Mail server migration - w00t!

Have you ever seen a server with a post-it note on it reading “LEAVE ON, DO NOT TOUCH”? Chances are it was probably the mail server. Email has a lot of components and they all need to play along, so once you have the system working, you want to modify it as little as possible. Security updates only, basically. And certain checks, like making sure that the storage component isn’t getting filled up too much.

Any email server has two separate functions: sending and receiving email (handled by the mail traffic agent or MTA) and making email available to the owner of the mailbox (handled by usually, the IMAP server). Email goes forward only: any change made by any sender or recipient is stored, either as a sent email, or as an incoming email. Meaning that any change made is non-reversible. Fun detail: when you send an email, the copy being sent is sent through the MTA, but, the copy that is stored is saved through the IMAP server. Your email client does two separate tasks when sending and storing. But I digress.

The subject I want to talk about today is a project I was dreading for months but one I knew had to be done eventually: migrating my mail server from Funtoo (a now kinda defunct Linux distribution similar to Gentoo), to a different type of Linux environment. Anyone who has administered a mail server before knows that this is no small feat exactly because of what I mentioned before: any change made to the email cache is final and has to be recorded. So once you turn your system on, you want everything to work. You can’t afford to miss a thing.

And on December 31st I finally bit the bullet, decided on a new system, and went in. Meticulously checking every component in two directions: from an outside connection that wants to drop mail on your system to the actual delivery in one direction, to the user who wants to read their email and send their own mails out in the other.

You want to check your incoming email: is the sender domain name valid, is it a known spam host, is this ip allowed to send email for this domain, is the email signature valid, are the contents likely spam.. the list goes a lot further than this. The same with outgoing mail: a lot of checks, appendages to the email metadata and so on.

I finally decided on ArchLinux. Hello Archie my old friend. I’ve come to use your tools again. It’s been such a long time since we interacted together. We parted ways many years ago when you implemented something called systemd much too preemptively, and broke all of my systems in so many ways. But systemd is now mature, Funtoo is far from optimal, I’ll give it another spin.

It took me 30 active working hours to move everything over, and then that anxious moment of turning the new endpoints on. First the IMAP server… Does it work.. can users view their emails… Why yes, it does seem like it.

And then that most scary moment… Turning back on the new MTA. All bets are final now. Any failure in delivery will be on the books… Ok… Here we go…

…and we have lift-off! Everything works. Holy crap can’t believe it. Goodbye Funtoo. Welcome back, ArchLinux. It’s 1:10 am as I write this. I’m properly knackered. But the migration is successful. I’m honestly proud of that. Future proof and ready to serve! 🤗