014-10-02 08:57:23 UTC
Permalink
Post by Remko Lodder
and a mail_replica = tcp:host{a,b}:12346 configuration on each host so that they are pointing to eachother; This seems to work fine for most accounts, for example: I never experienced issues with this. However, several other accounts (with a large variety of clients) got duplicated emails. Looking with doveadm I only noticed that the numbers of the messages are closely related to eachother but one number incremented. So they cannot be deleted with the deduplicator function.
The replication is provided over TCP only, the connection streams over an OpenVPN tunnel so that the contents are protected, the machines are located in different Datacenters but close to eachother.
How can I determine why there are duplicated emails?
What kind of messages should I specifically look for?
Look for any errors and warnings in the Dovecot log. You could also enable mail_debug (ref.
http://wiki2.dovecot.org/Logging#Logging_verbosity) for the accounts being synced. Also, please post your complete configuration.
Post by Remko Lodder
Can I set this up for a few selected accounts instead of all accounts like it was currently? To make sure I do not make things worse for others then needs to be :-)
The service had been disabled for the time being to prevent the other users from getting duplicated emails.
I do not know what kind of userdb you are running, but there is a newish patch that enables per user replication via the
mail_replica setting. It is not yet included in the newest (2.2.13) release of Dovecot, but is available via the enterprise
version. There are no FreeBSD builds for that, though. ref: http://hg.dovecot.org/dovecot-2.2/rev/c1c67bdc8752

br,
Teemu Huovila
Remko Lodder
2014-10-03 21:27:08 UTC
Permalink
Post by Teemu Huovila
Post by Remko Lodder
and a mail_replica = tcp:host{a,b}:12346 configuration on each host so that they are pointing to eachother; This seems to work fine for most accounts, for example: I never experienced issues with this. However, several other accounts (with a large variety of clients) got duplicated emails. Looking with doveadm I only noticed that the numbers of the messages are closely related to eachother but one number incremented. So they cannot be deleted with the deduplicator function.
The replication is provided over TCP only, the connection streams over an OpenVPN tunnel so that the contents are protected, the machines are located in different Datacenters but close to eachother.
How can I determine why there are duplicated emails?
What kind of messages should I specifically look for?
Look for any errors and warnings in the Dovecot log. You could also enable mail_debug (ref.
http://wiki2.dovecot.org/Logging#Logging_verbosity) for the accounts being synced. Also, please post your complete configuration.
I will set that over the weekend with the replication settings re-enabled. I will also post the configuration with the hopefully gathered debugging information.
Post by Teemu Huovila
Post by Remko Lodder
Can I set this up for a few selected accounts instead of all accounts like it was currently? To make sure I do not make things worse for others then needs to be :-)
The service had been disabled for the time being to prevent the other users from getting duplicated emails.
I do not know what kind of userdb you are running, but there is a newish patch that enables per user replication via the
mail_replica setting. It is not yet included in the newest (2.2.13) release of Dovecot, but is available via the enterprise
version. There are no FreeBSD builds for that, though. ref: http://hg.dovecot.org/dovecot-2.2/rev/c1c67bdc8752
my userdb consists of local users (Which are fed through LDAP at the backend). perhaps I can setup a mailAttributes setting or something so that the replica can be
set, although I prefer that I have control over that in the config itself :-)

Thanks!
Remko
Post by Teemu Huovila
br,
Teemu Huovila
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141003/26a2a2be/attachment.sig>
Remko Lodder
2014-10-03 21:37:40 UTC
Permalink
Post by Remko Lodder
Post by Teemu Huovila
Post by Remko Lodder
and a mail_replica = tcp:host{a,b}:12346 configuration on each host so that they are pointing to eachother; This seems to work fine for most accounts, for example: I never experienced issues with this. However, several other accounts (with a large variety of clients) got duplicated emails. Looking with doveadm I only noticed that the numbers of the messages are closely related to eachother but one number incremented. So they cannot be deleted with the deduplicator function.
The replication is provided over TCP only, the connection streams over an OpenVPN tunnel so that the contents are protected, the machines are located in different Datacenters but close to eachother.
How can I determine why there are duplicated emails?
What kind of messages should I specifically look for?
Look for any errors and warnings in the Dovecot log. You could also enable mail_debug (ref.
http://wiki2.dovecot.org/Logging#Logging_verbosity) for the accounts being synced. Also, please post your complete configuration.
I will set that over the weekend with the replication settings re-enabled. I will also post the configuration with the hopefully gathered debugging information.
Post by Teemu Huovila
Post by Remko Lodder
Can I set this up for a few selected accounts instead of all accounts like it was currently? To make sure I do not make things worse for others then needs to be :-)
The service had been disabled for the time being to prevent the other users from getting duplicated emails.
I do not know what kind of userdb you are running, but there is a newish patch that enables per user replication via the
mail_replica setting. It is not yet included in the newest (2.2.13) release of Dovecot, but is available via the enterprise
version. There are no FreeBSD builds for that, though. ref: http://hg.dovecot.org/dovecot-2.2/rev/c1c67bdc8752
my userdb consists of local users (Which are fed through LDAP at the backend). perhaps I can setup a mailAttributes setting or something so that the replica can be
set, although I prefer that I have control over that in the config itself :-)
Thanks!
Remko
For what it?s worth:

