PREPARE NEW SERVER
name: mail.domain.tld
OS: Ubuntu 10.04 TLS 64bit
Zimbra: Zimbra 8.0 (first install 7.2.1)
Install Ubuntu server 10.04 LTS (minimal install + ssh server)
Create separate partition /opt for zimbra installation (size depend on size and quantity of mailboxes)
Use old mailserver hostname and IP adress
# vim /etc/hostname
mail
Prepare HOSTS file !!!
# vim /etc/hosts
127.0.0.1 localhost
192.168.1.X mail.domain.tld mail
Setup SSH
# vim /etc/ssh/sshd_config
AllowUsers zimbra ← add this line at the end
Download ZIMBRA 7.2.1
# wget http://files2.zimbra.com/downloads/7.2.1_GA/zcs-7.2.1_GA_2790.UBUNTU10_64.20120815212201.tgz
Untar Zimbra
# tar xvzf zcs-7.2.1...
Install ZIMBRA 7.2.1 to the NEW SERVER
# cd zcs-7.2.1...
# ./install.sh
...
DNS ERROR resolving MX for mail.domain.tld
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [mail.domain.tld] domain.tld
Create domain: [mail.domain.tld] domain.tld
MX: mail.domain.tld (192.168.10.7)
Interface: 192.168.10.7
Interface: 127.0.0.1
done.
Checking for port conflicts
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@domain.tld
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.lsmlhshnmy@domain.tld
+Enable automated spam training: yes
+Spam training user: spam.wyqzbievu@domain.tld
+Non-spam(Ham) training user: ham.vccas9hrzf@domain.tld
+SMTP host: mail.domain.tld
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://mail.domain.tld:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@domain.tld
+Version update source email: admin@domain.tld
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit
CHANGE admin password …
4) Admin Password set
CHANGE antivirus quarantine user from old server.
5) Anti-virus quarantine user: virus-quarantine.jllqjtji@domain.tld
CHANGE spam training user from old server.
7) Spam training user: spam.ydku3gfyuh@domain.tld
CHANGE ham training user from old server.
8) Non-spam(Ham) training user: ham.r4ujxkaq4@domain.tld
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
...
As zimbra user do:
zmcontrol stop
rm -rf /opt/zimbra/data/ldap/config/*
rm -rf /opt/zimbra/data/ldap/hdb/*
mkdir -p /opt/zimbra/data/ldap/hdb/db /opt/zimbra/data/ldap/hdb/logs
# chown -R zimbra:zimbra /opt/zimbra/data/ldap
3. COPY DATA TO NEW SERVER
Copy DB_CONFIG from old server to new server
# scp /opt/zimbra/data/ldap/hdb/db/DB_CONFIG mail:/opt/zimbra/data/ldap/hdb/db/
Create BACKUP directory on NEW SERVER
root@mail:~# mkdir /backup
Copy LDAP DATA from OLD SERVER to NEW SERVER
# scp /backup/ldap.bak mail:/backup/
# scp /backup/ldap-config.bak mail:/backup/
root@mail:~# chown -R zimbra:zimbra /backup/
IMPORT LDAP DATA
zimbra@mail:~$ /opt/zimbra/openldap/sbin/slapadd -q -n 0 -F /opt/zimbra/data/ldap/config -cv -l /backup/ldap-config.bak
added: "cn=config" (00000001)
added: "cn=module{0},cn=config" (00000001)
added: "cn=schema,cn=config" (00000001)
added: "cn={0}core,cn=schema,cn=config" (00000001)
added: "cn={1}cosine,cn=schema,cn=config" (00000001)
added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001)
added: "cn={3}zimbra,cn=schema,cn=config" (00000001)
added: "cn={4}amavisd,cn=schema,cn=config" (00000001)
added: "olcDatabase={-1}frontend,cn=config" (00000001)
added: "olcDatabase={0}config,cn=config" (00000001)
added: "olcDatabase={1}monitor,cn=config" (00000001)
added: "olcDatabase={2}hdb,cn=config" (00000001)
_#################### 100.00% eta none elapsed none fast!
