Migrating from courier-imap without passwords using Imapsync
Migrate e-mail accounts from courier-imap, postfixadmin to zimbra without having user passwords
First, we needed to pull the account names and passwords from postfixadmin over to the new Zimbra system. This article demonstrates a php script that did the job well, querying the encrypted passwords from the MySQL backup into a file. You can also modify it to retrieve aliases and subscribers from MySQL.
Using the exported.sh file, which runs zmprov, it created the users on Zimbra and was able to set their passwords. You may want to grep out all the lines with 'zmprov ma username' into another file, called reset_passwords.sh, to use for resetting account passwords later. (add #!/bin/bash on the top line to make it a script, 'chmod +x reset_passwords.sh' to make it executable.) At this point, we want to change the account passwords to be all the same for the time it takes to do the imapsync migration - add the password to the 'zimpassfile2' file as specified in the imapsync command.
Migrating e-mail using imapsync was complicated when trying to use the --auth-user postfixadmin 'super-user' option, so we decided instead to create a new e-mail account via postfixadmin, called migrate1, set a password, and then manually change the symlink for the mail folder in this way:
ln -s /firstname.lastname@example.org /email@example.com
Then running imapsync worked:
/usr/bin/imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates --host1 postfixserver.domain.com \ --user1 migrate1 --passfile1 zimpassfile1 --host2 zimbraserver.domain.com --user2 firstname.lastname@example.org --passfile2 zimpassfile2 \ --noauthmd5
Then delete the symlink for migrate1 and recreate it for the next user, so you can run imapsync again:
rm /email@example.com ln -s /firstname.lastname@example.org /email@example.com
Migrate all accounts at once under the migrate1 account
We were able pull all user accounts over by logging into Squirrelmail as the migrate1 account. Create symlinks to each user's mail subfolder under migrate1's folder:
ln -s /firstname.lastname@example.org /email@example.comfirstname.lastname@example.org
and then Subscribe to each user's folder in Squirrelmail's Folder menu. With the user accounts now available as the migrate1 user, imapsync was able to use this syntax to pull each folder to the appropriate user's inbox:
/usr/bin/imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates --host1 postfixserver.domain.com --user1 \ email@example.com --passfile1 zimpassfile1 --host2 zimbraserver.domain.com --user2 firstname.lastname@example.org --passfile2 zimpassfile2 \ --folderrec INBOX.email@example.com --regextrans2 's/(.*)/INBOX/' --noauthmd5
Here is a script that will imapsync all user accounts:
#!/bin/bash # imapsyncrun.sh. Script to migrate imap mailboxes under the account migrate1 DATE=`date +%m%d%y_%H:%M` LOGFILE="imapsync.log" echo "IMAPSync starting.. $DATE" >> $LOGFILE # Begin 'for' loop, calling the list of user names already collected for ACCTNAME in `cat /home/zimbra/userlist` do # Reset the zimbra password temporarily: zmprov setPassword $ACCTNAME xxxxxxx # Then migrate: /usr/bin/imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates --host1 postfixserver.domain.com \ --user1 firstname.lastname@example.org --passfile1 zimpassfile1 --host2 zimbra.domain.com --user2 $ACCTNAME --passfile2 zimpassfile2 \ --folderrec INBOX.$ACCTNAME --regextrans2 's/(.*)/INBOX/' --noauthmd5 echo Done with $ACCTNAME on $DATE >> $LOGFILE done # Change the password back to the encrypted one on file. reset_passwords.sh echo "" >> $LOGFILE echo "IMAPSync Finished.. $DATE" >> $LOGFILE echo "------------------------------------" >> $LOGFILE
After all the accounts have synced, the reset_passwords.sh script that contains the 'zmprov ma' commands will reset all user passwords to the same ones which they had on the old mail server.
For performance, as recommended we ran two imapsync processes concurrently on different servers to reduce the time for migration. We configured accounts migration1 and migration2 on the old mail server so we could point to two different mail folders at one time under /usr/local/virtual.