Skip to content

Mail server migration checklist

Checklist for the Mail sever migration

  • Lower TTL for mail.archlinux.org and mx.archlinux.org
  • Lower TTL for PTR records for mail.archlinux.org and mx.archlinux.org
  • Enable SSH agent forwarding on the new machine, for the file transfers from orion
  • Copy existing TLS cert from orion for mail.archlinux.org and place it on the new machine
  • Copy entries from /etc/passwd and /etc/shadow for the users that are getting migrated
  • Copy /etc/postfix/ over and diff them.
  • Copy any .forward files and sieve configuration from the user's home directories (run pwck)
  • Stop dovecot and pop server on orion
  • Copy dovecot files from the home directories.
  • Use rsync -aAX to sync mail queue from orion to the new server
  • Fix permissions on the queue
  • Change DNS records to point to the new machine
  • Configure a new DKIM DNS record for mail.archlinux.org
  • Make sure reverse dns is set
  • Monitor things for a while to make sure everything works fine
  • Run full playbook to revert SSH agent forwarding changes and make sure everything is working
  • Make sure normal arch users can login again (remove AllowUsers on orion and mail)

Post migration steps:

  • Validate borg backups are running and data is being saved on vostok
  • Create a new cert for mail.archlinux.org
  • Raise TTL back to the default for mail.archlinux.org and mx.archlinux.org

Rollback steps (if needed):

  • Sync queue to orion, if needed
  • Change DNS back to point to orion

All our services should relay mail via the main mail server. We need to check their configs. Services (probably) using Mail:

  • Forum
  • Wiki
  • Archweb
  • AUR
  • keycloak
  • gitlab
  • prometheus
  • flyspray
  • fail2ban
  • grafana
  • matrix
  • mailman
Edited by Jelle van der Waa
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information