During the previous week the new stable package source branch pkgsrc-2010Q1 was created. Among the many new packages my favourites are clearly these three:
- Samba 3.3.12
NetBSD’s Samba package (version 3.0.37) is outdated and no longer supported by the Samba team. The new net/samba33 package provides a newer and above all still supported version. The upgrade worked without any problems on my home server and didn’t require any configuration changes.
- PHP 5.3.2
I’ve mentioned in the past that I have doubts about the security of PHP. But as PHP is required for the software used by my blog it is installed on my web server nevertheless. Since a few weeks pkgsrc provides the latest stable version via the lang/php53 package. As this version receives the best security support by the PHP project at the moment the new package helps me to keep my home server safe.
- MySQL 5.1
Sun (Oracle?) have recently announced the end of the active support for MySQL 5.0. Fortunately the new database/mysql51-server package provides MySQL 5.1 which is still fully supported until the end of this year.
Updating my home server didn’t work very well initially because InnoDB support was missing (or not enabled?). However, in the meantime this has been fixed in pkgsrc. You therefore don’t have to dump and restore your database (although creating a dump before an update is always a good idea). Instead you only need to start the new server and run
Owing to all these new packages I’m less concerned about the security of my home server, at least for now. For this I would like to thank Takahiro Kambe who added these packages to pkgsrc.
Three weeks ago I finally managed to finish one of my longest lasting IT projects at home: replacing the Sendmail MTA on all my NetBSD systems with Postfix. There were plenty of reasons for this migration:
- Sendmail’s configuration files are incomprehensible to most people including me. You can build them from somewhat understandable templates. But that is still far from ideal.
- Sendmail’s monolithic architecture is prone to security problems.
- As Sendmail is basically an interpreter for a weird text processing language with builtin SMTP support it is not very efficient.
- Sendmail’s support for filtering spam e-mails is somewhat limited, at least if you don’t want to write rules for its configuration file manually.
- After Sendmail was removed from the NetBSD source tree convenience was no longer an excuse to use it on my NetBSD systems.
I picked Postfix as the replacement because it is now in the NetBSD source tree (very convenient), uses a secure architecture, provides powerfull builtin mail filtering and last but not least support for Sendmail mail filters (see below).
I started the migration almost three years ago by switching all my NetBSD clients to Postfix which wasn’t really difficult. However the last machine still running Sendmail was my main mail server which provides multiple services:
- It is used as mail relay by all our computers at home and by some of our friends and our family members.
- It is the primary mail server for a couple of domains like zhadum.org.uk.
- It provides backup mail services for a few other domains.
This server’s spam filtering was also reasonably complicated. Besides milter-greylist and milter-regex it used multiple home grown scripts which modified the configuration automatically. Porting all those extras to Postfix wouldn’t be an easy task.
A few weeks back I realized how long this project had dragged on and got back to my Postfix book. After I had finished reading it I finally set a date for the migration.
On the big day things went pretty well initially. I had warned my users and configured packet filter rules to prevent new e-mails from arriving before I finished. After a quick check on the backup mail server I stopped Sendmail and started working on the Postfix configuration. An hour later I had a configuration which seemed to be mostly working. Two problems remained however:
- procmail was reporting errors when it tried to save e-mails to a large mail folder.
- If Postfix was configured to use milter-greylist for mail filtering it stopped accepting E-Mails over SMTP.
Trying to solve both problems at the same time I made no headway at all. I finally decided to focus on the procmail problem and turned off mail filtering temporarily. After various futile attempts to debug the problem I finally resorted to ktrace(1) to figure out why procmail was failing. Reading the kernel trace data I finally found the cause of the problem: Postfix imposed a process limit which restricted the maximum file size that procmail could use. A quick look in the documentation revealed that the mailbox_size_limit setting controlled this behavior. After changing it to a suitable value procmail worked fine.
The milter problem was unfortunately much harder to solve. I spent hours checking my configuration and couldn’t find a problem. I finally began to debug Postfix itself and found a problem in the internal communication between two of its components. Thanks to Michael van Elst’s help I managed to fix the problem. Postfix and milter-greylist started to cooperate at long last and I finished my work at about 1:00 o’clock on Sunday morning.
Postfix worked very reliably ever since and I only had to make a few configuration changes. I’m also astonished how much faster than Sendmail it delivers e-mail. I didn’t think it would make such a difference on a fast machine connected via an A-DSL link.
Finally having finished this I’m not about to be idle tough as a new home IT project has emerged: migrating my friend’s server which is my backup mail server to Postfix as well. I hope that I’ll get this one done more timely. 🙂
Since 2001 the yearly European BSD Conference provides a great opportunity to present new ideas and meet developers of all BSD projects. This year’s European BSD conference takes place in Cambridge, UK.
As one of the local NetBSD developers I’m representing The NetBSD Project on the program committee. The program committee will review suggestions for talks and tutorials for the conference. So if you have a paper that you would like to present or an idea for a tutorial please let us know as the conference cannot succeed without your contributions.
In addition Stephen Borrill is organising a NetBSD developer summit in Cambridge before the EuroBSDCon. We hope to see you at the summit 😉