In progress. We are more likely than not migrating from ./Courier to Dovecot.
1. Configuration Requirements
1.1. File Consistency
Not 100% certain, but to maintain file consistency the following looks OK:
mmap_disable = yes mail_fsync = always lock_method = flock
1.2. Authentication
- auth must be done in the imap worker
pam_setcred must be called
1.3. Accessing Mail
Use /afs/hcoop.net/common/email/u/us/user instead of $HOME/Maildir
1.4. Virtual Users
Use DomTool managed userdb
Needs to run post-auth script to get $user.{daemon|mail}
- Can vmail users do mail filter? Do any vmail users use filter? Where are the filters stored?
- Problems
userdbs are currently stored in ancient courier format instead of passwd format
DomTool userdb code is machine/courier specific
- vmail users have their home directory set to the controlling member's home directory, which is not likely to work with dovecot
1.5. Sieve
- Exim, not dovecot runs sieve filters
- Use dovecot-managesieved if it can be instructed to edit an arbitrary file, otherwise pysieved is probably the best bet
1.6. Site{Spam,Ham}
We need a shared namespace, and SiteSpam/SiteHam should continue to work.
- Is there a plugin to support training from a specific per-user folder? If yes and the effort is lower...
- Check permissions on spamd's Maildir for sanity
2. Domtool Changes
- Retain courier support (it's still OK to use in non-openafs settings)
- Add type to specify mail node kind
- Manage vmail databases in afs
Retain courier field=val|... format if we already have code to parse/generate it cleanly
Publish vmail databases to $sharedroot/node/..., convert to local format in /var/domtool in worker, and publish
3. Testing
vos copy all mail.$user.backup volumes and mount at /afs/hcoop.net/common/mail2/... for test migration
- How to test under actual load?
Pick a mail volume (mail.clinton probably), clone as a vmail box, use procmail to forward all mail to user to the vmail user, and copy the procmailrc for the vmail user?
- Migrating vmail user Maildirs?
4. Migrating Data
http://wiki2.dovecot.org/Migration/Courier indicates it should be straightforward. Make sure to fully grok the conversion perl before running it on the actual Maildirs.
- Primary risk is corrupting the UID database because there is no way to save a client after UID corruption
4.1. Switching to $user.mail
Using one keytab per-user for all automated tasks is less than ideal. See bug #1120
All Maildirs would need to be fsr ... $user.mail write
- All vmail dirs would also need to be updated
- Exim would need to use the tokens
- Any user cron jobs would need their permissions adjusted by members
It would be nice to get this over with sooner than later, but is likely too much additional work given that deleuze needs to be taken offline as quickly as is feasible and we already have to switch to a new imap server.