[Dovecot] Gotchas in switching from one server to another without impacting users?
Gary Chodos
gchodos at gmail.com
Tue Aug 18 07:06:16 EEST 2009
On Fri, Aug 14, 2009 at 5:17 PM, Sahil Tandon<sahil at tandon.net> wrote:
> On Fri, 14 Aug 2009, Timo Sirainen wrote:
>
>> On Aug 14, 2009, at 12:36 AM, Gary Chodos wrote:
>>
>>> We have to replace one mail store (foo.example.org) with another
>>> (bar.example.org). I rsync'd the maildirs from foo to bar today and
>>> the plan is to hold all delivery (in the SMTP server) on foo over the
>>> weekend, rsync again (this time it should be much faster since the
>>> large xfer already occurred today), then flush the SMTP queue on foo
>>> towards bar, direct all new deliveries to bar.example.org. Users
>>> currently access their IMAP mailboxes via imap.example.org. I plan to
>>> just 'flip the switch' at DNS so imap.example.org points to
>>> bar.example.org (instead of foo.example.org) so users don't have to
>>> change anything on their end and should not even notice this change.
>>
>> And I guess you also thought about the DNS cache TTLs?
>
> The OP should also consider killing dovecot during the rsync (similar to what
> another member of this list suggested). Then restart with a new
> configuration that proxies incoming IMAP connections towards the new server
> in case some clients still hit the old server before full DNS propagation.
To make the proxy feature work I had to allow plaintext auth on 143
from old -> new server. I use firewall rules to prohibit anyone
except the old server from accessing the new one on port 143. Does
this pose a security issue? Is there something else I should do to
prevent security holes?
More information about the dovecot
mailing list