[K12OSN] Moving our email server

mrok12osn at eastgranby.k12.ct.us mrok12osn at eastgranby.k12.ct.us
Fri Jan 5 16:59:29 UTC 2007 

> On Fri, 5 Jan 2007 08:37:10 -0500 (EST), mrok12osn wrote
>> In the near future, I am going to need to move our email server from
>> one ISP (Cox Cable) to another (CEN - Connecticut Education Network)
>> and I have never done this before.  Our email server is FC5 (postfix)
>>  built from the K12LTSP CD's.
>>
>> I'm wondering whether I can just put a second ethernet card in the email
>> server so both ISP's IP addresses (old and new) are active, update
>> iptables, and then notify the ISP that maintains our DNS pointers to
>> repoint to the new IP address.  Then after a couple of days, I can just
>> shutdown the old IP address.
>>
>> Will this work?  Are there any issue with postfix?  Any help or
>> suggestions are appreciated.
>
> Judging by the other responses I may be reading this question wrong.  The
> way
> I read it is that your server will basically be stationary and you'll
> simply
> be bringing a new internet connection into your server room at the same
> time
> as your old one, then phase the old one out once your sure your new
> connection
> is completely operational.
>
> I have found in the past that 2 network cards on different internet
> connections can make things get a little stupid.  Instead, every time I
> make a
> move like this I simply lower my DNS TTL to 1 hour.  That way the maximum
> time
> your DNS will take to renew after the change is an hour.  Then I look
> through
> all of my configuration files to be sure that either they reference eth0
> or
> localhost or 127.0.0.1 and then quickly note which ones reference my
> actual
> external IP.  Don't forget to look through your webmail conf, your php
> conf,
> sql conf, or any other confs that Postfix may be calling on.  They will
> all
> need to be updated.  Once you have a list of which confs need the IP
> change
> you can make the switch in a matter of minutes.
>
> I basically go off the fact that any mail server trying to send to my
> server
> has a retry queue.  I figure if my server is down for 30 minutes or so, I
> still won't miss any messages because the sending server will continue to
> retry, and if for some reason I am not back up in time, at least the
> sender
> will get a failure notice (though they never seem to understand them :-).
>
> So once I have both connections, I shut down postfix, make my DNS changes,
> run
> through all noted configs and change the IP, switch the Internet
> connections,
> change the servers IP, then reboot.  If I really want to speed up local
> activity (since that is where most of our customers reside) I call our
> local
> IP and ask them to refresh their DNS (we have a home grown ISP here so
> they
> are easy to talk into things).
>
> With that sequence everyone should be back on the server within an hour
> max
> with no messages lost.  If you really want to try and shorten things up.
> Make
> your TTL change a week ahead of time.  Then you know the whole world is on
> a 1
> hour max TTL when you make the change.  Then make your DNS changes about
> 30
> minutes before the shutdown and switch.  That will almost ensure you a
> maximum
> downtime of 30 minutes.  And if a couple sending servers get your new IP
> 15
> minutes early or something, since there is no server present yet it should
> just go in a retry queue and come through once you get things running.
> Couple
> all of that and make your changes at 2am or something and about the only
> email
> you may loose is some SPAM.
>
> I am sure this is not the "PROPER" way to make the changes, but it works
> for me.
>
> --
> This message has been scanned for viruses and
> dangerous content by the Cotter Technology
> Department, and is believed to be clean.
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

Thanks Jim,

You read the question correctly.  I will take a hard look at the config
files that you mentioned.  Regarding DNS TTL, I may have trouble
coordinating the changes because I cannot directly update our DNS
pointers.  I need to have Cox personnel do it.

If I do not need to make any changes to the config files, can you expound
at all about "a little stupid" regarding the connections to two ISP's?

Mark Orenstein
East Granby, CT School System

More information about the K12OSN mailing list