5

I've inherited 3 legacy shared servers all running CentOS. We no longer offer any email subscriptions from our servers and have migrated everyone to cloud services. These servers host about 60 WordPress sites each.

Across the 3 servers I have the following services still running;

  • Postfix (SMTP)
  • Courier (POP3 & IMAP)
  • Dovecot (POP3 & IMAP)
  • SpamAssassin
  • Plesk Milter

These are all production servers.

Can I safely remove these services permanently now? Are there any other considerations?

dr_
  • 1,035
  • 11
  • 19
David
  • 53
  • 1
  • 3

3 Answers3

10

It's quite likely you will need some kind of MTA, as many packages depend on the presence of the "MTA" virtual package/capability, but that can often be replaced e.g. with ssmtp or similar minimal servers and you don't need full postfix for this.

The rest can be safely uninstalled if you don't need it.

Sven
  • 97,248
  • 13
  • 177
  • 225
3
  • The base OS may be using postfix (or one of the others) for alerts.
  • The services you are running may be using one of those services as an MTA.

I'd advise turning them down, one at a time. Just stop one service. Then watch your logs for an hour, and test the other services. If you start seeing errors, you know something is configured to use the mail service you turned down. Check logs frequently for a day or a week. If none of your services complains, you can disable the service. When you're ready to uninstall, be sure to capture the configurations for the service, in case you need to restore it.

Repeat the full cycle for each mail service. It is important to only stop one at a time. Also, keep in mind that any problem that shows is most likely caused by the latest one you stopped, but it's possible that it was caused by an earlier service shutdown.

Also, before you start turning down services, grep through the config files for all services and cron jobs, core OS and non-core, looking for the mail services by hostname and IP address. (Actually, this may not be productive. Since you are not talking about a dedicated mail server, the server names will be there for other services.) Read through the installation and configuration instructions for the non-core services you're running, with an eye toward the configuration steps that deal with MTAs.

Jeter-work
  • 825
  • 4
  • 15
2

The only consideration is whether you are using these services or not on your servers. It is even considered a better security practice to remove or disable unused services.

Doing so will also reduce resources usage to be used for some other service.

Khaled
  • 35,688
  • 8
  • 69
  • 98
  • 2
    While the general advice is sound, I thought that (as Sven said) an MTA is assumed in all kind of odd places on a *nix server. It just is so old that it was "always there". For example crond output is often mailed to root by default. Would one have to manually switch such uses, or would CentOS detect absent mail facilities and switch automatically to other logging mechanisms? Which ones? – Peter - Reinstate Monica Feb 23 '17 at 16:04