[Dovecot] Gotchas in switching from one server to another without impacting users?

Rick Romero rick at havokmon.com
Tue Aug 18 15:50:37 EEST 2009 

Quoting "Gary Chodos" <gchodos at gmail.com>:

> On Fri, Aug 14, 2009 at 5:17 PM, Sahil Tandon<sahil at tandon.net> wrote:
>> On Fri, 14 Aug 2009, Timo Sirainen wrote:
>>
>>> On Aug 14, 2009, at 12:36 AM, Gary Chodos wrote:
>>>
>>>> We have to replace one mail store (foo.example.org) with another
>>>> (bar.example.org).  I rsync'd the maildirs from foo to bar today and
>>>> the plan is to hold all delivery (in the SMTP server) on foo over the
>>>> weekend, rsync again (this time it should be much faster since the
>>>> large xfer already occurred today), then flush the SMTP queue on foo
>>>> towards bar, direct all new deliveries to bar.example.org.  Users
>>>> currently access their IMAP mailboxes via imap.example.org.  I plan to
>>>> just 'flip the switch' at DNS so imap.example.org points to
>>>> bar.example.org (instead of foo.example.org) so users don't have to
>>>> change anything on their end and should not even notice this change.
>>>
>>> And I guess you also thought about the DNS cache TTLs?
>>
>> The OP should also consider killing dovecot during the rsync  
>> (similar to what
>> another member of this list suggested).  Then restart with a new
>> configuration that proxies incoming IMAP connections towards the new server
>> in case some clients still hit the old server before full DNS propagation.
>
> To make the proxy feature work I had to allow plaintext auth on 143
> from old -> new server.  I use firewall rules to prohibit anyone
> except the old server from accessing the new one on port 143.  Does
> this pose a security issue?  Is there something else I should do to
> prevent security holes?
>

I wasn't really paying attn to this thread, but I just did this.  I  
used ZFS snapshots this time, last time I used rsync.  Both my boxes  
were behind load balancers, so it was a simple IP change there and  
seemless for the end-users. I also upgraded to Dovecot 1.2.

No so seamless was - For some reason, users who use AVG email scanning  
with Outlook are no longer able to POP mail.  The download 'freezes'.   
I redirected POP from Dovecot to qmail-pop3d, had users change the  
fqdn of the mail server, I wiped out existing mailboxes, I had users  
try to add brand new mailboxes, I changed the pop3_uidl_format - but  
nothing worked.  The only solution was to disable AVGs email scanning.

Just a heads up - something is amiss.

Rick

More information about the dovecot mailing list