Checklist for the Mail sever migration - [x] Lower TTL for mail.archlinux.org and mx.archlinux.org - [x] Lower TTL for PTR records for mail.archlinux.org and mx.archlinux.org - [x] Enable SSH agent forwarding on the new machine, for the file transfers from orion - [x] Copy existing TLS cert from orion for mail.archlinux.org and place it on the new machine - [x] Copy entries from /etc/passwd and /etc/shadow for the users that are getting migrated - [x] Copy /etc/postfix/ over and diff them. - [x] Copy any .forward files and sieve configuration from the user's home directories (run pwck) - [x] Stop dovecot and pop server on orion - [x] Copy dovecot files from the home directories. - [x] Use rsync -aAX to sync mail queue from orion to the new server - [x] Fix permissions on the queue - [x] Change DNS records to point to the new machine - [x] Configure a new DKIM DNS record for mail.archlinux.org - [x] Make sure reverse dns is set - [x] Monitor things for a while to make sure everything works fine - [x] Run full playbook to revert SSH agent forwarding changes and make sure everything is working - [x] Make sure normal arch users can login again (remove AllowUsers on orion and mail) Post migration steps: - [x] Validate borg backups are running and data is being saved on vostok - [x] Create a new cert for mail.archlinux.org - [ ] Raise TTL back to the default for mail.archlinux.org and mx.archlinux.org Rollback steps (if needed): - [ ] Sync queue to orion, if needed - [ ] Change DNS back to point to orion All our services should relay mail via the main mail server. We need to check their configs. Services (probably) using Mail: - [x] Forum - [x] Wiki - [x] Archweb - [x] AUR - [x] keycloak - [x] gitlab - [x] prometheus - [x] flyspray - [x] fail2ban - [x] grafana - [x] matrix - [x] mailman