Hi,
No worries. Thats a decision you’ll need to make.
Id suggest that running the older software for another three years is a bit excessive though, I wouldn’t do that.
I’ve recently migrated to Cyrus 3.4.1 from 3.0.x. The approach I used to minimize downtime and give me options to back out if needed was:
1. Build a 3.2.x server as an intermediary.
2. Build a 3.4.1 server as final state.
- snapshot / backup original 3.0.x server
3. Set up one way replication between 3.2.x and 3.2.x. periodic but also do a bulk/full replication as well. Bash script and cron.
4. Set up one way replication between 3.2.x and 3.4.x and also periodic replication (bash script and cron)
5. Force sync original server with intermediate so you have a copy. Do the same between intermediate and 3.4.x server.
5a. Test authentication from 3.4.x server is working as expected for http (if caldav/carddav) in use and also ldap and maybe even lmtp if in use.
6. Confirm your servers are pretty much close to being in sync, depending on size/business of server this may not be possible but suggesting it anyway for feasibility assessment.
7. Sanity check the configuration using client and host file entry to test in parallel. Important just to read and not make changes (confirming IMAP) is accessible on the latest version.
7. At the least busiest time, take original server down for maintenance, do one last full replication to confirm the intermediate is in sync with original. Do the same between intermediate and final 3.4.1 server.
8. Make sure your certificates are ok on the new servers. Shutdown the original server (reassign that IP to the new server), restart services.
9. Test clients can access the mail on the 3.4.x server. Test mail flow inbound/outbound and mail delivery to mailbox server.
10. If smtp and imap services on same box, may want to consider splitting those and/or rsync’ing that configuration to the 3.4.x server ahead of cut over.
Now big assumption is that your SMTP/SMTPS services are on a separate server to Cyrus. If it’s a server running just a Cyrus, the above approach map be easiest and offer fall back option if it goes peer shaped or need to back out. If it’s combined, perhaps an opportunity to separate the different functions.
I’d probably plan for full down time to ensure you can get absolute consistency when sync’ing the servers before transitioning users to the new primary. Without knowing the environment, at a high level this may work although depending on your complexity, number of servers, number of mailboxes etc, it may be more difficult than the simplified view I’ve provided.
Just an idea - could likely do that work in parallel with minimum risk to production whilst allowing the upgrade to happen sooner. I went via intermediate version as I had replication issues (needed to zero conversation history for relocation to work). That’s a consideration to keep in mind. Seemed like a bit between 3.0.x and 3.2 or 3.4. Didn’t have that issue between 3.2 and 3.4 from what I could remember but it’s been a while now.
There may be better ways to do it, the above worked well for me but my environment was pretty simple and relatively small.
-Andrew
Sent from my iPhone
> On 18/06/2021, at 07:39, Albert Shih <Albert.Shih@xxxxxxxx> wrote:
>
> Le 18/06/2021 à 07:05:46+1200, AndrewHardy via Info a écrit
> Hi,
>
>>
>> I’d recommend upgrading, 2 major releases behind. (Latest 3.4.1). Running old
>> software isn’t recommended but it’s a risk based decision on your part and
>> specific to your environment and security posture.
>>
>> Id suggest having a look at known security vulnerabilities for Cyrus (link
>> below). Although the version may match known issues, doesn’t mean it’ll be
>> exploitable. Configuration generally plays a part in determine exploitability.
>>
>> https://www.cvedetails.com/vulnerability-list/vendor_id-1321/Cyrus.html
>
> Thanks, but yes I know that. In generally I alway run the latest version of
> allmost everything.
>
> But the mail is very critical, and the impact if something goes wrong can
> be very high.
>
> So I'm verry prudent on this point.
>
> Regards
> --
> Albert SHIH
> xmpp: jas@xxxxxxxx
> Heure local/Local time:
> Thu Jun 17 09:36:48 PM CEST 2021
------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T1b7cba8d7073707a-Mf23ce76b7a893688830383d3
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
