Best practices for backing up small mailserver to remote location

[KSB]

On 2018.08.09. 3:21, Adi Pircalabu wrote:
> On 09-08-2018 10:05, Kenneth Porter wrote:
>> On 8/7/2018 5:08 PM, Adi Pircalabu wrote:
>>> - Since you're on dynamic IP at home, set up a VPN tunnel using the 
>>> mailserver as server and HTPC as client. OpenVPN is ubiquitous and 
>>> widely supported.
>>> - rsync your mailboxes using the tunnel connection.
>>> This way you can back up your entire server, not only the mailboxes.
>>
>> Instead of openvpn, I use openssh. Use compression in the ssh tunnel,
>> not the rsync connection, as rsync compression tends to be buggy and
>> interrupts the download. I run sshd on a non-standard port to keep my
>> logs relatively free of script kiddy noise from people looking for an
>> ssh connection to crack. Run fail2ban to lock out the remaining script
>> kiddies. Use a client certificate to log in with ssh unprompted,
>> making it easy to download in a cron job.
> 
> There's more than one way to skin a cat :) Moving the ssh port and 
> adding fail2ban in the mix is another option. Personally tend to use VPN 
> tunnels for dynamic IP clients for various reasons, such as being able 
> to lock clients out by revoking keys.
> 

I prefer connecting from backup server side (and this will resolve 
dynamic ip problem in this case), so backups are not accessible from 
production servers.
Another option is rsnapshot (if you need versions), it's rsync over ssh 
and depending on hard link "magic" it conserves disk space (only one 
copy of mail, independently how long history you have). But as said 
before - it better works for maildir.

--
KSB