Closing DB...
IMPORT LDAP CONFIG
zimbra@mail:~$ /opt/zimbra/openldap/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -cv -l /backup/ldap.bak
added: "cn=zimbra" (00000001)
added: "cn=admins,cn=zimbra" (00000002)
added: "uid=zimbra,cn=admins,cn=zimbra" (00000003)
added: "uid=zmreplica,cn=admins,cn=zimbra" (00000004)
added: "cn=appaccts,cn=zimbra" (00000005)
added: "uid=zmnginx,cn=appaccts,cn=zimbra" (00000006)
added: "uid=zmpostfix,cn=appaccts,cn=zimbra" (00000007)
added: "uid=zmamavis,cn=appaccts,cn=zimbra" (00000008)
added: "cn=zimlets,cn=zimbra" (00000009)
added: "cn=cos,cn=zimbra" (0000000a)
added: "cn=servers,cn=zimbra" (0000000b)
added: "cn=xmppcomponents,cn=zimbra" (0000000c)
added: "cn=globalgrant,cn=zimbra" (0000000d)
added: "cn=config,cn=zimbra" (0000000e)
added: "cn=default,cn=cos,cn=zimbra" (0000000f)
added: "cn=mime,cn=config,cn=zimbra" (00000010)
added: "cn=message/rfc822,cn=mime,cn=config,cn=zimbra" (00000011)
added: "cn=text/html,cn=mime,cn=config,cn=zimbra" (00000012)
added: "cn=text/enriched,cn=mime,cn=config,cn=zimbra" (00000013)
added: "cn=text/plain,cn=mime,cn=config,cn=zimbra" (00000014)
added: "cn=text/calendar,cn=mime,cn=config,cn=zimbra" (00000015)
added: "cn=all,cn=mime,cn=config,cn=zimbra" (00000016)
added: "cn=mail.domain.tld,cn=servers,cn=zimbra" (00000017)
added: "dc=tld" (00000018)
added: "dc=domain,dc=tld" (00000019)
added: "uid=root,ou=people,dc=domain,dc=tld" (0000001b)
added: "uid=postmaster,ou=people,dc=domain,dc=tld" (0000001c)
added: "cn=conference.mail.domain.tld,cn=xmppcomponents,cn=zimbra" (0000001d)
added: "cn=com_zimbra_adminversioncheck,cn=zimlets,cn=zimbra" (0000001e)
added: "cn=com_zimbra_bulkprovision,cn=zimlets,cn=zimbra" (0000001f)
added: "cn=com_zimbra_ymemoticons,cn=zimlets,cn=zimbra" (00000020)
added: "cn=com_zimbra_cert_manager,cn=zimlets,cn=zimbra" (00000021)
added: "cn=com_zimbra_phone,cn=zimlets,cn=zimbra" (00000022)
added: "cn=com_zimbra_date,cn=zimlets,cn=zimbra" (00000023)
added: "cn=com_zimbra_email,cn=zimlets,cn=zimbra" (00000024)
….
#################### 100.00% eta none elapsed none fast!
Closing DB...
COPY localconfig.xml from OLDSERVER to NEWSERVER
# scp /backup/localconfig.xml mail:/backup/
EDIT localconfig.xml
BACKUP localconfig.xml on the NEWSERVER
zimbra@mail:~$ cp /opt/zimbra/conf/localconfig.xml /opt/zimbra/conf/localconfig.xml.orig
EDIT localconfig.xml and change values to values from OLDSERVER
(from /backup/localconfig.xml)
...
a. zimbra_mysql_password
b. mysql_root_password
c. zimbra_logger_mysql_password (Note: Transfer/copy this value to the new 64-bit server only if available from the old 32-bit server.)
d. mailboxd_keystore_password (Note: Transfer/copy this value to the new 64-bit server only if available from the old 32-bit server.)
e. mailboxd_truststore_password
f. mailboxd_keystore_base_password
g. zimbra_ldap_password
h. ldap_root_password
i. ldap_postfix_password
j. ldap_amavis_password
k. ldap_nginx_password
l. ldap_replication_password
REMOVE data from NEW SERVER
zimbra@mail:~$ rm -rf /opt/zimbra/db/data/*
COPY DATA from OLD SERVER
[root@oldserver ~]# scp -r /opt/zimbra/db/data/* mail:/opt/zimbra/db/data/
Copy MESSAGES and INDEX files from OLD SERVER to NEW SERVER
[root@oldserver ~]# scp -r /opt/zimbra/store/* mail:/opt/zimbra/store/
[root@oldserver ~]# scp -r /opt/zimbra/index/* mail:/opt/zimbra/index/
Transfer KEYSTORE
[root@oldserver ~]# scp /opt/zimbra/mailboxd/etc/keystore mail:/opt/zimbra/mailboxd/etc/keystore
+ Change keystore PASSWORD
[zimbra@oldserver ~]$ zmlocalconfig -s mailboxd_keystore_password
mailboxd_keystore_password = oldpassword
zimbra@mail:~$ zmlocalconfig -e mailboxd_keystore_password=oldpassword ← use oldpassword
COPY smtp,ldap,nginx CERTIFICATE and KEY from OLD to NEW server
# scp /opt/zimbra/conf/smtpd.crt mail:/opt/zimbra/conf/smtpd.crt
# scp /opt/zimbra/conf/smtpd.key mail:/opt/zimbra/conf/smtpd.key
# scp /opt/zimbra/conf/slapd.* mail:/opt/zimbra/conf/
# scp /opt/zimbra/conf/nginx.* mail:/opt/zimbra/conf/
COPY ZIMLETS FROM OLD SERVER
root@mail:~# scp -r root@oldserver:/opt/zimbra/zimlets-deployed/* /opt/zimbra/zimlets-deployed/
FIX PERMISSION as root
root@mail:~# chown -R zimbra.zimbra /opt/zimbra
root@mail:~# /opt/zimbra/libexec/zmfixperms
Start ZIMBRA 7.2.1 on NEW SERVER
zimbra@mail:~$ zmcontrol start
FIX ERRORS
ERROR 1
Host mail.domain.tld
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! failed.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Failed.
Starting amavisd...Config file "/opt/zimbra/conf/amavisd.conf" does not exist, at /opt/zimbra/amavisd/sbin/amavisd line 1799.
failed.
Starting freshclam...done.
Starting clamd...ERROR: Can't open/parse the config file /opt/zimbra/conf/freshclam.conf
failed.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Failed.
Starting saslauthd...saslauthd[8646] :set_auth_mech : failed to initialize mechanism zimbra
failed.
zmsaslauthdctl failed to start
Starting stats...Done.
SOLUTION 1
[root@oldserver ~]# scp /opt/zimbra/conf/amavisd.conf mail:/opt/zimbra/conf/
[root@oldserver ~]# scp /opt/zimbra/conf/freshclam.conf mail:/opt/zimbra/conf/
root@mail:~# /opt/zimbra/libexec/zmfixperms ← fix permission
ERROR 2
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! Failed.
SOLUTION 2
CREATE CERTIFICATES
# sh reg-ssl-zimbra.sh ← run script as root
script to regenerate certificate
***********************************************************************************
#!/bin/bash
################################################################################################################
# Regenerate SSL Cert
################################################################################################################
su - zimbra -c 'zmcontrol stop'
rm -rf /opt/zimbra/ssl/*
rm -rf /opt/zimbra/ssl/.rnd
/opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
/opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
vi /opt/zimbra/bin/zmcertmgr
# Find line
# SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}"
# and change to your company name
# then find and change you want value days expire cert validation_days=365 to validation_days=3650
# save /opt/zimbra/bin/zmcertmgr
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca -localonly
/opt/zimbra/bin/zmcertmgr createcrt self -new
/opt/zimbra/bin/zmcertmgr deploycrt self
su - zimbra -c 'zmcontrol start'
/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/bin/zmcertmgr deployca
su - zimbra -c 'zmupdateauthkeys'
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
### End Script **********************************************************************
......
