home :: admin :: SettingUpNewE-mailServerWithMoreDiskSpace

Setting up a new e-mail server with more disk space

(done on June 2nd 2024)

Our family's e-mail server on DigitalOcean was running out of disk space, so I created a new droplet with FreeBSD 14.0 on it, allocating more disk space (50GB) and a bit more RAM (2MB), and then proceeded to moving our environment onto it.

Here's what I've done:

1) booted up the new droplet and ensured it had the latest patches to FreeBSD (with freebsd-update) and its packages (with pkg upgrade).

2) Create my account and enable sudo

Create my user with adduser, ensuring the right UID and GID, make sure the account is part of the wheel group, and enable sudo for the wheel group in /usr/local/etc/sudoers

3) Copied over the /etc/hosts.allow file from the previous mail server

4) Installed the packages I like to have on the new server:

dovecot, emacs-nox, mutt, mini-httpd, opensmtpd, perl5, python39, rsync, sshguard, sudo, unbound, zip, py39-certbot

5) Fixed /etc/rc.conf

Notably the hostname and all of the deamon activations. Most are disabled for now until their configuration files are set up properly.

6) Copy over the rsyncd configuration

Copy over /usr/local/etc/rsyncd/... so that we can move some files from the old server to the new, preserving ownership, dates, etc.

7) Bring over key /root files

Set up the files I need in /root: my-backup.sh, my-backup.pw, and crontab.root. Then run the crontab command on the root account to activate the crontab.root file.

8) Copy over all accounts

Merge /etc/master.passwd, /etc/passwd and /etc/group into the files on the new server

9) Copy over users' files

Replicate /home/... and /var/mail/...

10) Copy over web environment

Copy over /usr/local/www/...

11) Copy and adjust configuration files for dovecot

Move the configuration files in /usr/local/etc/dovecot over and adjust for new server name.

12) Copy and adjust configuration files for letsencrypt

Move the configuration files in /usr/local/etc/letsencrypt over and adjust for new server name (renaming directory and fixing renewal config file)

13) Copy and adjust configuration files for OpenSMTPd

Move the configuration files in /usr/local/etc/mail over and adjust for new server name.

14) Configure sshguard on new server

Edit configuration files for sshguard in /usr/local/etc to reflect new configuration.

15) Configure unbound on the new server

Copy over the relevant files from /usr/local/etc/unbound and adjust them for the new server name as required.

16) Fix files in /etc

Notably files in /etc/mail (mailer.conf, aliases, rc.conf, ntp.conf)

17) Fix DNS entries on DigitalOcean so that our domain now points to the new server

Put in the new IP address.

18) Set up let's encrypt properly

Seems to work... perhaps need to add atlantic to the certificate names?

19) Ensure latest version of e-mail has been copied over

Shutdown the OpenSMTPd service on ocean.zap.qc.ca, sync the users' e-mail files in /var/mail, redirect the DNS to atlantic, and turn off ocean.

Note that any e-mail in transit on ocean will be lost (yeah, I could do this more cleanly).

Note that DMARC and SPF DNS entries need to be fixed, and the lets-encrypt key files too!!!

20) Redirect e-mail filtering on duocircle.com to the new server

Change the address in the DuoCircle configuration screen to point to the new server.

21) Finish up

with all of that, the new mail server should be active and working. Send a Discord message to all users to ask them to check that their e-mail configuration still works.

If something goes wrong, re-enable the old server.

If all goes well, mothball the old server's files and destroy the droplet on DigitalOcean.

That was quite a bit of work, glad it's done!

P.S. It all worked fine, but I realized months later that the rsyncd setup for my blog transfer didn't work anymore -- fixed that on December 27th

/admin | Posted at 06:17 | permanent link