| JP Vossen on 21 Mar 2011 01:11:42 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] Postfix bastion host? |
The server hardware and IPA are also changing, and since the same machine hosts my web and DNS, that's a pain, but I've done all that before.
For the mail server side, at a high-level, I have to:1) Figure out DNS names, update internal and external DNS, and email clients. I can do that in advance, then just change the local DNS CNAMEs to cutover. The external server will be "mail." while the internal server will be "smtp." and "imap.".
2) Install/configure IMAPD on the internal server (I already rsync the real external server twice a day, so I can locally rsync that into /home/ as needed for testing.)
3) Tweak the internal server's Postfix to have local mail and only relay external mail (right now it relays everything). Tricky to test without losing mail... :-(
4) Configure the external server to securely relay and not mangle names (i.e., I want to only have user@example.com, and not user@gw1.example.com). Tricky to test without losing mail... :-(
5) Cutover servers (DNS, web, & incoming/outgoing SMTP) 6) Final test 7) Backout plan is to swap old DNS configs back in. Questions:1) What IMAP server do you recommend on Debian Squeeze 64-bit with Postfix and (mostly) Thunderbird? I'm currently using courier-imap-4.4.0-2 (Maildir) on Debian Lenny 32-bit, so it might be a bit easier to re-use some configs. But maybe something else is better? These jump out at me in the stock Squeeze repos:
courier-imap - Courier mail server - IMAP server # Using now cyrus-imapd-2.2 - Cyrus mail system - IMAP support dovecot-imapd - secure IMAP server that supports mbox and maildir mailboxes mailutils-imap4d - GNU mailutils-based IMAP4 Daemon 2) Has anyone done this before or have similar configs? 3) Any comments, suggestions or things I missed?4) Any suggestions on how to test this before cutover? A client and my 2 servers are easy enough, but remote mail servers on the "Internet" are a bit harder. I supposed I can add a 4th server as an "external" site and the fiddle up MX records in DNS... Other/better ideas?
5) Any suggestions on how to cutover as smoothly as possible?I plan on attending at PLUG W tonight to hear Randall's email talk, so I thought this was kind of topical...
Thanks, JP ____________________[1] This is interesting, but has no date (so obsolete?) and seems a little on the lite side:
http://www.packetnexus.com/kb/greyarts/docs/1014086757:32027.html "Postfix as a bastion SMTP gateway" ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug