New server finally up
Saturday, January 28th, 2006
The trickiest bits were the firewall and the mail server. I actually opted to spend a little more time trying to find a better firewall solution than plain old iptables. You know, something a little gui, something with a configuration language that I can actually read… FireHOL looked very promising, but I couldn’t make it go. And even so, it wasn’t clear that I would be able to do anything beyond the simplest configuration. The few other things I looked at were too simplistic. I ended up with a smooth transition, sticking with iptables.
Postfix, smtp-auth, sasl, courier-imap, amavis, and spamassassin were the next hurdle. And it would have been smooth without the chroot detail. saslauthd needs to be visible to postfix and courier, so it has to be in the chroot with them. But it also wants to be in the standard place in /etc. It wants to be there so bad, that even when you change all the parameters to point into the chroot jail, it *still* looks in /etc for its mux. So I had to do some yucky symlink hacks, but it eventually was happy.
Such a relief to be off of that memory-starved server. I used to have to wait 15 seconds for bash to swap in before I could type my first keystroke at the console.