Host mail.domain.tld
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...done.
** Saving global config key zimbraCertAuthorityKeySelfSigned...done.
** Copying CA to /opt/zimbra/conf/ca...done.
Updating keys for mail.domain.tld
Fetching key for mail.domain.tld
Updating keys for mail.domain.tld
Updating /opt/zimbra/.ssh/authorized_keys
::service mta::
notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=
::service proxy::
notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=
::service mailboxd::
notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=
::service ldap::
notBefore=Sep 30 13:19:52 2012 GMT
notAfter=Sep 29 13:19:52 2017 GMT
subject= /C=US/ST=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
issuer= /C=US/ST=N/A/L=N/A/O=ClickME/OU=IT/CN=mail.domain.tld
SubjectAltName=
ERROR 3
Message: system failure: Cannot WRITE index directory (mailbox=6 idxPath=/opt/zimbra/index/0/6/index/0) Error code: service.FAILURE Method: [unknown] Details:soap:Receiver
SOLUTION 3
# chown -R zimbra.zimbra /opt/zimbra
# /opt/zimbra/libexec/zmfixperms
ERROR 4
Click to MAILQUEUE on WEB CONSOLE produce:
Message: system failure: exception during auth {RemoteManager: mail.domain.tld->zimbra@mail.domain.tld:22} Error code: service.FAILURE Method: [unknown] Details:soap:Receiver
Message: system failure: exception during auth {RemoteManager: mail.domain.tld->zimbra@mail.domain.tld:22} Error code: service.FAILURE Method: [unknown] Details:soap:Receiver
SOLUTION 4 ???
zimbra@mail:~$ zmprov ms mail.domain.tld zimbraRemoteManagementPort 22
PROBABLY INTERFACES FILE !!!!
There was no gateway in /etc/network/interfaces
add gateway 192.168.1.1
After I changed interfaces file, restart network with
# service networking restart
Pay attention at hosts file !!!
zimbra@mail:~$ cat /etc/hosts
127.0.0.1 localhost
192.168.1.X mail.domain.tld mail
NOW everything works fine.
Test MAIL SERVER by sending and receiving mail.
4. UPGRADE TO ZIMBRA 8.0
Download new Zimbra
# wget http://files2.zimbra.com/downloads/8.0.0_GA/zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627.tgz
Unpack ...
# tar xvzf zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627.tgz
Install zimbra ...
# cd zcs-8.0.0_GA_5434.UBUNTU10_64.20120907144627
# screen ./install.sh
….
Starting mysql...done.
ERROR 1133 (42000) at line 2: Can't find any matching row in the user table
ERROR 1396 (HY000) at line 1: Operation DROP USER failed for ''@'mail'
Zimbra 8.0 now works. :)
Check running SERVICES;
# netstat -tupane | less
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 105652 23807/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 310009 19028/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 321441 23103/java
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN 0 321442 23103/java
tcp 0 0 0.0.0.0:7072 0.0.0.0:* LISTEN 0 321443 23103/java
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 321436 23103/java
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 321432 23103/java
Setup a FIREWALL:
# ufw allow proto tcp from 192.168.1.0/24 to any port 22
# ufw allow proto tcp from 192.168.1.0/24 to any port 7071
# ufw allow proto tcp from 192.168.1.0/24 to any port 7072
# ufw allow proto tcp from any to any port 25
# ufw allow proto tcp from any to any port 443
# ufw allow proto tcp from any to any port 993
# ufw enable
# ufw logging on
HELP from Zimbra wiki:
http://wiki.zimbra.com/wiki/Platform_and_OS_Independent_ZCS_to_ZCS_Migration_Using_Rsync
http://wiki.zimbra.com/wiki/Network_Edition:_Moving_from_32-bit_to_64-bit_Server
http://wiki.zimbra.com/wiki/Server_Live_sync