1 Topic by finkef (edited by finkef 2012-07-28 21:34:56)

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Topic: Moving iRedMail to another Server - Any hints?

Hi, I am moving my iRedMail 0.7.0 beta 2 (LDAP)  (installed this because I needed it on my Debian 6 in 2012-02) to another Debian 6 Server. Should I try to upgrade my old server to 0.8.1 first? I dont have too many users and creating all-new configurations for everyone would not be a big problem (~35 mail accounts). But all stored mails have to be moved, my users should not notice something has changed after ~6-7 hours of downtime.

Any hints / HowTo's are much appreciated.

//Edit: I know about this page, yes: http://www.iredmail.org/wiki/index.php? … ail.Server


//Edit 2: Also, I'd like to move from LDAP to MySQL iRedMail because I know MySQL better and only did the LDAP install because MySQL install wasnt working with the 0.7.0 beta 2. Is this possible?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: Moving iRedMail to another Server - Any hints?

finkef wrote:

But all stored mails have to be moved, my users should not notice something has changed after ~6-7 hours of downtime.

As mentioned in http://www.iredmail.org/wiki/index.php? … il.Server, you can simply copy all mailboxes to new server.

finkef wrote:

//Edit: I know about this page, yes: http://www.iredmail.org/wiki/index.php? … ail.Server

This is exactly the one you need.

finkef wrote:

//Edit 2: Also, I'd like to move from LDAP to MySQL iRedMail because I know MySQL better and only did the LDAP install because MySQL install wasnt working with the 0.7.0 beta 2. Is this possible?

I won't be too hard.

What you should care about:

- Maildir path. Make sure you have correct maildir path after migrating from LDAP to MySQL, so that user can see their old emails.
- Password stored in LDAP is encrypted in SSHA, it cannot be migrated to MySQL directly. You should reset password for all users.

You can create mail accounts with iRedAdmin (or other web/command line tools), then copy mailboxes one-by-one to ensure you're using correct maildir.

3 Reply by finkef (edited by finkef 2012-07-28 21:47:09)

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Re: Moving iRedMail to another Server - Any hints?

/bow - Sick support.
Well, then I'll just install a 100% new server with 0.8.1, do the same user configuration there and copy all my mailboxes to the new server.

Its not a hush-hush project, I have some time for this migration. Lucky me.
I'll update this with results and lessons learnt.

4 Reply by hata_ph

  • hata_ph
  • Member
  • Offline
  • Registered: 2010-01-13
  • Posts: 226

Re: Moving iRedMail to another Server - Any hints?

Setup a new iRedMail server with ldap backend, export your just the iRedMail email/user account in phpldapadmin and import them to your new iRedMail server. Copy your current /var/vmail/vmail1/@domain.com to your new iRedMail server (same location). Remember to check the files/folders permission. You can test it in vmware/virtualbox before do it live. smile

If you are using roundcubemail, make sure you backup the mysql database too. Same go for any important mysql data you have in other database.

5 Reply by finkef

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Re: Moving iRedMail to another Server - Any hints?

Yeah after making myself a little bit more familiar with LDAP, I decided to continue using it instead of MySQL. Thanks for your hints too, hata_ph. I'll transfer the files using rsync, permissions should be fine.

6 Reply by finkef (edited by finkef 2012-08-01 12:02:57)

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Re: Moving iRedMail to another Server - Any hints?

OK, worked my ass off tonight and I think I got it all working. Thanks for your most helpful about the maildir paths.

Now I've got the problem that people can send me emails but these emails dont seem to be processed correctly. my dns settings (new server is lower in priority but gets contacted because the old servers email services are stopped) are correct.

iredapd.log gives me this:

2012-08-01 00:25:30 INFO Starting iredapd (v1.3.7, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders. Listening on 127.0.0.1:7777.
2012-08-01 01:00:34 INFO [94.97.34.187] 471C84A82@beproactive.com -> andy.woolley@ieku.de, DUNNO
2012-08-01 03:27:12 INFO [91.44.91.177] nas@oneofmydomains.net -> nas@oneofmydomains.net, DUNNO
2012-08-01 04:53:06 INFO [127.0.0.1] admin@anotherofmydomains.net -> acoustomery@atmydomain.org, DUNNO
2012-08-01 05:08:13 INFO [213.165.64.22] afriend@gmx.de -> kathrin@acustomersdomain.de, DUNNO
2012-08-01 05:08:49 INFO [213.165.64.23] afriend@gmx.de -> admin@mydomain.de, DUNNO

Can anyone help me in fixing this "DUNNO" error? According to ZhangHuangbin its normal, but in fact these mails never show up in Roundcube mail and my synchronized old mails do.

