You said create a directory with that name so is ledeployhook a directory or the file name or both? Who do I chmod it to and what are the permissions?
I don’t follow. GW 7 is running on a VMWare ESX 6…
As long as they both run on different IP addresses, they don’t interfere.
The incoming mail flow can be tested independently, regardeless of using dovecot or cyrus or whatever.
E.g. The normal flow is: Any incoming mail is received by postfix, which in turn deliverss it locally using the imap server (dovecot in this case which should run on the same machine of course). So you can test the whole flow by first creating a mailbox-account on your dovecot and then sending a mail locally to that mailbox (e.g. using mailx or some other cmdline smtp client). The mail should arrive in postfix and then postfix should deliver it to the dovecot mailbox. Finally, you can configure a thunderbird client to log into dovecot and check if the mail has arrived.
If everything works, then you finally create all other existing mailboxes and then change the MX for your (sub)domain to point to your new server.
All path names are directories except the part after the last slash. just like on any dos unix macOS and even NetWare 
So in ths case, /usr/local/libexec is the directory hierarchy and ledeployhook is the filename of the script.
The permisions for directories and file in this case are 0755 (rwx-rx-rx). Owner and group should be
root.root
BTW: The reason why it is not in /usr/local/bin or any existing path iss that it should never be invoked manually by accident, because then the necessary environment variables are missing and it produces a mess (/usr/local/libexec is usually not in the PATH).
OK, that’s all done. Thanks
If I send a mail to me (I’m the only person with a mail account on hermes at the moment.) and send it to my protonmail account. The reply from Protonmail goes to tsgw1, not hermes. All incoming mail goes to tsgw1.
OK, my daughter says that she isn’t expecting anything in the mail, nor are any of the other users.
Should I put the Hermes to Priority 0 and tsgw1 to 10. Will that be OK for testing?
For testing yes. The priority is for failback. If the server with priority 0 is not accessible then it will try the next one and deliver there. In this case the priority 10. Once everything works delete the priority 10 so as not to have emails delivered to the wrong place.
Bit of advice needed. At the moment I only created ONE account on the new server (me). Every one else has cleaned up mailboxes and deleted everything not vitally important.
We’ve always used POP3 and left messages on the server. I’m reluctant to change that.
What I thought of, would be for each user to fire up his /her GW client and forward all their important emails to themselves, once I create a mail user for them on Hermes.
Once it’s on the new server, they can create all the folders they want and move the mails into the correct ones. Of course I’m making the assumption that Postfix behaves like GW (It probably doesn’t)
Using GW, I can login to the client on a computer and create a bunch of new folderds and move mail into them (or create rules). Then I can use webmail or install GW client on a different computer and when I log in I get exactly the same folder structure as I did on the original, which presupposes that the server remembers the folders for each user and what is in them.
Is this a correct assumption or am I completely wrong again?
OK, my daughter says that she isn’t expecting anything in the mail, nor are any of the other users.
Should I put the Hermes to Priority 0 and tsgw1 to 10. Will that be OK for testing?
No need, you can always test locally on hermes without changing any MX. Just as I said, you need to send mail locally on hermes via cmdline and observe if the mail is properly delivered to the Dovecot mailbox.
Unfortunately I’m busy at least for 3 more hours today. After that, I can help you with that.
Sent mail from Protonmail to myself. Message not delivered, but after some time, delivery to the GW server.
Maillog shows this:
Sep 9 09:37:45 hermes dovecot[1652]: pop3-login: Disconnected: Disconnected: Too many bad commands (no auth attempts in 0 secs): user=<>, rip=192.168.0.2, lip=192.168.0.216, session=<Qw4ynznoMtHAqAAC>
Sep 9 10:11:11 hermes dovecot[1652]: pop3-login: Disconnected: Disconnected: Too many bad commands (no auth attempts in 0 secs): user=<>, rip=192.168.0.2, lip=192.168.0.216, session=<sFTHFjroWfrAqAAC>
Sep 9 10:22:52 hermes dovecot[1652]: pop3-login: Disconnected: Disconnected: Too many bad commands (no auth attempts in 0 secs): user=<>, rip=192.168.0.2, lip=192.168.0.216, session=<Dl+OQDroVsnAqAAC>
Sep 9 10:48:41 hermes dovecot[1652]: pop3-login: Disconnected: Disconnected: Too many bad commands (no auth attempts in 0 secs): user=<>, rip=192.168.0.2, lip=192.168.0.216, session=<fJLfnDroBurAqAAC>
I changed the location of the letsencrypt keys in the 10-ssl.conf to the same as the ones in postfix that I did yesterday.
