Difference between revisions of "Jkhondhu-Notes"

(Blanked the page)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
  
==Holding the Postfix Queue at time of server migration/maintenance==
 
 
Holding the postfix queue at the time of migration. Specifically at the time when you need mailboxd to be running so that imapsync can inject emails.
 
 
Hold the queue:
 
  postsuper -h ALL
 
 
Release the hold queue:
 
  postsuper -r ALL
 
 
To delete the mails from the queue: 
 
  'cat /tmp/deletelist | /opt/zimbra/postfix/sbin/postsuper -d -'
 
 
* Other way it to create a file and define the user's whose emails you want to hold.
 
 
1.Create a stub file called /opt/zimbra/conf/migration-hold that will be used by Postfix to HOLD messages and then "postmap" this file to create the .db hash file.
 
 
2. Modify /opt/zimbra/conf/postfix_recipient_restrictions.cf to include the line in bold below.
 
      reject_non_fqdn_recipient
 
      permit_sasl_authenticated
 
      permit_mynetworks
 
      reject_unlisted_recipient
 
      check_recipient_access hash:/opt/zimbra/conf/migration-hold
 
      permit
 
 
 
3. Execute "postfix reload" as the zimbra user. main.cf will now reference the new migration-hold file
 
 
4. The migration-hold file will contain the full list of email addresses that will be migrated during the impending migration in the following format:
 
 
  address1@domain.com              HOLD migration in progress
 
  address2@domain.com              HOLD migration in progress
 
 
Now the MTA will accept the message, but place it in the HOLD queue as shown below:
 
 
postfix/smtpd[5584]: NOQUEUE: hold: RCPT from unknown[xx.xx.xx.xx]: <sender@domain>: Recipient address migration in progress; from=<sender@domain.org> to=<recepient@domain>
 
 
5.  Finally, the "postsuper -H ALL" command should be executed on each Zimbra MTA to allow all held mail to be moved back into the active queue for delivery.
 
 
6. After migration has been completed, all empty migration-hold file will be removed and postfix_recipient_restrictions.cf will have the check_recipient_access line deleted.
 
 
Credit to https://wiki.zimbra.com/wiki/Irfan-Notes
 
 
----
 
* Needs more details, incomplete right now.
 
* Needs more details, incomplete right now.
 
----
 
Single-Node Self-Signed Certificate
 
/opt/zimbra/bin/zmcertmgr createca -new
 
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
 
/opt/zimbra/bin/zmcertmgr deploycrt self
 
/opt/zimbra/bin/zmcertmgr deployca
 
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
 
 
Multi-Node Self-Signed Certificate
 
/opt/zimbra/bin/zmcertmgr createca -new
 
/opt/zimbra/bin/zmcertmgr deployca
 
/opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.example.com"
 
/opt/zimbra/bin/zmcertmgr deploycrt self -allserver
 
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
 
 
Single-Node Commercial Certificate
 
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=CA/L=Sunnyvale/O=Yahoo/OU=Zimbra Collaboration Suite" -subjectAltNames host.example.com
 
cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
 
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
 
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
 
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
 
 
Multi-Node Commercial Certificate
 
 
Signed Certificate: /tmp/commercial.crt
 
Certificate Key (Private): /tmp/commercial.key
 
Root Certificate Authority (CA Root): /tmp/ca.crt
 
Any Intermediate CA Certs: /tmp/ca_intermediary.crt
 
 
# cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
 
# mv /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.old# mkdir /opt/zimbra/ssl/zimbra
 
# mkdir /opt/zimbra/ssl/zimbra/ca
 
# mkdir /opt/zimbra/ssl/zimbra/commercial
 
# mkdir /opt/zimbra/ssl/zimbra/server
 
# chmod 740 /opt/zimbra/ssl/zimbra
 
# chmod 740 /opt/zimbra/ssl/zimbra/*
 
# cp /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/
 
# chmod 640 /opt/zimbra/ssl/zimbra/commercial/commercial.key
 
# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
 
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
 
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
 
 
 
----
 
 
 
----
 

Latest revision as of 10:31, 14 January 2015

Jump to: navigation, search