server migration question

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

server migration question

Voytek
I have Postfix/Dovecot/Mysql on Centos 7 with mail_version = 3.2.4

setup new server same hostname as old server with mail_version = 3.3.3
using same hostname as old server

the thought was to change A records to point mailserver hostname to new
server IP at switch over time

is that an OK idea ?

what do I then need to set the old server to forward all mail to new server ?


Reply | Threaded
Open this post in threaded view
|

Re: server migration question

Bill Cole-3
On 8 Mar 2019, at 7:33, [hidden email] wrote:

> I have Postfix/Dovecot/Mysql on Centos 7 with mail_version = 3.2.4
>
> setup new server same hostname as old server with mail_version = 3.3.3
> using same hostname as old server
>
> the thought was to change A records to point mailserver hostname to
> new
> server IP at switch over time
>
> is that an OK idea ?

That's how I always do it, and it works well. Make sure you reduce the
TTL value of the A record to a short value for at least twice the normal
TTL before doing the switch. I like to use 300s just to give myself a
slow ramp-up on a new machine that I can watch for trouble, but if you
don't have constant flow you can go as low as 60s before oddball
resolvers show their quirks. So if your current TTL is 86400 (1 day) you
should reduce the TTL and wait 2 days before cutting over. In principle,
1 TTL should work, but in practice, there are weird DNS practices out
there in the wild.

> what do I then need to set the old server to forward all mail to new
> server ?

The more important question is: WHY?

Shut down Postfix on the old server, start the new server, switch the A
record. The worst that is likely to happen is a handful of sites will
cache the old A too long, try and fail to connect to send a message, and
retry a few minutes later to the new server. The absolute worst possible
effect is if somewhere someone has a hardcoded route for your mail by IP
or a broken MTA that only ever retries deferred messages on the same IP,
their mail to you will fail. Those senders will be accustomed to their
mail being broken on a regular basis...

The risk of leaving the old server up and relaying to the new server is
that the old server may become a clearer path for unwanted email than
directly to the new server.

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: server migration question

Voytek
On Sat, March 9, 2019 4:53 am, Bill Cole wrote:
> On 8 Mar 2019, at 7:33, [hidden email] wrote:

>> is that an OK idea ?
>
> That's how I always do it, and it works well. Make sure you reduce the
> TTL value of the A record to a short value for at least twice the normal
> TTL before doing the switch. I like to use 300s just to give myself a
> slow ramp-up on a new machine that I can watch for trouble, but if you
> don't have constant flow you can go as low as 60s before oddball resolvers
> show their quirks. So if your current TTL is 86400 (1 day) you should
> reduce the TTL and wait 2 days before cutting over. In principle, 1 TTL
> should work, but in practice, there are weird DNS practices out there in
> the wild.

Bill, thank you

looking at A record TTLs, they were at 3600, changed to 300
(it seems the idiot who done last DNS never reverted it back to 86400,
typical (that's me, of course...))

>> what do I then need to set the old server to forward all mail to new
>> server ?
>
> The more important question is: WHY?
>
>
> Shut down Postfix on the old server, start the new server, switch the A
> record. The worst that is likely to happen is a handful of sites will cache
> the old A too long, try and fail to connect to send a message, and retry a
> few minutes later to the new server. The absolute worst possible effect is
> if somewhere someone has a hardcoded route for your mail by IP or a broken
> MTA that only ever retries deferred messages on the same IP,
> their mail to you will fail. Those senders will be accustomed to their mail
> being broken on a regular basis...
>
> The risk of leaving the old server up and relaying to the new server is
> that the old server may become a clearer path for unwanted email than
> directly to the new server.

thanks for explaining! makes it simpler. I'll leave Dovecot running but
shut down Postfix on old server