Restarted Dovecot - maillog reads:
Sep 9 11:07:13 hermes dovecot[89871]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, pop3, lmtp (core dumps disabled)
Sep 9 11:08:40 hermes dovecot[89885]: pop3-login: Disconnected: Disconnected: Too many bad commands (no auth attempts in 0 secs): user=<>, rip=192.168.0.2, lip=192.168.0.216, session=<kM1V5DroaMPAqAAC>
When making DNS changes, like MX records as you mentioned earlier by setting the priority, changes can take up to 24 hours to propagate around the world to all the DNS servers. In reality it usually works far quicker, and as such taking hours rather than a full day. This can be the reason why it delivered to the old server, unless the new one isn’t accessible via firewall rules etc.
That said, you mentioned you only have one mailbox on your server, therefore by setting MX records, if emails are sent to other users, your mail server will reject it. I would suggest that you create all the email accounts that you have on the old server, since if you have changed the MX records, you risk emails being rejected and not being delivered.
As @felfert mentioned, you can test delivery locally without MX records being reconfigured and that should be done first to ensure everything is working internally, but for testing external email delivery, obviously you’ll need to configure them to have emails delivered to the new server. Just make sure you create all your email accounts on it to ensure emails are not rejected for the users that don’t exist yet.
As long as the new server isn’t working, all mails for everyone is going to the old server.
From what I have read (usually wrong) you can only test dovecot from the command line WITHOUT encryption. I already did this and it works. As I said, because of the Postfix symlink problem I changed the location in 10-ssl.conf to the path without the symlink.
I know you can check DNS propagation for a new addition, but I doubt you can check for a change in priority. I was told if the TTL is low, it should happen withing 10 minutes. I set the TTL to 120 for now.
I’ll just leave it until after lunch and then try again.
Yes and no, it all depends on what was configured previously. For example, if it’s a new DNS entry, then yes the TTL being low will be easy to change for the future. However, if an existing DNS entry had a TTL for example of 3600, then it would take one hour until the new replacement one becomes active, even if the new one was configured with a low TTL value. Usually it’s best to have a low TTL when testing, and then later once everything works, to increase the TTL to a higher value. Obviously, the higher the value, the longer to wait for new changes to become active.
There seems to be two different problems:
- Mail getting delivered to Hermes rather than tsgw1. That should be simple to see because if I send a mail from protonmail and it DOESNT arrive in tsgw1, then Dovecot obviously accepted it.
- I tried Telnet localhost 110 OK
user (me) OK
pass (my password) Authentiction failed.
So IMO whilst waiting for possible DNS, I can sort out the reason it wont authenticate me. Am I using the correct port?
There seems to be two different problems:
Mail getting delivered to Hermes rather than tsgw1. That should be simple to see because if I send a mail from protonmail and it DOESNT arrive in tsgw1, then Dovecot obviously accepted it.
I tried Telnet localhost 110 OK
user (me) OK
pass (my password) Authentiction failed.
So IMO whilst waiting for possible DNS, I can sort out the reason it wont authenticate me. Am I using the correct port?
Wrong. postfix accepts it and delivers it locally to dovecot. dovecot is only responsible for presenting (and storing) the imap mailboxes to an imap client (e.g. thunderbird). All mail routing outgoing AND incoming is done by postfix. AND as long as the recipient domain matches the “mydomain” vaiable in postfix, postfix does NOT do any MX lookup. Therefore not MX changes are required yet.
Pleas simply wait until i hav a little more time. We even can talk/chat via telegram/skype/signal whatever if you like, and I answer all your questions.
Whoops that was in reply to your previous message - that one:
- Mail getting delivered to Hermes rather than tsgw1. That should be simple to see because if I send a mail from protonmail and it DOESNT arrive in tsgw1, then Dovecot obviously accepted it.
There’s no desperate hurry. Everything is working. tsgw1 is getting mail, so there is no vital rush. Just let me know when you have a bit of time.
Ill send you a PM with my contact data later…
Back around 15:30 CEST
Just wrote a PM to you.