Two way Dovecot Server Replication / Mirroring

Two way Dovecot Server Replication / Mirroring

Here is step-by-step guide to achieve two way Dovecot server replication / mirroring.

Applicable to Dovecot Server 2.2++

I had been searching a lot to achieve two way dovecot server replication / mirroring and had been trying out many things. None methods were giving me sure shot and performance intensive results. Well you all do is, play with it more to understand it more and achieve more.

This is what I did and achieved what I needed. Sharing with you all that what configuration I made with my both live production servers which are now replicating each and every emails with each other.

I have not received any single email replication related issue since last 2 years. And still it is working flawlessly, replicating 500 emails within seconds without compromising server performance.

Enabling Dovecot replication will replicate all emails on both servers. Once replication is in place all incoming / outgoing emails will be replicated on both servers.

Do not apply these settings directly on your production server. First understand each and every effects of these settings. If want to check, just apply it on any test server before going live.

Servers used in replication:

Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz
20 GB DDR3 RAM
3 TB HDD with RAID 5
CentOS Linux release 7.2.1511 (Core) - Minimal Install
Installed iRedMail (mail) server - 0.9.5-1

Primary Server

IP: 192.168.1.1

Secondary Server

IP: 192.168.1.2

Apply on Primary Server - 192.168.1.1

edit following file with your favorite text editor:

/etc/dovecot/dovecot.conf

Add following code in dovecot.conf file after:

# Listen addresses. *' means all available IPv4 addresses. 
# - '[::]' means all available IPv6 addresses.
# Listen on all available addresses by default listen = * [::] 
#base_dir = /var/run/dovecot
mail_plugins = quota mailbox_alias acl

# Enable the replication plugin globally
mail_plugins = $mail_plugins notify replication

# The mail processes need to have access to the replication-notify fifo and socket.
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
    mode = 0666
  }
  unix_listener replication-notify {
    user = vmail
    mode = 0666
  }
}

# Enable doveadm replicator commands
service replicator {
  client_limit = 0
  drop_priv_before_exec = no
  idle_kill = 4294967295 secs
  process_limit = 1
  process_min_avail = 0
  service_count = 0
  unix_listener replicator-doveadm {
    group = vmail
    mode = 0666
    user = dovecot
  }
  vsz_limit = 8192 M
}

# Create a listener for doveadm-server
service doveadm {
  user = vmail
  idle_kill = 0
  client_limit = 1
  process_limit = 0
  process_min_avail = 0
  inet_listener {
    port = 12345
  }
}

protocol sieve {
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_max_line_length = 65536
}

# configure how many dsyncs can be run in parallel (10 by default)
replication_max_conns = 300

#Both the client and the server also need to have a shared secret
doveadm_password = system32 # you can set password as you like which must be same on both servers

# use tcp:hostname as the dsync target
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  mail_replica = tcp:192.168.1.2:12345 # use doveadm_port and your secondary server's IP or hostname
  #mail_replica = tcp:anotherhost.example.com:12345 # use port 12345 explicitly
}

service config {
  unix_listener config {
    user = vmail
  }
}

Apply on Secondary Server - 192.168.1.2

edit following file with your favorite text editor:

/etc/dovecot/dovecot.conf

Add following code in dovecot.conf file after:

# Listen addresses. *' means all available IPv4 addresses. 
# - '[::]' means all available IPv6 addresses.
# Listen on all available addresses by default listen = * [::] 
#base_dir = /var/run/dovecot
mail_plugins = quota mailbox_alias acl

# Enable the replication plugin globally
mail_plugins = $mail_plugins notify replication

# The mail processes need to have access to the replication-notify fifo and socket.
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
    mode = 0666
  }
  unix_listener replication-notify {
    user = vmail
    mode = 0666
  }
}

# Enable doveadm replicator commands
service replicator {
  client_limit = 0
  drop_priv_before_exec = no
  idle_kill = 4294967295 secs
  process_limit = 1
  process_min_avail = 0
  service_count = 0
  unix_listener replicator-doveadm {
    group = vmail
    mode = 0666
    user = dovecot
  }
  vsz_limit = 8192 M
}

# Create a listener for doveadm-server
service doveadm {
  user = vmail
  idle_kill = 0
  client_limit = 1
  process_limit = 0
  process_min_avail = 0
  inet_listener {
    port = 12345
  }
}

protocol sieve {
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_max_line_length = 65536
}

# configure how many dsyncs can be run in parallel (10 by default)
replication_max_conns = 300

#Both the client and the server also need to have a shared secret
doveadm_password = system32 # you can set password as you like which must be same on both servers

# use tcp:hostname as the dsync target
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  mail_replica = tcp:192.168.1.1:12345 # use doveadm_port and your secondary server's IP or hostname
  #mail_replica = tcp:anotherhost.example.com:12345 # use port 12345 explicitly
}

service config {
  unix_listener config {
    user = vmail
  }
}

Allow Ports on CentOS 7 Server Firewall

On Primary Server:


firewall-cmd --permanent \
--zone=iredmail \
--add-rich-rule='rule family="ipv4" source address="192.168.1.2/24" port protocol="tcp" port="12345" accept'

On Secondary Server:


firewall-cmd --permanent \
--zone=iredmail \
--add-rich-rule='rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="12345" accept'

On BOTH Servers – Reloading Firewall and Dovecot Server Service so that applied changes can be made live:


firewall-cmd --complete-reload
systemctl restart dovecot

Please give some time to your servers to achieve two way replication / mirroring. This may take some time as it depends on total users and the amount of deferring emails on both servers.

Let’s see some dovecot replication commands to check respective status. Dovecot has it’s inbuilt administration utility e.g. Doveadm.

Official information about doveadm is available HERE

Following command shows replication status:
doveadm replicator status

Sample output of above command:


[root@mail ~]# doveadm replicator status
Queued 'sync' requests        0
Queued 'high' requests        0
Queued 'low' requests         0
Queued 'failed' requests      0
Queued 'full resync' requests 0
Waiting 'failed' requests     0
Total number of known users   977

You can see various status messages on above output where my server shows total 977 users on dovecot server.

Following command shows replication status of specified user:
doveadm replicator status ‘myuser@mydomain.com’

Sample output of above command:

[root@mail ~]# doveadm replicator status 'myuser@mydomain.com'
username                                                                             priority fast sync full sync success sync failed
myuser@mydomain.com                                                                   none     00:03:05  01:05:24  00:03:05     -

Following command replication status of all users:
doveadm replicator status ‘*’

You have successfully activated two way dovecot server replication / mirroring on your both servers. You can test sending email to your user and checking same email on your secondary server. I guaranty within in 5 seconds your Email will be visible on other end.

Like my work? Buy me a Coffee

January 5, 2017