Questions about mig...
 
Notifications
Clear all

Questions about migratin z2c

4 Posts
3 Users
0 Reactions
538 Views
(@working_ina_company)
Joined: 1 year ago
Posts: 2
Topic starter  

Hello,

Previous sysadmin left the company and now I have inherited an installation of Zimbra 8.7.0... yes, 8.7.0... I know: cve-2019-9670 vulnerability in http/s and IMAP... and now its impossible to find 8.7.11 and patches because zimbra removed open source edition downloads... So I planning to migrate ASAP to something similar to zimbra, and I think carbonio is a good match because is using all the legacy of zimbra.

 

I have a very minimal configuration: single server and its being in use only with IMAP ( and being vulnerable with this, which made me full anxious ), POP and SMTP in public network, and webmail only in internal network.

I want to install carbonio in the same way, but the documentation says that single servers are not supported anymore, the tutorial is a five node installation... but that is too much for my requeriments... It's possible to install only in two node? somethinng like SRV1: PostgreSQL, DB connection, provided by pgpool, Directory Server, Carbonio Mesh, Carbonio Monitoring, Carbonio Advanced (AppServer) and SRV2: MTA, the mail server, Proxy, User management or maybe moving the appserver role to SRV2?

 

 

Apart from that, guys, can you tell me if lateral movement is possible with cve-2019-9670? as this is a 5 year old vulnerability I'm afraid that hackers can have better knowledge of the network than me  😖 😖 😖

any of you deal with this cve in the past? any recommendation is more than welcomed.

i'm using this to know about the cve: https://lorenzo.mile.si/zimbra-cve-2019-9670-being-actively-exploited-how-to-clean-the-zmcat-infection/961/


   
Quote
antonio
(@antonio)
Joined: 1 year ago
Posts: 48
 

Hi,

You know that you can use virtualization to match the "5 server scenario", right? For instance using proxmox and create 5 vms? Do you have server resources?

contact if you need some help

Regards


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

So... yes you can have Carbonio in one single-server.... I do and it works great.

1 - this is the guide to have it

2 - You may consider using my migration tool Z2C available here

Anyway I'll suggest you to install Proxmox and create a VM in there so you can have spanshots available in case things doesn't work well after upgrades. remember to leave 15% of the disk unused to allow snapshots to be done.

Wish you the best of luck!


   
ReplyQuote
(@working_ina_company)
Joined: 1 year ago
Posts: 2
Topic starter  

Posted by: @antonio

Hi,

You know that you can use virtualization to match the "5 server scenario", right? For instance using proxmox and create 5 vms? Do you have server resources?

contact if you need some help

Regards

I'm using virtualization right now, but we are very tight on resources, specially on hard disk 🙄

Posted by: @anahuac

So... yes you can have Carbonio in one single-server.... I do and it works great.

1 - this is the guide to have it

2 - You may consider using my migration tool Z2C available here

Anyway I'll suggest you to install Proxmox and create a VM in there so you can have spanshots available in case things doesn't work well after upgrades. remember to leave 15% of the disk unused to allow snapshots to be done.

Wish you the best of luck!

as is stated here: https://docs.zextras.com/carbonio/html/upgrade.html

Starting with version 23.6, the Single-Server installation of Carbonio is not supported anymore. If you have a Single-Server Installation, you must add a few Nodes to your installation and redistribute the Roles on them, to ensure you continue to productively use Carbonio.

 

I don't want to be outside requeriments from all the support the forum can give... another guy was running on almalinux and was left without help because almalinux is not a supported OS... I think it will be the same for me in single server installation... but also I don't know either if I will have help if i'm running a two nodes installation...


   
ReplyQuote