Skip to content

Backup & Restore

Comprehensive backup and disaster recovery procedures for Mailborder.

Backup Types

Full System Backup

Complete backup of everything: 

sudo mb-backup --full

Includes: - All configuration files - Database (structure and data) - Custom rules and policies - SSL certificates - User data and settings - Quarantine contents - Logs (optional)

Output location: 

/var/backups/mailborder/full-backup-YYYYMMDD-HHMMSS.tar.gz

Configuration-Only Backup

Backup configuration files: 

sudo mb-backup --config-only

Includes: - /etc/mailborder/ - /etc/postfix/ - /etc/rspamd/ - /etc/clamav/ - /etc/nginx/sites-available/mailborder - /etc/php/8.2/fpm/pool.d/mailborder.conf - SystemD unit files

Use case: Quick backup before configuration changes.

Database-Only Backup

Backup database: 

sudo mb-backup --database

Manual database backup: 

sudo mysqldump mailborder | gzip > /var/backups/mailborder/db-$(date +%Y%m%d-%H%M%S).sql.gz

Backup specific tables: 

sudo mysqldump mailborder mb_users mb_auth_passkeys mb_auth_totp | \
  gzip > /var/backups/mailborder/users-$(date +%Y%m%d).sql.gz

Incremental Backup

Backup only changes since last full backup: 

sudo mb-backup --incremental

Requires previous full backup reference.

Automated Backups

Schedule Daily Backups

Configure backup schedule: 

sudo mb-config set backup.enabled true
sudo mb-config set backup.schedule "daily 02:00"
sudo mb-config set backup.retention_days 30
sudo mb-config set backup.destination /var/backups/mailborder/

Verify schedule: 

systemctl list-timers mb-backup.timer

Backup to Remote Location

Configure remote backup: 

sudo mb-config set backup.remote_enabled true
sudo mb-config set backup.remote_host backup.example.com
sudo mb-config set backup.remote_user backup
sudo mb-config set backup.remote_path /backups/mailborder/

Setup SSH key authentication: 

sudo ssh-keygen -t ed25519 -f /root/.ssh/mailborder_backup
sudo ssh-copy-id -i /root/.ssh/mailborder_backup.pub backup@backup.example.com

Test remote backup: 

sudo mb-backup --full --remote

Cloud Backup

Backup to S3-compatible storage: 

# Install s3cmd
sudo apt install s3cmd

# Configure
sudo s3cmd --configure

# Backup to S3
sudo mb-backup --full --output /tmp/backup.tar.gz
sudo s3cmd put /tmp/backup.tar.gz s3://mailborder-backups/
sudo rm /tmp/backup.tar.gz

Automate with script: 

sudo tee /usr/local/bin/mb-backup-s3.sh << 'EOF'
#!/bin/bash
BACKUP_FILE="/tmp/mailborder-backup-$(date +%Y%m%d-%H%M%S).tar.gz"
mb-backup --full --output "$BACKUP_FILE"
s3cmd put "$BACKUP_FILE" s3://mailborder-backups/
rm "$BACKUP_FILE"
EOF

sudo chmod +x /usr/local/bin/mb-backup-s3.sh

Add to cron: 

echo "0 2 * * * /usr/local/bin/mb-backup-s3.sh" | sudo crontab -

Backup Verification

Test Backup Integrity

Verify backup file: 

sudo mb-backup-verify /var/backups/mailborder/full-backup-20251112.tar.gz

Manual verification: 

# Test archive integrity
tar tzf /var/backups/mailborder/full-backup-20251112.tar.gz > /dev/null
echo $?  # Should return 0

# List contents
tar tzf /var/backups/mailborder/full-backup-20251112.tar.gz | head -n 20

Test Restore Procedure

Test restore to temporary location: 

sudo mkdir /tmp/restore-test
sudo tar xzf /var/backups/mailborder/full-backup-20251112.tar.gz -C /tmp/restore-test
ls -la /tmp/restore-test
sudo rm -rf /tmp/restore-test

Verify database backup: 

