Mail server migration checklist
Checklist for the Mail sever migration
-
Lower TTL for mail.archlinux.org and mx.archlinux.org -
Lower TTL for PTR records for mail.archlinux.org and mx.archlinux.org -
Enable SSH agent forwarding on the new machine, for the file transfers from orion -
Copy existing TLS cert from orion for mail.archlinux.org and place it on the new machine -
Copy entries from /etc/passwd and /etc/shadow for the users that are getting migrated -
Copy /etc/postfix/ over and diff them. -
Copy any .forward files and sieve configuration from the user's home directories (run pwck) -
Stop dovecot and pop server on orion -
Copy dovecot files from the home directories. -
Use rsync -aAX to sync mail queue from orion to the new server -
Fix permissions on the queue -
Change DNS records to point to the new machine -
Configure a new DKIM DNS record for mail.archlinux.org -
Make sure reverse dns is set -
Monitor things for a while to make sure everything works fine -
Run full playbook to revert SSH agent forwarding changes and make sure everything is working -
Make sure normal arch users can login again (remove AllowUsers on orion and mail)
Post migration steps:
-
Validate borg backups are running and data is being saved on vostok -
Create a new cert for mail.archlinux.org -
Raise TTL back to the default for mail.archlinux.org and mx.archlinux.org
Rollback steps (if needed):
-
Sync queue to orion, if needed -
Change DNS back to point to orion
All our services should relay mail via the main mail server. We need to check their configs. Services (probably) using Mail:
-
Forum -
Wiki -
Archweb -
AUR -
keycloak -
gitlab -
prometheus -
flyspray -
fail2ban -
grafana -
matrix -
mailman
Edited by Jelle van der Waa