Backup Configuration¶

Configure automated backups to protect your Mailborder configuration, database, and quarantined emails.

What to Backup¶

Mailborder backups should include:

Configuration Files - System settings, policies
Database - User accounts, logs, metadata
Quarantine - Held emails
SSL Certificates - TLS certificates and keys (optional)
Custom Scripts - Any customizations

Not Backed Up: - Queue files (temporary, will be redelivered) - Log files (optional, can be large) - Software binaries (reinstallable from package)

Backup Types¶

Full Backup¶

Complete backup of all data.

When: Weekly, monthly Size: Large (GB+) Restore: Complete system recovery

sudo mb-backup --full

Incremental Backup¶

Only changes since last backup.

When: Daily Size: Small (MB) Restore: Requires base backup + all incrementals

sudo mb-backup --incremental

Configuration-Only Backup¶

Just configuration files.

When: Before changes Size: Very small (< 1 MB) Restore: Config only, not data

sudo mb-backup --config-only

Automatic Backups¶

Enable Automatic Backups¶

Via Web Interface: System Settings → Backup → Enable Automatic Backups

Via Command Line:

# Enable daily backups
sudo mb-config set backup.enabled true
sudo mb-config set backup.schedule daily
sudo mb-config set backup.time "02:00"

Backup Schedule¶

Daily:

sudo mb-config set backup.schedule daily
sudo mb-config set backup.time "02:00"

Weekly:

sudo mb-config set backup.schedule weekly
sudo mb-config set backup.day sunday
sudo mb-config set backup.time "02:00"

Custom (Cron Format):

# Every day at 2 AM
sudo mb-config set backup.schedule "0 2 * * *"

# Every Sunday at 3 AM
sudo mb-config set backup.schedule "0 3 * * 0"

Backup Retention¶

How many backups to keep:

# Keep 7 daily backups
sudo mb-config set backup.retention 7

# Keep 4 weekly backups
sudo mb-config set backup.retention 4

# Keep 12 monthly backups
sudo mb-config set backup.retention 12

Oldest backups deleted automatically when limit reached.

Backup Locations¶

Local Storage¶

Default: /var/backups/mailborder/

sudo mb-config set backup.location /var/backups/mailborder

Considerations: - Fast (local disk) - Same failure domain as server - Requires sufficient disk space

Network Storage¶

NFS Mount:

# Mount NFS share
sudo mount -t nfs backup-server:/backups /mnt/backups

# Configure backup location
sudo mb-config set backup.location /mnt/backups/mailborder

# Make mount permanent in /etc/fstab
echo "backup-server:/backups /mnt/backups nfs defaults 0 0" | sudo tee -a /etc/fstab

SMB/CIFS Mount:

# Install CIFS utils
sudo apt install cifs-utils

# Mount SMB share
sudo mount -t cifs //backup-server/backups /mnt/backups \
  -o username=mailborder,password=SecurePass

# Permanent mount
echo "//backup-server/backups /mnt/backups cifs credentials=/etc/backup-creds,uid=mailborder 0 0" | \
  sudo tee -a /etc/fstab

# Create credentials file
sudo bash -c 'cat > /etc/backup-creds << EOF
username=mailborder
password=SecurePassword
EOF'
sudo chmod 600 /etc/backup-creds

Cloud Storage¶

AWS S3:

# Install AWS CLI
sudo apt install awscli

# Configure credentials
aws configure

# Set backup location
sudo mb-config set backup.location s3
sudo mb-config set backup.s3.bucket mailborder-backups
sudo mb-config set backup.s3.region us-east-1

Azure Blob Storage:

# Install Azure CLI
sudo apt install azure-cli

# Login
az login

# Configure backup
sudo mb-config set backup.location azure
sudo mb-config set backup.azure.container mailborder-backups
sudo mb-config set backup.azure.account storage-account-name

Google Cloud Storage:

# Install gsutil
sudo apt install google-cloud-sdk

# Authenticate
gcloud auth login

# Configure backup
sudo mb-config set backup.location gcs
sudo mb-config set backup.gcs.bucket mailborder-backups

Remote Server (rsync)¶

# Configure SSH key auth first
ssh-keygen -t ed25519 -f /root/.ssh/backup_key
ssh-copy-id -i /root/.ssh/backup_key root@backup-server

# Configure backup
sudo mb-config set backup.location rsync
sudo mb-config set backup.rsync.host backup-server
sudo mb-config set backup.rsync.path /backups/mailborder
sudo mb-config set backup.rsync.user root
sudo mb-config set backup.rsync.key /root/.ssh/backup_key

Backup Encryption¶

Encrypt backups for security (especially offsite).

