Moving mail to an alternate server

Hi,

I would like to offload mail processing onto its own server in my cluster so that it is no longer on my Virtualmin system. I have already set up SpamAssassin on this other machine, following the given documentation, but I do not want to have to install Virtualmin GPL on the second machine just to set up Clam antivirus. Is there a way I can do this without installing Virtualmin GPL?

Also, how can I move the other mail components (Postfix, Dovecot, etc.) to this second server? Both machines mount volumes from a central Gluster file server that contain /home and other folders.

Basically I want the first machine to run Virtualmin, Web, and DNS only; nothing else.

Thanks, -Logan

Status: 
Active

Comments

There isn't really good support in Virtualmin for completely offloading mail processing unfortunately - you can offload spam and virus filtering (using a remote clamd/spamd), but the complexities of user and home directory sharing make full separation complex.

How can I offload virus scanning support to a new server without installing Virtualmin GPL on that server (as recommended in the documentation)? I really want to keep that other server light in terms of installed services, applications, etc. I know you can install Virtualmin without activating its other services but I really just want to offload virus scanning without installing Virtualmin if possible.

Also, I already use Gluster to provide a distributed file system that I simply mount on my clustered Web servers. This serves /home, /var/log/virtualmin, and a few other things. Would I be able to use this to support complete off-loading of mail processing?

The easiest way to do that would be to install Virtualmin GPL onto the other server, and then to disable all the services you don't need.

It is possible to do all that without first installing Virtualmin onto the remote server, but it would require some manual work. You would need to manually configure the Virtualmin repositories, and then install ClamAV and SpamAssassin.

We unfortunately don't have instructions for doing that, and for simplicity, would recommend installing Virtualmin then disabling unneeded services. However, it is certainly possible if that's what you wanted.

Regarding Gluster -- that unfortunately wouldn't aid in making email available remotely. When Virtualmin adds/modifies/removes email related functionality, it's making a variety of changes to users, config files, and restarting services.

Unfortunately, Virtualmin won't know how to handle a situation where those components aren't on the local server.

You could, however, disable email on your existing server, install Virtualmin onto the new server, and then enable just the email feature.

Then, you could add all your email users to the new server, using that purely for email.

The IP of my server currently got black listed because of a hacked Wordpress instance sending spam mails. That also affected all mail accounts on that server too. Having mail services running on another server would help making the mail service more robust.

I saw the idea to decouple mail services from web and others is nearly 10 years old. Me asking this 8 years ago too. Time to move forward I guess :-)

My proposal to achieve this - assuming two machines:

  • First server (web): Web, DNS, Virtualmin, etc.
  • Second server (mail): Postfix, Dovecot, Spamassassin, ClamAV.
  • Sync user records using NIS from web to mail.
  • Mount user directories from web using NFS at mail.
  • Let syslog at mail send logs to web.
  • Virtualmin on web needs NFS access to mail:/etc for configuring mail related services. Easier: mount mail:/etc/{postfix,dovecot,spamassassin,clamav} by NFS at mail:/etc. This way Virtualmin can write configuration where it is used to write.
  • Avoid starting postfix et all at web.
  • Virtualmin's Install script needs to allow installing all, or web stuff only or mail stuff only.

Does not sound complicated, doesn't it?