On Mon, 17 Feb 2020, Bernardo Reino wrote:

On Mon, 17 Feb 2020, Aki Tuomi wrote:

...

On 17.2.2020 12.48, Bernardo Reino wrote:

...

Dear all,

I've just setup replication between two servers. The e-mail accounts on both servers intersect but are not the same.

In dovecot.conf (both are identical except one user /var/mail and the other uses /srv/vmail) I have:

--<<-- userdb { driver = passwd-file args = username_format=%Lu /etc/dovecot/virtual_passwd default_fields = uid=vmail gid=vmail home=/var/mail/%d/%n }

passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%Lu /etc/dovecot/virtual_passwd } -->>--

i.e. I use a passwd-like database.

For the non-overlapping accounts in both servers I want to prevent replication, as it will otherwise fail with "Error: sync: Unknown user in remote".

I have added "userdb_noreplicate" (also tried "userdb_noreplicate=y") for those users, but I still see the above error message in the logs.

Like: reinob@bbmk.org:{SHA512-CRYPT}$6$e10...4c::::::userdb_noreplicate=y

If I run "doveadm user -u reinob@bbmk.org" I get the following:

userdb: reinob@bbmk.org user      : reinob@bbmk.org uid       : 5000 gid       : 5000 home      : /var/mail/bbmk.org/reinob noreplicate: y

Note that I use "userdb_noreplicate" instead of "noreplicate" (which I also tried just in case), as from what I understood the "userdb_" prefix is required when adding the flag to the passwd file.

As far as I can tell I'm doing everything right, but for some reason the replication is ignoring that flag.

Thanks in advance for any help with this.

(Let me know if you need to see the $(doveconf -n), but I believe the only relevant parts are the userdb and passdb.

Hi!

What version of dovecot are you using? The noreplicate field seems to be correctly there. Can you turn on 'mail_debug=yes', and see if the replicator logs anything useful.

It's 2.3.9.3 from repo.dovecot.org (debian buster) on both servers.

I'll try to enable mail_debug and see what it tells me!

Thanks a lot.

Here's a log. I copied a message from one folder to another, which triggered the server (the one having reinob@bbmk.org with the noreplicate flag) to (attempt to) replicate to the other server not having this account.

--<<-- Feb 17 11:56:52 imap(reinob@bbmk.org)<29984><9XU5aMOeLLhXsqcx>: Debug: replication: Replication requested by 'UID copy 21618 "INBOX"', priority=1 Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: auth-master: passdb lookup(reinob@bbmk.org): Started passdb lookup Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=29930,uid=0): Client connected (fd=9) Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: auth-master: passdb lookup(reinob@bbmk.org): auth PASS input: user=reinob@bbmk.org Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: auth-master: passdb lookup(reinob@bbmk.org): Finished passdb lookup (user=reinob@bbmk.org ) Feb 17 11:56:53 doveadm(reinob@bbmk.org)<29989><>: Debug: auth-master: userdb lookup(reinob@bbmk.org): Started userdb lookup Feb 17 11:56:53 doveadm(reinob@bbmk.org)<29989><>: Debug: auth-master: userdb lookup(reinob@bbmk.org): auth USER input: reinob@bbmk.org uid=5000 gid=5000 home=/var/mail/bbmk.org/reinob noreplicate=y Feb 17 11:56:53 doveadm(reinob@bbmk.org)<29989><>: Debug: auth-master: userdb lookup(reinob@bbmk.org): Finished userdb lookup (username=reinob@bbmk.org uid=5000 gid=5000 home=/var/mail/bbmk.org/reinob noreplicate=y) Feb 17 11:56:53 doveadm(reinob@bbmk.org)<29989><>: Debug: Added userdb setting: plugin/noreplicate=y

Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: passdb lookup(reinob@bbmk.org): Started passdb lookup Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: conn unix:/var/run/dovecot/auth-userdb: Connecting Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=19084,uid=0): Client connected (fd=9) Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: passdb lookup(reinob@bbmk.org): auth PASS input: Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: passdb lookup(reinob@bbmk.org): Passdb lookup failed Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: userdb lookup(reinob@bbmk.org): Started userdb lookup Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: userdb lookup(reinob@bbmk.org): auth USER input: Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: userdb lookup(reinob@bbmk.org): Userdb lookup failed Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: remote(vps.kemeny.email:12345): auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=19084,uid=0): Disconnected: Connection closed (fd=9)

Feb 17 11:56:53 doveadm(reinob@bbmk.org): Debug: auth-master: conn unix:/var/run/dovecot/auth-userdb (pid=29930,uid=0): Disconnected: Connection closed (fd=9)

Feb 17 11:56:53 imap(reinob@bbmk.org)<29963><kLtIZ8OerKFXsqcx>: Debug: Namespace : Using permissions from /var/mail/bbmk.org/reinob: mode=0700 gid=default Feb 17 11:56:53 imap(reinob@bbmk.org)<29963><kLtIZ8OerKFXsqcx>: Debug: Mailbox INBOX: UID 26621: Opened mail because: header streamFeb 17 11:56:53 imap(reinob@bbmk.org)<29963><kLtIZ8OerKFXsqcx>: Debug: Mailbox INBOX: UID 26621: Opened mail because: mail body Feb 17 11:56:53 imap(reinob@bbmk.org)<29963><kLtIZ8OerKFXsqcx>: Debug: Mailbox INBOX: UID 26621: Opened mail because: header stream -->>--

(The above is also attached as a plain text file, in case alpine does mess up the line wrapping..)

Note that the log even says "Added userdb setting: plugin/noreplicate=y", yet the very next line is the remote having been contacted! :)

Any ideas?

Thanks a lot in advance, Bernardo.

On Mon, 17 Feb 2020, Aki Tuomi wrote:

I wonder if we are doing the noreplicate too late. Can you try adding one of the non-overlapping users to the other site with noreplicate=y and see if helps?

Well that did it indeed! :)

I created the reinob@bbmk.org at the other server (just the line in the passwd file, without creating any directory or anything) and the logs went silent (mail_debug was off again, but it should not matter) concerning that account.

Note that I can still see the "Error: sync: Unknown user in remote" for other non-overlapping accounts (so it proves that your suggestion did it and not some random/$DEITY intervention :)

So I guess for now the solution is to create "fake" accounts so that in the end both servers have exactly the same accounts.

However it would still be nice if this was somehow corrected so as to work as advertised :)

Thanks a million! Bernardo.