From cpanel to virtualmin

1 From Cpanel to virtualmin
═══════════════════════════

Hi I’m trying to migrate a cpanel installation handling 3 domains,
including mails, to a Virtualmin installation. I’m no professional
(yet :)), so for now I’m free to fail :).

I did not renew the cpanel licence of my first OVH VPS server (I’ll
call VPS1 ), because it was too much for my needs. In fact, I “only”
need an easy email server configuration to handle personal mails with
specific domain without passing by Google. Once upon a time, I had
managed to set this up by hand, without a graphical interface,
fiddling with postfix, dovecote, mu, offlineimap, MailBox… and some
other MUA, MDA, MTA… strange A Acronyms config files that I still
don’t understand. Has it took me literally months, you will
understand that I’m not really willing to do it again. Especially
since I can admire what webmin is able to achieve automatically.
Thank you webmin

But, let me Focus !

I’ve just made necessary backups. Installed a fresh Debian 10 OS on
my second VPS (I’ll call it VPS2) also hosted at OVH. It has about 7G
RAM.

I’ve checked the OVH DNS zone for each of my domains and made sure to
replace VPS1 IP’s by VPS2 IP’s. Mails where working on the previous
VPS1 cpanel installation so MX records should be correct and I left
them sets to IN MX 1 smtp.mydomain.foo. with the A records smtp IN A MY.VPS.2.IP

Virtualmin installation’s script (with default) when all green.
Although it’s my third installation at least because I don’t really
know what to do once it installed.

1.1 What I did
──────────────

and I think I should do, but please correct my if I’m wrong or missing
something:

1.1.1 DONE Create a new Virtual Server using mydomain.foo
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌

◊ 1.1.1.1 Enable the Setup SSL website feature

◊ 1.1.1.2 leave IP address and forwarding to defaults.

1.1.2 DONE Add a user to this server
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌

it already has the admin user but I add the one I want to test the
email for.

◊ 1.1.2.1 This is where I choose the email address with a specific domain name

For example alice@mydomain.foo

◊ 1.1.2.2 I can increase the quota and leave the rest to defaults

1.1.3 DONE Login to usermin with that new user
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌

1.1.4 DONE Tests sending and receiving mails
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌

◊ 1.1.4.1 Sending to alice@mydomain.foo form alice@mydomain.foo

No error message but NO MESSAGE back in my mailbox

◊ 1.1.4.2 Sending to alice@gmail.com form alice@mydomain.foo

No error message and the MESSAGE MAKES IT to gmail

◊ 1.1.4.3 Replying from alice@gmail.com to alice@mydomain.foo

No reception

1.1.5 Look for logs and ask for help
╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌

I guess it has something to do with my OVH DNS zone MX field not
pointing to the correct Virtualmin server, or the MDA not knowing
where to drop its mail.

◊ 1.1.5.1 TODO logs are not easy to find

Looking for the logs I thought about creating a master DNS zone but
wait for your reply first

◊ 1.1.5.1.1 in Webmin, Postfix Mail Server, debugging features ??

i’ve moved some virtualservers from cpanel to virtualmin using backups from cpanel and “migrate virtual server” from virtualmin using cpanel backups.
let virtualmin handle/fix paths… worked fine here…

You should either get bounced mail back to your Google Mail account or check for your server logs, for example at /var/log/mail.{log|warn|info}. The message can not just get lost. If you changed the records on the registrar side, it may take some time before records are actually updated - therefore check if your old server is receiving mail.

IN MX 1 smtp.mydomain.foo. with the A records smtp IN A MY.VPS.2.IP

I don’t think that’s correct, as A record should pointt to IPv4 address, not FQDN.

The mail bounced back to my Gmail account with the following
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [smtp.mydomain.foo. MY.VPS.2.IP: timed out]

Note that when I write MY.VPS.2.IP it’s an IPv4 not an FQDN It’s true that it’s not clear but I don’t know of a standard way to name an example IPv4.

In my /var/log/mail.{info|warn} I have these line repeating

Feb 29 21:20:24 vpsmaliky postfix/smtpd[18413]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Feb 29 21:20:24 vpsmaliky postfix/smtpd[18413]: warning: unknown[unknown IP]: SASL LOGIN authentication failed: generic failure

Do I need to configure some extra SASL services ?

@dimitrist, I didn’t know this was possible. But when I say I made backup, I mean manual backup like 'mysql dumps, rysnc -av someimportantFolder or git pushes Nothing fancy that I could automatically import in vitualmin unfortunately.

But really, if I can have the mail working before the end of the month, that would be great and the rest I think I will handle it step by step.

I would recommend skipping on manual backups and perform proper migration from cPanel to Virtualmin.

I can’t and could not have done that for 2 reasons.

• The first (the can’t) the cpanel is already down.
• The second, (the could not) I had installed cpanel mainly for a friend working with me, and myself was still using the VPS “the old way” managing my few website manually.

I don’t have a scale problem. It’s only two email account to restore and two website DB.

