[Dovecot] replicator/dsync over tcp

Sun, 24 Mar 2013 14:08:38 -0700 

Hi --

I am testing replicator/dsync over tcp, and I did run into some issues.

First of all I did need to extend http://wiki2.dovecot.org/Replication to get 
dsync over tcp running without ssl:

        | # dsync over tcp default port
        | #
        | doveadm_port = 12345

        | service doveadm {
        |         # running dsync over tcp and using ssl
        |         #
added-->|         user = vmail
        |         inet_listener {
added-->|                 address = 1.2.3.4
        |                 port = 12345
        | #               ssl = yes
        |         }
        | }

        | plugin {
        |         # this host replicates to remote host
        |         #
        |         mail_replica = tcp:SERVER-A.TLD

That didn't work ...

| dovecot: doveadm(test): Error: doveadm_password not set, can't authenticate 
to remote server

... thus, I needed to add:

added-->| local 1.2.3.4 {
added-->|         # password for client authentication by doveadm server
added-->|         #
added-->|         doveadm_password = secret
added-->|         # allow client to only use specified list of commands 
(default is all):
added-->|         #
added-->|         #doveadm_allowed_commands = 
added-->| }

1. Question: may one include "secret" from a file?

Well, that runs like a charm!



Now, I did try to add ssl by activating "ssl = yes" in 'service doveadm' (see 
above) and adding ...

| # used by replicator/dsync over tcp
| #
| ssl_client_ca_dir = /<path-to>/ssl/certs

... and ...

| mail_replica = tcps:SERVER-A.TLD

But, this didn't work (logfile at remote server):

| dovecot: doveadm(test): Invalid certificate: self signed certificate: 
/OU=dovecot server/CN=OTHER-NAME.TLD/emailAddress=postmas...@other-name.tld
| dovecot: doveadm(test): Error: SERVER-A.TLD: Received invalid SSL certificate
| dovecot: doveadm(test): Error: sync: Disconnected from remote

The OTHER-NAME.TLD is served by my additional settings used by my MUAs:

| ssl_cert = </<path-to>/ssl/certs/OTHER-NAME.TLD.pem
| ssl_key = </<path-to>/ssl/private/OTHER-NAME.TLD.pem

I did supply SERVER-A.TLD certs and private certificates at both servers as 
well, but dovecot seems to use those of OTHER-NAME.TLD for replicator/dsync 
instead :-(

2. Question: May I config the certificate that should be used for 
replicator/dsync and that might be different from those used by my MUAs (other 
then pointing to '/<path-to>/ssl/certs')?


I am quite sure that I screwed my config somehow, but I cannot find the cause. 
Thus, someone?

Thanks, and with kind regards,
Michael

Reply via email to