Thursday, December 29, 2011

Moving internal mail servers

I've been having reliability problems with a flaky drive on my primary desktop box, which happens to also be my primary mail server for my personal domain.  Unfortunately, when that machine goes down, so does all the email for everyone in my domain.  I can live with that for a few hours, but this has happened now for the better part of three days, which is unacceptable.  I therefore set about to move my SMTP server off my desktop box (running Ubuntu 11.04) and onto my firewall box (running CentOS 4.9).  Nothing much ever changes on the firewall, and it runs on server-class hardware (an HP ProLiant), so it should be a far more reliable platform.

I run Postfix for my mail server, primarily because it's lighter weight and easier to configure than the default Sendmail.  (Lest you call me a wimp for that, know that I used to write sendmail rewrite rules from scratch back in the mid-1990's. Grunt!)

Moving the mail server was pretty simple.  The first step was to install the postfix package on the firewall by running "yum install postfix".

Next, I moved the contents of the /etc/postfix/ directory over from Ubuntu and merged them with the CentOS version.  Aside from a few system paths changing in main.cf, this was a straight copy.  I cleaned out a little bit of legacy crap from those files while I was at it.

Next, configure postfix as the default mail transfer agent (MTA) on the CentOS box by using the command "alternatives --config mta".  You'll want postfix to run at boot, so run "chkconfig postfix on".

If you run SpamAssassin like I do, don't forget to install it, setup spamd to run at boot (using chkconfig), and then copy each user's ".spamassassin" folder over to the new machine.

I then had to punch a hole in the firewall software itself to allow port 25 in & out.  Because this box wasn't originally configured as a mail relay, the SMTP ports had been blocked.  I use the FWBuilder GUI to configure my IPTables setup, since my internal network is a bit more complicated than your typical home setup.  I'm gradually simplifying it, though, as I move more & more services off-site.

With that done, it was finally time to update the DNS entries to move the default MX records for my entire network from the old Ubuntu box to the new CentOS box.  I left the Ubuntu box as a backup MX for my domain for the time being.  My ISP also acts as a backup MX site for me, so I'm reasonably well protected against network outages from that respect.

I'm still battling the flaky hard drive, but at least now my email will continue to flow while my desktop box is down.  That's a Good Thing.

If you've got any specific questions about the process or other suggestions, please speak up in the comments below.  I love hearing from my readers!

No comments:

Post a Comment

Please leave your comment below. Comments are moderated, so don't be alarmed if your note doesn't appear immediately. Also, please don't use my blog to advertise your own web site unless it's related to the discussion at hand.