diff --git a/dovecot/tasks/main.yml b/dovecot/tasks/main.yml
index add2bf4fea5bc4599b55820d8c41321ccf21fbcc..f29495c005f1cb70825624a36da61d09fc6214b0 100644
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -28,3 +28,12 @@
     - mail
 
 
+- name: ensure dsync config is present
+  template: src=templates/conf.d/99-dsync.conf.j2 dest=/etc/dovecot/conf.d/99-dsync.conf
+  when: dsync == True
+  notify:
+    - restart dovecot
+  tags:
+    - dovecot
+    - mail
+
diff --git a/dovecot/templates/conf.d/10-mail.conf.j2 b/dovecot/templates/conf.d/10-mail.conf.j2
index 5f9b3ae29fd60d405ddcb34b018fcb6bb600fe29..cc3481532e3b74ecfd7078763af366624a60f369 100644
--- a/dovecot/templates/conf.d/10-mail.conf.j2
+++ b/dovecot/templates/conf.d/10-mail.conf.j2
@@ -212,6 +212,11 @@ namespace inbox {
 
 # Space separated list of plugins to load for all services. Plugins specific to
 # IMAP, LDA, etc. are added to this list in their own .conf files.
+{%- if dsync is defined  -%}
+mail_plugins = $mail_plugins notify replication
+{%- else -%}
+mail_plugins = $mail_plugins notify
+{%- endif -%}
 #mail_plugins = 
 
 ##
diff --git a/dovecot/templates/conf.d/10-master.conf.j2 b/dovecot/templates/conf.d/10-master.conf.j2
index 8e465e0680feaebb44eab6e826877289bb2680d8..b017b54058301da9830fb90a5ec10e1a1f24d8c3 100644
--- a/dovecot/templates/conf.d/10-master.conf.j2
+++ b/dovecot/templates/conf.d/10-master.conf.j2
@@ -35,16 +35,6 @@ service imap-login {
   #vsz_limit = $default_vsz_limit
 }
 
-service pop3-login {
-  inet_listener pop3 {
-    #port = 110
-  }
-  inet_listener pop3s {
-    #port = 995
-    #ssl = yes
-  }
-}
-
 service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
 	group = postfix
@@ -69,11 +59,6 @@ service imap {
   #process_limit = 1024
 }
 
-service pop3 {
-  # Max. number of POP3 processes (connections)
-  #process_limit = 1024
-}
-
 service auth {
   # auth_socket_path points to this userdb socket by default. It's typically
   # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
@@ -101,8 +86,8 @@ service auth {
 
   # Auth process is run as this user.
 #  user = $default_internal_user
-   user = postfix
-   group = postfix
+   user = dovecot
+   group = dovecot
 }
 
 service auth-worker {
diff --git a/dovecot/templates/conf.d/99-dsync.conf.j2 b/dovecot/templates/conf.d/99-dsync.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..949fd976cd088f81d67094bd964c0000afae2eff
--- /dev/null
+++ b/dovecot/templates/conf.d/99-dsync.conf.j2
@@ -0,0 +1,51 @@
+service replicator {
+  process_min_avail = 1
+  unix_listener replicator-doveadm {
+    mode = 0666
+    user = dovecot
+  }
+  group = vmail
+}
+
+replication_max_conns = 10
+
+
+# there was a problem with the oom-killer 
+#plugin {
+#  # When saving a new mail via IMAP or delivering a mail via LDA/LMTP,
+#  # wait for the mail to be synced to the remote site. If it doesn't finish
+#  # in 2 seconds, return success anyway.
+#  replication_sync_timeout = 2 
+#}
+
+service doveadm {
+  inet_listener {
+    port = 37962
+  }
+  group = vmail
+}
+
+service aggregator {
+  fifo_listener replication-notify-fifo {
+    mode = 0666
+    user = dovecot
+  }
+  unix_listener replication-notify {
+    mode = 0666
+    user = dovecot
+  }
+}
+
+doveadm_port = 37962
+
+doveadm_password = {{ lookup('passwordstore', 'wolfscloud/dsync_secret create=true length=20') }}
+
+plugin {
+
+{%- for partner in groups['mail'] -%}
+  {%- if partner != ansible_hostname -%}
+mail_replica = tcp:{{hostvars[partner]["tinc_vpnip"]}}:37962
+  {%- endif -%}
+{%- endfor -%}
+
+}
diff --git a/dovecot/templates/conf.d/auth-passwdfile.conf.ext.j2 b/dovecot/templates/conf.d/auth-passwdfile.conf.ext.j2
index dcbcbbc18a64e6e61a42518c3c47ddf977ff67df..7acc706308f935914eb076a0bfc8bf1d60b566e1 100644
--- a/dovecot/templates/conf.d/auth-passwdfile.conf.ext.j2
+++ b/dovecot/templates/conf.d/auth-passwdfile.conf.ext.j2
@@ -5,12 +5,12 @@
 
 passdb {
   driver = passwd-file
-  args = scheme=SHA512-CRYPT username_format=%u /var/vmail/auth.d/%d/passwd
+  args = scheme=SHA512-CRYPT username_format=%u /var/vmail/auth.d/passwd
 }
 
 userdb {
   driver = passwd-file
-  args = username_format=%u /var/vmail/auth.d/%d/passwd
+  args = username_format=%u /var/vmail/auth.d/passwd
 
   # Default fields that can be overridden by passwd-file
   #default_fields = quota_rule=*:storage=1G