Untitled

dovecot.conf (replication parts)

service doveadm {
  user = vmail
  idle_kill = 0
  client_limit = 1
  process_limit = 0
  process_min_avail = 0
  inet_listener {
    port = 12345
  }
}
#doveadm user '*'
#doveadm_port = 12345
doveadm_password = P@ssword!
plugin {
  #mail_replica = tcp:anotherhost.example.com # use doveadm_port
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  mail_replica = tcp:10.40.22.22:12345
}
service replicator {
  client_limit = 0
  drop_priv_before_exec = no
  idle_kill = 4294967295 secs
  process_limit = 1
  process_min_avail = 1
  service_count = 0
  unix_listener replicator-doveadm {
    group = vmail
    mode = 0666
    user = vmail
  }
  vsz_limit = 8192 M
}
replication_max_conns = 50
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
  }
  unix_listener replication-notify {
    user = vmail
  }
}

service config {
  unix_listener config {
    user = vmail
  }
}
service aggregator {
  fifo_listener replication-notify-fifo {
    user = vmail
    mode = 0666
  }
  unix_listener replication-notify {
    user = vmail
    mode = 0666
  }
}

I get this error when i run the command "doveadm replicator replicate memberinfo -f"


Dec 13 13:36:30 dc1-kmopfpr01 dovecot: auth: Error: userdb(memberinfo): client doesn't have lookup permissions for this user: userdb uid (1014) doesn't match peer uid (5000) (to bypass this check, set: service auth { unix_listener /var/run/dovecot/auth-userdb { mode=0777 } })
Dec 13 13:36:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: user memberinfo: Auth USER lookup failed
Dec 13 13:36:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: sync: User lookup failed: Internal error occurred. Refer to server log for more information.

So based on this I looked for the service auth section, and found it in the 10-master.conf:

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
  # full permissions to this socket are able to get a list of all usernames and
  # get the results of everyone's userdb lookups.
  #
  # The default 0666 mode allows anyone to connect to the socket, but the
  # userdb lookups will succeed only if the userdb returns an "uid" field that
  # matches the caller process's UID. Also if caller's uid or gid matches the
  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
  #
  # To give the caller full permissions to lookup all users, set the mode to
  # something else than 0666 and Dovecot lets the kernel enforce the
  # permissions (e.g. 0777 allows everyone full permissions).
  unix_listener auth-userdb {
    mode = 0777
    user = vmail
        group = vmail
  }

   #Postfix smtp-auth
  #unix_listener /var/run/dovecot/auth-userdb {
  #  mode = 0777
    #user = postfix
    #group = postfix
  #}

  # Auth process is run as this user.
  #user = $default_internal_user
}

When I set these settings, the error changes to this:

Dec 13 13:41:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: user memberinfo: Auth USER lookup failed
Dec 13 13:41:30 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: sync: User lookup failed: Internal error occurred. Refer to server log for more information.
Dec 13 13:43:20 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: doveadm server disconnected before handshake: EOF
Dec 13 13:43:20 dc1-kmopfpr01 dovecot: doveadm(memberinfo): Error: sync: Disconnected from remote: EOF
Dec 13 13:43:35 dc1-kmopfpr01 dovecot: doveadm: Fatal: setgid(1016(memberinfo) from userdb lookup) failed with euid=5000(vmail), gid=5000(vmail), egid=5000(vmail): Operation not permitted (This binary should probably be called with process group set to 1016(memberinfo) instead of 5000(vmail))

Thanks,

Rich