Upgrade Wrecks MailScanner

Kevin Miller kevin.miller at juneau.org
Mon Oct 17 19:12:20 UTC 2016 

> Ok, enough.

No good deed goes unpunished.

I haven't tried upgrading yet (if it ain't broke, don't fix it) but I'm sure I will at some point.  I don't have anything to add to the conversation as it regards specific issues but I would like to make a couple of suggestions that may make life significantly better for those managing a MailScanner installation.  

I've always run multiple MailScanner boxes (mx1, mx2, etc.) so I always had a backup in case something goes bump.  I can turn any of them off, and the others will pick up the workload.

I also have a test box called mxt.  I can torture it ad infinitum, and never lose sleep because it accepts mail for mxtest.ci.juneau.ak.us as well as my other "live" domains but I don't have it in the MX list for the other domains.  Thus I can set it up identically to my live servers and use external email accounts to send to myself to test delivery, spam response, virus filtering, etc.  When I'm happy that I've identified all the gotchas I can upgrade the live MX boxes, starting with the lowest priority and working my way up.

Prior to my last update a year or two ago, I also did a P2V to create a virtual image of my primary MailScanner box.  Once I did that, it was simple to create several VMs.  I took the new image, patched it, installed additional software as appropriate, upgraded MailSaanner etc. then cloned that to make several identical new email gateways.  Of course, I had to change the IP address, and hostname, etc. but that's pretty minor.

We use Hyper-V, but vmware, or virtualbox would work just as well.  Often, prior to patching the box, I'll create a snapshot.  If anything in the patch cycle breaks something in MailScanner, it's about 30 seconds effort to stop the VM, then roll back to the snapshot I took a short time before.  If you do this on a test server as mentioned above, there is zero loss of inbound mail, and zero risk.  You can always get back to square one, running exactly as you were before the upgrades or patches were put installed.  Once you solve the issue on the test box, you can apply the upgrade or patch to the live boxes.

Because a test box isn't processing thousands of messages a day, it can be built with very humble disk space and memory requirements.  Heck, it's only going to handle a couple messages at a whack so a gig or two of memory and 50 GB of disk space is more than enough.  I've done it on desktops that had been upgraded in our replacement cycle.  

This all presupposes that the email administrator also has access to modify their DNS, and can set up test boxes or virtual hosts but I expect that most people managing an enterprise email system probably can cobble that together.

Anyway, that's my .02 worth.  Hopefully it's sage advice for someone else.  It's saved my bacon more than once!

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

More information about the MailScanner mailing list