You are hereMoving a Domain Off a Multi-domain Zimbra Server
Moving a Domain Off a Multi-domain Zimbra Server
I had a situation where a Zimbra server was hosting several domains. Some of them were related in such a way that there could be no downtime where any of the domains couldn't send to each other, even during a migration to another server.
One of the domains was going to be hosted by another server. It happened that the domain I'm talking about only used Zimbra for account, pop3 and smtp mail services, so I didn't have to worry about moving mailboxes and mails, but I had to make sure that the emails kept flowing.
So, the new server was set up and ready. All accounts were loaded. Email would go in and out of that server.
We made the big switch of the DNS and outside mail started to flow in. However, I ran into a problem where the mails being sent using the old server would not route after having deactivated the domain on that server. All I'd get is a 550 error telling me that user was not on that server.
So, here's what I did...
First, let me backup a little. Here was the plan:
- The day before, set the TTL on the dns to the lowest possible value (3600 seconds/30 minutes for our DNS server). Do this on the A record(s) and the MX record(s) for the domain.
- The day of the migration, set the domain to CLOSED on the Zimbra server. This will prevent any slow email servers from being able to deliver emails.
- Immediately point the DNS A record to the new IP address of the new Zimbra server where the domain and users had already been setup.
- Make sure none of our local DNS servers, like on the Zimbra server itself, are overriding the DNS A and MX records that are on our hosted DNS.
- Restart our local DNS so that the cache is cleared, then send internal test emails and outbound test emails.
- Wait a few minutes (or up to 30 minutes to match the TTL) and then start testing by sending from external email systems to the domain and the new server.
- Send test emails thru the old server to make sure it doesn't think it still runs that domain.
- Bask in the glory of a job well done.
This was a good plan, and it worked right up to the second to last step when we tried to send emails from the old server. It would only report "550 host mail.myserver.com [192.168.1.99] said: 550 5.1.1 No such user here (in reply to RCPT TO command)"
Now that was disappointing! I tried a lot of different things, even renaming the user ID, but still I got the same error. I had hoped that setting the domain to CLOSED would do it, since the manual says:
"Closed. When a domain status is marked as closed, Login for accounts on the domain is disabled and messages are bounced. The closed status overrides an individual account’s status setting."
I had hoped it would act like it didn't know the domain, but it continued to recognize it and bounce messages for users, not the domain.
Well, I came up with a slightly tricky solution. If you rename the domain, it will act like it doesn't know it. If you keep the domain active, you also have the advantage of being able to pick up any mails that slip in during the transition, then you can get to the accounts and forward them along to the original recipient.
Here's what you do:
- Login to the command line on your zimbra server.
- Switch to the zimbra user: su zimbra
- Issue the command to rename the domain to an unroutable name (there should be no domain records pointing to your new fake domain):
zmprov --ldap rd mydomain.com mydomain-old.com
- Login to your Zimbra admin account and the GUI.
- You may need to hit refresh, but you should see your new "-old" domain.
- Send some mail thru that server and your old domain should route thru to the new server.
- You can now login to the mydomain-old.com accounts on the old server and check for new messages and forward them to the new server. You shouldn't have too many, if you've set your TTLs right.
- Test everything again.
Once things have settled down, you can delete the -old domain and users off your Zimbra server and move on with your new life. I'd wait a day or two, in case your new server collapses on you, you won't have to rebuild your accounts on the old server. Just a thought.
Oh, and don't forget to move your TTL back to 7200 seconds (2 hours) for a more reasonable DNS cache time.
Did this help you? You can help me!
Did you find this information helpful? You can help me back by linking to this page, purchasing from my sponsors, or posting a comment!
+One me on Google:
Follow me on twitter: http://twitter.com/mojocode