Migrate e-mail accounts from courier-imap, postfixadmin to zimbra without having user passwords
First, we needed to pull the account names and passwords from postfixadmin over to the new Zimbra system. Below is a link demonstrating a php script that did the job well, querying the encrypted passwords from the MySQL backup into a file. You can also modify it to retrieve aliases and subscribers from MySQL.
Using the exported.sh file, which runs zmprov, it created the users on Zimbra and was able to set their passwords. You may want to grep out all the lines with ‘zmprov ma username’ into another file, called reset_passwords.sh, to use for resetting account passwords later. (Add ‘#!/bin/bash’ on the top line to make it a script, do a ‘chmod +x reset_passwords.sh’ to make it executable.)
At this point, we want to change the account passwords to be all the same for the time it takes to do the imapsync migration. Add the password to the ‘zimpassfile2’ file as specified in the imapsync command.
Migrating e-mail using imapsync was complicated when trying to use the ‘–auth-user’ postfixadmin ‘super-user’ option, so we decided instead to create a new e-mail account via postfixadmin, called migrate1, set a password, and then manually change the symlink for the mail folder in this way:
ln -s /firstname.lastname@example.org
Then running imapsync worked:
/usr/bin/imapsync --buffersize 8192000 --nosyncacls \
--subscribe --syncinternaldates --host1 postfixserver.domain.com \
--user1 migrate1 --passfile1 zimpassfile1 --host2 \
zimbraserver.domain.com --user2 email@example.com \
--passfile2 zimpassfile2 --noauthmd5
Then delete the symlink for migrate1 and recreate it for the next user, so you can run imapsync again:
ln -s /firstname.lastname@example.org
Migrate all accounts at once under the migrate1 account
We were able pull all user accounts over by logging into Squirrelmail as the migrate1 account.
Create symlinks to each user’s mail subfolder under migrate1’s folder:
ln -s /email@example.com
and then Subscribe to each user’s .folder in Squirrelmail’s Folder menu.
With the user accounts now available as the migrate1 user, imapsync was able to use this syntax to pull each folder to the appropriate user’s inbox:
/usr/bin/imapsync --buffersize 8192000 --nosyncacls
--subscribe --syncinternaldates --host1 postfixserver.domain.com
--user1 firstname.lastname@example.org --passfile1 zimpassfile1 --host2
zimbraserver.domain.com --user2 email@example.com
--passfile2 zimpassfile2 --folderrec INBOX.firstname.lastname@example.org
--regextrans2 's/(.*)/INBOX/' --noauthmd5
Here is a script that will imapsync all user accounts:
# imapsyncrun.sh. Script to migrate imap mailboxes as user migrate1
echo "IMAPSync starting.. $DATE" >> $LOGFILE
# Begin 'for' loop, calling the list of user names already collected
for ACCTNAME in `cat /home/zimbra/userlist`
# Reset the zimbra password temporarily:
zmprov setPassword $ACCTNAME xxxxxxx
# Then migrate:
/usr/bin/imapsync --buffersize 8192000 --nosyncacls --subscribe \
--syncinternaldates --host1 postfixserver.domain.com --user1 \
email@example.com --passfile1 zimpassfile1 --host2 \
zimbra.domain.com --user2 $ACCTNAME --passfile2 zimpassfile2 \
--folderrec INBOX.$ACCTNAME --regextrans2 's/(.*)/INBOX/' \
echo Done with $ACCTNAME on $DATE >> $LOGFILE
# Change the password back to the encrypted one on file. Run as zimbra user
echo "" >> $LOGFILE
echo "IMAPSync Finished.. $DATE" >> $LOGFILE
echo "------------------------------------" >> $LOGFILE
After all the accounts have synced, the reset_passwords.sh script that contains the ‘zmprov ma’ commands will reset all user passwords to the same ones which they had on the old mail server.
For performance, as recommended we ran two imapsync processes concurrently on different servers to reduce the time for migration. We configured accounts migration1 and migration2 on the old mail server so we could point to two different mail folders at one time under /usr/local/virtual. Initial sync of about 100 GB took the better part of a week, running manually, but the final differential sync only took about 1.5 hours. Not too bad for unavailable time during the migration, I’d say.