Mail server master/master replication with SSL using dovecot
Dovecot master/master replication using dsync.
Configuration with SSL
Make sure that user listing is configured for your userdb, this is required by replication to find the list of users that are periodically replicated:
doveadm user '*'
this command must list all users.
I) Enable the replication plugin globally most likely you'll need to do this in 10-mail.conf :
mail_plugins = $mail_plugins notify replication
II) Then in conf.d/30-dsync.conf :
service aggregator {
fifo_listener replication-notify-fifo {
user = vmail
}
unix_listener replication-notify {
user = vmail
}
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0600
user = vmail
}
}
replication_max_conns = 10
service doveadm {
user = vmail
inet_listener {
# port to listen on
port = $port
# enable SSL
ssl = yes
}
}
doveadm_port = $port
doveadm_password = "$password"
#same password on the other
plugin {
mail_replica = tcps:$targethostname:$port
#be sure to use the same name as the one provided for the ssl cert.
}
service config {
unix_listener config {
user = vmail
}
}
III) In conf.d/10-ssl.conf :
ssl = yes
ssl_cert = </etc/ssl/certs/chain.domain.crt
ssl_key = </etc/ssl/private/private.domain.key
ssl_client_ca_dir = /etc/ssl/certs/
IV) service dovecot restart
V) Do the same for the other master and replace $targethostname by the 1st one you configured
VI) If configuration is done well, run the following to check the status of syncing,
doveadm replicator status '*'
You should see the syncing is on progress.
doveadm replicator command :
Replicate a given email account manually
doveadm replicator replicate 'email'
Replicate a given email account manually IN FULL
doveadm replicator replicate -f 'email'
Check replication status. Also works without the email parameter.
doveadm replicator status 'email'
In case if you have duplicates (use with care) :
doveadm deduplicate -u user@domain.com -m ALL
2020-07-05 02:32:31
Comments
Add a Comment