On configuring robust email

So I got fremont.jonmasters.org and london.jonmasters.org installed and they’re on their way to being setup. I decided to play with SSL/TLS encrypted openvpn tunnels so I’m building private (short session, non-shared keys) VPN peerings between these machines (and other virtual machines) in order to build a shared global jonmasters.org filesystem. I’m not decided whether I’ll run GFS or hack something more me together via FUSE layered over NFS (because I can’t build kernel modules on every one of these virtual machines) but the goal is that my mail delivery system get more streamlined (rather than the hacks in place right now) so that each host serves as an equal priority MX delivery MTA for *.jonmasters.org and delivers into the same Maildir, with multiple redundant backups.

Distributed mail backups. That’s kind of the system I have now, but the implementation is not quite as clean – I want a very robust email system once I turn off this kit on my home ADSL and get to the point that email should have reached a long time ago anyway. Ideally, I’ll end up with all email sitting on encrypted volumes using a key that’s not committed to disk any place and exploit e.g. FUSE/LVM snapshotting capabilities to keep instantaneous backups. But that will take a while to get right. In the mean time, there should be no single point of delivery failure for my email, since email doesn’t have a single point of transport failure. In any case, I must also soon stop using gmail too. It was supposed to be temporary – I don’t really want them going anywhere near my mail with their Googly appendages.

I need to write a HOWTO at some point, too.


One Response to “On configuring robust email”

  1. dsaxena says:

    Hmm, I’d be intersted in learning more about your adventures with this. I’m looking to do something of this sort that goes beyond just email but for my whole FS. I don’t want to have to carry around all my music, all my email,all my source on my laptop but sshing into a remote system is very non-transparent. I want a transparent globally accessible filesystem with built in backups and not have to think about what network am i on at the moment. :)

Leave a Reply