i find myself breaking things far too often. maybe i’ve broken a lot more than i wanted to.

i’m a software engineer gone cyber security geek. i love to pentest, code, and break things… not in that order. i also game from time to time. stick around, you may like my content.

tech – tips – reviews – gaming

a developer gone cyber security geek

The Geek Bin

Email Migration: Part 1

I’ve decided after years of self-hosting my own email and recently using GSuite for a few domains to take advantage of their storage options (unlimited), I’d like to migrate my email server from postfix/dovecot hybrid to Exchange Server. I found that Exchange is fairly well supported, the interface is easy to use, and the integration with Azure AD (Azure AD Sync) makes it easy if I were to do a hybrid Office365-Homelab setup (which is planned for the future).

This has to be one of the difficult migrations I’ve done for email, as I’ve got to migrate all my families emails over to the new infrastructure and we’ve got emails dating back over 8 years, along with about 230 GB of attachments. So, I need a game plan!

The Plan

In order to migrate everything safely, while keeping the uptime of the email server, I’ll have to do it in three parts, so this will be part one! Here’s my running list of ideas to migrate everything:

  1. Create a full backup of the entire email server
  2. Create an export per-user account including emails, attachments
  3. Migrate the export over to the Exchange server
  4. Repeat until all users are finished
  5. Finally, once everything is sent over, do a final export for every user offset by their delta and migrate the family over
  6. Celebrate

It seems easy on paper and I imagine it’ll be pretty straight-forward approach to this. The biggest hurdle will be migrating the data over, and once it’s migration time I’ll ask all my family members to stop using the email server for about 4 hours to let it all sync over, and send them the new link to the email, and how to reset their password.

Security

The other important factor here is the security of the email server, since it’s transitioning to a Windows Server box to run Exchange on, I’ve got to setup additional firewall rules at my edge. Currently I just allow standard encrypted & non-encrypted traffic for email through, however, since we’re running Windows Server I’d like to let myself RDP in and maintain it without the VMWare console from time to time.

My running thought is to map the RDP port into the VM, and set ACL filters with pfsense to only let my static home IP address through. This should deter the automated attacks, and block every other incoming port by default. I’m also considering blocking all outgoing except the necessary email traffic and RDP traffic and https to the world. The HTTPS outgoing I imagine would be to send data over to Azure AD Sync.

As this is an email box, I don’t intend on running anything aside email and AD on it.

All that being said, let the migration begin! Time to take a full backup of the email server and create exports!

Add Comment