Linux & Open Source

Linux & Open Source

Migrating Mail-In-A-Box to a New VPS

Ramen Junkie 0Comment

A few years ago, I started running my own mail server using Mail-In-A-Box. Four years or so actually, if the age of my old server was accurate. I have several different email addresses, mostly to better segment out content. I have done this with Reddit, and Twitter, and TT-RSS, and probably other things. In my Mail-In-A-Box I run email for 3 domains, two of mine, one for my wife’s. Overtime I may eventually migrate all of my email to it, at this point, I am a little worried about being blacklisted, so I mostly use it for secondary, receive only, email aggregation.

For a while I’ve been putting off migrating the system to a new VPS. It’s been running on Ubuntu 14.04 since it was created. Newer MiaB won’t run on 14.04 and I can’t distro update the machine. The only choice is to roll a new VPS and migrate the mail.

I use Digital Ocean for my online services, feel free to sign up with the link in the side bar if you want, I get a little kickback if you do. It’s easy to use and affordable. Plus in cases like this, I can spin up an extra VPS, then easily destroy it and spin up a new one, when I discover that MiaB only works up through 18.04, so 20.04, which I used initially, won’t work. Also having the extra server just means a temporary bump in my billing for the month.

The basic process for migrating Mail-In-A-Box is here, in the official documentation. I had a few hiccups along the way but I got them ironed out.

First step was creating the new machine. I mentioned above, I first made a 20.04 machine, but found that doesn’t work, so I killed that and made a new 18.04 machine. Before anything else, I did a few security based housecleaning tasks. The server was creating with Shared Keys log in set up, but it only had a root account. So I created a new user and made them a sudoer. I also copied the SSH keys from root to the user.

adduser Username
usermod -aG sudo Username
cp ~/.ssh /home/Username
chown Username:Username /home/Username/.ssh -R

Next step was to add the new user to the SSH users and secure up that access.

sudo pico /etc/ssh/sshd_config

Then edit:

#Port 22

To a custom port and change:

PermitRootLogin no

Finally add:

AllowUsers Username

Lastly restart the ssh server with sudo service sshd restart. Then test the connection using the regular user. If that works, then disconnect from the root session and continue on the regular user.

I was doing an upgrade but the fresh install guide is here. All I needed was the set up line really, which takes a minute to run but does an initial set up of Mail-in-a-Box.

curl -s https://mailinabox.email/setup.sh | sudo -E bash

The next part was the trickiest bit. I linked the migration article above but I ended up trying to simplify things a bit. On the old machine, I stopped the mailinabox service, so no new mail would come in, then ran the backup python script as described int he article above. I found it was easiest to just connect to the server using Filezilla using SSH FTP, which meant importing my keys to Filezilla. It’s in the settings under SFTP. Something to keep in mind if you set a custom port is you’ll need to add sftp:// before the IP address.

Things are a little tricky here, since root owns the backup folder. I ended up doing a sudo copy into my user home directory, then a chown on the folder to give my user account access to the folder. This meant Filezilla could see the folder and download it to my local machine. There are way to directly transfer between the new and old server, but between custom ports and SSH keys and permissions, I found it was easiest just to download to my local laptop. Afterwards, I connected with SFTP to the NEW server, and pushed the backup folder to the new server. You need the whole folder with the “secret_key” text file and the encrypted folder and files. Basically, this is all the settings and emails.

Next step was to ssh into the New Server, go to the freshly uploaded backup directory, and import the old files, as described in the link. This is two commands run, separately.

export PASSPHRASE=$(cat secret_key.txt)

sudo -E duplicity restore --force file:///home/Username/backup/encrypted /home/user-data/

This takes a minute to run. The next step listed is to rerun the mailinabox set up with “sudo mailinabox”.

I had trouble here. Nginx would not restart. After sound troubleshooting I found it was an issue with SSL. Basically what seemed to happen was the restore, pulled the old SSL certs. Or maybe it was looking for the old SSL certs. Whatever the case, the fix was this process.

rm -rf /home/user-data/ssl/*

The fix was to delete the SSL certificates. then run “sudo mailinabox”. Everything started up. I verified I could log into the control panel and the mailbox using the UP address of the new server. I verified that all my custom DNS records existed, these are needed since the Glue Records point to the Mail-In-A-Box machine but because I host my websites on a separate machine, I have to have DNS records set up appropriately.

One thing I noticed was the SSL Certificates seemed to be wrong, which meant things worked, but would cause annoying security messages. I am not sure if this was related to deleting the certs above, or just that it was still looking for the old IP address. Whatever the case, I did a manual update with certbox for my MiaB Subdomain using

sudo certbot certonly --force-renewal -d Subdomain.Domain.comHere

Another minor issue I ran into, doing this needs to drop a file either in the webroot folder, or spin up a temporary web server to host it’s own file. I couldn’t find the webroot for the custom MiaB set up (it was not /var/www/html) so I temporarily ran “sudo service nginx stop”, then ran the above certbox command, using a temporary webserver option, then “sudo service nginx start” to restart Nginx. NGinx had to be stopped since otherwise it is using Port 80, and the temporary server can’t start to runt he certificate verification process.

Another note, I am not sure if the –force-renewal option is needed above. It didn’t throw out any errors and it fixed the issue, so I left it.

The final step was to go to my Domain Registrar and update the name servers and Glue Records to point to the new Server IP. After a short bit of waiting, eventually the mail server URL connected to the admin and web consoles. I did some test send and receive of emails between my server and gmail to verify everything was working properly. One nice bit, the newer MiaB has a different interface for Roundcube webmail, so I could easily tell if I was going to the new or old server.

Once everything was satisfactory, i went back to Digital Ocean and powered down the old server. If everything is still working in a few days, I will destroy the old server, so I don’t have to keep paying upkeep on it. One thing to keep in mind, both the old and new servers require a specific hostname, so they will be named the same, so double check that you are powering down and deleting the correct server. some easy ways to verify are IP address, or server age. The old server is several years old but the new server is several days old.

Linux & Open Source

Tools I Use: Netscan and Fing

Ramen Junkie 0Comment

I wanted to do some occasional posts on some tools I use for various technical tasks.  Partially just to suggest some useful stuff, partially so I have some posts to reference anytime I reference said stuff.

I wanted to start off with Netscan and Fing, which serve the same basic purpose on two different platforms.  Both of these tools will scan the local IP range and return a list of every device connected to the network.  Netscan is what I use on windows, Fing is what I use on Android.

I use these tools very frequently, several times a week on average.  So what use is scanning the local network anyway?  I have two main uses, though both come down to Device Discovery.

Firstly, basic device discovery.  I’ve hooked something new to the network and I need to access it.  A lot of what I connect is headless with no easy way of discovering the IP aside from a scan.  An Arduino, a Raspberry Pi, a networked Webcam, all of these things need to be found once connected.  The scan is also useful for getting the MAC address of devices on the network.  The IP is dynamic on a network by network basis, a MAC address is a unique identifier.  Knowing the MAC address is useful for building firewall rules and setting up static IPs assigned by the router for devices like phones or laptops where assigning IPs on the device can get hairy.

The other reason for doing a network based scan is intrusion detection.  Generally speaking, I don’t expect to see hackers or anything on my home network.  This is more for checking things like “if my kids’ devices are connected” or occasionally if one of my kids has a new device borrowed or whatever that I am not aware of on the network.

Ultimately I want to set up a little network monitoring system on a server to do these sorts of checks in real time but both of these tools have served me well for years as doing the job quickly and simply.

Both are also useful for poking around foreign networks.  You can see what machines are on an open WiFi hotspot and see if they have any open shared files.  Though some open hotspots are smart enough to block such scans.

Linux & Open Source

Tiny Tiny RSS, Possibly my Perfect RSS Solution

Ramen Junkie 0Comment

rss_iconSo, I mentioned recently, I wanted to migrate off of my shared Hosting to a VPS on Digital Ocean.  One reason sited was more control over what I can do with the server.  It’s essentially just a cloud based Linux machine, I can do anything I would do on a locally hosted Ubuntu box with it.  I came across Tiny Tiny RSS recently, and it’s the perfect example of the kind of thing I wanted the VPS for.

While nowhere near the main reason, the final straw with my tolerance of Google’s increasing level of crap was the closing of Reader, a service I’d depended on pretty much since it’s inception.  I’d tried a few alternative solutions but nothing really did anything for me next tot he simplicity to Google Reader.

Eventually I just sort of lost the want for RSS feeds.  The whole web seems to be abandoning the idea 9probably because it’s not nearly as easy to plaster crap ads all over an RSS feed) so I just decided to let it go.

Recently I’ve been trying to find a good solution again.  I really hate not being able to keep up with infrequently updated blogs i find.  That’s like 90% of the reason i liked having Google Reader, so when that interesting niche blog I like that updates once ever 4 months updates, I can know.

I looked into some Firefox extensions but using them tends ot be clunky.  I’ve tried a few different apps on my phone but nothing is idea.  The biggest issue is a lack of sync across everything.

tinytinyrss

Tiny Tiny RSS is a self hosted RSS Reader.  You download it (with Git in this case), set up a database for it, and let it roll.  I’ve set it up on my little sandbox domain BloggingIntensifies.com and added feeds I was pulling with other services to it.

It’s web based, so I can get to it from anywhere.  Need number one.

It’s hosted by me, so I won’t have to worry about some “thinks they know best” company screwing me over again, need number two.

There is a built in API so it can be access via mobile with an app.  Need number 3.  BONUS!  There is even a compatible Windows Phone app.

The next step is to figure out what I did with my old list of Google Reader feeds and start loading it up.

Linux & Open Source

Ubuntu Again

Ramen Junkie 0Comment

I’ve been chugging away on the same laptop for many years. now.  That old <a href=”http://joshmiller.net/2010/02/19/the-hp-mini-311-review-part-1-the-why/”>HP Mini</a> I’ve been using for years?  I’m still using that, with all it’s netbook and ATOM procesor glory.  The screen is a little flakey at the wrong angles but it gets the job done.  I’ve been sharing it with my wife for a while now, but recently (over the holidays) we bought her her own laptop.  Now that she’s blogging, it’s inconvenient for both of us to share a laptop since inevitably, both of us want to use it at any given time.

It’s also becoming increasingly more unstable, moreso when she is using it.  Part of the issue is that it has been running Windows XP since forever.  I have dual booted many flvors of Linux on it over the years and even ran the Windows 8 Beta on it for a bit.  Unfortunately Xp is completely and utterly end of life from Microsoft and more and more it shows.  The browser compatability is less and less and it’s just not as capable as it was in the past.  Unfortunately, I’m not about to shell out for a new updated version of Windows.  Since I don’t have to deal with the larning curve of teaching her how to use linux, I am not free to go back to Linux on my laptop, specifically, Ubuntu, and specifically, ONLY.  No dual booting or any of that nonsense.

I already had Lubuntu installed on a spare drive that I swapped into the machine, but I had issues getting networking to work in Lubuntu. I probably could have fixed them but I opted to just blow it out for a fresh 14.04 Ubuntu install. Unfortunately and irritatingly, the WiFi issue persisted. The core issue is that the Broadcom driver needed is “proprietary” ie not Open Source (though it is free), so it’s not installed or included by default. This problem is compunded because the age of this device means all of the tutorials are outdated and suggest I install the “jaunty backports repositories” and restricted drivers or something using Synaptic.

The specifics are not important, what’s important is Jaunty Jackelope was like 4 distros or so ago and Synaptic is no longer the package manager used. I got it working but it’s always been an issue. At least it seems this round the system defaults to “disable touchpad when typing” so my coursor isn’t flying all over the place.

So anyway, new year, new… ish… OS. Not much else will probably change on my whole projects and workflow end. I can do most everything i need to do besides play games with Ubuntu and the NAS means I can get to my files reguardless of OS. The only real issue is rejiggering my blog workflow, but lately I haven’t been posting shit anywhere anyway so it really doesn’t matter much. At the moment I’m writing this with Pico (because vi is a piece of crap), but I am not real sure there is any way to push this into productions without just cut and pasting. Also, word wrapping is non existent, which makes it tricky, what with hard line returns and junk that will probably cut and paste like garbage.

« Previous Page