1

Topic: Migrating to IRedMail advise needed

Hi to All,
I'm new here. Trying to migrate an old mail (plain text + mysql) server to IRedMail (ldap). By migrate I do not mean moving the old users accounts and maildirs, although if someone has some advise in that, it would be also welcome, but I do not think it is worth it since the old authentication system is postfix by plain text and dovecot by mysql etc. quite horrible :-)
The new server sends mail just fine. I have problems with receiving mail though. What I would like to achieve temporarily is to have both servers oldmail and newmail receive the mails so that I could smoothly add new users to new server and start adding the current users to the new server.  I tried to change the DNS records (5 newserver 10 oldserver) but the effect was that if the olduser is not present on the new server the mail returns to sender.
The advise I would like to get from someone is either how to make both of the servers recieve the mail simultanously or other ideas how to move smoothly from old to new server, considering there are few thousand users which as I mentioned above it is rather not possible to import to the old users to new server due to the fact of different password hashing and different paths and lack of ldap.
Any help appreciated :-)
best regards
PiotrAF

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Migrating to IRedMail advise needed

piotraf wrote:

it is rather not possible to import to the old users to new server due to the fact of different password hashing and different paths and lack of ldap.

iRedMail uses MD5/SSHA password hashes, but it supports plain password too, so you can migrate plain password from old server - if you want to.

Reference: http://www.iredmail.org/wiki/index.php? … ord.hashes

piotraf wrote:

how to make both of the servers recieve the mail simultanously

First of all, i personally suggest you migrate old server to the new one.

To achieve this goal, you can try below steps:

*) Create a new mail user on new server. e.g. catch-all@domain.ltd
*) Assign catch-all@domain.ltd as the catch-all account of your domain. So that all emails sent to non-existing mail users will be delivered to catch-all@domain.ltd.
*) Here comes the most important one: Set per-user transport of catch-all@domain.ltd to your old server. For example: smtp:[IP_of_old_server]:25

That's all.

3 (edited by piotraf 2014-04-02 04:37:46)

Re: Migrating to IRedMail advise needed

ZhangHuangbin wrote:
piotraf wrote:

it is rather not possible to import to the old users to new server due to the fact of different password hashing and different paths and lack of ldap.

iRedMail uses MD5/SSHA password hashes, but it supports plain password too, so you can migrate plain password from old server - if you want to.

Reference: http://www.iredmail.org/wiki/index.php? … ord.hashes

To migrate them would be great too, even though due to security issues they need to be changed anyway, but unfortunatelly they are in {SHA1}.
By the way - is there a way to block certain users from retrieving mail via pop3 and imply users to change the passwords in Iredmail (open or pro)? [less important but might be usefull - scripting to do that once a month etc.]

ZhangHuangbin wrote:
piotraf wrote:

how to make both of the servers recieve the mail simultanously

First of all, i personally suggest you migrate old server to the new one.

To achieve this goal, you can try below steps:

*) Create a new mail user on new server. e.g. catch-all@domain.ltd
*) Assign catch-all@domain.ltd as the catch-all account of your domain. So that all emails sent to non-existing mail users will be delivered to catch-all@domain.ltd.
*) Here comes the most important one: Set per-user transport of catch-all@domain.ltd to your old server. For example: smtp:[IP_of_old_server]:25

That's all.

I will try that. that would be great if it worked.

Since you're so kind I will show you the entire mess I am in :-) Currently the old server (based debian etch!):

postfix users.conf
OLD_USER@example.com.pl:{SHA1}2fac929f2d58ded733ea9f8a312bd54532b36667:107:8:OLD_USER:/vmail//OLD_USER
+ mysql used by dovecot
"2842":"OLD_USER":"2fac929f2d58ded733ea9f8a312bd54532b36667":"2014-02-18 09:17:32"::::"\00"
The mysql part with date/time created might be usefull to create new vmail folders.
Nevertheless I would have trasform almost ~2'500 users in that format + 500 new users from an excel sheet to the ldif format:

