brent timothy saner on 21 Mar 2011 01:27:12 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Postfix bastion host?

Hash: SHA1

On 03/21/11 03:11, JP Vossen wrote:

> Questions:
> 1) What IMAP server do you recommend on Debian Squeeze 64-bit with
> Postfix and (mostly) Thunderbird?  I'm currently using
> courier-imap-4.4.0-2 (Maildir) on Debian Lenny 32-bit, so it might be a
> bit easier to re-use some configs.  But maybe something else is better?
>  These jump out at me in the stock Squeeze repos:
>     courier-imap - Courier mail server - IMAP server  # Using now
>     cyrus-imapd-2.2 - Cyrus mail system - IMAP support
>     dovecot-imapd - secure IMAP server that supports mbox and maildir
> mailboxes
>     mailutils-imap4d - GNU mailutils-based IMAP4 Daemon

personally, i love dovecot and would recommend nothing but it to new
installs. the imapd doesn't really matter a WHOLE lot, however, as long
as it's configured correctly.

> 2) Has anyone done this before or have similar configs?

did it about... four? years ago. don't have the confs handy, i'm afraid.

> 3) Any comments, suggestions or things I missed?

#4 in your plan, awk and sed can easily handle that (assuming you aren't
using an ldap backend, in which case you can just change around aliases.
remember, sed is a STREAM editor, so it handles pipes. :) make a named
pipe, shunt mail through it and use sed to change the addresses if need
be. there are better ways to do this, but this is the fastest and most
temporary. you'll see a slowdown, but it should only have to make do
until DNS changes propagate.

> 4) Any suggestions on how to test this before cutover?  A client and my
> 2 servers are easy enough, but remote mail servers on the "Internet" are
> a bit harder.  I supposed I can add a 4th server as an "external" site
> and the fiddle up MX records in DNS...  Other/better ideas?
> 5) Any suggestions on how to cutover as smoothly as possible?

any dns changes, do around 2200EST-2300EST. change the relays over at
0400EST (perhaps via an at(1) job... at is like a one-off cron job).
this should minimize end-user downtime and lost mail (and remember- when
a sender gets a receiver error from a maildaemon, it can be fatal or
non-fatal. if you set up a trap/bounce during maintenance window with a
non-fatal fail, the sender will try again in a couple hours before
failing for good. or minutes. or days. depends on sender's daemon

that being said, if you have the time and resources, set up some vm's
and recreate the configs (changing the ip's, obviously) and fudging the
dns records to point to the LAN boxes instead of their respective "real"
boxes. make sure all involved machines are using the fudged dns server
as their dns resolver.

that should give you a pretty accurate test environment.

i feel like i'm missing something (weeee bit tired right now), but that
should give you some good ideas, i hope. let us know how it turns out!

> I plan on attending at PLUG W tonight to hear Randall's email talk, so I
> thought this was kind of topical...
> Thanks,
> JP
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --