Jkhondhu-Notes

Revision as of 10:26, 14 January 2015 by Jkhondhu (talk | contribs)

Holding the Postfix Queue at time of server migration/maintenance

Holding the postfix queue at the time of migration. Specifically at the time when you need mailboxd to be running so that imapsync can inject emails.

Hold the queue:

 postsuper -h ALL

Release the hold queue:

 postsuper -r ALL

To delete the mails from the queue:

 'cat /tmp/deletelist | /opt/zimbra/postfix/sbin/postsuper -d -'
  • Other way it to create a file and define the user's whose emails you want to hold.

1.Create a stub file called /opt/zimbra/conf/migration-hold that will be used by Postfix to HOLD messages and then "postmap" this file to create the .db hash file.

2. Modify /opt/zimbra/conf/postfix_recipient_restrictions.cf to include the line in bold below.

     reject_non_fqdn_recipient
     permit_sasl_authenticated
     permit_mynetworks
     reject_unlisted_recipient
     check_recipient_access hash:/opt/zimbra/conf/migration-hold
     permit
 

3. Execute "postfix reload" as the zimbra user. main.cf will now reference the new migration-hold file

4. The migration-hold file will contain the full list of email addresses that will be migrated during the impending migration in the following format:

 address1@domain.com              HOLD migration in progress
 address2@domain.com              HOLD migration in progress

Now the MTA will accept the message, but place it in the HOLD queue as shown below:

postfix/smtpd[5584]: NOQUEUE: hold: RCPT from unknown[xx.xx.xx.xx]: <sender@domain>: Recipient address migration in progress; from=<sender@domain.org> to=<recepient@domain>

5. Finally, the "postsuper -H ALL" command should be executed on each Zimbra MTA to allow all held mail to be moved back into the active queue for delivery.

6. After migration has been completed, all empty migration-hold file will be removed and postfix_recipient_restrictions.cf will have the check_recipient_access line deleted.

Credit to https://wiki.zimbra.com/wiki/Irfan-Notes


  • Needs more details, incomplete right now.
  • Needs more details, incomplete right now.

Single-Node Self-Signed Certificate
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/bin/zmcertmgr deployca
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Multi-Node Self-Signed Certificate

/opt/zimbra/bin/zmcertmgr createca -new

/opt/zimbra/bin/zmcertmgr deployca
/opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.example.com"
/opt/zimbra/bin/zmcertmgr deploycrt self -allserver
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Single-Node Commercial Certificate

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=CA/L=Sunnyvale/O=Yahoo/OU=Zimbra Collaboration Suite" -subjectAltNames host.example.com cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt /opt/zimbra/bin/zmcertmgr viewdeployedcrt

Multi-Node Commercial Certificate

Signed Certificate: /tmp/commercial.crt Certificate Key (Private): /tmp/commercial.key Root Certificate Authority (CA Root): /tmp/ca.crt Any Intermediate CA Certs: /tmp/ca_intermediary.crt

# cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
# mv /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.old# mkdir /opt/zimbra/ssl/zimbra
# mkdir /opt/zimbra/ssl/zimbra/ca
# mkdir /opt/zimbra/ssl/zimbra/commercial
# mkdir /opt/zimbra/ssl/zimbra/server
# chmod 740 /opt/zimbra/ssl/zimbra
# chmod 740 /opt/zimbra/ssl/zimbra/*
  1. cp /tmp/commercial.key /opt/zimbra/ssl/zimbra/commercial/
# chmod 640 /opt/zimbra/ssl/zimbra/commercial/commercial.key
# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr viewdeployedcrt





Jump to: navigation, search