# Test restore to temporary database
gunzip < /var/backups/mailborder/db-20251112.sql.gz | sudo mysql -e "CREATE DATABASE mailborder_test"
gunzip < /var/backups/mailborder/db-20251112.sql.gz | sudo mysql mailborder_test
sudo mysql mailborder_test -e "SELECT COUNT(*) FROM mb_users"
sudo mysql -e "DROP DATABASE mailborder_test"

Restore Procedures

Full System Restore

Complete system restoration:

Step 1: Stop services 

sudo mb-services stop

Step 2: Restore backup 

sudo mb-restore --full --from /var/backups/mailborder/full-backup-20251112.tar.gz

Step 3: Verify configuration 

sudo mb-doctor

Step 4: Start services 

sudo mb-services start

Step 5: Verify functionality 

sudo mb-status

Configuration Restore

Restore configuration only: 

sudo mb-restore --config --from /var/backups/mailborder/config-20251112.tar.gz
sudo systemctl daemon-reload
sudo mb-services restart

Database Restore

Restore database:

Step 1: Backup current database (safety) 

sudo mysqldump mailborder > /tmp/current-db-backup.sql

Step 2: Stop services 

sudo systemctl stop mb-rpcd mb-filter mb-milter

Step 3: Restore database 

gunzip < /var/backups/mailborder/db-20251112.sql.gz | sudo mysql mailborder

Alternative: Drop and recreate 

sudo mysql -e "DROP DATABASE mailborder"
sudo mysql -e "CREATE DATABASE mailborder"
gunzip < /var/backups/mailborder/db-20251112.sql.gz | sudo mysql mailborder

Step 4: Verify 

sudo mysql mailborder -e "SELECT COUNT(*) FROM mb_users"
sudo mysql mailborder -e "SHOW TABLES"

Step 5: Start services 

sudo systemctl start mb-rpcd mb-filter mb-milter

Selective Restore

Restore specific files: 

# Extract specific file from backup
sudo tar xzf /var/backups/mailborder/full-backup-20251112.tar.gz \
  -C / etc/mailborder/mailborder.conf

# Restart affected service
sudo systemctl restart mb-rpcd

Restore specific database table: 

# Extract table from backup
gunzip < /var/backups/mailborder/db-20251112.sql.gz | \
  sed -n '/CREATE TABLE `mb_users`/,/UNLOCK TABLES/p' | \
  sudo mysql mailborder

Disaster Recovery

Complete System Loss

Rebuild from scratch:

Step 1: Install Mailborder package 

sudo apt update
sudo apt install mailborder

Step 2: Stop services 

sudo mb-services stop

Step 3: Restore from backup 

sudo mb-restore --full --from /path/to/backup.tar.gz

Step 4: Reconfigure network settings (if changed) 

sudo nano /etc/mailborder/mailborder.conf
# Update IP addresses, hostnames if needed

Step 5: Start services 

sudo systemctl daemon-reload
sudo mb-services start

Step 6: Verify everything 

sudo mb-status
sudo mb-doctor

Step 7: Test email flow 

echo "Test" | mail -s "Test" test@example.com
sudo tail -f /var/log/mail.log

Partial System Failure

Database corruption: 

# Restore database only
sudo systemctl stop mb-rpcd mb-filter
sudo mysql -e "DROP DATABASE mailborder"
sudo mysql -e "CREATE DATABASE mailborder"
gunzip < /var/backups/mailborder/db-latest.sql.gz | sudo mysql mailborder
sudo systemctl start mb-rpcd mb-filter

Configuration corruption: 

# Restore configuration only
sudo mb-restore --config --from /var/backups/mailborder/config-latest.tar.gz
sudo systemctl daemon-reload
sudo mb-services restart

Point-in-Time Recovery

Restore to specific date/time:

Step 1: Identify backup 

ls -lh /var/backups/mailborder/

Step 2: Restore selected backup 

sudo mb-restore --full --from /var/backups/mailborder/full-backup-20251110-020000.tar.gz

Step 3: Apply transaction logs (if available) 

# Restore binary logs from MySQL
sudo mysqlbinlog /var/log/mysql/mysql-bin.000001 | sudo mysql mailborder

Backup Best Practices

Recommendations

3-2-1 Rule: - 3 copies of data - 2 different storage types - 1 off-site backup

Frequency: - Full backup: Daily during low-traffic hours - Database backup: Every 6 hours - Configuration backup: Before any changes - Off-site backup: Daily

