[gentoo-user] gentoo mail server

[gentoo-user] gentoo mail server

[Tom Brown]

Hey guys,

I've been using gentoo on my desktop for several months now. I works
great. It cut five minutes off my build time when I build our product
tree. It went from 20 to 15 minutes.

I setup our email server using Debian. Its been solid as a rock and very
low maintenance. However, it provides an antiquated environment.

I'm looking at using gentoo for the email so I'll have an up-to-date
system. Peformance is fine on the Debian system, but hey, faster is
always better.

I was hoping you guys could give me warm fuzzies about stability and
maintenance with gentoo when it comes to a production server.

What about major upgrades? If I keep the system updated regularly, is a
major upgrade necessary?

Thanks!
Tom

[gentoo-user] Re: gentoo mail server

[Nikos Chantziaras]

Tom Brown wrote:
> What about major upgrades? If I keep the system updated regularly, is a
> major upgrade necessary?

Gentoo doesn't have major upgrades so you should be fine.  But as you 
can imagine, you need to give a Gentoo system more love than a Debian 
one (which is pretty much "set it and forget it") due to it's "rolling 
release" nature.  But since you have Gentoo on your desktop, I'm sure 
you know your ways about updating and carefully reading emerge logs ;)

Re: [gentoo-user] gentoo mail server

[Volker Armin Hemmann]

On Dienstag 27 Januar 2009, Tom Brown wrote:
> Hey guys,
>
> I've been using gentoo on my desktop for several months now. I works
> great. It cut five minutes off my build time when I build our product
> tree. It went from 20 to 15 minutes.
>
> I setup our email server using Debian. Its been solid as a rock and very
> low maintenance. However, it provides an antiquated environment.
>
> I'm looking at using gentoo for the email so I'll have an up-to-date
> system. Peformance is fine on the Debian system, but hey, faster is
> always better.
>
> I was hoping you guys could give me warm fuzzies about stability and
> maintenance with gentoo when it comes to a production server.
>
> What about major upgrades? If I keep the system updated regularly, is a
> major upgrade necessary?
>
> Thanks!
> Tom

a) always build with buildpkg - for backups
b) look into demerge
c) scan the logs with elogv
d) think twice before updating

I have gentoo on a small dns/dhcp/web server here for our 'dormitory' and it 
works well. 

Re: [gentoo-user] gentoo mail server

[Alan McKinnon]

On Tuesday 27 January 2009 22:38:21 Tom Brown wrote:
> Hey guys,
>
> I've been using gentoo on my desktop for several months now. I works
> great. It cut five minutes off my build time when I build our product
> tree. It went from 20 to 15 minutes.
>
> I setup our email server using Debian. Its been solid as a rock and very
> low maintenance. However, it provides an antiquated environment.
>
> I'm looking at using gentoo for the email so I'll have an up-to-date
> system. Peformance is fine on the Debian system, but hey, faster is
> always better.
>
> I was hoping you guys could give me warm fuzzies about stability and
> maintenance with gentoo when it comes to a production server.

A well administered gentoo box is as stable as a well administered debian box. 
Or a red hat one. Or a FreeBSD one. And maybe even a Solaris one.

By "well administered" I mean "decisions about it made by a sane admin", and 
there are two roles to this:

- building the software. Sane decisions have to be made about what features to 
include, what compiler settings, what patches etc.
- the on-site admin who decides what to deploy and how to run it.

The difference between gentoo (and FreeBSD to a lesser extent) on the one hand 
and binary distros on the other is that with gentoo YOU fill the first role. 
In binary distros it is someone else.

So, if you are confident with this role, go for it and gentoo is for you.
If you are not confident with this role, do not use gentoo. Use debian or red 
hat or centos and you get the warm fuzzy feeling of believing you have 
someone else to blame for problems :-)

There is middle ground of course, but by and large people either can and do 
take this role fully, or can't and don't.

With that out of the way, debian and gentoo mostly use the same upstream 
sources anyway, so there's no reason to assume things will be majorly 
different in the stability department. You can prove me wrong any time by 
installing the latest cvs versions of everything you can get your hands on, 
but that is crazy for a production machine.

> What about major upgrades? If I keep the system updated regularly, is a
> major upgrade necessary?

mu

google it :-)

"upgrade" does not make sense in a gentoo context - it's like asking if whales 
are troubled by pimples on their nose. Gentoo is not versioned and does not 
have releases. What it has is a vast collection of stuff you can build. Most 
of it is recent but you get to pick the versions of packages you want, and 
you do it incrementally. Most folks do an update something between weekly and 
monthly.