Enable Encryption¶

# Enable encryption
sudo mb-config set backup.encryption true

# Set encryption password
sudo mb-config set backup.encryption_password "VerySecurePassword123!"

Store password securely! Required for restore.

Encryption Algorithm¶

Default: AES-256

sudo mb-config set backup.encryption_algorithm aes-256-cbc

GPG Encryption¶

Use GPG for public-key encryption:

# Generate GPG key
gpg --gen-key

# Export public key
gpg --export -a "Mailborder Backups" > /etc/mailborder/backup-key.asc

# Configure backup to use GPG
sudo mb-config set backup.encryption gpg
sudo mb-config set backup.gpg_recipient "Mailborder Backups"

Manual Backups¶

Full Manual Backup¶

sudo mb-backup --full --output /tmp/mailborder-backup-$(date +%Y%m%d).tar.gz

Configuration Backup¶

sudo mb-backup --config-only --output /tmp/mailborder-config-$(date +%Y%m%d).tar.gz

Database Backup¶

sudo mb-backup --database-only --output /tmp/mailborder-db-$(date +%Y%m%d).sql.gz

Quarantine Backup¶

sudo mb-backup --quarantine-only --output /tmp/mailborder-quarantine-$(date +%Y%m%d).tar.gz

Backup Contents¶

What's Included¶

Configuration Backup:

/etc/mailborder/
├── engine.cf                  # Main configuration
├── services/                  # Service configurations
├── policy/                    # Policy rules
└── ssl/                       # SSL certificates (optional)

Database Backup:

mailborder database:
├── users_admin                # Admin accounts
├── users_admin_meta           # User metadata
├── users_admin_credentials    # Passkeys
├── email_logs                 # Email transaction logs
├── quarantine_metadata        # Quarantine records
├── policy_rules               # Custom policies
└── system_settings            # System configuration

Quarantine Backup:

/var/spool/mailborder/quarantine/
└── All quarantined emails

Exclude from Backup¶

Customize what's excluded:

# Exclude logs (can be large)
sudo mb-config set backup.exclude_logs true

# Exclude quarantine (can be large)
sudo mb-config set backup.exclude_quarantine true

# Exclude SSL certificates (can renew)
sudo mb-config set backup.exclude_ssl true

Restoring from Backup¶

Full Restore¶

# Stop services
sudo systemctl stop mb-*

# Restore backup
sudo mb-restore --from /path/to/backup.tar.gz

# Restart services
sudo systemctl start mb-*

Configuration-Only Restore¶

# Restore just configuration
sudo mb-restore --config-only --from /path/to/config-backup.tar.gz

# Reload services
sudo systemctl reload mb-*

Database Restore¶

# Stop services
sudo systemctl stop mb-*

# Restore database
sudo mb-restore --database-only --from /path/to/db-backup.sql.gz

# Restart services
sudo systemctl start mb-*

Selective Restore¶

# Restore specific user account
sudo mb-restore --user admin@example.com --from /path/to/backup.tar.gz

# Restore specific configuration section
sudo mb-restore --section spam --from /path/to/backup.tar.gz

Restore Encrypted Backup¶

# Provide decryption password
sudo mb-restore --from /path/to/backup.tar.gz.enc --password "VerySecurePassword123!"

# Or use environment variable
export MB_BACKUP_PASSWORD="VerySecurePassword123!"
sudo mb-restore --from /path/to/backup.tar.gz.enc

Backup Verification¶

Test Backup Integrity¶

# Verify backup file is valid
sudo mb-backup-verify /path/to/backup.tar.gz

Output:

[OK] Backup file is readable
[OK] Backup file is not corrupt
[OK] All expected files present
[OK] Database dump is valid
[OK] Configuration files are valid

Backup integrity check: PASSED

Test Restore¶

Perform test restore on separate system:

# Dry-run restore (show what would be restored)
sudo mb-restore --dry-run --from /path/to/backup.tar.gz

# Restore to alternate location
sudo mb-restore --from /path/to/backup.tar.gz --to /tmp/test-restore

Scheduled Verification¶

Automatically verify backups:

# Enable daily verification
sudo mb-config set backup.verify true
sudo mb-config set backup.verify_schedule "0 4 * * *"  # 4 AM daily

Sends alert if backup verification fails.