Other Errors I got

mail.err (but this was from 8-9 hours ago when i started installing)
postfix/trivial-rewrite[26171]: fatal: proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup problem

//Edit: I think I found the problem

mail.info
Aug  1 05:14:54 shibuyaku postfix/smtpd[1243]: connect from mailout-de.gmx.net[213.165.64.22]
Aug  1 05:14:54 shibuyaku postfix/smtpd[1243]: warning: connect to 127.0.0.1:10031: Connection refused
Aug  1 05:14:54 shibuyaku postfix/smtpd[1243]: warning: problem talking to server 127.0.0.1:10031: Connection refused
Aug  1 05:14:55 shibuyaku postfix/smtpd[1243]: warning: connect to 127.0.0.1:10031: Connection refused
Aug  1 05:14:55 shibuyaku postfix/smtpd[1243]: warning: problem talking to server 127.0.0.1:10031: Connection refused
Aug  1 05:14:55 shibuyaku postfix/smtpd[1243]: NOQUEUE: reject: RCPT from mailout-de.gmx.net[213.165.64.22]: 451 4.3.5 Server configuration problem; from=<afriend@gmx.de> to=<acustomer@mydomain.de> proto=SMTP helo=<mailout-de.gmx.net>
Aug  1 05:14:55 shibuyaku postfix/smtpd[1243]: disconnect from mailout-de.gmx.net[213.165.64.22]

Apparently theres a problem with my servers configuration. Any ideas?
After reading this (http://www.iredmail.org/forum/topic3217 … fused.html) it occured to me, that I could be dealing with a policyd problem. In fact there is no /etc/init.d/policyd in my installation and no policyd tables in my MySQL either. Dont really know how to fix this here :\


//Edit Nr 5:
http://www.iredmail.org/forum/topic1215 … olved.html
This has good hints, there are too many spaces in our /etc/postfix-policy.d conf AND the policyd-database was not even created for me. i purged postfixd-policy, reinstalled it (which made the database work) and afterwards removed all spaces in the LOG_ERR containing line of postfix-policyd.conf


Everything seems to be working now, well: at least my customers can write and recieve mails with roundcube and I'll have to go and catch some sleep after coding/configurating for 22 hours (not just mail stuff, I was at work before ^^)

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: Moving iRedMail to another Server - Any hints?

finkef wrote:

Can anyone help me in fixing this "DUNNO" error? According to ZhangHuangbin its normal, but in fact these mails never show up in Roundcube mail and my synchronized old mails do.

DUNNO is normal. Mail didn't show up in Roundcube was caused by other issue, not DUNNO in iRedAPD.

finkef wrote:

Aug  1 05:14:54 shibuyaku postfix/smtpd[1243]: warning: connect to 127.0.0.1:10031: Connection refused

Policyd service is not running. Please try to start it with below command on Debian 6:

# /etc/init.d/postfix-policyd restart

It logs to /var/log/mail.log by default, so if it doesn't start up, check the log file please.

8 Reply by finkef (edited by finkef 2012-08-02 04:16:32)

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Re: Moving iRedMail to another Server - Any hints?

Everything is working super fine now.
OK... all thats left now is SPD/DKIM configuration on the dns servers, but I'm convinced I will be able to pull that off too.
Thank you so much guys & Zhang, I've learnt a lot in the last few days. And I really love iRedMail, the web interface alone is just so helpful and the help with installing alle these components that rely on each other is awesome too.

9 Reply by finkef

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Re: Moving iRedMail to another Server - Any hints?

Update to help you in improving the iRedMail Product:

There is definetly an error in the current iptables config you're shipping with iredmail. I had a clean system with zero iptables configs. After the iredmail install there were some chains (policy: accept yes, but still a problem) for fail2ban.

I then got tons of these errors:
mail postfix/smtpd[5812]: warning: problem talking to server 127.0.0.1:10031: Connection refused
mail postfix/smtpd[5812]: warning: connect to 127.0.0.1:10031: Connection refused

It was not the logging problem, the policyd-config was 100% fine. As soon as I purged the iptables (iptables -purge) and restarted /etc/init.d/postfix-policyd a port 10031 went up (there was nothing listening at that port before) and everything was working.

Just FYI so you can adress this matter sooner or later, as I said the system was clean and I never edited that iptables config before.

Cheers!

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,785

Re: Moving iRedMail to another Server - Any hints?

finkef wrote:

mail postfix/smtpd[5812]: warning: connect to 127.0.0.1:10031: Connection refused

Policyd service is not running, it's not related to iptables.

11 Reply by finkef (edited by finkef 2012-08-02 11:44:52)

  • finkef
  • Member
  • Offline
  • Registered: 2012-07-28
  • Posts: 7

Re: Moving iRedMail to another Server - Any hints?

Yeah policyd wasnt running because it could not be started while iptables was configured with the rules and chains iredmail loaded. I could start/restart/reload postfix-policyd as much as I wanted, it didnt start. As soon as I purged the iptables chains I retried starting policyd and it started without any problems.

These are the rules that - and I dont understand why - stopped policyd from starting properly and listening at 10033.

# Generated by iptables-save v1.4.8 on Wed Aug  1 23:39:41 2012
*filter
:INPUT ACCEPT [711892:73916350]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [908304:130178415]
:fail2ban-roundcube - [0:0]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m tcp --dport 23 -j fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j fail2ban-roundcube
-A fail2ban-roundcube -j RETURN
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Wed Aug  1 23:39:41 2012
~
~
~
~
~
~