I was recently involved in a physical-to-cloud migration project as it seems that everyone is eager to jump into this new cloud thing, even if sometimes there are no added protection/redundancy/reliability and yet the cost for the service exceeds what you would pay for the real hardware.

Anyway I had the chance to build a VMware vSphere 4 based Virtual Machine where I did a fresh installation of CentOS 5.5 plus all the needed third-party software.

The original server was a typical LAMP stack providing:

  • Admin panel (Webmin+Virtualmin)
  • Websites (Apache/PHP)
  • Databases (MySQL)
  • POP3/IMAP email Access (Dovecot)
  • Webmail (SquirrelMail)
  • SMTP (Sendmail)
  • FTP access (Proftpd)

To which I had the chance to add some time ago an anti-SPAM and active-response system performing the following checks:

  • DNSBL (spamhaus)
  • SPF (spf-milter)
  • Razor, DCC (Spamassassin integration through sa-milter)
  • Dynamic null routing (Fail2ban)

The new server is very much like the old one, except for the following:

  • I ave added an Antivirus (ClamAV)
  • Postfix replaced Sendmail
  • I have added statistics for Postfix (mailraph)
  • I have added Greylisting (Postgrey)
  • SPF is now performed using postfix-policyd-spf-perl
  • I have installed OSSEC-HIDS to replaced fail2ban

After a couple of months of hard work, according to the statistics I have migrated:

  • 131 domains
  • 91 databases
  • 366 mail/FTP users
  • 15 mail aliases

I am rejecting about 104K spam messages per week. It seems that they are coming in at a rate of up to 230 messages/minute.

In this blog I will just talk about some of the issues I ran into, explaining what solutions I have used to have everything running smoothly.