Migraring mail server

Hi,

I’m getting ready to migrate a mail server with a couple dozen users to my new server being managed by Virtualmin Pro. The current server is a linux system as well, but is not managed by Webmin or Virtualmin. Obviously I’d like to do it with as little impact to the users as possible, and I think I can do that, but I have a few questions about the best approach to take.

The current server is setup with the main website on domain.com, user emails addresses like user@domain.com, and they use mail.domain.com for the host name for sending and receiving mail. Here’s my questions:

  • Would it make more sense from a Virtualmin perspective to create a mail.domain.com, leave it as the MX record for domain.com as it is currently, and add my mail users to that virtual server? Or would it be better to just make mail.domain.com an alias for domain.com and put the mail users in the domain.com virtual server? I can see some advantages for the former case (mail.domain.com can more easily be moved if needed, can make the main website for mail.domain.com be some webmail app, etc.) but I wonder if anything might get confused somewhere in virtualmin, postfix, or dovecot if user@domain.com isn’t actually a user in the domain.com virtual server. I guess if that becomes an issue I can create aliases in domain.com, but that would be a hassle to keep in sync…

  • I’ll probably want to get a signed SSL certificate for POP3/IMAP/SMTP access. Does that impose any limitations on how the above choice is made?

  • I think I read in some old forum messages that you can’t have a signed cert for more than one virtual server for use by the mail services. Is that still the case?

Anybody have any experience (good or bad) with these ideas? What are the pros and cons of putting my mail users in the main domain.com virtual server vs. making a mail.domain.com virtual server for mail?

Hey Robin,

I’d probably suggest against doing the mail.domain.tld as a standalone domain thing. It doesn’t actually gain you anything, and adds a lot of complexity to your Virtualmin configuration.

Specifically, with regard to moving to another server, it’s not harder to move mail users from domain.tld than mail.domain.tld (neither is particularly easy, but the former is definitely no harder than the latter). Mail servers think wholly separately about the names it accepts mail for and send on behalf of than webservers think about it–domain names are almost irrelevant.

The mail record in Virtualmin is already mail.domain.tld, so there’s not difference in “ease of moving”. In both cases, you:

Move the users and mail over
Update DNS to point to a different IP for mail.domain.tld
Setup Postfix (or other MTA) on the new machine to accept mail for the domain–probably just copying verbatim the virtual table from the original machine

Actually, the more I think about it, the more I want to be really emphatic: This is not a good idea. Let Virtualmin setup the mail.domain.tld stuff for you, and if you need to migrate mail to another server in the future hope that we’ve come up with a cluster mail solution by then. (And even if we haven’t, you’re still better off doing it the default way. Heck, even if you didn’t use Virtualmin at all and had to do everything manually, it’s still the better way.)

If I understand correctly you cannot have POP3/IMAP/SMTP certs if you use mail.domain.tld to connect to mail server. This would mean that you had to buy SSL cert for every domain name. That would make no sense. I’m my self thinking about moving to use mail.machine.tld for mail connections. This way I can purchase only one SSL cert when everyone uses the same domain for mail connections.

Or is there a another way to do this? Can DNS make a redirection from mail.domain.tld to mail.machine.tld with SSL so that mail client would try to find that machine domain from the cert instead of mail.domain.tld. This is way I’m starting to think it’s really a bad idea to have all clients connect to different mail domains or “webmin domains” (domain.tld:10000).

The latter issue I solved making these redirections to server template
http://www.domain.tld/virtualmin -> https://machine.tld:10000
http://www.domain.tld/webmail -> https://machine.tld:20000

Now I can easily change the webmail to point somewhere else in the future if I think usermin is not good enough as webmail.

Hi Joe,

Actually, the more I think about it, the more I want to be really emphatic: This is not a good idea. Let Virtualmin setup the mail.domain.tld stuff for you, and if you need to migrate mail to another server in the future hope that we've come up with a cluster mail solution by then. (And even if we haven't, you're still better off doing it the default way. Heck, even if you didn't use Virtualmin at all and had to do everything manually, it's still the better way.)

Ok, thanks. I had already started to setup the mail.domain.tld virtual server, but I can move things over to the main domain.tld virtual server instead.

If I have Bind disabled in Virtualmin does the proper stuff for mail.domain.tld still get set up in the mail servers? (I have an external DNS host doing the name service.)

Also, can you go into more detail about this:

Setup Postfix (or other MTA) on the new machine to accept mail for the domain--probably just copying verbatim the virtual table from the original machine

The old machine is running qmail, the new one is postfix. Do I need to worry about copying anything or should Virtualmin’s setup of Postfix be enough?

If I have Bind disabled in Virtualmin does the proper stuff for mail.domain.tld still get set up in the mail servers? (I have an external DNS host doing the name service.)

Yes, as long as you’ve got email enabled for the virtual server. You’ll have to manually create all of the records, including MX, though. (Create an alias for mail.domain.tld pointing to domain.tld, and create an MX pointing to mail.domain.tld. Then, when/if you move mail to another server, you’d update the alias to be an A record and point to the new IP of the mail server. MX record stays the same.)

The old machine is running qmail, the new one is postfix. Do I need to worry about copying anything or should Virtualmin's setup of Postfix be enough?

You don’t need to do anything if you’re recreating the users using Virtualmin (which I recommend, if there aren’t a huge number…and even if there are, getting them into a batch file that Virtualmin will accept is the best way to bring them over…then you can bring over the mailboxes, if needed, into the newly created homes–that might be a bit time consuming, though, so it’s probably a job for a script, as well).

My comment was about moving mail OFF of a Virtualmin machine to some sort of additional mail server–not about moving mail into a Virtualmin system from a non-Virtualmin system. :wink: