Migrate mail: plan

Test with different domain

Create MX records for rogerwhittaker.org.uk. Done.

Copy entire exim config across and /etc/mailname, and change disruptive.org.uk to rogerwhittaker.org.uk. Done.

Check that we can send and receive. Done.

Migrate

Add a suitable .procmailrc and .muttrc to home directory. Done.

Test whether Bytemark’s DNS tool works, by making a change and seeing if it propogates. Done.

Added mail.disruptive.org.uk, and that works. Done.

Add disruptive.org.uk to configuration: in /etc/exim4/update-exim4.conf.

dc_other_hostnames='rogerwhittaker.org.uk : disruptive.org.uk'

Fix IP number in /etc/exim4/update-exim4.conf

dc_local_interfaces='213.138.114.51'

Then run update-exim4.conf. Done.

Switch off exim on old mail server. Done.

Use Bytemark’s DNS tool to switch the MX records. Done

Check that we can send and receive. Done.

Receiving mail securely on port 465 for Android clients

Android devices don’t seem to like STARTTLS on port 25 for security reasons. Maybe this can be fixed by importing a certificate, but before we were connecting on port 465 (smtps), so we will do this again. But sometime let’s check whether importing a certificate will allow STARTLTS on port 25 to work OK.

Create new certificates:

# rm /etc/exim/exim.key /etc/exim/exim.crt
# bash /usr/share/doc/exim4-base/examples/exim-gencert

Enable port 465 in /etc/default/exim4

SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'

Restart exim.

Now the outgoing mail setup on Android works.

Dovecot

Copy across the dovecot configuration.

Remove old certificates and create new ones:

# rm /etc/dovecot/dovecot.pem  /etc/dovecot/private/dovecot.pem

Edit /usr/share/dovecot/dovecot-openssl.cnf appropriately, then

# cd /usr/share/dovecot/
# ./mkcert.sh
Generating a 2048 bit RSA private key
.......+++
..............................................+++
writing new private key to '/etc/dovecot/private/dovecot.pem'
.......

subject= /O=Dovecot mail server/OU=dovecot/CN=disruptive/emailAddress=roger@disruptive.org.uk
SHA1 Fingerprint=52:7D:4E:AE:7D:2D:E4:A6:4C:8B:31:93:DE:1D:21:1A:D0:9B:72:AE

Check that we are listening on port 993.

Android incoming imap connection now works.

Install spamassassin (new).

Previously we were using bogofiler — not very effective any more

# apt-get install spamassassin
# apt-get install exim4-daemon-heavy

(The package exim4-daemon-heavy replaces the "smaller" version of exim). OK - if we are calling spamassassin from procmail, this is not necessary. but for other possible configurations it might be.

Edit exim4.conf.template and uncomment:

spamd_address = 127.0.0.1 783

Then:

# update-exim4.conf

Then we want to call smapassassin from procmail.

in ~/.procmailrc

Trying this, from http://www.stearns.org/doc/spamassassin-setup.current.html

:0fw: spamassassin.lock
| /usr/bin/spamc

:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
zzzSPAM

:0:
* ^X-Spam-Status: Yes
zzzSPAM

Now incoming mails delivered to ~/Mail/ have spam headers and information added, and if spam are filed according to the above into ~/Mail/zzzSPAM.