1. Introduction
Zimbra project doesn’t have a cross migration or proper account
transfer documentation. All they tell is to do copy the folder
/opt/zimbra to your new servers. But if any of those files infected with
a rootkit or other malicious scripts , then your new server also will
be compromised. So never sync or copy the entire directory of your
zimbra installation. Zimbra also tell you to upgrade your production
server to the latest version before migration. But improper upgrade may
result in entire data lose. With this procedure you can do:
- Migrate zimbra from one Operating System To another.
- Migrate zimbra account between any hardware and Operating systems configurations.
- No interruption on production server like software upgrade or service disable.
- Migrate zimbra from old version to a new version server
- Zimbra cross migrations without copying entire directories.
2. Requirement
You need an old server with zmibra account and a new fresh server
with the Os you wish. Dont’ create or make any custom configuration or
setting in you new server. Please make sure to set your new servers
hostname same as the old one.
- Old server
- Need ssh root login
- Need zimbra admin logins
- Enough HDD space to store backups
- New server
- Must be installed with latest stable zimbra
- Need ssh root logins
- Need zimbra admin logins
- Enough HDD space to store backups
3. Presetup
You need to setup an ssh key from the new server’s root account to the old server’s root account.
Reduce the TTL of MX records of your domain to 500 seconds . So that you
can easily switch the domain’s IP after migration. Please remember to
schedule the migration task on non peek hours.
Create a directory in both new and old server into which we store all required files and data for doing the migration
[root@zimbra ~]# mkdir /backups/zmigrate
[root@zimbra ~]# chown zimbra.zimbra /backups/zmigrate
[root@zimbra ~]# su - zimbra
All operation in your Zimbra server must be performed as Zimbra user
itself, otherwise you will get permission and ownership issues in your
zimbra server
4. Backup all data from Old server
We are going to copy all data from old server without interrupting the services.
4.1 Find all domains
You need to find all the domains from your old server. We will store
the domain list in a file called domains.txt. You need to back all the
domains list as follows,
zimbra@zimbra:~$ cd /backups/zmigrate
zimbra@zimbra:/backups/zmigrate$ zmprov gad > domains.txt
zimbra@zimbra:/backups/zmigrate$ cat domains.txt
fun.com
myserver.com
justfortest.com
checkit.com
dieanotherday.com
gnutest.com
foo.com
zimbra.foo.com
zimbra@zimbra:/backups/zmigrate$
Now remove all domains and subdomains related with the main hostname
of your server foo.com , from this list (domains.txt) because it was
already created in your new server. So there is no need to create a new
domain with the same name.
4.2 Find all admin accounts
Most of these servers will have only one admin. But some servers have
multiple admins. So it will be good to find all admin accounts. We will
store the admins list in admins.txt
zimbra@zimbra:/backups/zmigrate$ zmprov gaaa > admins.txt
zimbra@zimbra:/backups/zmigrate$ cat admins.txt
admin@foo.com
zimbra@zimbra:/backups/zmigrate
4.3 Find all email accounts
Next step is to find all the email accounts hosted in your old
server. Get a list of your email accounts and save in the file
emails.txt . So from this file we can see how many accounts that need to
migrate.
zimbra@zimbra:/backups/zmigrate$ zmprov -l gaa >emails.txt
zimbra@zimbra:/backups/zmigrate$ cat emails.txt
gm@fun.com
forest@fun.com
galsync@fun.com
fax@myserver.com
paul@myserver.com
angela@myserver.com
brooke@myserver.com
hnmobile1@myserver.com
maria@justfortest.com
samantha@justfortest.com
backupmail@justfortest.com
admin@checkit.com
sandra@checkit.com
zimbra@zimbra:/backups/zmigrate$
Please remove all the email accounts from the file
/backups/zmigrate/emails.txt with a starting words like spam, virus,
ham, galsync . There is no need to restore these accounts. Even if you
still need to restore , you can do it. I don’t like spam and virus
emails.
If you want to list all email accounts and their status, run this command as zimbra:
zmaccts
It is good to view the output to get some information about the status of the accounts so that I can exclude irrelevant accounts such as closed ones.
