Optimizing Your Setup
Optimizing Your AWS Instance
Once your Mail Server is basically up and running well, there are a few more things that you may want to do:
- Monitor and Manage Memory Usage
- Creating a Swap File
- Create Backups
- Monitor Usage Charges with Billing Alarms
- Reduce Costs with a Reserved Instance
- Secure and Tune MySQL Server
- Setup Automatic Upgrades
- Change the PHPMyAdmin URL
- Verify You’re Not an Insecure Mail Relay
Monitor and Manage Memory Usage
iRedMail and RoundCube can bump up close to the AWS Micro instance memory limits. Reboot your instance once after this tutorial and monitor how much memory you’re using. From Terminal, SSH in and do:
Or, you can do this from the EC2 Dashboard as shown in the image below. See the Actions menu.
Monitor activity on your instance with free or top:
Or, use top. Typing ‘q’ will exit top.
Try logging into Roundcube site and see how it impacts memory usage. Try accessing pages from your mobile and tablet devices too. If you are using an Amazon Micro instance, it’s likely you will need to configure a swap file on EBS to prevent your instance from crashing.
Configure a Swap File
While it’s easy to set up, there are some small risk of incurring unbounded internetwork bandwidth charges – so be sure to monitor your site and set up billing alarms as described below. However, once you set up a swap file, your micro instance should be stable.
dd if=/dev/zero of=/swapfile bs=1M count=1024 mkswap /swapfile swapon /swapfile
Now, to make the swapfile persistant across reboots, edit the fstab file:
sudo nano /etc/fstab
Add this line:
/swapfile swap swap defaults 0 0
Verify the swap file is active by typing:
It should show something like:
Swap: 1048572 0 1048572
You can create manual backups from the Instances list of the EC2 Console, you can click Create Snapshot:
You can use a script such as ec2-automate-backups to make automated, regular backups. The script is also designed to purge old backups. I’m hoping to add more precise description for using this soon.
If you are using RDS to store your email, Amazon automatically backs up your database.
Monitor Usage Charges with Billing Alarms
You can use Amazon’s CloudWatch to monitor activity on your instance and create alarms but this has some additional costs. However, Amazon does allow you to use CloudWatch for free billing alerts.
Go to the Cloudwatch console. Click Alarm. Go through the process of creating an alarm for billing charges. It should look something like this:
Reduce Costs with a Reserved Instance
As we discussed in the pricing section, purchasing a reserved instance can save you significant money. Once you are comfortable with your Mail Server on a micro or small instance, consider purchasing a one year or three year reserved instance. If you change your mind later, Amazon does offer a marketplace for selling unused portions of reserved instances (for a small commission). I’ve found it works well and have sold two instances within a few weeks.
If you are using RDS, you’ll also want to purchase a reserved instance for it.
Secure and Tune MySQL Server
From your server, run this service which walks you through the steps to secure MySQL:
Try running this Perl script which tunes MySQL. From your server:
wget https://raw.github.com/rackerhacker/MySQLTuner-perl/master/mysqltuner.pl perl mysqltuner.pl
The output from MySQL Tuner will look something like this:
Setup Automatic Upgrades
You can configure Ubuntu to install safe package updates automatically:
sudo apt-get install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades
More customization details are available here: Ubuntu 12.04 Automatic Updates.
Change the PHPMyAdmin URL
iRedMail installs web-based database manager PHPMyAdmin but it’s best to obscure the access point (URL). These steps provided via The Tech Repo:
sudo nano /etc/phpmyadmin/apache.conf
After alias, change /phpmyadmin to the access path of your choice e.g. /dbmgr
# phpMyAdmin default Apache configuration Alias /dbmgr /usr/share/phpmyadmin
sudo service apache2 reload
Point your web browser at https://yourdomain.com/dbmgr and it should take you to the PHPMyAdmin login page.
Verify You’re Not an Insecure Mail Relay
Make sure that you haven’t inadvertently opened up your server’s mail relay. Visit the Spam Help Open Relay Test and type in your domain name. It will ensure that it cannot access your server via Telnet. Failure of the access test means your server is secure.
Please feel free to post corrections, questions or comments below. You can also reach me on Twitter @reifman or email me directly.
I’m pretty new to setting up servers so this might seem like a silly question, but I can’t figure out how to get site.com/phpmyadmin to NOT work after I’ve changed the alias to something else. The alias works, but so does /phpmyadmin, which defeats the purpose right?
can you write this for centos 7 ?