I am going to explain here my migration, with normal migration steps, ssh port setup and certificates setup. After that I will explain some configuration that I need on my particular situation.
And, well, the result of all of this is that I can receive external emails in the first minutes or so and then I cannot longer receive emails.
Senders get this error:
So, please help me solving this error. I am ready to offer you any configuration or command output that you want.
554 554 <firstname.lastname@example.org>: Relay access denied (state 14).
Hopefully this step-by-step 32bit to 64bit migration will be useful for someone.
I - MIGRATION
My migration is based on this document: Network Edition: Moving from 32-bit to 64-bit Server - Zimbra :: Wiki
(I tried other four howtos on blogs and forums and none of them worked for me).
Source pc I have a 6.04 32-bit Debian 5 Zimbra installation.
Destination pc is going to be 6.04 64-bit Debian 5 Zimbra installation.
1) I have made the ldap dump (/opt/zimbra/libexec/zmslapcat /backup) which it is found in the destination pc at /tmp/ldap.bak.
2) zmcontrol stop as zimbra user
3) Backup /opt/zimbra
I have done a tar.gz of the /opt/zimbra directory contents in the source pc.
This tar.gz from the source pc has been untarred in /tmp/zimbra in the destination pc.
tar czf /tmp/zimbra_migration.tar.gz zimbra
4) ZCSLicense.xml copy - Skipped.
tar xzf /home/user/zimbra_migration.tar.gz
5) I install 6.04 64 bit Debian 5 in destination pc with the same passwords, packages, spam and ham training accounts and settings than in the source pc.
tar xzf zcs-6.0.4_GA_2038.DEBIAN5_64.20091214195434.tgz
6) I stop ZCS services in the destination pc.
7) At destination pc I am going to restore ldap data.
7.1) Delete hdb data.
7.2) Ldap with replicas (Skipped).
rm -rf /opt/zimbra/data/ldap/hdb/*
7.4) Ldap with replicas (Skipped).
mkdir -p /opt/zimbra/data/ldap/hdb/db /opt/zimbra/data/ldap/hdb/logs
cp /tmp/zimbra/data/ldap/hdb/db/DB_CONFIG /opt/zimbra/data/ldap/hdb/db/DB_CONFIG
(As root user and come back as zimbra user)
chown -R zimbra:zimbra /opt/zimbra/data/ldap
/opt/zimbra/openldap/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -cv -l /tmp/ldap.bak
and I update all the passwords to match localconfig.xml from the old installation.
10) Copy store and index directories.
rm -rf /opt/zimbra/db/data/*
cp -r /tmp/zimbra/db/data/* /opt/zimbra/db/data/
11) Commercial certificates copy. Skipped.
cp -r /tmp/zimbra/store/* /opt/zimbra/store/
cp -r /tmp/zimbra/index/* /opt/zimbra/index/
13) (As root)
rm -rf /opt/zimbra/redolog/*
14) Start ZCS
15) Backup. Skipped.
16) Firewall. Skipped.
II- Minimal caveats fix
After starting ZCS I get a: zmmailboxdctl is not running when running zmcontrol status.
1) Let's solve any ssh port (mine is not standard 22) problem.
zmprov -l ms fake.domain.com zimbraRemoteManagementPort 2425
And run as root:
2) Let's solve certificate problem. Remember that I have skipped the certificate migration step. (Run commands as root)
Now we can do:
mv /opt/zimbra/mailboxd/etc/keystore \
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr createcrt -new
/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/java/bin/keytool -import -alias root \
-keystore /opt/zimbra/java/jre/lib/security/cacerts \
-storepass changeit -file /opt/zimbra/conf/ca/ca.pem
III - Some needed setup (for my particular situation)
* General setup. MTA. Network. Retransmission MTA for external delivery. (I remove it).
* General setup. MTA. Network. MTA server names in Internet: (I remove it).
* General setup. MTA. Network. Internal SMTP hostname: I remove it.
* General setup. MTA. Network. Protocol checks. I uncheck every one of them because I want to receive every mail.
* General setup. MTA. Authentication. I uncheck Only TLS authentication (I have learnt that if it is checked I cannot receive any external emails, please correct me if I am worng).
* Servers. fake.domain.com. MTA. Network. MTA server names in Internet: (I remove it).
* Servers. fake.domain.com. MTA. MTATrustNetworks. I edit it so that the new external ip is set as trust. 220.127.116.11/32.
* Domains. domain.com . Virtual servers. Update with the new virtual server.
IV - Zimbra restart
(As zimbra user)