4.4 Get all distribution lists
You need to get all the distributions list and store it in a file called distributinlist.txt.
zimbra@zimbra:~$ zmprov gadl > /backups/zmigrate/distributinlist.txt
zimbra@zimbra:~$ cat /backups/zmigrate/distributinlist.txt
budgetrtodomainusers@fun.com
healthnowdomainusers@myserver.com
checkit.comdomainusers@checkit.com
northpointessdomainusers@dieanotherday.com
parkatnorthhillsdomainusers@gnutest.com
zimbra@zimbra:~$
4.5 Get all members in distribution lists
In this step we are going to collect all members in each of these
distributions. We will create a folder called distributinlist_members
and create a file under this folder named distributinlist.txt , then
store all the distributions members.
zimbra@zimbra:~$ mkdir /backups/zmigrate/distributinlist_members
zimbra@zimbra:~$ for i in `cat /backups/zmigrate/distributinlist.txt`; do zmprov gdlm $i > /backups/zmigrate/distributinlist_members/$i.txt ;echo "$i"; done
budgetrtodomainusers@fun.com
healthnowdomainusers@myserver.com
checkit.comdomainusers@checkit.com
4.6 Find all email account’s passwords
Now need to find the encrypted password of all of your old email
accounts and store it under a folder named userpass/ as follows:
zimbra@zimbra:/backups/zmigrate$ mkdir userpass
zimbra@zimbra:/backups/zmigrate$ for i in `cat emails.txt`; do zmprov -l ga $i userPassword | grep userPassword: | awk '{ print $2}' > userpass/$i.shadow; done
4.7 Backup all user names , Display names and Given Names
Zimbra will accept a Names and Disaplay names in email accounts
during account creation. So we need to restore those data too. We will
create a directory called userdata/ which contains these details of each
of those email accounts
zimbra@zimbra:/backups/zmigrate$ mkdir userdata
zimbra@zimbra:/backups/zmigrate$ for i in `cat emails.txt`; do zmprov ga $i | grep -i Name: > userdata/$i.txt ; done
4.8 Now backup all email account
This will take some time to take backup of all email accounts. So you
can run this command behind “screen”. A tgz file will be created with
each emails name. We will use this files to transfer email accounts.
zimbra@zimbra:/backups/zmigrate$ for email in `cat /backups/zmigrate/emails.txt`; do zmmailbox -z -m $email getRestURL '/?fmt=tgz' > $email.tgz ; echo $email ; done
gm@fun.com
forest@fun.com
galsync@fun.com
fax@myserver.com
fax2@myserver.com
paul@myserver.com
This tgz files contains
- Mail
- Contacts
- Calendars
- Briefcase
- Tasks
- Searches
- Tags
- Folders
All subfolders are included, except Junk and Trash. There is no way
to include these in the big dump, but they can be exported separately:
4.9 Now backup alias
Some times your server may have email aliases for certain accounts.
So you need to copy those aliases too. We will create a sub folder
called alias/ for storing the backup of Alias.
zimbra@zimbra:/backups/zmigrate$ mkdir -p alias/
zimbra@zimbra:/backups/zmigrate$ for i in `cat emails.txt`; do zmprov ga $i | grep zimbraMailAlias |awk '{print $2}' > alias/$i.txt ;echo $i ;done
gm@fun.com
forest@fun.com
Some of your email accounts don’t have alias. So the above created
files may be an empty file. Remove those empty files as follows,’\
zimbra@zimbra:/backups/zmigrate$ find alias/ -type f -empty | xargs -n1 rm -v
4.10 Rsync folder to new server
Now we have all the required data to do the migration process. As a summery :
- /backups/zmigrate – Have all the backups stored
- /backups/zmigrate/domains.txt – Contains the domains names
- /backups/zmigrate/emails.txt – Contains the list of email accounts
- /backups/zmigrate/distributinlist.txt – Contains the distribution lists
- /backups/zmigrate/distributinlist_members – Contains the members in each of your distributions
- /backups/zmigrate/userpass – Contains the encrypted password of your email accounts
- /backups/zmigrate/userdata – containts the email accounts user informations
- /backups/zmigrate/alias – Contains all the aliases of your email accounts
Also the parent folder /backups/zmigrate contains a lot of zip file which are the data inside emails.