A sure recipe for disaster is to let updates slide and try do a whole whack of 
them in on go. Again, it's not the same thing as updating a binary distro 
with a release. It's more like trying to change large amounts of the OS on 
the fly - it tends to be problematic.

Rule of thumb: update often, know what you are doing, keep an eye on the 
machines, and forget you ever heard of a thing called an "update" when 
working on a gentoo box


hth

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] gentoo mail server

[Nick Cunningham]

[-- Attachment #1: Type: text/plain, Size: 2011 bytes --]

2009/1/27 Tom Brown <brown@esteem.com>

> Hey guys,
>
> I've been using gentoo on my desktop for several months now. I works
> great. It cut five minutes off my build time when I build our product
> tree. It went from 20 to 15 minutes.
>
> I setup our email server using Debian. Its been solid as a rock and very
> low maintenance. However, it provides an antiquated environment.
>
> I'm looking at using gentoo for the email so I'll have an up-to-date
> system. Peformance is fine on the Debian system, but hey, faster is
> always better.
>
> I was hoping you guys could give me warm fuzzies about stability and
> maintenance with gentoo when it comes to a production server.
>
> What about major upgrades? If I keep the system updated regularly, is a
> major upgrade necessary?
>
> Thanks!
> Tom
>
>
>
>
If your planning on running a stable server then managing a gentoo server is
probably a bit more time intensive, but will pay of in terms of having it
configured how *you* want and with the services *you* want running, not what
someone else thinks you should have.

As a rule of thumb dont run ~ARCH unless you absolutely need a certain
package (and even then, stick to keyword specific versions rather than
blindly keywording everything). Dont feel that you need to sync and update
every day, but *do* use tools like glsa-check (i think thats the right one
but im not in my gentoo isntall to check atm) to ensure you update programs
where security bugs are known.

Also its worth keeping an eye on things like the forums, and planet as often
when updates to packages are likely to break things, or they need some
manual intervention when updating, you see some signs of this in advance
(although if you see a major update in your emerge list you *should* be
stopping and going off to read up on it before blindly emerging).

Of course, all these things wont stop you causing breakages, but if you work
cautiously and have some idea of what your doing then gentoo does work very
well as a server.

- Nick

[-- Attachment #2: Type: text/html, Size: 2422 bytes --]

Re: [gentoo-user] gentoo mail server

[kashani]

Tom Brown wrote:
> Hey guys,
> 
> I've been using gentoo on my desktop for several months now. I works
> great. It cut five minutes off my build time when I build our product
> tree. It went from 20 to 15 minutes.
> 
> I setup our email server using Debian. Its been solid as a rock and very
> low maintenance. However, it provides an antiquated environment.
> 
> I'm looking at using gentoo for the email so I'll have an up-to-date
> system. Peformance is fine on the Debian system, but hey, faster is
> always better.
> 
> I was hoping you guys could give me warm fuzzies about stability and
> maintenance with gentoo when it comes to a production server.
> 
> What about major upgrades? If I keep the system updated regularly, is a
> major upgrade necessary?

	I've been running a Gentoo mail server for either work or personal use 
and usually both since 2001. No real problems, but you do have to watch 
some updates especially sasl and courier.

My current system is
Postfix-2.5 At minimum I'd use Postfix-2.2 which has the better syntax 
for your virtual statements.
Postgrey for greylisting, had some issues with sqlgrey.
PostfixAdmin, because using phpmyadmin to manage your accounts and 
domains is futile. I'm still on 2.1 and need to check out the newer 
version. Requires PHP and a webserver.
courier-imap and cyrus-sasl. Thinking about moving to Dovecot since you 
can use dovecot-sasl with Postfix under Gentoo.
Mysql5

It's fully virtual, supports smtp and imap over ssl, sasl, skipped TLS, 
and easy to manage. I do not recommend the Gentoo Virtual How-to, it's 
ancient and silly.

I used to have a how-to on gentoo-wiki which I need to recreate. Maybe 
this weekend.

In regards to stability... don't update right away. When Postfix 2.6 
comes out, give it a month. Or play with it in a virtual server. Same 
with Mysql 5.1. Or whatever. I've run three separate companies on Gentoo 
and never had much of an issue though I always had a test/stage/qa 
environment of some sort. Also keep an eye on the forums and this mail 
list. That'll usually give you a heads up when an update isn't quite right.

kashani

Re: [gentoo-user] gentoo mail server

[Tom Brown]

Freakin awesome guys!

