Moving a Mail Server to new Premises

[Logsi]

Hopefully just a simple one but we're moving our Kerio Mail Server to a new premises and I just want to double check I'm doing the correct thing.

Is it as simple as change the I.P on the Kerio software and then go on our domain registrar and change the DNS records. Possibly adjust the TTL to make sure it propagates quicker?

Anything else I should be aware of?

 

[Deleted member 138126]

Reduce the TTL a few days in advance, then on the day, change the A record to the new IP.

 

[gman1981]

Consider any system/application you may use internally which uses it as a SMTP gateway. You might need to change any hard coded IP addresses, of course if you use DNS this shouldn't be a problem.

 

[#Chri5#]

Get Reverse DNS set on the new connection (assuming you send mails direct, not relaying via a 3rd party). Likewise update SPF records for the new IP.

 

[Caged]

I would recommend not using Kerio and not hosting an email server on a broadband connection. If you really have to do both then at least put something like https://www.proofpoint.com/uk/products/essentials in front of it, and relay through that.

 

[stewski]

I would recommend not using Kerio and not hosting an email server on a broadband connection. If you really have to do both then at least put something like https://www.proofpoint.com/uk/products/essentials in front of it, and relay through that.

Why do you not recommend an email server over a broadband connection?

 

[Caged]

Because those IP ranges are often just blacklisted en-masse, and email delivery is enough of a headache already without having to worry about who is spamming on the same netblock as you.

 

[Logsi]

I would recommend not using Kerio and not hosting an email server on a broadband connection. If you really have to do both then at least put something like https://www.proofpoint.com/uk/products/essentials in front of it, and relay through that.

I want to migrate everything to a cloud connection as it just causes so many headaches. We're already paying for a office 365 Subaru have been testing migrations on that to not much success...gsuite does a good job but is expensive as an additional cost!

Will look into what you've linked. Thanks for the help again caged!

EDIT - It's currently being hosted on JANET with a 80/20 connection.

 

[stewski]

Because those IP ranges are often just blacklisted en-masse, and email delivery is enough of a headache already without having to worry about who is spamming on the same netblock as you.

Is this based on evidence? Are you suggesting that leased lines from the same ISP that provides broadband have "golden" IP's assigned?

 

[Caged]

They are allocated from different IP blocks, and some anti-spam services will just blacklist the entire block if they see spam. BT actively request that their broadband ranges (at least the dynamic ones) are on blacklists. I don't have a BT Business connection at hand to test with but I'd be surprised if the allocated public subnet had its own RIPE database entry in the way that BTnet customers do.

For the cost of Proofpoint/Mimecast/EOP I don't think it's worth dealing with mail delivery and message filtering yourself, even if you want to keep the server on-premises. Not to mention that if the majority of email is meant to be spam, it's getting rejected before it travels across your internet connection so you aren't pushing unnecessary data around.

 

[stewski]

We're on Virgin Media Business, never had an issue on any blacklist known by mxtools, spamhaus etc.

 

[Caged]

Don't get me wrong, if it works for you then great. I just can't picture the business small enough to be able to use a business broadband connection but also have enough spare capacity in their IT team (or IT person) to deal with something as menial yet important as email.

The only counter for a business of that size to not be using Office 365 or an equivalent is generally that they don't want to pay for it, but usually that is because of a failure to compare like-for-like - Exchange 2007 running on an 8 year old HP Proliant on the floor in a cupboard with a half-dead storage array connected to a non-redundant network and Internet connection probably is cheaper than Office 365 licenses.

I'm not one of those "everything in the cloud, now!" people but email is one of those areas where you need a really really good reason to do it yourself still. An office move is a perfect opportunity to make it Not Your Problem any more.

 

[stewski]

Don't get me wrong, if it works for you then great. I just can't picture the business small enough to be able to use a business broadband connection but also have enough spare capacity in their IT team (or IT person) to deal with something as menial yet important as email.

The only counter for a business of that size to not be using Office 365 or an equivalent is generally that they don't want to pay for it, but usually that is because of a failure to compare like-for-like - Exchange 2007 running on an 8 year old HP Proliant on the floor in a cupboard with a half-dead storage array connected to a non-redundant network and Internet connection probably is cheaper than Office 365 licenses.

I'm not one of those "everything in the cloud, now!" people but email is one of those areas where you need a really really good reason to do it yourself still. An office move is a perfect opportunity to make it Not Your Problem any more.

Do you work at that scale?
We have dual broadband, which load balances for email, why on earth we would take an order of magnitude cost increase for worse download speeds and slightly better upload speed is beyond me.

