Migration Guide from eFa v3 to eFa v4

Migrating from v3 to v4 is possible using the backup and restore functionality of eFa.

The process involves doing the following:

1. Initial preparation (fact gathering)
2. Preparing v3 appliance
3. Preparing the v4 appliance
4. Shutting down the v3 appliance
5. Configuring the v4 appliance and running a restore

If successful, all databases will be transferred to v4 with upgraded schema and compatible settings will be transferred.

Before migrating, please document the following on your v3 appliance:

• Username used to log into console
• IP address, netmask, and default gateway
• hostname
• domain name
• admin email

(hint: look in /etc/EFA-Config for these facts )

1. Log into v3 console
2. Enter Maintenance Mode
3. Drop to shell
4. sudo service postfix stop (to halt mail flow)
5. (backup and/or snapshot the v3 appliance now)
6. sudo chmod +x /usr/local/sbin/EFA-Backup
7. sudo /usr/local/sbin/EFA-Backup -backup
8. sudo chmod -R 775 /var/spool/MailScanner/quarantine (to loosen permissions for copy)
9. sudo chmod -R 775 /var/EFA/backup/* (to loosen permissions for copy)
10. sudo sa-learn –backup > /root/backup.txt

If you are using opendkim, do the following

1. sudo chmod -R 775 /etc/opendkim/*

1. Build a v4 testing using any means with sufficient storage
2. Do not set it up yet (if no DHCP, set a temporary static IP in /etc/sysconfig/network-scripts)
3. Start eFa first-time configure (Y/n) → n
4. yum install sshfs
5. sshfs <nameofv3user>@<ipaddress>:/ /mnt
6. cp /mnt/var/EFA/backup/<nameofbackup> /var/eFa/backup (where <nameofbackup> is the name of the backup you generated during v3 preparation)
7. chmod 600 /var/eFa/backup/<nameofbackup> (secure the backup file)
8. chown root:root /var/eFa/backup/<nameofbackup> (secure the backup file)
9. cp /mnt/root/backup.txt /root/backup.txt

The following steps apply if you want to keep your quarantine

1. cp -ra /mnt/var/spool/MailScanner/quarantine/* /var/spool/MailScanner/quarantine (transfers entire quarantine to new appliance, if prompted for overwrite, answer no)
2. chmod -R 750 /var/spool/MailScanner/quarantine/*
3. chown -R postfix:mtagroup /var/spool/MailScanner/quarantine/*

The following steps apply if you are using opendkim

1. yum -y install opendkim
2. mkdir -p /etc/opendkim
3. cp -ra /mnt/etc/opendkim/* /etc/opendkim (answer yes to overwrite)
4. chown -R opendkim:opendkim /etc/opendkim/*
5. chmod -R 750 /etc/opendkim/*
6. cp /mnt/etc/opendkim.conf /etc/opendkim.conf (answer yes to overwrite)

• Grab any other custom configs or files you might need
• Shut it down
• sudo shutdown -h now

• Run through initial setup via GUI or command line (log out and log back in, use same settings as the v3)
• Let system reboot
• Log into console
• 12) System Restore (Answer yes, 1, yes)
• Let system reboot
• Log into console and drop to shell
• Review files with a “v3” or “v4” extension for any settings you may want to use. Restore attempts pick the best settings but generates these files for further review.
  • /etc/mail/spamassassin
  • /etc/MailScanner
  • /etc/MailScanner/rules
  • /var/www/html/mailscanner/
  • /etc/postfix

If your bayes database is blank in the MailWatch GUI after migration, run this:

• sudo sa-learn –clear
• sudo sa-learn –restore /root/backup.txt

The following steps apply if you are using opendkim

• /etc/postfix/main.cf:
  • smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333
  • non_smtpd_milters = inet:127.0.0.1:8891
• sudo systemctl enable opendkim
• sudo systemctl start opendkim
• sudo systemctl reload postfix

If you use 3rd party virus scanners, those will need to be installed on the new appliance.