--------------------------------------------------------------------------
# LDIF Export for mail=NEW_USER@example.com.pl,ou=Users,domainName=example.com.pl,o=domains,dc=example,dc=com,dc=pl
# Server: My LDAP Server (127.0.0.1)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 31, 2014 7:29 pm
# Version: 1.2.2

version: 1

# Entry 1: mail=NEW_USER@example.com.pl,ou=Users,domainName=example....
dn: mail=NEW_USER@example.com.pl,ou=Users,domainName=example.com.pl,o=
domains,dc=example,dc=com,dc=pl
accountstatus: active
amavislocal: TRUE
cn: NEW_USER
enabledservice: mail
enabledservice: deliver
enabledservice: lda
enabledservice: smtp
enabledservice: smtpsecured
enabledservice: pop3
enabledservice: pop3secured
enabledservice: imap
enabledservice: imapsecured
enabledservice: managesieve
enabledservice: managesievesecured
enabledservice: sieve
enabledservice: sievesecured
enabledservice: forward
enabledservice: senderbcc
enabledservice: recipientbcc
enabledservice: internal
enabledservice: lib-storage
enabledservice: shadowaddress
enabledservice: displayedInGlobalAddressBook
givenname: NEW_USER
homedirectory: /var/vmail/vmail1/example.com.pl/N/E/W/NEW_USER-2014.03.3 1.13.26.06/
mail: NEW_USER@example.com.pl
mailmessagestore: vmail1/example.com.pl/N/E/W/NEW_USER-2014.03.31.13.26.06/
mailquota: 0
objectclass: inetOrgPerson
objectclass: mailUser
objectclass: shadowAccount
objectclass: amavisAccount
preferredlanguage: en_US
shadowlastchange: 0
sn: NEW_USER
storagebasedirectory: /var/vmail
uid: NEW_USER
userpassword: {SSHA}oGU7fG7y6VioiuiofWUXGRAKtmTDKr6s4Qq4nQ==
----------------------------------------------------------------------------------------------------------------

Do you have any hints how to upload the old users? The folders probably would stay the oldstyle path/name since I will need to move the maildir too. But how to create a/m ldif template?

By any chance you have a reliable iredmail-mysql-TO-iredmail-ldap migrate tool?
It would be easier I think to get it working in mysql I think :-)

AFAIK, we will buy the IRedMail-Pro this week, and since we still didn't migrate, I think it would be better to start the process with the PRO version instead of upgrading it from opensource? or it makes totally no difference.

------------------------
Update 14/04/01
I'm getting through with the ldif template by means of excel and bash. I have to pass the {SHA1} problem though. Is it possible to use different types of hashing for each user (in my case the imported and the future to be created or it has to be only 1 of them?

4

Re: Migrating to IRedMail advise needed

piotraf wrote:

Tbut unfortunatelly they are in {SHA1}.

Postfix uses Dovecot as SASL authentication server, and Dovecot does support SHA1: http://wiki2.dovecot.org/Authentication/PasswordSchemes

piotraf wrote:

is there a way to block certain users from retrieving mail via pop3 and imply users to change the passwords in Iredmail (open or pro)? [less important but might be usefull - scripting to do that once a month etc.]

*) To disable POP3 service for certain user, you can remove LDAP attribute/value pairs 'enabledService=pop3' and 'enabledService=pop3secured' (POP3 over TLS) for this user in LDAP object.

*) To force users to change password, we have a new iRedAPD plugin for this:
https://bitbucket.org/zhb/iredapd/src/d … at=default

NOTE: Please check comment in this file, it will help you understand how it works and how to add necessary settings for this plugin.

piotraf wrote:

The mysql part with date/time created might be usefull to create new vmail folders.

Timestamp in maildir path is optional.

piotraf wrote:

Do you have any hints how to upload the old users? The folders probably would stay the oldstyle path/name since I will need to move the maildir too. But how to create a/m ldif template?

Did you check script shipped within iRedMail: iRedMail-0.8.6/tools/create_mail_user_OpenLDAP.*

piotraf wrote:

By any chance you have a reliable iredmail-mysql-TO-iredmail-ldap migrate tool?

Unfortunately, we don't.

piotraf wrote:

AFAIK, we will buy the IRedMail-Pro this week, and since we still didn't migrate, I think it would be better to start the process with the PRO version instead of upgrading it from opensource? or it makes totally no difference.

No difference. It's easy to migrate from iRedAdmin open source edition to iRedAdmin-Pro, check our migration tutorial here:
http://www.iredmail.org/wiki/index.php? … ro/OSE-Pro

piotraf wrote:

Is it possible to use different types of hashing for each user (in my case the imported and the future to be created or it has to be only 1 of them?

Sure, you can mix them. For example, one for {SHA1}, one for {SSHA}.