Moving To New Server, New Setup

[smpoole7]

I've read the FAQs, I've seen other posts, and I think I'm ready, but I wanted to run this past others who might have done this.

We're moving our Scalix server from one city to another. The current setup is Scalix 11.4.1 under OpenSUSE 10.2. We have a Barracuda Spam firewall on a separate IP address.

We want to migrate the databases to a new machine in a new city with Scalix 11.4.2 under OpenSUSE 11. We've already built the system and have tested it on our internal network; it works fine. We can log in, create and receive messages via email client and Webmail, SAC works, etc. Looks great.

Here are the catches and this is where I'd love to hear from someone who has done something similar.

1. New IP Address (singular). We're in a new city. I'm going to put the Barracuda and Scalix on the same IP.

2. Slightly new version of Scalix. It's my understanding that the databases are the same, but I wanted to be sure.

I'm thinking we can just take the current database and copy it to the new machine and we're ready to go.

Suggestions? Caveats? Any ideas would be deeply, deeply appreciated.

-- Stephen

[Valerion]

Bear in mind that OSS is not intended for production use, so doing this may or may not be straightforward.

1) Change the current server's IP address, using the instructions in the wiki, and test it works in the new network
2) Install Scalix on the new server, with an empty mailstore
3) Migrate the mailstore over
4) Use ompatchom to upgrade the mailstore

MAKE BACKUPS, in case something goes wrong. But this would be how I would attack the problem at first, then I would see if there's any issues and solve them as they arise.

[smpoole7]

As far using OSS goes, I'm all for buying support. I also believe in supporting F/OSS software. However, I will say this in the specific case of Scalix and OpenSuse: We've been running it for almost 2 years without a problem. Works like a champ.

The only issue I see remaining is combining the Barracuda and Scalix servers on the same public IP address. We're currently using two separate public IP addresses for the two.

I fully intend to post my observations from the experience here, to benefit someone else who might need to do this in the future.

-- Stephen

[smpoole7]

To reiterate, this was not a mere, "I have a new machine and need to move Scalix to it." We were moving from one city to another, from two public IP addresses to a single one. We were also forced to move up to the next version of Scalix and OpenSUSE.

The "How To" for changing the IP was helpful, but left out a couple of VERY important steps for us. We discovered that SAC didn't work; we grep'd around for quite some time, looking for the old IP address; we found it in

/var/opt/scalix/XX/caa/scalix.res/config/ubermanager.properties

If the line "ubermanager.notification.listener.address" has been hardwired with an IP address instead of a host name, you'll have to change it.

Also, if you have a Spam firewall in front of Scalix (such as our Barracuda) and want it to relay checked mail into Scalix, you may need to change the IP or hostname info in

/var/opt/scalix/XX/s/sys/smptd.cfg

As for the upgrade, moving from Opensuse 10.2/Scalix 11.4.1 to Opensuse 11/Scalix 11.4.2 just didn't work. We kept getting strange errors and scalix-postres just wouldn't start. It complained about permissions, when they were absolutely, double-checked OK. omcheck -s -d was used several times and the scripts executed. We manually went through and examined each folder for the correct permissions, comparing it to the original known-good server machine.

From searching the forums here, it appears that the gotcha there might be that the UID values for Scalix and Postgres must be the same if you expect to just copy a mailstore from an old machine onto a new one. We're going to do the install again in the future. For now, I've got the old server machine working with the new IP addresses.

The fun continues ... right now, I'm having a ball getting Outlook to communicate with the Server. All other mail clients are fine; Outlook can fetch, but can't send mail through Scalix (Outlook says that it gets a "spamlist/blocked" or "server refused connection" error).

[korstad]

I had the same issues with sac in my migration. Good post, need to add this step to the wiki.

Thanks

[smpoole7]

Any ideas on what might be causing some outlook users to be unable to send or receive? My boss can send, but not receive. The error he gets is "no response from the server."

Thunderbird under SUSE works fine on my computer. Outlook Express under Windows XP works fine on my computer. Further, his Outlook access was working just fine before we moved the server, put Barracuda in line with the SMTP and SMTPs ports and (of course) changed all of the IPs. After the move, he could no longer receive mail.

It's not a Barracuda issue, because I temporarily removed it just to rule that out. LDAP mapping between Barracuda and Scalix are fine. Again, I can send and receive fine. This one has me stumped.

I'm going to go through the logs to see if I can get an idea.

[smpoole7]

One additional piece of info: I'm anything but an Outlook expert. (I'm a 'nix lover nowadays.)

We have a single public IP address, all the DNS is correctly mapping outside access into my router. The router is NAT'ing everything to Scalix and Barracuda. Here are the NAT assignments:

HTTPS to Barracuda (required)
SMTP and SMTPs to Barracuda (which then relays OK'd mail to Scalix)
POP, POPs, IMAP and IMAPs directly to Scalix
HTTP (standard port 80) to Scalix

Is there another port I might need to send into Scalix? From my understanding, that ought to do it.

[Valerion]

For Outlook you also need the UAL ports, 5729 (unencrypted) and/or 5767 (encrypted). By default 5767 is not set up on the server, you will have to create a stunnel configuration for it, though the client tries both.

If you use a IMAP/POP3 profile, then of course the above is not needed.

[smpoole7]

Is it 5757 or 5767? The Documentation that I have says 5757. That may be the problem.

Thanks!

[smpoole7]

OK, here's what I found. I'm anything but an Outlook expert, so take this with a grain of salt.

SOME versions of Outlook (not all) will apparently query the server for supported services. (I confirmed this with a Wireshark capture of the packet exchange.) If they find them, they assume that they can connect that way. If they don't, they default to the standard POP/SMTP ports. From a careful examination of the logs, we were getting timeouts. While Outlook waited for a response, the server would eventually drop the connection.

By opening ONLY the ports for HTTP, HTTPS, POP, IMAP and SMTP, we solved our problem. But before we did this, some Outlook clients could send but not receive; others were vice-versa -- they could receive but not send! Needless to say, it was baffling.

Note: none of our clients need the connector features; they're used as straight-up email clients only. Those of you with clients who DO need the full-blown Exchange-type stuff will no doubt need to enable that in Scalix and open the appropriate ports.

At any rate, Outlook is working now ...