Moving off Google Apps
LUG@UCLA plans to move all mail services (including lists) off Google apps. This is a long term project, but the ETA is before Summer 2014.
KISS. Try to use the least amount of components, and don't overcomplicate the configuration. For example, don't use Maildrop if Dovecot already has an MDA/LDA. Don't use the high-performance sdbox format if Maildir is well supported and tested.
- MTA: Exim
- MDA/LDA: Dovecot LDA
- MSS: Dovecot
- MUA: Roundcube
- lists: Mailman
- storage format: Maildir
- storage backup: cron + duplicity to LUG Lounge, cron + duplicity to VTLUUG, etc.
- set up two MTA servers (at most one in the lounge), each with its own MDA and MSS.
- configure BIND to broadcast two mx records (one primary, one secondary)
- use an SPF record in DNS configuration
- tutorial - exim on debian: https://wiki.debian.org/Exim
- tutorial - dkim with exim: http://atmail.com/kb/2008/installing-dkim-for-outbound-messages/
- configure one MDA for each MTA server
- MDA shall deliver to a Maildir (to be backed up)
- Make the MDA store the Maildir on:
- the bare filesystem, or
- under a mounted clustered directory (e.g. glusterfs)
Occasionally copy the Maildir directory out of the clustered share since we don't actually trust online solutions. We respect people's privacy, so don't just rsync it out to a 3rd party. Easiest solution would be to use Duplicity to automatically perform encrypted, incremental backups to the 3rd party.
- MSS will provide POP3 and IMAPS access
- MSS authentication/authorization:
- use LDAP+Kerberos for lookup/authentication/authorization (for linux.ucla.edu emails only)
- manually configure MSS credentials in /etc/dovecot/users.conf (for other domains (e.g. acm.ucla.edu))
- configure multiple LDAP+Kerberos instances for each MSS.
- periodically and automatically replicate LDAP directory and Kerberos principals across all servers.
- POP3 over SSL: 995 tcp/udp
- IMAP over SSL: 993 tcp/udp
- HTTP over SSL: 443 tcp
- How to migrate emails from Google Groups to Maildir readable by Mailman?
- fetch all mails using fetchmail, dump into Maildir.
- delete all my personal mails that got pulled in.
- How to migrate users of @linux.ucla.edu emails to the internal system (e.g. login access to POP3/IMAP/Roundcube)?
- look for a way to export a list of users from Google Apps.
- make use of LDAP/Kerberos to authenticate.
- How to migrate subscribers to the GNU Mailman mailing list?
- export a CSV list of users from the Google Groups members page.
- grep/sed the list for the following information: Full Name, subscribed email,