Since net-mail/dovecot-2.3.18-r1 dovecot sync does not work with no change of configuration. I have strict permissions on my .maildir which is only r/w accessible by the owner. Previously this worked with no problem. Reproducible: Always Steps to Reproduce: 1. Set .maildir as 700 2. Configure dovecot-sync Actual Results: No syncing happens. It worked until version 2.3.18-r1 Expected Results: The syncing should work as it used to
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 5.10.74-gentoo-d3u5 x86_64 Gentoo Base System release 2.8 # Hostname: auth_mechanisms = plain login auth_username_format = %Ln doveadm_password = # hidden, use -P to show it hostname = listen = * login_greeting = mail_location = maildir:~/.maildir mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } plugin { mail_replica = tcps:www.exampl.com:8000 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmaster@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service doveadm { inet_listener { port = 8000 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = passwd } protocol lmtp { mail_plugins = notify replication sieve postmaster_address = postmaster@example.com } protocol lda { mail_plugins = notify replication sieve } local_name mail.example.com { ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_key = # hidden, use -P to show it } local_name example.com { ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_key = # hidden, use -P to show it }
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 # Hostname: auth_mechanisms = plain login auth_username_format = %Ln doveadm_password = # hidden, use -P to show it hostname = listen = * login_greeting = mail_location = maildir:~/.maildir mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } plugin { mail_replica = tcps:www.exampl.com:8000 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmaster@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service doveadm { inet_listener { port = 8000 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = passwd } protocol lmtp { mail_plugins = notify replication sieve postmaster_address = postmaster@example.com } protocol lda { mail_plugins = notify replication sieve } local_name mail.example.com { ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_key = # hidden, use -P to show it } local_name example.com { ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_key = # hidden, use -P to show it }
We should consider restoring the older version of Dovecot, and additionally maybe drop the latest version back to ~arch.
(In reply to Sam James from comment #3) > We should consider restoring the older version of Dovecot, and additionally > maybe drop the latest version back to ~arch. I would like that very much, please count my vote if applicable.
I am not sure if this is a regression or the attached setup worked by accident. In any case, going forward this is not something that we can support without upstream input. https://doc.dovecot.org/configuration_manual/replication/ https://doc.dovecot.org/admin_manual/filesystem_permission/ in case you didnt already, please check the above docs - there does seem to be some discrepancy between your config and documentation. NACK for now to resurrecting old versions.
(In reply to Eray Aslan from comment #5) > I am not sure if this is a regression or the attached setup worked by > accident. In any case, going forward this is not something that we can > support without upstream input. > > https://doc.dovecot.org/configuration_manual/replication/ > https://doc.dovecot.org/admin_manual/filesystem_permission/ > > in case you didnt already, please check the above docs - there does seem to > be some discrepancy between your config and documentation. > > NACK for now to resurrecting old versions. Thank you very much for taking time to reply. I have run this configuration for multiple years across all the stable versions of Dovecot supplied by Gentoo, syncing 10s of thousands of e-mails. The configuration still works fine apart from one special case that stopped working since 2.3.18-r1. If you could please point out where the configuration is wrong I would be very happy. I have re-read the documentation and could not spot the errors. I also need to confess that I did not provide enough details in the original bug report. After doing some more testing, it is not the .maildir permissions that cause doveadm to fail. It is the fact that the .maildir is fusermounted directory with access to other users, including potentially untrusted root, restricted. Up until 2.3.18-r1 this did not present a problem for doveadm and the syncing was working correctly. I have reported this upstream.
I didnt mean to imply that your setup was wrong. Sorry if it came that way. I certainly do not know about your setup / your clients etc to form such an opinion. I am just mentioning that your config differs from the docs. For example, replicator service do not have a user field in your config where the docs have one. Maybe it is right for your setup maybe not but you will need to determine that and check whether there are other differences with the docs. Also, I obviously do not have any idea whether your file system permissions follow the above document. Your later comment made this point somewhat obsolete though. fuse file system for dovecot backend is an unusual choice. You will need to experiment is my guess
