On Fri, Aug 14, 2009 at 5:17 PM, Sahil Tandonsahil@tandon.net wrote:
On Fri, 14 Aug 2009, Timo Sirainen wrote:
On Aug 14, 2009, at 12:36 AM, Gary Chodos wrote:
We have to replace one mail store (foo.example.org) with another (bar.example.org). I rsync'd the maildirs from foo to bar today and the plan is to hold all delivery (in the SMTP server) on foo over the weekend, rsync again (this time it should be much faster since the large xfer already occurred today), then flush the SMTP queue on foo towards bar, direct all new deliveries to bar.example.org. Users currently access their IMAP mailboxes via imap.example.org. I plan to just 'flip the switch' at DNS so imap.example.org points to bar.example.org (instead of foo.example.org) so users don't have to change anything on their end and should not even notice this change.
And I guess you also thought about the DNS cache TTLs?
The OP should also consider killing dovecot during the rsync (similar to what another member of this list suggested). Then restart with a new configuration that proxies incoming IMAP connections towards the new server in case some clients still hit the old server before full DNS propagation.
To make the proxy feature work I had to allow plaintext auth on 143 from old -> new server. I use firewall rules to prohibit anyone except the old server from accessing the new one on port 143. Does this pose a security issue? Is there something else I should do to prevent security holes?