Migrating to a new machine

This migration tutorial provides a step-wise approach to safely migrate a chatmail relay from one remote machine to another.

Preliminary notes and assumptions

• If the migration is a planned move, it’s recommended to lower the Time To Live (TTL) of your DNS records to a value such as 300 (5 minutes), at best much earlier than the actual planned migration. This speeds up propagation of DNS changes in the Internet after the migration is complete.

• The migration steps were tested with a Linux laptop; you might need to adjust some of the steps to your local environment.

• Your mail_domain is mail.example.org.

• All remote machines run Debian 12.

• The old site’s IP version 4 address is $OLD_IP4.

• The new site’s IP addresses are $NEW_IP4 and $NEW_IPV6.

The six steps to migrate

Note that during some of the following steps you might get a warning about changed SSH Host keys; in this case, just run ssh-keygen -R "mail.example.org" as recommended.

1. Initially transfer mailboxes from old to new site.

   Login to old site, forwarding your ssh-agent with ssh -A to allow using ssh to directly copy files from old to new site.

   ssh -A root@$OLD_IP4
   tar c /home/vmail/mail | ssh root@$NEW_IP4 "tar x -C /"
   

2. Pre-configure the new site but keep it inactive until step 6

   CMDEPLOY_STAGES=install,configure cmdeploy run --ssh-host $NEW_IP4
   

3. It’s getting serious: disable mail services on the old site. Users will not be able to send or receive messages until all steps are completed. Other relays and mail servers will retry delivering messages from time to time, so nothing is lost for users.

   cmdeploy run --disable-mail --ssh-host $OLD_IP4
   

4. Final synchronization of TLS/DKIM secrets, mail queues and mailboxes. Again we use ssh-agent forwarding (-A) to allow transfering all important data directly from the old to the new site.

   ssh -A root@$OLD_IP4
   tar c /var/lib/acme /etc/dkimkeys /var/spool/postfix | ssh root@$NEW_IP4 "tar x -C /"
   rsync -azH /home/vmail/mail root@$NEW_IP4:/home/vmail/
   

   Login to the new site and ensure file ownerships are correctly set:

   ssh root@$NEW_IP4
   chown root: -R /var/lib/acme
   chown opendkim: -R /etc/dkimkeys
   chown vmail: -R /home/vmail/mail
   

5. Update the DNS entries to point to the new site. You only need to change the A and AAAA records, for example:

   mail.example.org.    IN A    $NEW_IP4
   mail.example.org.    IN AAAA $NEW_IP6
   

6. Activate chatmail relay on new site.

   CMDEPLOY_STAGES=activate cmdeploy run --ssh-host $NEW_IP4
   

   Voilà! Users will be able to use the relay as soon as the DNS changes have propagated. If you have lowered the Time-to-Live for DNS records in step 1, better use a higher value again (between 14400 and 86400 seconds) once you are sure everything works.