Knock yourself out on what appears to un evidenced opinion on the reputation of smtp servers on broadband.

By the way email is not really a service I'd call menial.

 

[stewski]

If as it appears you are arguing against on prem email there are a number of arguments against it.
Loss of internet = loss of internal service.
Ownership and retention of data
Security (and yes the argument that the bigger firms are better is easy to make but, yahoo, mailchip and plenty of other examples are contrary to that.)
Show me it's actually cheaper than a virtualised SBS 2011 for example, running on a box we have to have on prem for SQL anyway.

 

[Caged]

Like I said, it's cheaper if you don't compare like-for-like.

Use SBS if you want.

 

[stewski]

Like I said, it's cheaper if you don't compare like-for-like.

Use SBS if you want.

With respect (sincere your tech nouse is not in dispute frome me) what use is not comparing like for like to anyone?

 

[stewski]

Obviously cloud advocates tout reliability but ignore without internet even local mail is dead in the water with that route.
Plus the business gives control to another for retention
Plus (can be argued both ways) security from large players is far from bullet proof at this point.
I've yet to see why monthly subs are especially cheap compared to a portion of hardware that is already required.

 

[Caged]

That was my point. Nobody can provide the availability, physical security, and compliance with regulatory standards that Office 365 offers if they are a small business that was the target market for SBS when it was still a product.

Now many people are happy to compromise on their requirements in exchange for converting a monthly cost to a low one-off purchase (or not making the purchase at all if they already have something), that's obviously entirely their decision to make. But when deciding that it's definitely cheaper to have something like SBS I think you need to account for your backup costs, power costs, cooling costs, hardware maintenance cover, cost of your time to patch it (out of hours), cost of future purchases of Exchange/CALs to keep on a version that receives security updates, the cost of downtime that you have committed to within the business, and weigh up the value of everybody being able to instantly work from home (at least as far as email is concerned) in the event that your office floods or burns down, saving you the cost of a DR plan (for email), because someone else has done that for you.

If none of that stuff matters then that's fine, but just comparing monthly costs doesn't really paint the whole picture. I'd argue that in 2017 it's more important for a small business to have their "stuff" accessible from any internet-connected device than it is to have it working in the office (you get home working for 'free' and can deal with the snow days). Internet connectivity going down at work is going to be a pretty major inconvenience, is being able to email internally still really much of a bonus? Only you/the wider business can make that call.

 

[stewski]

That was my point. Nobody can provide the availability, physical security, and compliance with regulatory standards that Office 365 offers if they are a small business that was the target market for SBS when it was still a product.

Now many people are happy to compromise on their requirements in exchange for converting a monthly cost to a low one-off purchase (or not making the purchase at all if they already have something), that's obviously entirely their decision to make. But when deciding that it's definitely cheaper to have something like SBS I think you need to account for your backup costs, power costs, cooling costs, hardware maintenance cover, cost of your time to patch it (out of hours), cost of future purchases of Exchange/CALs to keep on a version that receives security updates, the cost of downtime that you have committed to within the business, and weigh up the value of everybody being able to instantly work from home (at least as far as email is concerned) in the event that your office floods or burns down, saving you the cost of a DR plan (for email), because someone else has done that for you.

If none of that stuff matters then that's fine, but just comparing monthly costs doesn't really paint the whole picture. I'd argue that in 2017 it's more important for a small business to have their "stuff" accessible from any internet-connected device than it is to have it working in the office (you get home working for 'free' and can deal with the snow days). Internet connectivity going down at work is going to be a pretty major inconvenience, is being able to email internally still really much of a bonus? Only you/the wider business can make that call.

I could agree with some of this if, small business don't already need a DR plan for other applications that email can roll in to, the loss of internet didn't effectively kill local email for cloud providers, sbs or similar didn't make remote email a cakewalk and the email server couldn't sit on resource that is already required.

As for the idea that the big cloud companies are inherently more secure or more complaint with regulation, I'm fully laughing at that concept.

 

[Caged]

If you run a tight ship in your place of work then good for you, but the majority of people that I have the "we host our own email" discussion with have absolutely nothing in place to prevent the cleaner coming in one evening and plugging whatever they wanted into an open network outlet that has nothing firewalling it off from their mail server containing confidential client data.

If you're a small business and you've built up a server room with biometrics, you audit all the access, and have gone through various compliance processes for your SBS box then you're probably running the show at Wayne Manor, in which case congratulations.

Regardless, this has strayed way off topic now.