Virtualmin migration diary

SYSTEM INFORMATION
OS type and version Almalinux
Webmin version 2.401
Virtualmin version 7.30.8 PRO
Webserver version Apache 2.4.62
Related packages SUGGESTED

I will try to post here the problems and solutions that I find when migrating my old Centos to a new Almalinux.
I hope this will be helpful for anyone in my situation who wants to do a similar migration.

From here I want to thank @joe @Ilia @eric @jamie and @tpnsolutions that without their help this diary would not have been possible, thanks to the support of Virtualmin I have been able to face this challenge again (it will be 10 years since the last one). Please correct me if I misunderstood something and it’s not right :wink:

I have to transfer more than 50 domains from an old Centos to a new Almalinux, the chosen method is to mount two servers in parallel each one with its corresponding wan ip and go transferring domains, each server takes care of its web, mail and DNS and each server has a local ip in a DMZ behind two firewalls each one with its WAN IP that is responsible for passing through NAT the ports I need and control the accesses

First failure:
While I was testing Alma9 Alma10 comes out, I didn’t have it decided because it’s not supported yet, but some comments in favour made me play the roulette, of course it didn’t work :frowning:
Basically postgrey and mail limiting can’t be installed, plus I learn that the webmin repository must not be activated.

Back to Alma9

Basically I have problems with mail delivery/reception, first problem I have is that firewalld is enabled by default and doesn’t let me pass the mail access ports, as I have a firewall in front of me I manage the accesses there I disable it.

Problems with mail delivery

Basically the new postfix comes with too high default access requirements for clients and production servers, so I have to lower those requirements.

SMTPUTF8 is required, but was not offered by host

Solution:
I view this info → Issue - SMTPUTF8 is required, but was not offered by host | Plesk Forum
Postfix Backwards-Compatibility Safety Net

and change /etc/postfix/main.cf → compatibility_level=2 to 0 and →

postconf smtputf8_enable=no
postfix reload

Outlook error POP3 Server Error: 0x800CCC90, Error Number: 0x800CCC92

Outlook clients with plaintext login can not download POP3 mails

Solution:

Edit /etc/dovecot/dovecot.conf, add parameter named “disable_plaintext_auth = NO”
Apply and restart service Dovecot
And go to Webmin → Servers → Dovecot IMAP/POP3 Server → User and Login Options → Change Minimum valid UID to 500, (by default its a 1000)

This indicates something went wrong earlier. There shouldn’t be any users with UID below 1000.

Maybe a backup from another control panel was restored and UIDs didn’t get remapped? I wouldn’t recommend that, if you’re coming from a very old system that uses UIDs below 1000 (because there is a high probability of conflict with system services, which occupy those UIDs between 500 and 999).

thanks Joe, the reason of having lowered to 500 is because I saw in the maillog that gave error the clients that wanted to connect to POP3 authenticating by plaintext, I did not capture but it was a clear error, besides in the old server the configuration was of 500, I lowered it from 1000 to 500 apply changes and automatically the Outlook clients managed to lower the mail.

I only transfer virtual hosts, the configuration I have left it all by default after the installation and I have only been changing in these cases that has given me an error.

I think you’re likely to run into problems keeping those low UIDs on newer operating systems. Just a glance at one of my systems, I see about a dozen services with UIDs in that 500-999 range (though they all seem to be in the 900s, so if you’ve got just a few 500s, you’ll maybe be OK).

I’ll also mention that when you use Virtualmin’s migration tools (whether restoring a Virtualmin backup or migrating a cPanel or other competing control panel backup) you have the option to remap UIDs/GIDs, and it’s generally a good idea to do that unless the system is participating in a replicated server situation where you need UIDs/GIDs to match across all system, e.g. for network storage or whatever.

1 Like