Thank you very much for your replies. This is what I got out of it:

1) Gentoo evolves. There are no major upgrades. This is a huge "go with
gentoo" point. I've never seen an operating system that didn't have
issues after a major upgrade. This means an updated system with gentoo,
all the time. No 'reinstall from scratch' every two years. Oh yeah, I've
got software that won't work after a major upgrade.

2) Gentoo requires attention. These are production servers I'm talking
about. What sysadmin doesn't check in their production servers on
regular basis? Yeah, I check in the the debian servers all the time.
That's on top of the automated emails I get reporting on the health of
the system. Ok, I don't have to do anything to them. So, I'll have to be
carefully before doing an update. I don't see that as too much to ask if
I don't have to reinstall from scratch!

Thanks guys!
Tom

[gentoo-user] Re: gentoo mail server

[James]

kashani <kashani-list <at> badapple.net> writes:


> 	I've been running a Gentoo mail server for either work or personal use 
> and usually both since 2001. No real problems, but you do have to watch 
> some updates especially sasl and courier.

OK.

> My current system is
> Postfix-2.5 At minimum I'd use Postfix-2.2 which has the better syntax 
> for your virtual statements.
> Postgrey for greylisting, had some issues with sqlgrey.
> PostfixAdmin, because using phpmyadmin to manage your accounts and 
> domains is futile. I'm still on 2.1 and need to check out the newer 
> version. Requires PHP and a webserver.
> courier-imap and cyrus-sasl. Thinking about moving to Dovecot since you 
> can use dovecot-sasl with Postfix under Gentoo.
> Mysql5

> It's fully virtual, supports smtp and imap over ssl, sasl, skipped TLS, 
> and easy to manage. I do not recommend the Gentoo Virtual How-to, it's 
> ancient and silly.

Is this the page your refer to?
http://www.gentoo.org/doc/en/virt-mail-howto.xml

> I used to have a how-to on gentoo-wiki which I need to recreate. Maybe 
> this weekend.

Very cool.

> In regards to stability... don't update right away. When Postfix 2.6 
> comes out, give it a month. Or play with it in a virtual server. Same 
> with Mysql 5.1. Or whatever. I've run three separate companies on Gentoo 
> and never had much of an issue though I always had a test/stage/qa 
> environment of some sort. Also keep an eye on the forums and this mail 
> list. That'll usually give you a heads up when an update isn't quite right.


Well all of this is great news. I've pretty much decided to build
a postgtres mail server, mostly like what you have outlined.. I'm likely
to set up a second, duplicate machine for testing.


Drop a line to the list, when you have your wiki page up and I'll follow
it and make some notes on the process of settting up a postfix mail server
on gentoo.Maybe you could fix up this wiki?(or build another?):
http://en.gentoo-wiki.com/wiki/Postfix

Do you use a regular gentoo kernel, hardened setup, or what packages to
keep the mail server tightly secure?


excellent notes!

James

Re: [gentoo-user] Re: gentoo mail server

[kashani]

James wrote:
>> It's fully virtual, supports smtp and imap over ssl, sasl, skipped TLS, 
>> and easy to manage. I do not recommend the Gentoo Virtual How-to, it's 
>> ancient and silly.
> 
> Is this the page your refer to?
> http://www.gentoo.org/doc/en/virt-mail-howto.xml

Yep and the things I don't like are:

1. password stored in clear text
2. complicated use of pam_mysql rather than using sasl's DBD layer directly
3. No admin interface
4. Have to edit /etc/postfix/main.cf to add domains rather than rely on 
the database lookup.
5. Lack of useful troubleshooting section

>> I used to have a how-to on gentoo-wiki which I need to recreate. Maybe 
>> this weekend.
> 
> Very cool.
> 
>> In regards to stability... don't update right away. When Postfix 2.6 
>> comes out, give it a month. Or play with it in a virtual server. Same 
>> with Mysql 5.1. Or whatever. I've run three separate companies on Gentoo 
>> and never had much of an issue though I always had a test/stage/qa 
>> environment of some sort. Also keep an eye on the forums and this mail 
>> list. That'll usually give you a heads up when an update isn't quite right.
> 
> 
> Well all of this is great news. I've pretty much decided to build
> a postgtres mail server, mostly like what you have outlined.. I'm likely
> to set up a second, duplicate machine for testing.

I've never done it with Postgres, but I know PostfixAdmin supports it so 
it shouldn't be too hard. I think Steveb had it working at somepoint.

> 
> Do you use a regular gentoo kernel, hardened setup, or what packages to
> keep the mail server tightly secure?

I generally found that keeping Webapps and users off you mail server was 
good enough security. Also when building most of this stuff years ago 
the hardened kernels were a bit painful. Probably much easier now.

kashani