Tag: Open Source

Zimbra migration

The first step was to set up Red Hat Enterprise 6 (RHEL6). It is important to keep the data separate from the root directory so that the mail server cannot cause the server to fail (and prevent debugging and fixing it.)

I have a fresh install on the new server with a 30Gb / partition and the remainder in /opt

Zimbra does not user the /home directory and all data goes in to /opt for a single server.

If you want to encrypt the file system it will provide further protection for your data, though be aware that you will need to put the password in every time it boots, which means that following a power failure the system will not automatically recover without intervention.

Leaving selinux on will protect services other than zimbra but note that zimbra will be running without selinux protection.

You might also want to install fail2ban which prevents scripts trying to guess smtp and ssh passwords.

Please note (Zimbra will fail to start correctly if this is not done) that the zimbra user ID has to be the same on the originating server as the new server. check by running id zimbra on both machines.

The new server also needs the /etc/hosts file set up correctly. It needs the following entry:

IPaddress Fully.Qualified.Hostname Hostname

The server also needs MX and A DNS records set correctly. This can be easily done using dnsmasq. A quick install: yum -y install dnsmasq

Then the following lines need to be set in /etc/dnsmasq.conf:



#This line is your forwarding nameserver


Turn dnsmasq on by:

service dnsmasq restart

chkconfig dnsmasq on

Now we can install the zimbra binaries available from Zimbra.com

untar the binaries and then change to the new directory and run


Answer all the questions and the install ought to run smoothly.

Then we can transfer the data from the old server to the new server. We can do this while the old server is running to get the majority of the data across and then the final change over with the old server stopped to ensure no mail is lost. As the data can take many hours to transfer on the first sync it is a better way to do it rather than transfer it with the originating server turned off for 10 or more hours.

The data can be transferred from the originating server with the following command (all on one line):

rsync -avHK --delete --progress --stats  --exclude 'data.mdb' /opt/zimbra  root@newserveraddress:/opt/

I have excluded the data.mdb file as it is a sparse file that is 80Gb and can take a huge amount of time to transfer and we can find a better way to transfer it.

Once this has been done we can take a copy of the database and do a final sync.

On the originating server stop zimbra:
service zimbra stop

The 80Gb file probably only contains about 100Mb of data, we can easily take a copy of the file and then transfer the smaller file:
mkdir /opt/databackup
#All on one line:
/opt/zimbra/openldap/bin/mdb_copy /opt/zimbra/data/ldap/mdb/db /opt/databackup

#All on one line:
rsync -turv --stats --progress /opt/databackup/data.mdb root@newserveraddress:/opt/zimbra/data/ldap/mdb/db/data.mdb

We then need to correct the permissions on the new server running the following command as root:
/opt/zimbra/libexec/zmfixperms --extended --verbose

Time to start the service:

service zimbra start

I have also found that while making the migration the logging service fails. This can be corrected with the following command run as root:


The final item we need to correct is the ssh keys, which are set for the old server:

su - zimbra

#Create the keys


#Deploy the keys


All ought to be well. don’t forget to check the logs etc.

Comments Off on Zimbra migration more...

Zimbra Tweaks

An account on Zimbra can become locked if someone is running a dictionary attack against it. More than 10 wrong password attempts in an hour will lock it for about an hour (I think those are the defaults).

Unlock an account from the command line:
zmprov ma user@example.com  zimbraAccountStatus active
Fixing logger not starting

 Change webmail port

su - zimbra
zmprov ms mail.yourdomain.com zimbraMailPort 8888
zmprov ms mail.yourdomain.com zimbraMailSSLPort 8889
zmcontrol stop ; zmcontrol start

Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress