Hi,
No worries. Thats a decision you’ll need to make.
Id suggest that running the older software for another three years is a bit
excessive though, I wouldn’t do that.
I’ve recently migrated to Cyrus 3.4.1 from 3.0.x. The approach I used to
minimize downtime and give me options to back out if needed was:
1. Build a 3.2.x server as an intermediary.
2. Build a 3.4.1 server as final state.
- snapshot / backup original 3.0.x server
3. Set up one way replication between 3.2.x and 3.2.x. periodic but also
do a bulk/full replication as well. Bash script and cron.
4. Set up one way replication between 3.2.x and 3.4.x and also periodic
replication (bash script and cron)
5. Force sync original server with intermediate so you have a copy. Do the
same between intermediate and 3.4.x server.
5a. Test authentication from 3.4.x server is working as expected for http
(if caldav/carddav) in use and also ldap and maybe even lmtp if in use.
6. Confirm your servers are pretty much close to being in sync, depending
on size/business of server this may not be possible but suggesting it anyway
for feasibility assessment.
7. Sanity check the configuration using client and host file entry to test
in parallel. Important just to read and not make changes (confirming IMAP) is
accessible on the latest version.
7. At the least busiest time, take original server down for maintenance,
do one last full replication to confirm the intermediate is in sync with
original. Do the same between intermediate and final 3.4.1 server.
8. Make sure your certificates are ok on the new servers. Shutdown the
original server (reassign that IP to the new server), restart services.
9. Test clients can access the mail on the 3.4.x server. Test mail flow
inbound/outbound and mail delivery to mailbox server.
10. If smtp and imap services on same box, may want to consider splitting
those and/or rsync’ing that configuration to the 3.4.x server ahead of cut over.
Now big assumption is that your SMTP/SMTPS services are on a separate server to
Cyrus. If it’s a server running just a Cyrus, the above approach map be easiest
and offer fall back option if it goes peer shaped or need to back out. If it’s
combined, perhaps an opportunity to separate the different functions.
I’d probably plan for full down time to ensure you can get absolute consistency
when sync’ing the servers before transitioning users to the new primary.
Without knowing the environment, at a high level this may work although
depending on your complexity, number of servers, number of mailboxes etc, it
may be more difficult than the simplified view I’ve provided.
Just an idea - could likely do that work in parallel with minimum risk to
production whilst allowing the upgrade to happen sooner. I went via
intermediate version as I had replication issues (needed to zero conversation
history for relocation to work). That’s a consideration to keep in mind. Seemed
like a bit between 3.0.x and 3.2 or 3.4. Didn’t have that issue between 3.2 and
3.4 from what I could remember but it’s been a while now.
There may be better ways to do it, the above worked well for me but my
environment was pretty simple and relatively small.
-Andrew
Sent from my iPhone
> On 18/06/2021, at 07:39, Albert Shih <[email protected]> wrote:
>
> Le 18/06/2021 à 07:05:46+1200, AndrewHardy via Info a écrit
> Hi,
>
>>
>> I’d recommend upgrading, 2 major releases behind. (Latest 3.4.1). Running old
>> software isn’t recommended but it’s a risk based decision on your part and
>> specific to your environment and security posture.
>>
>> Id suggest having a look at known security vulnerabilities for Cyrus (link
>> below). Although the version may match known issues, doesn’t mean it’ll be
>> exploitable. Configuration generally plays a part in determine
>> exploitability.
>>
>> https://www.cvedetails.com/vulnerability-list/vendor_id-1321/Cyrus.html
>
> Thanks, but yes I know that. In generally I alway run the latest version of
> allmost everything.
>
> But the mail is very critical, and the impact if something goes wrong can
> be very high.
>
> So I'm verry prudent on this point.
>
> Regards
> --
> Albert SHIH
> xmpp: [email protected]
> Heure local/Local time:
> Thu Jun 17 09:36:48 PM CEST 2021
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T1b7cba8d7073707a-Mf23ce76b7a893688830383d3
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
