Best practices for backing up small mailserver to remote location
Kenneth Porter
shiva at sewingwitch.com
Thu Aug 9 03:05:28 EEST 2018
On 8/7/2018 5:08 PM, Adi Pircalabu wrote:
> - Since you're on dynamic IP at home, set up a VPN tunnel using the
> mailserver as server and HTPC as client. OpenVPN is ubiquitous and
> widely supported.
> - rsync your mailboxes using the tunnel connection.
> This way you can back up your entire server, not only the mailboxes.
Instead of openvpn, I use openssh. Use compression in the ssh tunnel,
not the rsync connection, as rsync compression tends to be buggy and
interrupts the download. I run sshd on a non-standard port to keep my
logs relatively free of script kiddy noise from people looking for an
ssh connection to crack. Run fail2ban to lock out the remaining script
kiddies. Use a client certificate to log in with ssh unprompted, making
it easy to download in a cron job.
Here's an example of scripting the download. Uncomment the DRYRUN line
for testing, then comment for production. Add more rsync commands to
back up different partitions. The --one-file-system prevents rsync from
trying to back up /dev, /proc, and /sys. The --delete option will remove
local files that were deleted on the remote server. Use that set of
options once you're happy that the backup is working right.
#!/bin/sh
#set -e
set -x
#DRYRUN=--dry-run
#RSYNC_OPTIONS="$DRYRUN --one-file-system -avH --delete"
RSYNC_OPTIONS="$DRYRUN --one-file-system -avH"
DEST=/home/rsync/Server1
# Allow one hour so we don't burn up our bandwidth allowance
# from a command error
time timeout 1h \
rsync -e 'ssh -C -p 1234' $RSYNC_OPTIONS example.com:/ ${DEST}/ \
--exclude tmp
# add more rsync commands here for other partitions
More information about the dovecot
mailing list