Now rsync the files as follows,
root@newserver # rsync -avp -e 'ssh -p 22' root@old-server-ip:/backups/zmigrate /backups/
5. Restore in new server
So after finishing the rsync process , we need to restore this in your new server as follows:
All this operations must be carried out as zimbra sudo user itself. Don’t use root account to store the backups
[root@zimbra ~]# su - zimbra
[zimbra@zimbra]$
5.1 Restore all domains
Now create all the domains that we have from the file /backups/zmigrate/domains.txt
[zimbra@zimbra zmigrate]$ for i in `cat /backups/zmigrate/domains.txt `; do zmprov cd $i zimbraAuthMech zimbra ;echo $i ;done
2c86f244-de9d-4b7c-8e22-2246a8256219
myserver.com
dbf75058-d85e-4d60-8b69-1f148a456eb6
justfortest.com
ee90ffa2-505d-449f-82fd-129acb21cb5e
checkit.com
8b6bf287-f61e-4930-ada0-96b817292556
dieanotherday.com
17d3c73c-14f7-43aa-9fd2-c9be9e29c9e5
You can also verify the domains created from the zimbra admin panel too
5.2 Create email accounts and set the old password
We need to create the email accounts for storing the mails. We also
need to set the old passwords too. We already collected the account info
and passwords.
To Create email accounts and restore passwords . Please use the following script to create it
#!/bin/bash
#Scrit for creating the email accounts createacct.sh
USERPASS="/backups/zmigrate/userpass"
USERDDATA="/backups/zmigrate/userdata"
USERS="/backups/zmigrate/emails.txt"
for i in `cat $USERS`
do
givenName=$(grep givenName: $USERDDATA/$i.txt | cut -d ":" -f2)
displayName=$(grep displayName: $USERDDATA/$i.txt | cut -d ":" -f2)
shadowpass=$(cat $USERPASS/$i.shadow)
tmpPass="CHANGEme"
zmprov ca $i CHANGEme cn "$givenName" displayName "$displayName" givenName "$givenName"
zmprov ma $i userPassword "$shadowpass"
done
5.3 Restore email accounts
Now we are going to restore the emails from the Zip file. This
process may take some hours. So it will be good to run behind “screen”
command.
[zimbra@zimbra zmigrate]$ for i in `cat /backups/zmigrate/emails.txt`; do zmmailbox -z -m $i postRestURL "/?fmt=tgz&resolve=skip" /backups/zmigrate/$i.tgz ; ; echo "$i -- finished "; done
gm@fun.com -- finished
forest@fun.com -- finished
5.4 Now recreate the distribution lists
It is time to recreate all the distribution lists as follows.
[zimbra@zimbra zmigrate]$ for i in `cat distributinlist.txt`; do zmprov cdl $i ; echo "$i -- done " ; done
2a852fd8-6e66-426e-a76d-15192536042a
budgetrtodomainusers@fun.com -- done
a0f6ddb3-8525-4194-9397-6cf0a920dda6
5.5 Restore the distribution lists
After creating the distribution lists we need to add all the members
inside the distribution lists. We have the distribution lists in the
folder distributinlist_members/ and the list is in distributionlist.txt
file. Please use the following small script to restore the distribution
lists.
[zimbra@zimbra zmigrate]$ cat restoredist.sh
#!/bin/bash
# add all memebers to each of these distribution lists
for i in `cat distributinlist.txt`
do
for j in `grep -v '#' distributinlist_members/$i.txt |grep '@'`
do
zmprov adlm $i $j
echo " $j member has been added to list $i"
done
done
5.6 Restore Alias accounts
Please use the following script to restore alias. This will add all the aliases in your email accounts.
#!/bin/bash
for i in `cat /backups/zmigrate/emails.txt`
do
if [ -f "alias/$i.txt" ]; then
for j in `grep '@' /backups/zmigrate/alias/$i.txt`
do
zmprov aaa $i $j
echo "$i HAS ALIAS $j --- Restored"
done
fi
done
6. Conclusion
So now we migrated all our email accounts. It is time for DNS change.
You need to shut down the old zimbra services and change the DNS. After
that send some test emails and make sure everything is working fine.
Next step is to secure your zimbra server. You need to install ssl
certificates and firewall in your new zimbra server. Now you have a new
server with new packages and files with the same old email accounts and
its data.
Credits go to : Sherin and Syslint (
Web)
7. References
https://wiki.zimbra.com/wiki/Zmprov_Examples
https://wiki.zimbra.com/wiki/Zmprov
https://wiki.zimbra.com/wiki/Backing_up_and_restoring_Zimbra_%28Open_Source_Version%29
'https://xmission.com/blog/2015/04/30/zimbra-server-admin-tip-mailbox-password-migration-and-server-settings-comparison'
http://stdout.no/zimbra-open-source-backup-strategy-and-scripts/