|
Version 6.3 |
|
| |||||||||||||||||||||||||||
Supporting Network Users
Users that access their mail accounts using any standard Internet Protocol (POP, IMAP)
do not have to switch their mailer applications or change mailer settings - CommuniGate Pro supports
not only the published mail access protocols standards, but most of unofficial protocol extensions, too.
Using Legacy Mailbox filesOne of the supported Mailbox formats supported by CommuniGate Pro is the BSD-type text mailbox format: a Mailbox is a text file with messages separated with an empty line and a line starting with the symbols From . Since most legacy mail systems use this format, the existing mailbox files can be used when migrating to CommuniGate Pro. You should either copy the old mailbox files into the proper places in the CommuniGate Pro Account directories, or you can specify that some Accounts have Legacy INBOXes (see above), and the old mailbox files will be used "in place". Note: when CommuniGate Pro stores a message in a BSD-type Mailbox, it adds additional fields to the separator (From) line. These fields are ignored by legacy mailers and mail servers, but they allow the CommuniGate Pro Server to keep the message status and unique message ID information. When you make your CommuniGate Pro Server use a BSD-type mailbox file composed with an old mail system, it issues warnings (Log records) about missing fields in the message separators. The Server still opens such mailboxes: it creates empty status flag sets for such messages, and it generates unique IDs on-fly. As users read, move, and/or delete old mail from their mailboxes, messages stored with the old mail system disappear, and the Server stops complaining when opening these mailbox files. Converting PasswordsIf your old mail server authenticated clients are using the Unix OS account and passwords (the passwd and shadow files), you can simply enable the Use OS Password option for those accounts and the CommuniGate Pro Server will use the OS authentication procedures for them. Since the OS Passwords are one-way encrypted, they cannot be used for secure SASL authentication methods. The following procedure can be used to allow migrated users to employ the secure SASL methods:
Users can connect to the newly created accounts using their old OS Passwords - i.e. the same passwords they used with the legacy mail system. When users try to modify their account passwords, the new passwords will be stored as CommuniGate Passwords. All users that have updated their passwords will be able to use the secure SASL authentication methods. Sometimes you cannot use this method. For example, you migrate users from a different server, and you do not register them all with the Unix OS on the new server, but you do have the passwd file from the old server. In this case, you may want to enter the Unix-style (crypt-encrypted) passwords as the CommuniGate (internal) Passwords. To make the CommuniGate Pro server process its internal password string as a
U-crpt (crypt-encrypted) or other support encrypted password (see below),
store the password in the Account Settings
with one-byte binary 002 prefix. If you want to create a user test using the
CLI interface, and the Unix (crypt-encrypted) password
for that user is AslUzT1JkPsocc, then use the following CLI command:
If you create users by importing an account list from a text file, place the Unix passwords strings into the UnixPassword column, not into the Password column. In this case, the Loader will automatically add the binary 002 prefix to all password strings. If you create users using the LDAP Provisioning feature, specify the encrypted password as the unixPassword attribute. Account Settings of the new accounts should specify one of the CommuniGate Pro password encryption methods (clear text or A-crpt). Users will be able to log in using their old Unix/encrypted passwords. When they update their passwords, new CommuniGate Password strings will be stored using the specified CommuniGate Pro password encryption method. All users that have updated their passwords will be able to use the secure SASL authentication methods. Some servers produced by the Netscape and Software.com companies store user passwords
using several encryption methods. When passwords are retrieved from those servers, they
have the following form:
CommuniGate Pro can use these passwords in the same way it uses the Unix-encrypted passwords, and they should be entered in the same way: you should use the binary 002 prefix in the CLI commands and/or you should place those passwords into the UnixPassword field of the Account Import file. The following encryption methods are supported:
You can use a CommuniGate Pro CLI script to automatically import all users and their passwords from the OS /etc/passwd file. See the CommuniGate Perl Interface site for a sample script. Migrating from sendmail
If you are migrating from a sendmail-based mail system, you may find the following information useful:
Migrating from Microsoft® Exchange ServersThe special Exchange Migration Utility allows you to retrieve user lists from an Exchange server and to create those users in CommuniGate Pro Domains. The utility copies all user folder data (mail, calendaring, contacts, etc.) converting data and address formats "on-the-fly". The utility requires an MS Windows workstation to run. Copying Mailboxes from Other IMAP ServersIf you have a list of account names and passwords you can copy the contents of the mail folders accessible via IMAP protocol from the Other Server by using the syncIMAPMail mail migration and synchronization utility. If the passwords are not known then you can:
Migrating from an Arbitrary Server ("on-the-fly" migration)Use this alternative migration method when the password switching method explained above cannot be used, and/or the user names and passwords cannot be retrieved from the old server. The method is based on the External Authentication feature of the CommuniGate Pro server. Download, install, and tailor the migration script, and configure CommuniGate Pro to use this script as the CommuniGate Pro External Authentication program. Create the target CommuniGate Pro Domain, and enable the Consult External for Unknown Domain settings. In "Login Methods" disable all methods except PLAIN and SESSIONID to force users' mail applications to submit only unencrypted passwords. Disable the "Use CommuniGate Password" option and enable the "Use External Password option" in the Account Template. When a user attempts to connect to a non-existent Account, or when CommuniGate Pro receives a message for non-existent Account, the External Authentication script is called. The script connects to the old server using the SMTP protocol and checks if the account with the same name (same address) exists on the old server. If the old server does not reject the address, the script creates the Account with this name in the CommuniGate Pro Domain. Then the CommuniGate Pro Server delivers the message to this newly created Account. When a user connects to the CommuniGate Pro Server, the user mailer sends the user name and the user password in the plain text form. Because the CommuniGate Pro Account has the Use CommuniGate Password option disabled, and the Use External Password option enabled, the External Authentication script is called. The script connects to the old server using the POP or IMAP protocol and checks if it can log into the old server with the provided user credentials. If the old server accepts the specified password:
After the first successful login, the correct password will be set as the new CommuniGate Password, and all Account mail will be copied from the old server. After all old server users have successfully connected to the CommuniGate Pro server at least once, all their Accounts will be created and have the correct CommuniGate Passwords set. Then you can disable the External Authentication script and retire the old server. Migration of Calendars and ContactsIf Calendars and Contacts can be exported from the Other Server as text files in vCalendar and vCard formats respectively, then they can be imported via Importing Calendars and Importing Contacts in CommuniGate Pro WebMail interface. Importing the data of multiple users can be automated via importCalendars.pl script from the Script Repository for CommuniGate Pro. Switching ServersVery often it is essential to switch to the new server without any interruption in the services you provide. If you install the new CommuniGate Pro server on the same system as the old mail server, you should:
All this can be done while your old server is still active. Now, you should stop your old server activity by either changing its port numbers to non-standard values, or by disconnecting it from the external network. Use the syncIMAPMail program to copy all messages from your old server to CommuniGate Pro. When all messages are copied, change the CommuniGate Pro IMAP port number back to 143. Now CommuniGate Pro will operate as your mail server, without any interruption in the services you provide. You may want to keep the old server running for several hours - in case its queue contained some delayed outgoing messages. Just check that the old server does not try to use the standard ports. Moving to Secondary DomainsIf you create several Secondary domains in CommuniGate Pro, you may want to move accounts from your old server(s) to a Secondary CommuniGate Pro Domain, not to its Main Domain. In this case, you should add the NewName field to your account list file, and copy all names into that column, adding the @domainname string to each name. If you use the IMAP protocol to move messages between the servers, you may use a simpler method:
|