Download

• Here

Whats new ?

• Updated description to clarify the goal of this approach
• Updated M::D::LogParser::Core::PostfixParser docs for others as a background to implement other MTAs
• Removed Geo::IP from dependencies, test will be skipped if not installed.
• Added Net::DNSBL::Client as dependency in tests
• Implemented DSPAM via Net::LMTP (instead of command line client)
• Converted M::D::ContentFilter::Core::* to Moose::Role
• Implemented SpamAsssassin via Mail::SpamAssassin::Client
• Enabled train mode for CF without cmd_-methods (DSPAM, SpamAssassin)

Whats next ?

• Keep on testing
• Finishing docs

Download

• Here

What is new ?

• Association module now ignores mails which pass SPF (cause it is a lightweight SPF check itself)
• Basic module added for policy. Reimplements the postfix basic checks (reject_invalid_helo_hostname, ..), but with scoring
• Updated server maintenance method to maintain server Stats module
• init-scripts can now install/uninstall themselfs into runlevels
• Fixed some dependencies

Whats next ?

• Keep on testing
• Finishing docs
• Finishing SpamAssassin module
• Re-evaluate DSPAM module (chroot bug)

This article is about puppet or puppetmaster, a newish tool for “data center automation and configuration management”. If you have to administrate more then one server, you probably end up repeating the same tasks over and over again on multiple machines, deploying the same configurations (maybe with minor changes) to your systems and spend and enormous amount of time in keeping everything in sync. Well, this is not my definition of fun. But there is hope. I played around for some time with FAI, which is great for install a large base of servers. Then wrote my own customized automation to keep the configurations up to date. However, now i’ll give puppet a try. As always, i stick to debian and all installation instructions will be therefore as they can be performed on a debian server.

Read the rest of this entry »

One of our mail servers has recently reached the lastly set max IMAP connection limits and i had to increase the login_max_processes_count value again (see here). However, upon restart i go this error:

IMAP/POP3 mail server: dovecotWarning: fd limit 1024 is lower than what Dovecot can use under full load (more than 1512). Either grow the limit or change login_max_processes_count and max_mail_processes settings

Well, obvious this is about file descriptor limits. So, how do we increase this ? Cause this is not a daily task i had to look it up. You probably know or at least heard of ulimit. Beeing logged in a terminal, you can do the following:

#> ulimit -n
1024

This reads: your file descriptor limit (kind of: how many files can i open simultaneously) is 1024. Sounds familiar. Ok, but how can i set this for dovecot at startup ? Well, you could increase it in /etc/security/limits.conf and modify your pam files, but i think this is too much effort. One look in the dovecot init-script (/etc/init.d/dovecot) revealed that it uses the usual default file from /etc/default/dovecot.

So all you have to do is add the following line to “/etc/default/dovecot” (if not existing, create and chmod +x)

ulimit -n 2048

Thats all.

Recently, i stumbled across this great new document store database called MongoDB. It is really easy to setup and maintain in Debian and i use it in a recent project of mine. However, after having hear me praising this great DB, an office colleague, who is also hosted at our company liked to play with it, too. Sadly, he uses only PHP, so i had to install the PECL Mongo driver. Of course, i would never install any PECL, PEAR or perl CPAN module directly on one of my debian servers, i had to build the package myself. It is very easy, if you know how.

Read the rest of this entry »

I am developing a new mail server anti spam solution called decency.  It is a one-in-all solution attempt implementing a policy server (postfix policies), a content filter and a log parser. All three of them run in separate servers but are designed to communicate with each other to improve the spam detection rate a lot. It could be deployed on single server as well as in large distributed mail server network.

Read the rest of this entry »

Yet another blog about setting up LXC (Linux Containers). The article is focused on the current testing of debian called squeeze. (Cause some day it gotta be released!)

• Setup network with bridging.
• Network setup.
• Install LXC.
• Create your very first Container.
• Usage of container templates.
• Limiting ressources for containers (including: get the memory controller working)

Read the rest of this entry »

Once in a while i have to have new software. On a recent research about using VCS on NAS devices i came across Redmine (cause they talk about GIT and Mercurial a lot). We have used Mantis for at least two years and were never really satisfied with it – don’t get me wrong, it is a great piece of software, but kind of slow to handle. However, i installed Redmine for a recent project of us and it worked out really well.

Read the rest of this entry »

This article is about a strange network problem occuring when used bridging in a XEN environment.

Symptoms

• Some DomU is not reachable from the network anymore.
• The problem persists after restarting the DomU (all: reboot, shutdown+create, destroy+create).
• Possible: The DomU still has a virtual NIC, if pings are send from DomU via console only arp-requests are seen on the virtual NIC in Dom0, no answers.
• Possible: There could be log-entries as: xenbr1: port 4(domu_eth0) entering disabled state.

Read the rest of this entry »

This article is about setting up Endian 2.3 on a XEN machine without hardware virtualization (hvm).

We work in a shared office space. It’s none of those big anonymous spaces where you can rent in on a monthly basis, but it does not belong to us alone. We share it with p4930 (architects) and control-b (we work together). However, some of the architects are using windows machines (the rest of us either linux or mac) which got ill with a virus. This ugly bugger happend to be a spam-bot and sent out a lot of UCE via our VDSL uplink. The Telekom (T-Online, our internet provider) decided to block outgoing SMTP on port 25 (which was just the beginning of a lot of more problems), which was quite reasonable. Until then, our network setup was shared between the architects and our side (control-b and fortrabbit), using the architects uplink as fallback, if our VDSL goes offline. This was mainly the legacy of of the previous tenant, who wired the whole office with 100Mbit network hidden in nice panels around the office space. The main router was an old Linksys with DD-WRT installed, not fully capable to route the full downstream bandwidth of 50Mbit, but working and quite easy to configure.

Now it was time to go separate ways, and we decided to go with Endian on our site.

We wanted it to be a VM in our XEN based office server. The server does not support hardware virtualiszation so the “normal” approaches (HVM) did not work. So here is what we did..
Read the rest of this entry »