# 2.2.13: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.0-RELEASE-p7 amd64
auth_mechanisms = plain login
disable_plaintext_auth = no
doveadm_password = XXXXXXXXXX
mail_debug = yes
mail_location = maildir:~/Maildir
mail_plugins = " quota notify"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate
passdb {
driver = pam
}
plugin {
antispam_backend = mailtrain
antispam_mail_notspam = --ham
antispam_mail_sendmail = /usr/local/bin/sa-learn.sh
antispam_mail_spam = --spam
antispam_spam = Spam
antispam_trash = trash;Trash;Deleted Items; Deleted Messages; .Trash
mail_replica = tcp:xxxx:12346
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_dir = /usr/local/etc/dovecot/sieve/global/
sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve
}
postmaster_address = postmaster at xxxx
protocols = imap pop3 lmtp sieve
replication_dsync_parameters = -f -d -N -l 30 -U
replication_max_conns = 30
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
}
unix_listener replication-notify {
mode = 0666
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 12346
}
}
service imap-login {
service_count = 1
}
service imap {
process_limit = 1024
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3 {
process_limit = 1024
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl_ca = < <location of cafile>
ssl_cert = < <location of crt file>
ssl_key = < <location of key file>
userdb {
driver = passwd
}
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = postmaster at xxxx
}
protocol lda {
mail_plugins = " quota notify sieve"
}
protocol imap {
mail_max_userip_connections = 20
mail_plugins = " quota notify imap_quota antispam"
}
[ro
Post by Remko Lodder
Post by Teemu Huovila
br,
Teemu Huovila
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141003/29698355/attachment.sig>
Jan Behrend
2014-10-10 12:45:43 UTC
Permalink
Post by Remko Lodder
Post by Remko Lodder
Post by Teemu Huovila
Post by Remko Lodder
How can I determine why there are duplicated emails?
Same problem here!
Post by Remko Lodder
Post by Remko Lodder
Post by Teemu Huovila
Post by Remko Lodder
What kind of messages should I specifically look for?
Look for any errors and warnings in the Dovecot log. You could also enable mail_debug (ref.
Post by Remko Lodder
Can I set this up for a few selected accounts instead of all accounts like it was currently? To make sure I do not make things worse for others then needs to be :-)
The service had been disabled for the time being to prevent the other users from getting duplicated emails.
I do not know what kind of userdb you are running, but there is a newish patch that enables per user replication via the
mail_replica setting. It is not yet included in the newest (2.2.13) release of Dovecot, but is available via the enterprise
version. There are no FreeBSD builds for that, though. ref: http://hg.dovecot.org/dovecot-2.2/rev/c1c67bdc8752
my userdb consists of local users (Which are fed through LDAP at the backend). perhaps I can setup a mailAttributes setting or something so that the replica can be
set, although I prefer that I have control over that in the config itself :-)
With the latest Debian jessie version 1:2.2.13-5 you can actually have a
per user mail_replica setting taken from a (LDAP) directory. This keeps
the duplicate mail issue away from other users but a few willing to
test ...
Post by Remko Lodder
replication_dsync_parameters = -f -d -N -l 30 -U
I read in Peer Heinlein's Dovecot book
http://www.opensourcepress.de/de/produkte/Dovecot/13560/978-3-95539-074-7
that replicating a public namespace gives you trouble :-(. So keep the
"-N" option away for now.

However I would like examples for the "-n" and "-x" options, which are
neither given in the wiki nor in the nonexistant man page.

I think the replication feature is very, very cool, but right now it
gives me a hard time to implement flawlessly ;-)

Thanks for any help or light shed on this issue ...

Cheers Jan
--
MAX-PLANCK-INSTITUT fuer Radioastronomie
Jan Behrend - Rechenzentrum
----------------------------------------
Auf dem Huegel 69, D-53121 Bonn
Tel: +49 (228) 525 359, Fax: +49 (228) 525 229
jbehrend at mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141010/264c0a16/attachment.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6019 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141010/264c0a16/attachment.bin>
Loading...