Might be a long shot but I'm hoping the group mind has an answer to this Liquid Web conundrum:
We have two "Cloud Dedicated" servers with Liquid Web. We've taken an image (including a ton of application data) of our live server A and want to restore it on server B as a base, then reconfigure B as a warm spare.
But when B comes up after the re-image, we don't want it sending out duplicate or bogus e-mail to users that might have been spooled on A when the image was taken, or that might be triggered by cron jobs, etc., running on the now somewhat stale data.
So the issue is controlling the server after a re-image, such that we can either stop outgoing SMTP connections, or immediately turn off the mail server.
If I had a physical server in front of me, I'd just bring it up in single user mode, edit the systemd config to turn off postfix, easy peasy. So first I thought we might be able to do that, bring the virtualized server up in single user mode and configure it through the virtual console in the management interface. We're told that's not possible.
It was suggested that we could use LW's "advanced firewall" to turn off SMTP connections. But their so-called "advanced" firewall can only control incoming connections :-/ and we want to be able to turn off outgoing SMTP connections.
We've asked if they could turn off outgoing connections at the closest router, just drop packets from that IP with (only) the SYN flag set. They say there's no way to do this. I find this surprising, but.
Ok, I thought, maybe we can live with it, if I can control when the server boots and get in quickly enough to prevent more than a few unwanted messages from getting out. No, turns out that the server will automatically boot after being re-imaged, we can't even control that. I'd have to sit and watch it for some unknown time (hours? it's a big image) as the image loaded then jump in when it booted, not practical
Any ideas? There has to be some way of booting a server under more controlled conditions!
I'm wondering if it's possible for them to temporarily set DHCP so that the server isn't given a routable address when it comes up but is still accessible from the console in the management interface? I've asked that in the most recent ticket but gotten no reply.
