I was recently involved in a physical-to-cloud migration project as it seems that everyone is eager to jump into this new cloud thing, even if sometimes there are no added protection/redundancy/reliability and yet the cost for the service exceeds what you would pay for the real hardware.
Anyway I had the chance to build a VMware vSphere 4 based Virtual Machine where I did a fresh installation of CentOS 5.5 plus all the needed third-party software.
The original server was a typical LAMP stack providing:
- Admin panel (Webmin+Virtualmin)
- Websites (Apache/PHP)
- Databases (MySQL)
- POP3/IMAP email Access (Dovecot)
- Webmail (SquirrelMail)
- SMTP (Sendmail)
- FTP access (Proftpd)
To which I had the chance to add some time ago an anti-SPAM and active-response system performing the following checks:
- DNSBL (spamhaus)
- SPF (spf-milter)
- Razor, DCC (Spamassassin integration through sa-milter)
- Dynamic null routing (Fail2ban)
The new server is very much like the old one, except for the following:
- I ave added an Antivirus (ClamAV)
- Postfix replaced Sendmail
- I have added statistics for Postfix (mailraph)
- I have added Greylisting (Postgrey)
- SPF is now performed using postfix-policyd-spf-perl
- I have installed OSSEC-HIDS to replaced fail2ban
After a couple of months of hard work, according to the statistics I have migrated:
- 131 domains
- 91 databases
- 366 mail/FTP users
- 15 mail aliases
I am rejecting about 104K spam messages per week. It seems that they are coming in at a rate of up to 230 messages/minute.
In this blog I will just talk about some of the issues I ran into, explaining what solutions I have used to have everything running smoothly.