Optimizing Your Setup

Optimizing Your AWS Instance

Once your Mail Server is basically up and running well, there are a few more things that you may want to do:

Monitor and Manage Memory Usage

iRedMail and RoundCube can bump up close to the AWS Micro instance memory limits. Reboot your instance once after this tutorial and monitor how much memory you’re using. From Terminal, SSH in and do:

sudo reboot

Or, you can do this from the EC2 Dashboard as shown in the image below. See the Actions menu. reboot

Monitor activity on your instance with free or top:

free

free-noswap

Or, use top. Typing ‘q’ will exit top.

top

top-linux

Try logging into Roundcube site and see how it impacts memory usage. Try accessing pages from your mobile and tablet devices too. If you are using an Amazon Micro instance, it’s likely you will need to configure a swap file on EBS to prevent your instance from crashing.

Configure a Swap File

While it’s easy to set up, there are some small risk of incurring unbounded internetwork bandwidth charges – so be sure to monitor your site and set up billing alarms as described below. However, once you set up a swap file, your micro instance should be stable.

dd if=/dev/zero of=/swapfile bs=1M count=1024
mkswap /swapfile
swapon /swapfile

Now, to make the swapfile persistant across reboots, edit the fstab file:

sudo nano /etc/fstab

Add this line:

/swapfile swap swap defaults 0 0

Verify the swap file is active by typing:

free

It should show something like:

Swap:      1048572          0    1048572
Backups

You can create manual backups from the Instances list of the EC2 Console, you can click Create Snapshot:



You can use a script such as ec2-automate-backups to make automated, regular backups. The script is also designed to purge old backups. I’m hoping to add more precise description for using this soon.

If you are using RDS to store your email, Amazon automatically backs up your database.

Monitor Usage Charges with Billing Alarms

You can use Amazon’s CloudWatch to monitor activity on your instance and create alarms but this has some additional costs. However, Amazon does allow you to use CloudWatch for free billing alerts.

Go to the Cloudwatch console. Click Alarm. Go through the process of creating an alarm for billing charges. It should look something like this:





Reduce Costs with a Reserved Instance

As we discussed in the pricing section, purchasing a reserved instance can save you significant money. Once you are comfortable with your Mail Server on a micro or small instance, consider purchasing a one year or three year reserved instance. If you change your mind later, Amazon does offer a marketplace for selling unused portions of reserved instances (for a small commission). I’ve found it works well and have sold two instances within a few weeks.

If you are using RDS, you’ll also want to purchase a reserved instance for it.

Secure and Tune MySQL Server

From your server, run this service which walks you through the steps to secure MySQL:

mysql_secure_installation

Try running this Perl script which tunes MySQL. From your server:

wget https://raw.github.com/rackerhacker/MySQLTuner-perl/master/mysqltuner.pl
perl mysqltuner.pl

The output from MySQL Tuner will look something like this:

Sample Report from MySQL Tuner

Sample Report from MySQL Tuner

Setup Automatic Upgrades

You can configure Ubuntu to install safe package updates automatically:

sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

More customization details are available here: Ubuntu 12.04 Automatic Updates.

Change the PHPMyAdmin URL

iRedMail installs web-based database manager PHPMyAdmin but it’s best to obscure the access point (URL). These steps provided via The Tech Repo:

sudo nano /etc/phpmyadmin/apache.conf

After alias, change /phpmyadmin to the access path of your choice e.g. /dbmgr

# phpMyAdmin default Apache configuration
Alias /dbmgr /usr/share/phpmyadmin

Reload Apache:

sudo service apache2 reload

Point your web browser at https://yourdomain.com/dbmgr and it should take you to the PHPMyAdmin login page.

alias-phpmyadmin

Verify You’re Not an Insecure Mail Relay

Make sure that you haven’t inadvertently opened up your server’s mail relay. Visit the Spam Help Open Relay Test and type in your domain name. It will ensure that it cannot access your server via Telnet. Failure of the access test means your server is secure.

Please feel free to post corrections, questions or comments below. You can also reach me on Twitter @reifman or email me directly.

Continue reading…

2 Comments

  1. I’m pretty new to setting up servers so this might seem like a silly question, but I can’t figure out how to get site.com/phpmyadmin to NOT work after I’ve changed the alias to something else. The alias works, but so does /phpmyadmin, which defeats the purpose right?

    Reply

  2. can you write this for centos 7 ?

    Reply

Leave a reply

Your email address will not be published.