I’m preparing to swap my public IPv4 ( due to a large mail provider entirely blocking it and refusing and very slow to mitigate for a while now, which is causing significant disruptions for me and other hosted domains not able to send mail because of it ). My VM hosting provider supplied a clean new IPv4.
My question is could I have multiply PUBLIC_IP address in /etc/mailinabox.conf would the /mailinabox consider them? As for IPv6, I do have two public ones, and mailinabox does not take them into account had to do some manual editing.
Make sure you have a working backup, offsite! I had another VM spinned up and restored the current backups before the updates.
STORAGE_USER=user-data STORAGE_ROOT=/home/user-data PUBLIC_IP=139.xx.xx.xx PUBLIC_IP=109.xx.xx.xx PUBLIC_IPV6=2a01: PUBLIC_IPV6=2a01 PRIVATE_IP=139.xx.xx.xx PRIVATE_IP=2a01: PRIVATE_IPV6=2a01: MTA_STS_MODE=enforce
Besides the DNS entries, I will have these places where the IPv4 is used:
/etc/mailinabox.conf: /etc/nsd/nsd.conf: ip-address /etc/postfix/main.cf:smtp_bind_address= /etc/fail2ban/jail.d/mailinabox.conf:ignoreip =
The migration path is for in VM place; NOT a new VM/Host:
Add the new IPv4 to the public ethernet interface as an alias & route on the fly and test if its reachable from the outside. As per suggestion bellow reduce TTL for all domains. and rerun “sudo mailinabox”
DNS registrar’s side update ns1&ns2.box hosts and add the new IPv4 to the existing setup
without removing the original IPv4 just yet - as this can take quite a bit of time up to 48h ;(.
Add the new public IPv4 to the relevant configs and restart the nsd, postfix, fail2ban.
Sit and wait for *h-48h,confirm new DNS glue records have propagated using public DNS for validation with dig +trace.
DNS registrar’s side update ns1&ns2.box, check any any secondary NS if you have any and remove the old host IPv4, do not remove the old IP address under VM netowk settings on the hosting platform - Linode specific?.
Go back to 4)If you have both public IPs you do not need to wait, as you VM can respond to both regardless of the DNS cache expire times.
Reboot MIAB VM for the hosting provider to reclaim the old IPv4 (depends if you use DHCP or static netowrk configureation) and reconfigure the new IPv4 for my VM.
After reboot, run ./mailinabox and check the configs above if they have picked up the change to the new IPv4 and
removekeep the old IPv4 and route, as alias IP add on the fly, reload the services, and check the reverse record and MIABs and DNS records for the domains including the secondary ones but using an external public resolvers.
Clean up the old IPs and configs, restore domain default TTLs.
Am I missing something?
** Update** All revised steps added with Italic+bold, some text stroked where needed.
Full disclosure: The Update did not go as I planned; I had more downtime than anticipated!! At 8. I released my old public IP from the hosting panel and could not use it anymore; I shot myself in the foot! And my two external NS servers - configured as secondaries got stuck with TTL of 24h! and were not picking the zone changes at all, regardless of the actions taken, including recreating the zones.
It could be a host-specific issue. I used my hosting provider’s NS as advertised servers in my domain registrar as well + ns1.box - it did take a day, and the public DNS was serving old/new records randomly. Finally, I got rid of them and used another DNS provider that worked in 30min.