Admin

From PowerPC Kernel Archives

This page contains notes about server admin/plumbing for hermes. If you have a question about this server, please contact Mark Guertin or Tobias McNulty.

Contents 1 General Notes 2 File systems 3 Main services 3.1 SMTP 3.2 IMAP/POP3 3.3 spam 3.4 mailing lists 3.5 mail client(s) 3.6 HTTP 3.7 database 3.8 CVS 3.9 rsync 4 Backup 5 Server Monitoring

General Notes

• a few misc. admin notes can be found on the blog
• changes to the server should be posted there (or to the admin mailing list)

File systems

The Debian installer's option to partition "Separate /home, /usr, /var, and /tmp partitions" seems to work pretty well. Sizes and file system choices can be adjusted on the next screen as necessary.

We use xfs for /tmp, /usr, and /var and ext3 for /. XFS came out on top in this comparison.

I'd like to setup software RAID with the Linux md driver. I've done it before for a system at datadesk with relative ease.

/dev/hda4 on / type ext3 (rw,errors=remount-ro)
/dev/hda5 on /tmp type xfs (rw)
/dev/hda6 on /usr type xfs (rw)
/dev/hda7 on /var type xfs (rw)
/dev/hda8 on /home type xfs (rw)
/dev/hdb2 on /mnt/backup type xfs (rw)

Main services

SMTP

postfix with SASL for relay client authentication

• default domain is ppckernel.org
• penguinppc mail is handled by a virtual domain table (see /etc/postfix/main.cf and /etc/postfix/virtual)
• SSL cert from cacert.org
• useful links re: spam:
  • http://davesource.com/Bugs/hotmail.1.html
  • http://deliver-my-mail.sitesell.com/deliver-my-mail-3.html
  • http://www.openspf.org/

IMAP/POP3

dovecot - much better than old uw, setup is a sinch. See /etc/dovecot/dovecot.conf. Uses the same cert as postfix.

spam

This is where the fun starts:

• postgrey - setup via /usr/share/doc/postgrey/README.Debian
• spamassassin
  • configured at /etc/spamassassin/local.cf
  • /usr/share/doc/spamassassin/README.Debian for bayes site-wide install
  • spamassassin -r to register razor (?)
  • adduser --system spam
  • http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix
• razor
• pyzor
• dcc-client

mailing lists

We use mailman for mailing list management. Some would say it's overkill, but it's easy to setup and has a great user interface.

• make sure postfix handles mail for lists.ppckernel.org
• see /usr/share/doc/mailman/README.Debian
• don't use postfix-to-mailman.py - don't want to require use of specific domain

follow instructions in /usr/share/doc/mailman/README.POSTFIX.gz

mail client(s)

• pine is installed (via http://imux.net/howtopineondebian.html)

• squirrelmail is setup at http://webmail.ppckernel.org
  • uses SSL certificate from cacert.org
  • bayesspam plugin installed, applied squirrelmail-bayesspam.patch for better integration

HTTP

apache2, of course. Virtual hosts are configured in /etc/apache2/sites-available. Use Debian's a2ensite/a2dissite to enable/disable sites (simply creates a simlink in ../sites-enabled).

• virtual host HTML is stored in /var/www

• enabled modules (with a2enmod):
  • rewrite
  • ssl

• hosted sites:
  • default (http://hermes.ppckernel.org, and all other domains without explicit vhosts)
  • ppckernel.org
  • webmail.ppckernel.org
  • lists.ppckernel.org (mailman)
  • penguinppc.org
  • this one (wiki.ppckernel.org)

database

• PostgreSQL

Debian's default install of postgres comes with fairly restricted permissions. To get password connections to localhost working, add a line like this to /etc/postgresql/pg_hba.conf:

host    all         all         127.0.0.1         255.255.255.255   password

• MySQL

Just install it--no extra configuration necessary.

CVS

• repository at /var/lib/cvs

rsync

• see /etc/rsyncd.conf

Backup

• rsnapshot - used in the past for incremental backups. Good piece of software.

• rsync to backup.osuosl.org

Server Monitoring

• logwatch - daily system log overviews via e-mail
• smartmon - monitor hard drive health