Backup Monitoring¶

Backup Notifications¶

Email notification on backup completion:

sudo mb-config set backup.notify true
sudo mb-config set backup.notify_email "admin@example.com"

# Notify only on failure
sudo mb-config set backup.notify_on_failure_only true

Backup Status¶

# List recent backups
sudo mb-backup-list

# Show backup status
sudo mb-backup-status

Output:

Last Backup: 2025-01-15 02:00:00
Status: Success
Size: 2.5 GB
Duration: 5 minutes
Location: /var/backups/mailborder/mailborder-20250115-020000.tar.gz

Next Scheduled: 2025-01-16 02:00:00

Backup Logs¶

# View backup logs
sudo tail -f /var/log/mailborder/backup.log

# Check for errors
sudo grep ERROR /var/log/mailborder/backup.log

Disaster Recovery¶

Prepare for Disaster¶

Document Procedure
Write step-by-step restore process
Include passwords, API keys
Store offsite securely
Test Regularly
Perform test restore quarterly
Verify data integrity
Time the process
Offsite Backups
Store backups in different location
Multiple geographic regions for cloud
Not on same server
Multiple Copies
Local + offsite
Different media types
3-2-1 rule: 3 copies, 2 different media, 1 offsite

Recovery Procedure¶

Complete Server Loss:

Provision new server
Same OS version
Same network configuration
Install Mailborder
```
sudo apt install mailborder
```

Restore from backup

sudo mb-restore --from /path/to/latest-backup.tar.gz

Verify services
```
sudo mb-status
```
Test email flow
Send test email
Check quarantine
Verify users can login
Update DNS if needed
Point MX to new IP
Update A record

Recovery Time Objective (RTO): < 4 hours with good preparation

Backup Best Practices¶

Automate Everything
Scheduled daily backups
Automatic verification
Automatic cleanup
Store Offsite
Network storage, cloud, or remote server
Different failure domain
Geographic diversity
Encrypt Backups
Especially for offsite storage
Secure password storage
Test decryption regularly
Test Restores
Quarterly test restores
Document time required
Verify data integrity
Monitor Backup Health
Email alerts on failure
Check backup size trends
Review logs regularly
Retention Policy
Daily: 7 days
Weekly: 4 weeks
Monthly: 12 months
Before major changes: Keep indefinitely
Document Process
Restore procedures
Passwords and keys
Contact information
Multiple Backup Types
Configuration backups before changes
Full backups weekly
Incremental backups daily

Troubleshooting¶

Backup Failed¶

Check logs:

sudo tail -f /var/log/mailborder/backup.log

Common causes: - Out of disk space - Permission issues - Network storage unreachable - Database locked

Solutions:

# Check disk space
df -h

# Check permissions
ls -la /var/backups/mailborder

# Test network storage
ls /mnt/backups

# Check database
sudo mysql -e "SHOW PROCESSLIST;"

Restore Failed¶

Check backup integrity:

sudo mb-backup-verify /path/to/backup.tar.gz

Common causes: - Corrupt backup file - Wrong decryption password - Insufficient disk space - Services still running

Solutions:

# Stop all services
sudo systemctl stop mb-*

# Verify backup
sudo mb-backup-verify /path/to/backup.tar.gz

# Try restore with verbose output
sudo mb-restore --from /path/to/backup.tar.gz --verbose

Backup Too Large¶

Reduce backup size:

# Exclude large items
sudo mb-config set backup.exclude_logs true
sudo mb-config set backup.exclude_quarantine true

# Compression level
sudo mb-config set backup.compression_level 9  # Maximum

# Cleanup old data before backup
sudo mb-maintenance --cleanup-logs
sudo mb-maintenance --cleanup-quarantine

Next Steps¶

Routine Maintenance - Regular maintenance tasks
Backup and Restore Procedures - Detailed restore guide
Disaster Recovery - Complete DR planning
System Updates - Update procedures