Difference between revisions of "Jkhondhu-Notes"

(Holding the Postfix Queue at time of server migration/maintenance)
Line 47: Line 47:
  Single-Node Self-Signed Certificate
  Single-Node Self-Signed Certificate
  /opt/zimbra/bin/zmcertmgr createca -new
  /opt/zimbra/bin/zmcertmgr createca -new
  /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
  /opt/zimbra/bin/zmcertmgr createcrt -new -days 365

Revision as of 10:27, 14 January 2015

Holding the Postfix Queue at time of server migration/maintenance

Holding the postfix queue at the time of migration. Specifically at the time when you need mailboxd to be running so that imapsync can inject emails.

Hold the queue:

 postsuper -h ALL

Release the hold queue:

 postsuper -r ALL

To delete the mails from the queue:

 'cat /tmp/deletelist | /opt/zimbra/postfix/sbin/postsuper -d -'
  • Other way it to create a file and define the user's whose emails you want to hold.

1.Create a stub file called /opt/zimbra/conf/migration-hold that will be used by Postfix to HOLD messages and then "postmap" this file to create the .db hash file.

2. Modify /opt/zimbra/conf/postfix_recipient_restrictions.cf to include the line in bold below.

     check_recipient_access hash:/opt/zimbra/conf/migration-hold

3. Execute "postfix reload" as the zimbra user. main.cf will now reference the new migration-hold file

4. The migration-hold file will contain the full list of email addresses that will be migrated during the impending migration in the following format:

 address1@domain.com              HOLD migration in progress
 address2@domain.com              HOLD migration in progress

Now the MTA will accept the message, but place it in the HOLD queue as shown below:

postfix/smtpd[5584]: NOQUEUE: hold: RCPT from unknown[xx.xx.xx.xx]: <sender@domain>: Recipient address migration in progress; from=<sender@domain.org> to=<recepient@domain>

5. Finally, the "postsuper -H ALL" command should be executed on each Zimbra MTA to allow all held mail to be moved back into the active queue for delivery.

6. After migration has been completed, all empty migration-hold file will be removed and postfix_recipient_restrictions.cf will have the check_recipient_access line deleted.

Credit to https://wiki.zimbra.com/wiki/Irfan-Notes

  • Needs more details, incomplete right now.
  • Needs more details, incomplete right now.

Single-Node Self-Signed Certificate
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/bin/zmcertmgr deployca
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Multi-Node Self-Signed Certificate

/opt/zimbra/bin/zmcertmgr createca -new

/opt/zimbra/bin/zmcertmgr deployca
/opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.example.com"
/opt/zimbra/bin/zmcertmgr deploycrt self -allserver
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Single-Node Commercial Certificate

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=CA/L=Sunnyvale/O=Yahoo/OU=Zimbra Collaboration Suite" -subjectAltNames host.example.com cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt /opt/zimbra/bin/zmcertmgr viewdeployedcrt

Multi-Node Commercial Certificate

Signed Certificate: /tmp/commercial.crt Certificate Key (Private): /tmp/commercial.key Root Certificate Authority (CA Root): /tmp/ca.crt Any Intermediate CA Certs: /tmp/ca_intermediary.crt

# cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
# mv /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.old# mkdir /opt/zimbra/ssl/zimbra
# mkdir /opt/zimbra/ssl/zimbra/ca
# mkdir /opt/zimbra/ssl/zimbra/commercial
# mkdir /opt/zimbra/ssl/zimbra/server
# chmod 740 /opt/zimbra/ssl/zimbra
# chmod 740 /opt/zimbra/ssl/zimbra/*
  1. cp /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/
# chmod 640 /opt/zimbra/ssl/zimbra/commercial/commercial.key
# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

Jump to: navigation, search