Difference between revisions of "CentOS 7.x migrate CentOS 6.x postfix, dovecot, squirrelmail server"
From Notes_Wiki
m |
m |
||
Line 7: | Line 7: | ||
# Add elastic IP to instance if not done already | # Add elastic IP to instance if not done already | ||
# yum -y install vim | # yum -y install vim | ||
# Set correct time zone [[CentOS 7.x Change system timezone]] | |||
# [[Storing date / time along with commands in history]] | |||
# Mount partition to /home as desired | # Mount partition to /home as desired | ||
# Copy keys from old server to new server as authorized | # Copy keys from old server to new server as authorized |
Revision as of 03:23, 26 January 2019
<yambe:breadcrumb>CentOS_7.x_email_configuration|CentOS 7.x email configuration</yambe:breadcrumb>
CentOS 7.x migrate CentOS 6.x postfix, dovecot, squirrelmail server
Following steps can be used for migrating a running mail server setup from CentOS 6.8 created using Configuring basic SMTP, IMAP, POP and HTTP access for complete email on a single server to CentOS 7.4:
- Create a new VM with necessary resources (Eg t2.micro)
- Add elastic IP to instance if not done already
- yum -y install vim
- Set correct time zone CentOS 7.x Change system timezone
- Storing date / time along with commands in history
- Mount partition to /home as desired
- Copy keys from old server to new server as authorized
- Add /etc/hosts entry in old server for pointing to new server with name (eg newserver)
- yum -y install httpd mod_ssl
- systemctl stop firewalld
- TODO - Copy firewalld configuration from old server to new server
- If custom SSL certificates were used edit /etc/httpd/conf.d/ssl.conf with
- SSLCertificateFile /etc/httpd/conf/ssl.crt
- SSLCertificateKeyFile /etc/httpd/conf/ssl.key
- SSLCACertificateFile /etc/httpd/conf/ca-bundle.pem
-
- and copy corresponding files from old server to new server
- If Installing lets-encrypt SSL certificate was used then copy /etc/letsencrypt from old server to new server. Also install python2-certbot-apache on new server. Also configure appropriate cron entries for automatic renewal same as old server on new server (crontab -l on old server, crontab -e on new server)
- systemctl start httpd
- systemctl status httpd
- systemctl enable httpd
- Copy home ( rsync -aHz --delete /home/ root@newserver:/home/ )
- Repeat rsync again after it finishes for a second sync
- cat /etc/passwd on old server. Copy all lines for UID >=500 and append corresponding lines to /etc/passwd on new server. The number of lines should match ls -1 /home | grep -v lost | wc -l Be watchful for IDs <500 which might appear in between (eg nscd)
- Copy /etc/shadow lines of corresponding users from old server to new server
- Copy /etc/group lines of corresponding users from old server to new server
- Do "ls -l /home" on new server and all user and group names should appear properly
- copy custom aliases from /etc/aliases to new server and update root alias appropriately
- newaliases
- yum -y install logwatch
- yum -y install postfix
- Edit /etc/postfix/main.cf on new server and correct values of following variables by looking at old server
- myhostname
- mydomain
- myorigin
- inet_interfaces
- mydestination
- home_mailbox
- Set hostname in /etc/hostname file on new server
- Use "hostname <fqdn>" command to set current hostname on new server
- systemctl enable postfix
- Add hostname against 127.0.0.1 in /etc/hosts
- systemctl start postfix
- systemctl status postfix
- yum -y install dovecot
- Edit /etc/dovecot/conf.d/10-mail.conf and set
- mail_location = maildir:~/mail
- first_valid_uid = 500
-
- same as old server
- Also change all auth values from 1000 to 500 in various /etc/pam.d files
- grep 1000 /etc/pam.d/*
- #update all files
- systemctl enable dovecot
- systemctl start dovecot
- systemctl status dovecot
- Refer Postfix_SMTP_authentication_using_dovecot and if authentication is enabled on old server then enable it appropriately on new server also
- yum -y install wget
- yum -y install epel-release
- yum -y install squirrelmail
- Disable selinux (setenforce 0, edit /etc/sysconfig/selinux and set SELINUX=disabled)
- cd /usr/share/squirrelmail/config; ./conf.pl
- Set Organization Preferences -> Organization name
- Set Server Settings -> Domain
- Set Server Settings -> IMAP Settings. Use values mail.sbarjatiya.com, 993, Secure (IMAP): true, Server software: dovecot
- Setup mail sending using sendmail and not through SMTP
- rsync /var/www/html from old server to new server
- systemctl restart httpd
- Add /etc/hosts entry for new server in laptop and try to open the new server with name and IP.
- On old server stop httpd, dovecot and postfix
- Again sync /home ( rsync -aHz --delete /home/ root@newserver:/home/ )
- Change DNS entries to point to new server. If organization has local private DNS, then perhaps that may also require changes.
- Check updated entries via public DNS servers after waiting for a minute or two
- Copy /root/.ssh/authorized_keys from old server to new server
- Comment /etc/host entry in laptop after DNS entry has been changed
- Apply security group settings from old server to new server (HTTP, HTTPS, POP3, POP3S, SMTP, SMTPS, IMAP, IMAPS, SSH, Ping)
- Do TLS_configuration_for_postfix if configured on previous server
- Send test email from gmail to server and wait for receiving email on new server
- Send test email from new server to gmail and wait for receiving email on Gmail account
- stop and possibly terminate old server after few days. Elastic IP of old server can be released immediately after stopping.
- If elastic IP is locked make a request for release
- Fill AWS reverse entry form for email servers. For this first login into AWS account and then open https://aws.amazon.com/forms/ec2-email-limit-rdns-request
- CentOS 7.x Configure change password plugin for squirrelmail using poppassd
- CentOS 7.x Configure Postfix to block spam
- Increase postfix message and mailbox size limit using Troubleshooting_postfix_server_issues#Message_file_too_big_issue
- Look at all other custom configuration in /etc/postfix/main.cf that has not been migrated to new server
<yambe:breadcrumb>CentOS_7.x_email_configuration|CentOS 7.x email configuration</yambe:breadcrumb>