|
|
| Line 1: |
Line 1: |
| | | | |
| − | ==Holding the Postfix Queue at time of server migration/maintenance==
| |
| − |
| |
| − | Holding the postfix queue at the time of migration. Specifically at the time when you need mailboxd to be running so that imapsync can inject emails.
| |
| − |
| |
| − | Hold the queue:
| |
| − | postsuper -h ALL
| |
| − |
| |
| − | Release the hold queue:
| |
| − | postsuper -r ALL
| |
| − |
| |
| − | To delete the mails from the queue:
| |
| − | 'cat /tmp/deletelist | /opt/zimbra/postfix/sbin/postsuper -d -'
| |
| − |
| |
| − | * Other way it to create a file and define the user's whose emails you want to hold.
| |
| − |
| |
| − | 1.Create a stub file called /opt/zimbra/conf/migration-hold that will be used by Postfix to HOLD messages and then "postmap" this file to create the .db hash file.
| |
| − |
| |
| − | 2. Modify /opt/zimbra/conf/postfix_recipient_restrictions.cf to include the line in bold below.
| |
| − | reject_non_fqdn_recipient
| |
| − | permit_sasl_authenticated
| |
| − | permit_mynetworks
| |
| − | reject_unlisted_recipient
| |
| − | check_recipient_access hash:/opt/zimbra/conf/migration-hold
| |
| − | permit
| |
| − |
| |
| − | 3. Execute "postfix reload" as the zimbra user. main.cf will now reference the new migration-hold file
| |
| − |
| |
| − | 4. The migration-hold file will contain the full list of email addresses that will be migrated during the impending migration in the following format:
| |
| − |
| |
| − | address1@domain.com HOLD migration in progress
| |
| − | address2@domain.com HOLD migration in progress
| |
| − |
| |
| − | Now the MTA will accept the message, but place it in the HOLD queue as shown below:
| |
| − |
| |
| − | postfix/smtpd[5584]: NOQUEUE: hold: RCPT from unknown[xx.xx.xx.xx]: <sender@domain>: Recipient address migration in progress; from=<sender@domain.org> to=<recepient@domain>
| |
| − |
| |
| − | 5. Finally, the "postsuper -H ALL" command should be executed on each Zimbra MTA to allow all held mail to be moved back into the active queue for delivery.
| |
| − |
| |
| − | 6. After migration has been completed, all empty migration-hold file will be removed and postfix_recipient_restrictions.cf will have the check_recipient_access line deleted.
| |
| − |
| |
| − | Credit to https://wiki.zimbra.com/wiki/Irfan-Notes
| |
| − |
| |
| − | ----
| |
| − | * Needs more details, incomplete right now.
| |
| − | * Needs more details, incomplete right now.
| |
| − | ----
| |
| − | Single-Node Self-Signed Certificate
| |
| − |
| |
| − | /opt/zimbra/bin/zmcertmgr createca -new
| |
| − | /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
| |
| − | /opt/zimbra/bin/zmcertmgr deploycrt self
| |
| − | /opt/zimbra/bin/zmcertmgr deployca
| |
| − | /opt/zimbra/bin/zmcertmgr viewdeployedcrt
| |
| − |
| |
| − | Multi-Node Self-Signed Certificate
| |
| − | /opt/zimbra/bin/zmcertmgr createca -new
| |
| − | /opt/zimbra/bin/zmcertmgr deployca
| |
| − | /opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.example.com"
| |
| − | /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
| |
| − | /opt/zimbra/bin/zmcertmgr viewdeployedcrt
| |
| − |
| |
| − | Single-Node Commercial Certificate
| |
| − | /opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=CA/L=Sunnyvale/O=Yahoo/OU=Zimbra Collaboration Suite" -subjectAltNames host.example.com
| |
| − | cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
| |
| − | /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
| |
| − | /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
| |
| − | /opt/zimbra/bin/zmcertmgr viewdeployedcrt
| |
| − |
| |
| − | Multi-Node Commercial Certificate
| |
| − |
| |
| − | Signed Certificate: /tmp/commercial.crt
| |
| − | Certificate Key (Private): /tmp/commercial.key
| |
| − | Root Certificate Authority (CA Root): /tmp/ca.crt
| |
| − | Any Intermediate CA Certs: /tmp/ca_intermediary.crt
| |
| − |
| |
| − | # cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
| |
| − | # mv /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.old# mkdir /opt/zimbra/ssl/zimbra
| |
| − | # mkdir /opt/zimbra/ssl/zimbra/ca
| |
| − | # mkdir /opt/zimbra/ssl/zimbra/commercial
| |
| − | # mkdir /opt/zimbra/ssl/zimbra/server
| |
| − | # chmod 740 /opt/zimbra/ssl/zimbra
| |
| − | # chmod 740 /opt/zimbra/ssl/zimbra/*
| |
| − | # cp /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/
| |
| − | # chmod 640 /opt/zimbra/ssl/zimbra/commercial/commercial.key
| |
| − | # /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
| |
| − | /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
| |
| − | /opt/zimbra/bin/zmcertmgr viewdeployedcrt
| |
| − |
| |
| − |
| |
| − | ----
| |
| − |
| |
| − |
| |
| − | ----
| |
