brent timothy saner on 21 Mar 2011 01:27:12 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Postfix bastion host? |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/21/11 03:11, JP Vossen wrote: (SNIP) > Questions: > > 1) What IMAP server do you recommend on Debian Squeeze 64-bit with > Postfix and (mostly) Thunderbird? I'm currently using > courier-imap-4.4.0-2 (Maildir) on Debian Lenny 32-bit, so it might be a > bit easier to re-use some configs. But maybe something else is better? > These jump out at me in the stock Squeeze repos: > courier-imap - Courier mail server - IMAP server # Using now > cyrus-imapd-2.2 - Cyrus mail system - IMAP support > dovecot-imapd - secure IMAP server that supports mbox and maildir > mailboxes > mailutils-imap4d - GNU mailutils-based IMAP4 Daemon personally, i love dovecot and would recommend nothing but it to new installs. the imapd doesn't really matter a WHOLE lot, however, as long as it's configured correctly. > > 2) Has anyone done this before or have similar configs? did it about... four? years ago. don't have the confs handy, i'm afraid. > 3) Any comments, suggestions or things I missed? #4 in your plan, awk and sed can easily handle that (assuming you aren't using an ldap backend, in which case you can just change around aliases. remember, sed is a STREAM editor, so it handles pipes. :) make a named pipe, shunt mail through it and use sed to change the addresses if need be. there are better ways to do this, but this is the fastest and most temporary. you'll see a slowdown, but it should only have to make do until DNS changes propagate. > > 4) Any suggestions on how to test this before cutover? A client and my > 2 servers are easy enough, but remote mail servers on the "Internet" are > a bit harder. I supposed I can add a 4th server as an "external" site > and the fiddle up MX records in DNS... Other/better ideas? > > 5) Any suggestions on how to cutover as smoothly as possible? any dns changes, do around 2200EST-2300EST. change the relays over at 0400EST (perhaps via an at(1) job... at is like a one-off cron job). this should minimize end-user downtime and lost mail (and remember- when a sender gets a receiver error from a maildaemon, it can be fatal or non-fatal. if you set up a trap/bounce during maintenance window with a non-fatal fail, the sender will try again in a couple hours before failing for good. or minutes. or days. depends on sender's daemon configuration). that being said, if you have the time and resources, set up some vm's and recreate the configs (changing the ip's, obviously) and fudging the dns records to point to the LAN boxes instead of their respective "real" boxes. make sure all involved machines are using the fudged dns server as their dns resolver. that should give you a pretty accurate test environment. i feel like i'm missing something (weeee bit tired right now), but that should give you some good ideas, i hope. let us know how it turns out! > > > I plan on attending at PLUG W tonight to hear Randall's email talk, so I > thought this was kind of topical... > > Thanks, > JP > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2HC84ACgkQ8u2Zh4MtlQr1lwCgxm2hCFhptD18cca5QQnvX5Ap VkwAnRumZhTqnEHicsFnhgchXupUdd7+ =b5Kr -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug