<yambe:breadcrumb>CentOS_7.x_email_configuration|CentOS 7.x email configuration</yambe:breadcrumb>

CentOS 7.x migrate CentOS 6.x postfix, dovecot, squirrelmail server

Following steps can be used for migrating a running mail server setup from CentOS 6.8 created using Configuring basic SMTP, IMAP, POP and HTTP access for complete email on a single server to CentOS 7.4:

1. Create a new VM with necessary resources (Eg t2.micro)
2. Add elastic IP to instance if not done already
3. yum -y install vim
4. Mount partition to /home as desired
5. Copy keys from old server to new server as authorized
6. Add /etc/hosts entry in old server for pointing to new server with name (eg newserver)
7. yum -y install httpd mod_ssl
8. systemctl stop firewalld
9. TODO - Copy firewalld configuration from old server to new server
10. If custom SSL certificates were used edit /etc/httpd/conf.d/ssl.conf with

    SSLCertificateFile /etc/httpd/conf/ssl.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key
    SSLCACertificateFile /etc/httpd/conf/ca-bundle.pem

    and copy corresponding files from old server to new server

11. If Installing lets-encrypt SSL certificate was used then copy /etc/letsencrypt from old server to new server. Also install python2-certbot-apache on new server. Also configure appropriate cron entries for automatic renewal same as old server on new server (crontab -l on old server, crontab -e on new server)
12. systemctl start httpd
13. systemctl status httpd
14. systemctl enable httpd
15. Copy home ( rsync -aHz --delete /home/ root@newserver:/home/ )
16. Repeat rsync again after it finishes for a second sync
17. cat /etc/passwd on old server. Copy all lines for UID >=500 and append corresponding lines to /etc/passwd on new server. The number of lines should match ls -1 /home | grep -v lost | wc -l Be watchful for IDs <500 which might appear in between (eg nscd)
18. Copy /etc/shadow lines of corresponding users from old server to new server
19. Copy /etc/group lines of corresponding users from old server to new server
20. Do "ls -l /home" on new server and all user and group names should appear properly
21. copy custom aliases from /etc/aliases to new server and update root alias appropriately
22. newaliases
23. yum -y install logwatch
24. yum -y install postfix
25. Edit /etc/postfix/main.cf on new server and correct values of following variables by looking at old server
    • myhostname
    • mydomain
    • myorigin
    • inet_interfaces
    • mydestination
    • home_mailbox
26. Set hostname in /etc/hostname file on new server
27. Use "hostname <fqdn>" command to set current hostname on new server
28. systemctl enable postfix
29. Add hostname against 127.0.0.1 in /etc/hosts
30. systemctl start postfix
31. systemctl status postfix
32. yum -y install dovecot
33. Edit /etc/dovecot/conf.d/10-mail.conf and set

    mail_location = maildir:~/mail
    first_valid_uid = 500

    same as old server

34. Also change all auth values from 1000 to 500 in various /etc/pam.d files

    grep 1000 /etc/pam.d/*
    #update all files

35. systemctl enable dovecot
36. systemctl start dovecot
37. systemctl status dovecot
38. Refer Postfix_SMTP_authentication_using_dovecot and if authentication is enabled on old server then enable it appropriately on new server also
39. yum -y install wget
40. yum -y install epel-release
41. yum -y install squirrelmail
42. Disable selinux (setenforce 0, edit /etc/sysconfig/selinux and set SELINUX=disabled)
43. cd /usr/share/squirrelmail/config; ./conf.pl
    • Set Organization Preferences -> Organization name
    • Set Server Settings -> Domain
    • Set Server Settings -> IMAP Settings. Use values mail.sbarjatiya.com, 993, Secure (IMAP): true, Server software: dovecot
    • Setup mail sending using sendmail and not through SMTP
44. rsync /var/www/html from old server to new server
45. systemctl restart httpd
46. Add /etc/hosts entry for new server in laptop and try to open the new server with name and IP.
47. On old server stop httpd, dovecot and postfix
48. Again sync /home ( rsync -aHz --delete /home/ root@newserver:/home/ )
49. Change DNS entries to point to new server. If organization has local private DNS, then perhaps that may also require changes.
50. Check updated entries via public DNS servers after waiting for a minute or two
51. Copy /root/.ssh/authorized_keys from old server to new server
52. Comment /etc/host entry in laptop after DNS entry has been changed
53. Apply security group settings from old server to new server (HTTP, HTTPS, POP3, POP3S, SMTP, SMTPS, IMAP, IMAPS, SSH, Ping)
54. Do TLS_configuration_for_postfix if configured on previous server
55. Send test email from gmail to server and wait for receiving email on new server
56. Send test email from new server to gmail and wait for receiving email on Gmail account
57. stop and possibly terminate old server after few days. Elastic IP of old server can be released immediately after stopping.
58. If elastic IP is locked make a request for release
59. Fill AWS reverse entry form for email servers. For this first login into AWS account and then open https://aws.amazon.com/forms/ec2-email-limit-rdns-request
60. CentOS 7.x Configure change password plugin for squirrelmail using poppassd
61. CentOS 7.x Configure Postfix to block spam
62. Increase postfix message and mailbox size limit using Troubleshooting_postfix_server_issues#Message_file_too_big_issue
63. Look at all other custom configuration in /etc/postfix/main.cf that has not been migrated to new server

Refer: - https://serverfault.com/questions/291667/dovecot-getting-error-mail-access-for-users-with-uid-222-not-permitted

<yambe:breadcrumb>CentOS_7.x_email_configuration|CentOS 7.x email configuration</yambe:breadcrumb>