Grover Ponders

This weekend my web server was suddenly not accessible. But not just the webserver - I couldn't connect to the box directly at all, so all the other services (like the virtual machine that was running email) were also down. The culprit turns out to be the hard drive. After a couple of forced reboots, the box came back, but reported some SATA errors. It's running right now, though I no longer trust that drive. I have a replacement drive ready to go, but decided this was THE opportunity to do up my server the way I've been meaning to.

What I want to do is create a very basic server install, set up VMWare Server and run my desired services within the virtual environments. But I also want these virtual servers to share a common drive for storing their data. After some research, I found that NFS would be the best choice for this "shared drive" idea. The servers don't really need to share resources, but by putting the data onto one physical drive (rather than a virtual drive), then I would only have to back up one drive and the VMs to have a full backup of everything.

With the drive errors, the priority level of this server work moved from "thinking about it" to "better get this done". So I built a VM for my mail services and one for my web services. The current web server is a standard migration - move the files, move the database, all done (more or less). The mail server is a different story though.

My current mail server is a version of Zimbra's Open Source Edition that is a little more than a year out of date. Zimbra offers a number of useful features that are needed in my case. Specifically:

• Multi-Domain capabilities (virtual hosting)
• Sieve support (server side filtering rules)
• Easy setup / configuration
• Low maintenance

But, Zimbra is now under a cloud of uncertainty. Microsoft is trying to buy Yahoo!. Zimbra is owned by Yahoo. Microsoft owns MS Exchange. Zimbra competes with MS Exchange. Connect the dots and you can easily see a gloomy future for Zimbra if MS is successful. The main problem is that Zimbra is only partly open source, so it can't just fork to a new version. I took a look at the newer version of Zimbra and even tried to get it running on a Ubuntu 7.10 server. That didn't go so well but that was expected - the installer is made to work with Ubuntu 6.06 LTS. That was enough for me to take a look to see what else was out there.

There are a few different mail systems out there. Open Xchange looks promising. But it's a Tomcat application, which is Java. I prefer to stay away from Java apps due to the extra effort needed to get Tomcat setup and stable, and my own lack of experience in this area. There is Scalix which also looks promising, however the Community edition doesn't appear to support my Multi-Domain requirement. There are others, but each seems to have a limitation of one sort or another. I've done the "roll your own" solution in the past and was satisfied with the results, but it needed a little more maintenance. I decided to look around and see if there were any newer How-To's that I haven't seen before that could help. In doing so I came across a few references to Dovecot. Digging deeper I found that Dovecot is a Mail Delivery Agent, much like Courier and Cyrus. But it seems to be a fair bit easier to install, configure, and understand - while at the same time being secure and flexible.

While I was digging into what Dovecot was, I came across a real gem: http://workaround.org/articles/ispmail-etch/. This one page changed my opinion about doing it for myself. Glancing through the page I found that it not only did everything I was looking for, but that the instructions for doing so were very well documented. The page is aimed at Debian Etch, but Ubuntu Server is a derivative of Debian, so the commands are all the same. In short, the article works equally well for Ubuntu as long as you are willing to accept that some versions may be a little different.

I took the plunge and followed the article. Not only is the individual steps shown, but everything is explained as well so that it all makes sense. Following the instructions lead to a fully operational server doing everything I wanted. Of course I had to change some of the instructions to match my own settings - specifically the database password, but if you are considering a mail server then you should have the know how to understand these things. Overall, I'm very impressed with the article, and Dovecot even. Some initial testing from the local network shows very good performance in transferring messages around - better than I was seeing with Zimbra even. But that could just be the box I'm working on too (AMD X2-6000 with 8 GB Ram vs the X2-3800 with 1 GB Ram on the current Zimbra server).

I did find one glitch with the article, but it's not a show stopper. I guess this "glitch" could be a Ubuntu versus Debian thing though. The last part of step # 8 has you create an SSL certificate for Dovecot. It doesn't have you modify the dovecot.conf file to make use of that certificate though. There's only two lines in the dovecot.conf file that mention a ".pem" file, and they are together and commented out. Simply copying these lines, removing the # character to uncomment the lines, and then using the paths specified in the openssl command (/etc/ssl/certs/dovecot.pem, and /etc/ssl/private/dovecot.pem respectively) will do the trick. Remember to restart the Dovecot services.

The last few points of the article are optional steps you can apply for your environment. Like adding Greylisting, Sieve filtering, or even mailing lists.

I can see that the maintenance issues involved with this approach will be minimal. A simple "apt-get update" and "apt-get upgrade" will handle most of the maintenance, and the configurations are straight forward enough to be understandable but will likely not change very often.

Thanks to Christoph Haas for the great guide!!

Now, I just have to get my web server migrated, setup Subversion and Tracs, install the new drive in my server, set up NFS and move the VMs to it. Only another day or two of work. Hope the failing drive holds out till then. If not, I now have a full back up.... of course....