My question is really,

What Have I done wrong (or not done) on this fresh installation for the email not to be fully operational.

It’s probably that Postfix is not looking for saslauthd at the right place. Usually, you just need to create a symlink for it (it’s common for chroot() environment):

ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

https://wiki.debian.org/PostfixAndSASL

Thank you for the link. I’m looked into it and with your command it helps.

Here is what I did to remove the SASL error:

• Checked the content, type and attributes of both files. They are 2
  empty folders:
  • drwx–x— 2 root sasl 40 févr. 29 06:20 /var/run/saslauthd

  • drwxr-xr-x 2 root root 4096 févr. 29 06:22
  /var/spool/postfix/var/run/saslauthd

• rmdir /var/run/saslauthd

• ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

• chown -h :sasl /var/run/saslauthd

• chown :sasl /var/spool/postfix/var/run/saslauthd (yeah I know I’m changing what was root but I find it logical, correct me if I’m wrong)

• systemctl reboot

…

• Send a mail
• checked the logs: tail /var/log/mail.warn OK

@Ilia This solve the SASL but roundcube or usermin still does not receive mail sent from gmail. They do bounce back with
The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [smtp.mydomain.foo. myvps2ip: timed out]

In /var/log/mail.warn I have some warnings but I think they are not related to my problem.

Mar  1 22:42:24 vps2 postfix/postfix-script[979]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Mar  1 23:24:22 vps2 postfix/smtpd[7203]: warning: hostname `some unknown digital ocean hostname` does not resolve to address `unknown associated IP`: Name or service not known

You need to make sure that port 25 is opened on your server and that your ISP is also not blocking it (port 25).

I’ve repaired the broken issue link. Thank you for the notice.

@llia when you say “connect to you® main domain.” Do you mean using OVH DNS config files ? I would like to do that and ignore virtualmin DNS server, but how do I do that ?

In the meantime in Virtualmin > Server Configuration > DNS Records
I found my virtualmin DNS records as follow:

$ttl 38400
@	IN	SOA	myVPS.ovh.net. root.myVPS.ovh.net. (
			1582959878
			10800
			3600
			604800
			38400 )
@	IN	NS	myVPS.ovh.net.
@	IN	NS	dns13.ovh.net.
@	IN	NS	ns13.ovh.net.
mydomain.foo.	IN	A	myIPv4
www.mydomain.foo.	IN	A	myIPv4
ftp.mydomain.foo.	IN	A	myIPv4
m.mydomain.foo.	IN	A	myIPv4
localhost.mydomain.foo.	IN	A	127.0.0.1
webmail.mydomain.foo.	IN	A	myIPv4
admin.mydomain.foo.	IN	A	myIPv4
mail.mydomain.foo.	IN	A	myIPv4
mydomain.foo.	IN	MX	5 mail.mydomain.foo.
mydomain.foo.	IN	TXT	"v=spf1 a mx a:mydomain.foo mx:mydomain.foo ip4:myIPv4 ip4:myIPv4 ip6:myIPv6 ?all"

But if ping mydomain.foo is OK,
I get no answers to my pings to mail or www subdomains.
As for the admin subdomain I get an Unknown service error response probably because admin.mydomain.foo is not in my ovh DNS config file.

Finally, I’m not creating an entry for smtp.mydomain.foo as I now suspect virtualmin to have chosen mail.mydomain.foo instead. But first, pings should be working. Any idea how I can make they work ?

The link seems to be wrong - old and unrelated.

Add a DNS record to make SMTP work or simply connect to you main domain.

…add to do what?

I get no answers to my pings to mail or www subdomains.

Now, as you posted (edited your previous post), and added actual DNS records, it’s evident, that you are using DNS server of your ISP, which means, the records for www and mail should be created on there side!

When you say “connect to you® main domain.” Do you mean using OVH DNS config files ? I would like to do that and ignore virtualmin DNS server, but how do I do that ?

Yes, if your DNS is hosted somewhere else, just disable it as a feature, in Edit Virtual Server/Enabled Features.

I disabled the virtualmin DNS feature to have my IPS handle the DNS. It seems OK, as mails are working in and out, but I’m still not sure.
Do you see anything wrong with my IPS DNS config file below?

$TTL 3600
@	IN SOA dns13.ovh.net. tech.ovh.net. (2020030517 86400 3600 3600000 300)
                 IN NS     ns13.ovh.net.
                 IN NS     dns13.ovh.net.
                 IN MX     1 mail.mydomain.foo.
                 IN A      myIPv4
             600 IN TXT    "v=spf1 a mx ip4:myIPv4 -all"
admin            IN A      myIPv4
ftp              IN A      myIPv4
localhost        IN A      127.0.0.1
m                IN A      myIPv4
mail             IN A      myIPv4
webmail          IN A      myIPv4
www              IN A      myIPv4
www              IN TXT    "3|welcome"
www              IN TXT    "l|fr"

Your DNS there seems good!

Additionally, you can use a tool such as this one here to get a DNS report if you’d like to review your DNS setup:

https://intodns.com/

Thank you @Eric