Moving your IMAP server to a third party: FastMail

I am moving my existing IMAP services to a third-party, specifically FastMail. I started this process back in March 2017 when I signed up with FastMail. I did a mail migration then, but never proceeded. At present I am hosting my own IMAP server, via Dovecot, RoundCube, and Postfix, running in a FreeBSD jail.

I got out of running a public incoming mail server back in 2010. It has been nearly 9 years now that Google has acted as my first line of defense for spam protection. They have done that well. They then forward my mail to a Postfix server which is tightly firewalled off from the rest of the world.

Dovecot has long been my IMAP server of choice, and I will continue to use it as a warm-standby. More details about that in future post.

My FastMail account has sat idle for two years and I was happy to pay them, because I like what they do.

Now I have reached the point of not wanting to run an IMAP server any more. If my server goes down, I still need my email, and I’m sure FastMail can do that better than I can. I will still perform backups of my mail, but they will be my primary mail provider.

I like the way I can configure my domains at FastMail. For $50 a year I can use up to 100 domains. Sounds good to me.

I was in the process of moving my IMAP server to another more power host. The current host has 8GB of RAM and runs several jails (including & The host is under pressure. I was nearly ready to complete the move when I starting thinking about putting this on FastMail instead.

Several steps

I see the migration as several distinct steps:

  1. Create and configure your FastMail account (done).
  2. Sync your mail (I used their service, but then I ran imapsync two years later).
  3. Add forwarding for email at your existing service. This way you won’t miss any messages as the DNS changes propogates.
  4. Adjust your DNS with the new MX values
  5. Wait for mail to start flowing in

I will only outline some of these steps and it might not have sufficient detail for you. Please read the original docs as well.

Sync your mail

I originally used the service provided by FastMail. It worked. Then I wanted to use imapsync.

My command was something like this:

/usr/local/bin/imapsync \
--host1 --user1 dan             --passfile1 /usr/home/dan/imapsync/mailjail.password \
--host2    --user2 --passfile2 /usr/home/dan/imapsync/fastmail.password \
--automap --ssl1 --ssl2 --addheader

–host1 is the source
–host2 is the destination

–user1 and –passfile1 are the credentials for –host1 – be sure the file not world readable.

The rest of the arguments should make sense if you read up on them.

The first sync took many hours, as it had two years of email to catch up.

The second sync took 140 minutes.

The third was 40 minutes.

Add forwarding

I started forwarding email from my old host to my new host after my first imapsync. I wanted to be sure that my filtering was correct. I was moving from maildrop to sieve and wanted to have some run-in time with them. sieve is a language for filtering e-mail and is available on FastMail; they also have a GUI interface.

How you do the forwarding varies, but what you forward do is pretty straight forward: use the FastMail Forwarding tunnel.

Adjust your DNS with the new MX values

I reduced the TTL on my MX records first. This will help the changeover. It will go faster. Theoretically.

FastMail has great documentation. You can use one of FastMail’s many domains, or use your own domain. FastMail refers to the latter as Custom Domains. From that page, I selected Nameservers hosted elsewhere, but MX records pointing to FastMail. That took me to Configuring your domain with MX only.

For each of my domains I will set my MX records to:


This is the script I will use for setting the new MX values:

$ cat set-MX-for-FastMail-nsupdate

echo starting ${DOMAIN} with ${TTL}
/usr/local/bin/nsupdate -k ${KEY} -v<<EOT
server ${SOA}
zone ${DOMAIN}
update delete ${DOMAIN}. IN MX
update add    ${DOMAIN}. ${TTL} IN MX 10
update add    ${DOMAIN}. ${TTL} IN MX 20

echo done

I will use it in conjunction with the scripts I created yesterday for dropping the TTL.

Testing delivery before MX changes

I decided to test delivery of at least one test mail before changing my MX records. The purpose is to first verify that the provider will accept mail for that domain.

smtp is just that: simple. So simple you can use telnet.

Here we go. What I typed in in bold.

[dan@mailjail:~] $ telnet 25
Connected to
Escape character is '^]'.
220 ESMTP mx. No UCE permitted.
helo mailjail
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with .
testing to
250 2.0.0 Queued as 5749C162D48
221 2.0.0 Bye
Connection closed by foreign host.
[dan@mailjail:~] $ 

In this example, I am sending email to from

With that, I’m confident enough to change my MX records.

Changing the MX

I did one domain first, verified mail flowed, then did them all. It just worked.

I wrote up this script to drive the one I mentioned earlier:

$ cat set-MX-for-FastMail

. ./config

for domain in ${DOMAINS}
  export DOMAIN=${domain}

I will run that script again, to bump the TTL. I kept the new MX low, at 180, in case I had to revert my MX changes.

So far, so good.

Hope this helps.

Website Pin Facebook Twitter Myspace Friendfeed Technorati Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top