Retention: - Daily backups: 30 days - Weekly backups: 3 months - Monthly backups: 1 year - Yearly backups: 3-7 years (compliance)

Verification: - Test restore monthly - Verify backup integrity weekly - Document restore procedures - Practice disaster recovery quarterly

Security Considerations

Encrypt backups: 

# Encrypt backup with GPG
sudo mb-backup --full --output /tmp/backup.tar.gz
gpg --encrypt --recipient admin@example.com /tmp/backup.tar.gz
mv /tmp/backup.tar.gz.gpg /var/backups/mailborder/
rm /tmp/backup.tar.gz

Decrypt and restore: 

gpg --decrypt /var/backups/mailborder/backup.tar.gz.gpg > /tmp/backup.tar.gz
sudo mb-restore --full --from /tmp/backup.tar.gz
rm /tmp/backup.tar.gz

Secure backup storage: 

# Set proper permissions
sudo chmod 600 /var/backups/mailborder/*.tar.gz
sudo chown root:root /var/backups/mailborder/*.tar.gz

# Encrypt backup directory
sudo apt install ecryptfs-utils
sudo mount -t ecryptfs /var/backups/mailborder /var/backups/mailborder

Backup Monitoring

Check Backup Status

View backup history: 

sudo mb-backup --history

Output: 

Backup History:
2025-11-12 02:00 - Full backup successful (2.3 GB)
2025-11-11 02:00 - Full backup successful (2.2 GB)
2025-11-10 02:00 - Full backup successful (2.1 GB)
2025-11-09 02:00 - Full backup failed (disk space)

Check backup size trends: 

ls -lhS /var/backups/mailborder/ | head -n 10

Backup Alerts

Configure backup notifications: 

sudo mb-config set backup.notify_on_success false
sudo mb-config set backup.notify_on_failure true
sudo mb-config set backup.notification_email admin@example.com

Manual test notification: 

sudo mb-backup --full --notify

Backup Cleanup

Manual Cleanup

Remove old backups: 

# Remove backups older than 30 days
sudo find /var/backups/mailborder/ -name "*.tar.gz" -mtime +30 -delete

Keep only last N backups: 

# Keep last 10 backups
cd /var/backups/mailborder/
sudo ls -t full-backup-*.tar.gz | tail -n +11 | xargs rm -f

Automated Cleanup

Configure retention: 

sudo mb-config set backup.retention_days 30
sudo mb-config set backup.retention_count 10

Cleanup runs automatically after each backup.

Special Backup Scenarios

Pre-Update Backup

Before system update: 

sudo mb-backup --full --label "pre-update-v6.1"

Pre-Migration Backup

Before major changes: 

sudo mb-backup --full --label "pre-migration"
sudo mb-backup --database --label "db-snapshot"

Quarantine Backup

Backup quarantine contents: 

sudo tar czf /var/backups/mailborder/quarantine-$(date +%Y%m%d).tar.gz \
  /var/spool/mailborder/quarantine/

Custom Rules Backup

Backup custom configurations: 

sudo tar czf /var/backups/mailborder/custom-rules-$(date +%Y%m%d).tar.gz \
  /etc/mailborder/custom/ \
  /etc/rspamd/local.d/ \
  /etc/postfix/mailborder_*

Restore Troubleshooting

Common Issues

Restore fails due to running services: 

sudo mb-services stop
sudo mb-restore --full --from /var/backups/mailborder/backup.tar.gz
sudo mb-services start

Permission errors: 

# Fix ownership after restore
sudo chown -R mailborder:mailborder /etc/mailborder
sudo chown -R www-data:www-data /srv/mailborder
sudo chown -R clamav:clamav /var/lib/clamav

Database restore errors: 

# Check for existing database locks
sudo mysql -e "SHOW PROCESSLIST"
sudo mysql -e "KILL <process_id>"

# Retry restore
gunzip < backup.sql.gz | sudo mysql mailborder

Disk space issues: 

# Free up space before restore
df -h
sudo mb-maintenance --cleanup-logs
sudo apt clean

See Also