Tag: Postfix

Zimbra upgrade from 8.0.7 to 8.50

The upgrade went smoothly. The hiccoughs I had were based on the move of the Postfix postfix_transport_maps to LDAP and the decision to stop supporting hash function in the postfix transportfile from 8.50 onwards. This meant that the setting was broken and then migrated to LDAP.

The error message printed in zimbra.log is:

postfix/trivial-rewrite[22832]: warning: hash:/opt/zimbra/postfix/conf/transportfile is unavailable. unsupported dictionary type: hash

I could see the setting, which had the default setting and the server specific setting. The first output is the global setting that has been migrated, the second is the server specific setting:

zmprov getConfig zimbraMtaTransportMaps

The original result provided two results:

zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
zimbraMtaTransportMaps: hash:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

What I want in the end result is:

zimbraMtaTransportMaps: lmdb:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

To change this setting I used to be able to use zmprov; however the new setting is set in LDAP, which will require the use of        .

To start there is a very useful page here: https://wiki.zimbra.com/wiki/Ajcody-LDAP-Topics that gives some great tips to be able to do queries on the Zimbra LDAP database.  Changing to the zimbra user and sourcing the correct variables allows us to do very easy queries. We can do:

su – zimbra source ~/bin/zmshutil zmsetvars ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password

We are now given the full LDAP dump, which we can pipe through grep to find the transport settings:

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password | grep transport

I found two entries here as I mentioned, I want to change both of them.

I ought to be able to do this using zmprov and the zimbraMtaTransportMaps key. There is no example that I could find on the Internet and rather than experiment on the server I cheated and used a graphical LDAP editor to change the setting from hash to LDAP.

I browsed through config and then servers to find the global setting and then the server specific setting respectively.

Now when I run:

zmprov getConfig zimbraMtaTransportMaps

I get the correct result and Zimbra starts accpeting email again.

LDAP Zimbra login screen

LDAP Zimbra login screen

Zimbra LDAP browser

Zimbra LDAP browser

Comments Off on Zimbra upgrade from 8.0.7 to 8.50 more...

Zimbra migration

The first step was to set up Red Hat Enterprise 6 (RHEL6). It is important to keep the data separate from the root directory so that the mail server cannot cause the server to fail (and prevent debugging and fixing it.)

I have a fresh install on the new server with a 30Gb / partition and the remainder in /opt

Zimbra does not user the /home directory and all data goes in to /opt for a single server.

If you want to encrypt the file system it will provide further protection for your data, though be aware that you will need to put the password in every time it boots, which means that following a power failure the system will not automatically recover without intervention.

Leaving selinux on will protect services other than zimbra but note that zimbra will be running without selinux protection.

You might also want to install fail2ban which prevents scripts trying to guess smtp and ssh passwords.

Please note (Zimbra will fail to start correctly if this is not done) that the zimbra user ID has to be the same on the originating server as the new server. check by running id zimbra on both machines.

The new server also needs the /etc/hosts file set up correctly. It needs the following entry:

IPaddress Fully.Qualified.Hostname Hostname

The server also needs MX and A DNS records set correctly. This can be easily done using dnsmasq. A quick install: yum -y install dnsmasq

Then the following lines need to be set in /etc/dnsmasq.conf:

address=/fully.qualified.hostname/IPaddress

mx-host=yourdomainname.com,your.mailhost.com,50

#This line is your forwarding nameserver

server=IPaddress

Turn dnsmasq on by:

service dnsmasq restart

chkconfig dnsmasq on

Now we can install the zimbra binaries available from Zimbra.com

untar the binaries and then change to the new directory and run

./install

Answer all the questions and the install ought to run smoothly.

Then we can transfer the data from the old server to the new server. We can do this while the old server is running to get the majority of the data across and then the final change over with the old server stopped to ensure no mail is lost. As the data can take many hours to transfer on the first sync it is a better way to do it rather than transfer it with the originating server turned off for 10 or more hours.

The data can be transferred from the originating server with the following command (all on one line):

rsync -avHK --delete --progress --stats  --exclude 'data.mdb' /opt/zimbra  root@newserveraddress:/opt/

I have excluded the data.mdb file as it is a sparse file that is 80Gb and can take a huge amount of time to transfer and we can find a better way to transfer it.

Once this has been done we can take a copy of the database and do a final sync.

On the originating server stop zimbra:
service zimbra stop

The 80Gb file probably only contains about 100Mb of data, we can easily take a copy of the file and then transfer the smaller file:
mkdir /opt/databackup
#All on one line:
/opt/zimbra/openldap/bin/mdb_copy /opt/zimbra/data/ldap/mdb/db /opt/databackup

#All on one line:
rsync -turv --stats --progress /opt/databackup/data.mdb root@newserveraddress:/opt/zimbra/data/ldap/mdb/db/data.mdb

We then need to correct the permissions on the new server running the following command as root:
/opt/zimbra/libexec/zmfixperms --extended --verbose

Time to start the service:

service zimbra start

I have also found that while making the migration the logging service fails. This can be corrected with the following command run as root:

/opt/zimbra/libexec/zmsyslogsetup

The final item we need to correct is the ssh keys, which are set for the old server:

su - zimbra

#Create the keys

zmsshkeygen

#Deploy the keys

zmupdateauthkeys

All ought to be well. don’t forget to check the logs etc.

Comments Off on Zimbra migration more...

Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress
loading