Maintaining Your Email Server in 30 Minutes a Month

In our first blog post of the Managing GreenArrow series, we covered some of the essential management tasks for your On-Premise license. If you’ve had a chance to work through each of those, then you’re off to a solid start!

Much like changing the oil in your car or servicing the HVAC system in your house, you probably won’t experience much consequence if you skip a few regular checks. But, chronic neglect will not only impact long-term performance, it will also eventually land you in a critical situation where the cost (in the form of money, frustration, or downtime) is far higher than if you had kept up with the regular maintenance. And if Murphy has anything to say about it, this will inevitably happen, and it will be at the least convenient time possible.

Updates

Time to complete: 5 minutes
Frequency: At least Quarterly. Monthly will keep you very current.

Updating GreenArrow (and your OS, for that matter) regularly is one of the easiest ways to make sure you have access to the latest features and bug fixes. And since GreenArrow’s Update Procedure has several system checks built into it, this has the additional benefit of serving as a periodic health check.

There are a few steps to update GreenArrow (so it is a bit more involved than merely running yum update), but for the whole process of updating your OS and GreenArrow, you should only need to schedule about 5 minutes.

Backups

One of the tasks in Six Essentials for On-Premise Email Servers was to set up backups, so this may already be in place, right? If not, we recommend that you put backups in place right away.

If you have backups in place, are they working? Here are two tasks we recommend you do to help ensure backups are running correctly:

Check Your Backup Logs

Time to complete: 5 minutes
Frequency: Monthly

Each month, check the backup logs to make sure you do not see any errors. The backup tool has the option to email this to you, but it also saves a copy of the log to greenarrow-backup.log in the backup directory. Now is also an excellent time to check how many previous versions of the backups you’re retaining and make sure your off-site backup storage looks good.

Restore A Backup

Time to complete: 3 hours
Frequency: Annually

I would also recommend running through the Restore Procedure one time per year. The time investment for this is typically about 3 hours, and it will confirm the quality of your backup and give you a chance to become familiar with the restore process outside of the context of a critical failure event. When you’re restoring for testing purposes, you won’t need the same server resources as a full production server, so you can restore to any test server (or virtual machine) as long as it has enough disk space.

Health Check

Time to complete: 10 minutes
Frequency: Monthly

GreenArrow’s performance depends heavily on the health of the server and operating system on which it is installed, so it is vital to check in on the lower level logging and resources in addition to GreenArrow’s logs.

Each operating system logs these items a little differently, and you will probably have to set up your monitoring for some things in this list. But no matter which method you choose to track these, you should be checking for the following in your regular health checks:

• GreenArrow Service Logs: Errors, especially if they appear more than just once
• GreenArrow basic health check
• System resources, ideally using a tool like Munin that lets you track these over time. It is time to consider an upgrade when any of these regularly exceed 80% utilization:
  • CPU utilization
  • RAM utilization
  • Disk space
  • Disk IO
• System logs:
  • Errors indicating early warning signs of hardware failure
  • Security issues (like repeated login failures)
  • Opportunities for optimization

Security

Time to complete: 5 minutes
Frequency: Quarterly

Security requirements are different for each company. I’ve seen everything from “security by obscurity” (yikes!) all the way through to hiring a third party to run deep security scans. You should make and execute your own security policy, but at a minimum, you should be checking the following:

• Audit your SMTP AUTH Passwords in GreenArrow and regularly change the passwords (and remove any insecure passwords), and delete any credentials that are no longer needed.
• Make sure Fail2Ban is configured and working. You can test this by using telnet to inject unauthenticated test emails and seeing if you get blocked after the expected number of failures.
• Check that your SSL Certificates are current, especially if you’re using Let’s Encrypt certificates with GreenArrow, which are only valid for 90 days. The free test from SSL Labs makes quick work of this and gives you detailed results of any issues it finds.

As with the first blog post in this series, I realize that many may not find these tasks nearly as fun or exciting as sending emails and watching the stats roll in! But if you take some time now to implement these into your regular maintenance schedule, you will keep GreenArrow running at peak performance. And that is what will ultimately put you in a position to truly succeed in the long-run.