Mail-In-a-Box migration to ubuntu 22.04 box

Gerrit

I have never written about this before, but since july 2021 i migrated my veryveryvery old Zarafa 7.x mailserver on a ubuntu 14.04 server to something new.

The most important things in my search for a good solution to maintain my own mail on my own server where the following points: It should be easy to maintain/upgrade, and it should have ActiveSync support (by eg Z-push).

Those days i bumped into MaiB, which gave me all that i needed.   So after having much trouble to transport all the old mail from zarafa to MIAB with IMAP (i ended up with the mbsync tool), i have used MiaB with a lot of pleasure, even extending nextcloud with the notes plugin. 🙂

I also made the deal with myself to take care for earlier updates, because it was really hard to migrate in 2021 from a 14.04 server to someting new…

So here it is, MiaB for Ubuntu 22.04 is released, lets go!

This migration is based on the instructions found here: https://mailinabox.email/maintenance.html#upgrade

Get new machine ready.

First i had to install a brand new virtual machine, I chose for 4Gb memory, 2 cpu’s and a 40Gb harddisk. Big enough for me. 🙂

After setup i removed cloud-init, and update the machine completely.

Then i ran:
account@newserver:~$ curl -s https://mailinabox.email/setup.sh | sudo -E bash
[sudo] password for servacc:
Downloading Mail-in-a-Box v60.1. . .

Installing packages needed for setup...

E: The repository 'file:/cdrom jammy Release' no longer has a Release file….
Hmm stupid! solution: -> resolved by: sudo nano /etc/apt/sources.list, removing cdrom.  then again:

curl -s https://mailinabox.email/setup.sh | sudo -E bash

===> Filled in: adminname@doornenbal.org, Primary Hostname: mail.doornenbal.org

Public IP Address: 213.134.233.xxx
Public IPv6 Address: 2001:9e0::c201:a00:27ff:feb9:7941
Private IP Address: 192.168.xxx.xxx
Mail-in-a-Box Version: v60.1
Updating system packages...
Installing system packages...
Current default time zone: 'Europe/Amsterdam'
Installing lot of packages... etc etc etc... then after a while......
-----------------------------------------------
Your Mail-in-a-Box is running.

Then i needed to login the the box en create a restore directory to put the backup from the old machine in:

account@newserver:~$ mkdir restore

Get the Old Machine backup.

I used the guide which is found here: https://mailinabox.email/maintenance.html#moving-boxes

First: disable connected from the outside world by resetting the firewall to defaults. Before i did that, i wanted to know how i could undo that in caes the migration failed and i had to go back to my Old machine:

## To restore-ufw-configuration when needed.. (found at https://askubuntu.com/questions/1434622/backup-and-restore-ufw-configuration)
sudo mv /etc/ufw/after6.rules{.*,}
sudo mv /etc/ufw/after.rules{.*,}
sudo mv /etc/ufw/before6.rules{.*,}
sudo mv /etc/ufw/before.rules{.*,}
sudo mv /etc/ufw/user6.rules{.*,}
sudo mv /etc/ufw/user.rules{.*,}

So, after i knew that and also tested that, (it works!) i continued:

sudo ufw reset
sudo ufw allow 22 # enable SSH access so you don't lock yourself out
sudo ufw enable

After this, i lost my ssh connection, that scared the hell out of me, because is was in a remote locatie, using a VPN…  But luckily i could just create a new SSH connection.  Time to create the last backup in de Old Machine:

cd mailinabox
sudo management/backup.py

After that, i had to copy the secret key and the backup to the New Machine in the just created restore directory:

scp /home/user-data/backup/secret_key.txt account@<newserver>:secret_key.txt
cd /home/user-data/backup/encrypted
scp *.* account@newserver:~/restore

Restore backup on de New Machine

Let’s continue on de New machine, and process the actual restore:

cd ~/
sudo rm -rf /home/user-data/ssl/*
export PASSPHRASE=$(cat secret_key.txt)
sudo -E duplicity restore --force file:///home/account/restore /home/user-data

After this, you need to reconfigure this box. I forgot that at first, and some stuff worked well, but for example nextcloud update went completely wrong, in the reconfiguration script are some updates done on the data. so IMPORTANT:

sudo mailinabox

After this, the box should be working now..  But i had to change some stuff afterwards:

Some non standard settings.

  • I had to change my IPv6 address in my DNS, as i am NOT using the MiaB internal DNS, but the DNS from my provider. 
  • I had to redirect my inbound ports from the old to the new server.
  • Also, the https interface from my MiaB instance is behind a apache reverse proxy. So i had to change the reverse proxy because of the new internal IP address.
  • Another not standard option is that i use Dehydrated to maintain my LetsEncrypt certificates, also for some other web instances.
    So if my cert is updated, i do a automated copy from the new certs to my MiaB server.

Certificates:

From my dehydrated certificate server i copy two cert files (fullchain.pem and privkey.pem) to the /home/user-data/ssl folder.  Miab is using the certificate names ssl_certificate.pem and ssl_private_key.pem, and links the to the most current certificates.  So what i had to do is (re)move these files, en create new links to my certifcates:

mv ssl_certificate.pem ssl_certificate-org.pem
mv ssl_private_key.pem ssl_private_key-org.pem
ln -s /home/user-data/ssl/fullchain.pem ssl_certificate.pem
ln -s /home/user-data/ssl/privkey.pem ssl_private_key.pem

This works. 🙂

Non standard MiaB settings:  I implemented some settings which i did not like @MiaB, not supported, but it works, so i copied them from the old to te new server: (OLD is run at the Old server, NEW is run at the New server.)

Disable GreyListing:

OLD scp /etc/postgrey/whitelist_clients.local servacc@192.168.xxx.xxx:/tmp
NEW sudo cp /tmp/whitelist_clients.local /etc/postgrey/whitelist_clients.local

Spamassasin whitelisted domains:

OLD scp /etc/spamassassin/whitelist.cf servacc@192.168.xxx.xxx:/tmp
NEW sudo cp /tmp/whitelist.cf /etc/spamassassin/

Fetchmail to retrieve a remote mailbox

sudo apt install fetchmail

OLD scp /home/servacc/.fetchmailrc servacc@192.168.xxx.xxx:/tmp
NEW mv /tmp/.fetchmailrc ~/.fetchmailrc

Oops….

And then…. i found out that ActiveSync/Z-push was not working anymore….. Should have read that first…

Now i have very few users, i was actually the only one using it for my agenda and contacts, so i chose to workaround that..  And i found out the following:

  • Autoconfigure IMAP with Windows 11 Mail is NOT working. Choose Advanced Configuration, NOT “Other account POP.IMAP”.
  • Android: Use the recommend apps in the admin panel.
  • Configuring your agenda and contacts with webdav on iOS is default supported!
  • Agenda and Contact in Windows Calendar is also possible, see https://www.ctrl.blog/entry/how-to-win10-webdav-syncengine.html. (Misusing Apple Cloudsetup here.
  • Somehow ActiveSync still works with existing Outlook setup…. ¯\_(ツ)_/¯

Hate to say it: Thank you Apple…