On Apr 16, 2010, at 10:59 AM, Simon Hobson wrote:
Hmm, getting somewhat off-topic here ...
Jim Preston wrote:
Except you do not need to move all your applications, users, and
data. All you need to do is build an expensive server and have it
host ONLY email.
I already have a server that hosts ONLY mail.
Then your email server will be able to run clamav and your other
services will not be affected or forced to upgrade. I needed to do
this very thing for another company I worked for. We too had RH9
(other posts in this thread mention RH9) and found it to be just
fine for what we were using it for. Yes, there were no security
updates and yes we did have to make changes to the way some
services were run to keep it secure, but that was the price we were
willing to pay since upgrading did not yield any significant
improvements for that server. When we needed services that could
not be provided securely by the RH9 server we built a new server to
host those new services.
Now, a question - if you have only the settings, and install a later
version of RH, then will those settings create a system that runs
identically as far as the important stuff is concerned ?
Re your later clarification - yes I do that too, compare old and new
side-by-side. But of course it's not just Postfix, there's
spamassasin, clamav, freshclam, courier-[pop|imap], SASL stuff,
Squirrelmail, PostFixAdmin, MySQL, Apache2. And of course, it's
likely that more than one of those has added/changed some features
and you end up going off to learn about them.
Well then you can setup the second, inexpensive box to run just
Clamav. You just need to set the clamav.socket (or whatever you choose
to call it) to point to the new box and have the mail inspected on the
new box. You can also configure your mail to send the mail even if it
can not be scanned....
It's not a 5 minute job, so I wouldn't rely on that as a DR mechanism.
In addition, as of last time I updated my new server that's waiting
to go live when I get something to run it on, the versions of
certain packages in Lenny were incompatible - and Squirrelmail
broke. I was able to backtrack and revert to earlier version by
checking the logs to remind myself which packages had been upgraded
- but I struggled finding debs for one or two since the versions I'd
been running were no longer in the repositories. Were I installing a
new machine from scratch - I'd have been faced with a broken system
and not known if it was a config issue or a compatibility issue.
And all the while, managers leaning over your shoulder like kids on
a car journey - "are we nearly there yet ?"
And of course, this isn't the only server I've got - hopefully I
won't have to do a bare metal recovery of any of my Xen hosts,
otherwise I've potentially quite a few machines to restore. I can of
course restore all of them as they were from regular backups - I
wouldn't want to try and rebuild them all against the clock.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
