Migrating a qmail server

• update_zones.sh (quickly updates zones' IP, serials, TTL)

Background

• A mail server based on qmail/vpopmail which also holds a primary DNS server for the domains (yes, I know that it is not good to have the primary DNS and the mail server on the same server/IP, but I only have one IP).
• Both of them must be migrated to a new server with a different IP address and hardware.
• The new and the old servers are connected via Internet (ssh).

In the following Old and New are intended as the names of the two servers.

Steps to follow

The order is important:

1. Install and test the new server. It would be best to test it against a domain whose rDNS is the new IP.
2. rsync config files and mailboxes before the migration. This will be a very long process; use tools like tmux to avoid ssh session's break issues. You may be interested in an how to make backups with rsync and ssh that I wrote sometime ago. This step will be much easier if you have qmail and DNS in a (LXC) container.
3. In the new DNS server migrate the IP address (you can use the above script if using bind). Don't start the new DNS yet.
4. In the new DNS configuration, comment out the lines that notify the secondary DNS servers. This will be done by the old DNS when you'll decide to pull the trigger. You can now start the new DNS.
5. In the old DNS configuration, add a rule to SPF which let's New to send emails on behalf of your test domains.
6. In case you are sending test messages from Old to New with your domains as sender, you have to disable the DKIM verification on New.
7. In the new server disable the HELO DNS check for the old IP, otherwise all forwards from Old to New will be blocked, as New won't recognize Old as the owner of our domains during tests. Add a line like this to your tcprules:
   

   <old-IP-address>:NOHELODNSCHECK=""

8. Change TTL to 1S in both new and old DNS and lower the TTL to the minimum value available in all registrars of your domains. Be aware that the migration shouldn't be done as long as a time interval greater than the previous TTL value has passed. The script linked at the top of this page can help you to change your zones' TTL, serials and IP if using bind.
9. Turn off the old mail and DNS servers.
10. rsync config files and mailboxes (again, this time it'll be faster)
11. Start the new mail and DNS servers. Make tests.
12. Configure the old qmail in order to forward all incoming mails to New (better to test this step with a test subdomain first)
    
    1. rename control/virtualdomains to control/virtualdomains_bak and control/smtproutes to control/smtproutes_bak
    2. add to control/smtproutes
       

       echo ":<new-IP-address>" > /var/qmail/control/smtproutes

    3. do not touch control/rcpthosts.
13. Set the new IP in the old DNS (just like 3) and start it. The secondary DNS will be notified of the change in act.
14. Restart the old mail server as well.
15. Increase the serial of each zone of the new DNS. The values must be greater than the one held by the old DNS, so that the secondary DNS could follow the change.
16. Set the new IP in all registrars of your domains, first of all the one which holds the DNS domain that you are migrating.
17. Have a beer. Check the logs all night long.
18. When the migration is complete and you are satisfied, uncomment the lines that serve to notify the secondary DNS on the new primary DNS
19. In the old DNS turn off the notification towards the secondary DNS servers.
20. If you changed the registrar, use the control panel in order to set the reverse DNS as the name of your MTA.

Add a comment

Name

e-mail (optional, it will never be shared)

Your web site

Subject

Comment

Notify me via email when new comments to this page are posted.

All comments Only replies to this thread

Submit