Mail no working in Mail-Client after Migration NS 7 -> 8

Support
, ,
1

ATTENTION: SOLVED - see replies

Hi there,

despite I found some threads about this problem, I could not find a solution.

After migration my LDAP user mail was successfully moved to the new server:

mailbox intern: apos

grafik
grafik1597×475 38.4 KB

The adresses show a “Pseudonym” with my mail

grafik
grafik1569×609 31.1 KB

I can see Mails come in (here Testmail):

grafik
grafik2006×369 86.5 KB

I temporarily additionally added a public mailbox with full acccess rights, with is connected to the “apos” internal account.

grafik
grafik1601×778 69.5 KB

But, if I open my mailprogramm, I do not see or can send any messages.
Also SoGo ist not working/showing anything.

Expected behaviour: Mail simply works after migration and DNS change.

Hint: I turned of clamav/spamd temporarily.

What’s wrong here?

Cheers, Axel

2

I think, I could solve the problem with:

  1. the instantiation of the public (!) mailbox, which had not been there after the migration of user apos@mydomain.org
    → last screenshot from last postlast screenshot → vmail+apos@…
  2. giving it full access rights (which is not default)
    → last screenshot from last postlast screenshot → vmail+apos@…
  3. Connected the “Pseudonym” in "Adress in mydomain.org (apos@mydomain.org - Pseudoym) with the target “vmail+apos@mydomain.org

Bildschirmfoto 2025-06-13 um 15.57.15
Bildschirmfoto 2025-06-13 um 15.57.152009×691 73.7 KB

What I do not understand (really):
Where are my mails now stored:

  • with in the apos internal mailbox?
  • within a new vmail+apos mailbox?

Sorry, but this is really not clearly written down anywhere for the migration process, - or am I wrong?

3

I also had to issue a TLS cert, for avoiding an error sending mails.

grafik
grafik3320×1486 264 KB

4

But I have on question left:

Is it possible to change the internal Hostname of the cluster and the LDAP?

The problem is: on instantiation these took my providers rDNS (some_vserver.hotsec.net). I could change the rDNS, but this will break the NS8 admin webinterfaces and - I assume - overall functionality.

Alternativly I have to use a mail relay.

Cheers, Axel

5

It’s possible to change the cluster FQDN from the nodes pages, see Cluster management — NS8 documentation

As regards LDAP, there’s an option to change it during migration, see Release notes — NS8 documentation and NethServer 7 migration — NS8 documentation
But it shouldn’t be affected by the wrong rDNS.

The apps like mail use their own FQDN which is changeable in the app settings.

6

Thanks for your answer @mrmarkuz ,

worked fine :slight_smile: Just did not see the menu.

I also altered the rDNS of my server from the hosters default to mydomain.org.

The goal is, that all top level and subdomain letsencrypt certs show the correct domain name and not the providers default. This also leads to the fact, that my mails are not longer rejected by certain providers due to the missmatch of maildomain and certificat domain (I know, that I can use a relay e.g. with smtp2go).

`openssl s_client -connect mydomain.org:587 -starttls smtp </dev/null | openssl x509 -noout -subject -issuer -dates

connecting to xxx.xxx.xxx.154
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let’s Encrypt, CN=R10
verify return:1
depth=0 CN=ns8node1.mydomain.org
verify return:1
250 CHUNKING
[…]`

My problem:

I can not delete the old cert (…hotsrv.com) or re-issue for my domain (…org). I get either an error, the domain can not be deleted (… hotsrv.com) or the can not be reissued (…org).

**

grafik
grafik3320×1486 264 KB

**

I think this is a common use case after changing the FQDN.

Cheers and thanks
Axel

7

[Partly SOLVED]

Go to Mail → Settings → Change the mailserver name

grafik
grafik857×537 23.8 KB

But: I can not alter the Intern OpenLDAP Domain Name.
This should be

dc=mydomain, dc.org

grafik
grafik662×462 32 KB

8

Changing the LDAP domain name from the UI isn’t supported yet. If there are not too much users you could remove and recreate the OpenLDAP user domain.

Another way would be to create a domain with the right domain name in the mail app. In that case you may need to configure identities for the mail users to use the right mail address or use lam to edit the LDAP users mail addresses.

9

Thanks @mrmarkuz for your answer which is highly appreciated.

Two questions regarding you proposal to recreate the domain:

  1. if I recreate the domain: will the mailboxes be deleted as well? Or is the new user(s) with the same name remapped to the existing mailbox?
  2. Other services like nextcloud and SoGO also use the LDAP users. Will the usage of a new LDAP be possible, if the usernames / passwords do not change and match in the new LDAP?

and

  1. I do not have a problem doing this with CLI, but this might be not that easy, I assume.

Another way would be to create a domain with the right domain name in the mail app. In that case you may need to configure identities for the mail users to use the right mail address or use lam to edit the LDAP users mail addresses

There are three different “domains” on my system. The wording for “domain” therefore should be more precise, I think:

  1. the hostname (which is the Mailservers domain)
    I can change the hostname, but the internal userdomain with the users will remain.

  2. the local domain for my istallation which is NOT the LDAP provided for my users. This OpenLDAP had been created during installation / migration. It contains the administrator account and the Bind DN. Not my users.

  3. the local internal domain (OpenLDAP) which has been migrated from the old system and contains my users (only a handful, so no problem to recreate).

Mail-App Settings:

grafik
grafik848×212 4.37 KB

System → Domain and Users:

grafik
grafik920×546 22.5 KB

So the afterall goal would be to

  • have only ONE OpenLDAP with the correct domain
  • doing all this without loosing the mailboxes (ok, I could simply do an IMAP sync)
  • be able to remap users for other services like nextcloud and SoGo (nextcloud: also this could be recreated doing a reupload)

If we could solve this, I am sure this would help others after migration or / and setup a clean system.

Cheers, Axel

10

No mail data is deleted. New users with same name are remapped to existing mailboxes.

I need to check about Nextcloud as the users are mapped to UUIDs…
SOGo just uses the user domain of the mailserver app.

EDIT:

As regards Nextcloud the files would need to be migrated to the new UUID of the user.

Enter Nextcloud container:

runagent -m nextcloud1 podman exec -ti nextcloud-app sh

Example of listing files of a user:

ls -l data/73fc5571-0027-4c97-b744-eb3df525900c/files/

The UUIDs are shown in the Nextcloud account settings (when logged in as admin):

grafik
grafik2108×1049 166 KB

So you need to get the old UUIDs before removing the LDAP user domain and then copy the files to the new UUID directory.

Finally the files need to be scanned:

runagent -m nextcloud1 occ files:scan --all

I found that there’s an app for importing/exporting users but I never tested: User migration - Apps - App Store - Nextcloud

Yes, it’s not trivial, see Nextcloud can't create share - #23 by mrmarkuz

11

KVM-snaphosts and imapsync are my friends.
So I will try out and then we know :slight_smile:

I’ll report.

Cheers and thanks
Axel

1 Like