Sync (migrate) a Dovecot Email Account from One Dovecot Server to Another

dovecot-doveadm-sync.md

Sync (migrate) a Dovecot Email Account from One Dovecot Server to Another

The man doveadm-sync pages are cryptic and not very well explained, as well they are missing quality real-world examples.

This gist aims to give some clarity and explanation.

Here is the command I got to successfully transfer (and sync backwards too) an email account from an old Dovecot email server to a new Dovecot email server:

To my knowledge, both servers must have a matching account already setup for this to work:

• Old Dovcot server: email account [email protected] setup, used and populated with emails.
• New Dovecot server: email account [email protected] also setup, possibly empty, awaiting email migration from old server.

YMMV - lemeknow

Hint: you have to create/use an ssh key-pair with ssh-keygen, transfer the contents of the ....pub key into the new mail server's ~/.ssh/authorized_keys file before this can run.

!!! WARNING: MAKE A BACKUP OF ANYTHING YOU'RE NOT WILLING TO LOSE !!!

Command

This must be run on the server that contains the transferable account and email data (old server):

doveadm -Dv sync -u [email protected] ssh new.mail.server.com -i /path/to/.ssh/privatekeyfor_new.mail.server.com_rsa doveadm dsync-server -u [email protected]

Explanation

• doveadm -Dv: run with verbose and progress indicator.
• sync: sync both ways if email is on both servers (otherwise, just old to new).
• -u [email protected]: sync this ONE email address (don't bork all emails in case something fails).
• ssh new.mail.server.com -i /path/to/.ssh/privatekeyfor_new.mail.server.com_rsa: This will ssh into new server using the setup ssh-keygen private key file above (see hint above).
• doveadm dsync-server -u [email protected]: (from my understanding) ssh runs this part of the command on the new remote dovecot server to get this whole thing working. This is where I spent most of my time experimenting. It would be great if the man doveadm-sync pages expanded better on this in simple details and included more examples.

I hope this saves someone time.

You're welcome.

—Maui

MIT license: This gist, and everything in it comes with absolutely no warranty!

Hey, I've been trying to get this working but I'm getting stuck on the last step running doveadm dsync-server .... - the users that I have on the remote machine all do not have sufficient access rights to run this. If manually ssh-in and use sudo then the dsync-server starts but I can't do sudo over the doveadm-ssh-doveadm pipeline. And it seems wrong to have to login with general root user access only to transfer some mail over.

@scottnunemacher , could you please explain the permissions of the remote user and how they relate to dovecot or anything else that may be important here? I'd really appreciate that information. So far I'm getting around with doveadm sync ... moving the emails using the account's password but I'd love to have a way without it.

Cheers

@gkostov Hello. This command is not run by each user. The command is run (only on the old server's terminal) by you the admin of the servers and the owner/controller of that key-pair you put in place. You change the command's parameters to have different users listed inside the command to transfer those different accounts. Example: for three user accounts, you would run this three different times (just change the user account in the command):

• doveadm -Dv sync -u [email protected] ...ssh...<key.rsa>... doveadm dsync-server -u [email protected]
• doveadm -Dv sync -u [email protected] ...ssh...<key.rsa>... doveadm dsync-server -u [email protected]
• doveadm -Dv sync -u [email protected] ...ssh...<key.rsa>... doveadm dsync-server -u [email protected]

Using the <key.rsa> you put in place is what give you all your permissions.

If you still have trouble, try thinking this through. You're asking your OLD server to SSH into your NEW server and run a command, right? Well, try that yourself.

• Log in to the Terminal of your old server in your normal way.
• From the old server's terminal run: 'ssh new.mail.server.com -i /path/to/.ssh/privatekeyfor_new.mail.server.com_rsa'
• if successful, you will be viewing the new server's command prompt (through your old server).
• if unsuccessful, your NEW server's SSH permissions need to be adjusted somehow.
• if SSH is setup correctly on your new server, anyone from any server, should be able to SSH in with that key-pair, which is why it is critical to keep the private key of the key-pair private.