Anyone else MSP Hosting SmarterMail?
Question asked by Mike L. - 11/13/2019 at 9:38 AM
Unanswered
I'm an MSP and a cloud host and for years I had Kerio Connect. Recently, post GFI purchase, I lost trust in Kerio. I had migrated about 1700 people off of it to Office365, but I have about 300 stragglers that wan't nothing to do with a $6/user/month email. Another issue is that mailserver is in an old google datacenter that they want to decomission but I have this 4TB behemouth of a virtual machine with no direct vcenter access.

This gets me to SM, I want to start fresh and migrate customers domain by domain to a new platform. But I am starting with two servers, no more of this all eggs in single basket (sort of). Because even though I have redundant SANs, redundant switches, redundant vhosts, redundant's of the redundants. The excrement will always hit the orbital oscillator and all your sans go down for 32 hours. This is why we have duplicate datacenters, right? You try restoring a 4TB plus size to a shared vsan. Forget about the golf-ball, its a bowling ball trying to fit through a garden hose.

Here is what I have. Two datacenters one in Pennsylvania and one in New York. On each I have a Windows Server 2019 Standard server, right now 4vpu, 8Gig each (might bump that). I have OS drive (250g), spool drive (40g), Mailbox Drive 1 {I am going multi mb drive approach, issues with >2tb volumes} (500g), and a logs drive (50g) that also houses the Imap and pop syncs. From the getgo I set up Syncthing on the mailbox drive.

Each VM has it's own virtual PFsense with two external static IP addresses each. I have 1:1 NAT on both external addresses to the mail servers. NY that may be overkill, because that is proper SDWAN over 6 internet pipes. In PA I have just 3 individual internet pipes. I have floating FW rules and I only allow 25, 993, 443 & 587. Oh yeah and FO Gateway Groups. I also have an ipsec tunnel between the two, but SyncThing works over the interwebs.

Now the standard documentation for failover will not work for me. I probably need to sync the settings as well but getting a jump on mailboxes was priority #1. Right now mx0 is set to send only and mx1 is set to receive only. I'm just getting SM installed now on mx1.

DNS, I have DNS made easy. I can do DNS Monitor failover between PA & NY. My TTL's are also 300s. The thing is, mail.myhost.com would point to either mx0 or mx1 which are dynamic dns on DNSMadeEasy set by the pfsense. So if a gateway goes down, the pfsense firewalls will update DNS Made Easy. If PA goes down completely, DNS Made Easy's monitor will fail it over to mx1.

I'm always open to suggestions, comments, concerns. Next thing to tackle is backups, in PA I have Quest RapidRecovery taking hourly snapshots, in NY I have Veeam doing daily snapshots, I may add a 3rd sync location for syncthing, because you can never have too many backups,

MSPs on SM, what do you do?
Now, I don't want to get off on a rant here, but... - Dennis Miller

1 Reply

Reply to Thread
0
Mike L. Replied
So, I guess I take that as a no one? Bueller? Bueller?
Now, I don't want to get off on a rant here, but... - Dennis Miller

Reply to Thread