We're currently migrating our corporate email server (Postfix/Cyrus, with an OpenLDAP backend) from one box, to another, located offsite. Before I do a full cut-over, I was hoping to migrate one or two of our highest-volume (also, loudest-complaining) over first, because if there's any issues that somehow missed in my configuration and testing, they'll be sure to let me know.
All the transport mapping is currently stored in ldap. I created a separate, hashable transport map, and configured Postfix to use it, like so:
transport_maps = hash:/etc/postfix/oldmail_transport,ldap:trans
And in /etc/postfix/oldmail_transport, I've got:
user1@domain.com :[newmailserver.domain.com]
user2@domain.com :[newmailserver.domain.com]
domain.com exists in the virtual_alias_domains on both servers.
The problem is, this doesn't work. The old mailserver sees that user1@domain.com is a local address, delivers mail to it, and ends things there. It appears that the only way to get the transport map to work would be to remove domain.com from the virtual_alias_domains on the old server, which would of course break delivery to all my other users on that domain.
Am I using transport_maps correctly, here? Is there another method I should be using to make postfix do what I'm wanting?
Thanks in advance for your help!
Best Answer
May I suggest another approach?
For POP/IMAP connection handling, use Perdition. It proxies the POP/IMAP traffic to a correct server transparently to end-user. The backend-server lookup and be made from LDAP, text file or some other method you want to use. So, with Perdition you can migrate your users from old the new server one by one without them even noticing. Just create a script which migrates the mail from the old server to new one and then updates the LDAP/text file/whatever to tell Perdition that the user just got migrated.
I've migrated something between 50 000 - 100 000 user accounts in the past using this method, no visible downtime for users.
For SMTP, the mail server lookups are simple and you already seem to be performing those via LDAP. :)