Ian Bicking: the old part of his blog

Server Setup

This is a not-very-interesting log of my recent server configuration efforts. Maybe interesting to people thinking of setting up a server (virtual servers are dirt cheap these days). It's not as easy as it could be, but it's getting easier.

After putting it off for too long, I finally finished setting up a new server for my use. It's a bit than what I'm currently using, a VPS through pdxcolo.net. I chose them because their disk space was relatively cheap. They seem fine so far; like many companies run by techies, they are bad at billing. But that just means I pay late when they send invoices late, and that doesn't really hurt me. Like a good techie hosting provider, they also provide Debian, which was a prerequesite for me. Their setup tools are decent; filesystem configuration confused me for a bit, but I figured it out with a little help. The support was prompt.

So, I thought I'd describe what I set up, and my thoughts on software. I tried out Webmin, which I had never tried before. It was fairly easy to set up, and fairly unintrusive, but it doesn't do a ton that I can't do for myself. Webmin's complement, Usermin, is more useful, as it lets the (small) number of users on the system do stuff through a web interface (change passwords, upload files, etc). I did a small amount of proftpd configuration with Webmin, which worked well (proftpd seems to be better supported by Webmin than wu-ftpd).

I've always found mail setup to be a pain in the butt. On one of my first systems, I used qmail, in part because VMailMgr looked cool. But that's when I was thinking of doing regular hosting, which didn't end up making sense.

Anyway, qmail sucked. It's a real shame, there definitely some cool parts of qmail, especially the email namespaces. With qmail, any user can append -something to their username, and it gets delivered to their mailbox. In turn, they can set up handlers, so a user could set up a mailing list manager (e.g, ezmlm) without any administrator help (or interference). But it sucks for some other reasons. There's bizarre things, like configuration done through the presence of files -- the contents don't mean anything, merely that the file exists. In general the configuration was horrible, a mess of little files all around, with no decent error messages. Everything is recipes. Recipes suck, and are a sign of poor software. Qmail also uses all these abstractions and conventions that might make sense in some alternate qmail world, but they aren't Unix conventions. Like configuration went in /var. But Maildirs are cool (no >From!).

Qmail is likely stuck in this sucky situation for all eternity because its licensing sucks. It's a good example to bring out to show that anything short of Open Source isn't good enough. It's so close to open source, but people can't really package up the results of their modifications, and no real community can form around the packages to develop them further. (At least, this is my impression, baseless and from way outside the community.) And the author doesn't do anything with qmail anymore, so evolution won't come from that direction. (I wasted enough hours on qmail to feel a bit bitter.)

So the second time around I thought I'd try Postfix. Postfix's major claim to fame is Just As Secure As Qmail, But Without The License. And it's not as weird. Postfix's documentation isn't that hot, and it's still confusing to someone who isn't a mail administrator, just a dabbler. I eventually got it working, but I never knew why. A lot of aspects seemed too manual, or they were confusing. The documentation was poor.

Honestly, security doesn't excite me. Maybe it's because I figure if I'm using a fairly major piece of software and keeping up to date (easy on Debian!) then I'll be okay. It's worked for me so far (knock on wood). Or if I'm using obscure software, even that's obscure in its own way. Sendmail has its problems, but security seems like its only one of many. People have become reactionary. So now I'm back to trusty Exim. It's well supported on Debian, the configuration basically makes sense (kind of). It has really good documentation. I've also simplified my setup, so that an address at any domain goes to the same user; my usernames have to be unique across domains, but that's okay. Virtual domains look reasonably easy in Exim, so if I ever need them they are there. The only real problem I had with Exim was with Mailman integration, which Mailman's README.Debian would have explained if I had read it.

To finish off mail, I used Dovecot for IMAP, since uw-imapd (which I had used before) didn't accept logins. Very annoying; I saw some similar problems on some Debian mailing lists, but no resolutions. I think it may have been some stupid SSL security restriction. Stupid security. Squirrelmail and Mailman installed easily.

The only thing left was Apache. I decided to go with Apache 2, as I've been intrigued with some of the new features, even if they seem minor. Apache 2 (at least on Debian) has a new config file setup, which I quite like. apache2.conf has a bunch of standard options that are boring and don't generally need to be customized. ports.conf defines the IP addresses and ports, while httpd.conf is for the other global options. mods-available/ has a file for each module; you symlink those files to mods-enabled/ to install them. Virtual hosts go in sites-available/, with symlinks to sites-enabled/. It's all very transparent and easy to understand, while being more structured than the big-pile-of-config of a single httpd.conf. Debian's Apache 1.3 has some weird files for module configuration that I don't like at all, in part because I never got mod_webkit working with it properly. Apache 2 was easy.

The other thing I used was mod_macro, which allowed me to set up some common locations and settings for all my virtual hosts, with some slight modifications on a per-domain basis. I actually would have preferred mod_define, but it doesn't seem to be available for Apache 2. I think mod_define plus Includes are basically equivalent to mod_macro, but easier to understand (since definitions are named, but macro arguments are positional).

I also installed lots of Python things, some databases, all the utilities, Webware, mod_webkit2, and other stuff, but those were all easy. Debian is great.

Created 31 Aug '04
Modified 14 Dec '04

Comments:

Ah, I did the "usernames must be unique across virtual hosts" thing. It's a bit problematic for webmaster@, because it means the owner of the "primary" domain (whichever one Exim knows abot first, I think) gets all those mails. It's not a major problem, and I did manage to fix it, but I can't remember how. My policy on altering Exim is:
1. avoid doing it
2. see step 1
3. poke things randomly, fearful of losing mail, until it works or you give up and revert to what it was before
Not the best policy, but what can I say :)
# sil

Exim has a fantastic configuration, making complex custom situations possible without confusing the simple stuff. I've twiddled mine to do AV, SpamAssassin, virtual domains with alias domains, Maildirs, etc. Drop me a line if you run into any questions.
# Luke Opperman

Regarding mailing list managers, there's one that's aimed to be sort-of-an ezmlm clone, Enemies of Carlotta [1]. It has more liberal license and is a bit simpler. (It's written in Python, but that shouldn't make much of a difference to the decision, I guess.)

[1] http://liw.iki.fi/liw/eoc/
# Jarno Virtanen

I switched from SquireMail to IlohaMail http://ilohamail.org/. And yes it's better, because it supports multiple senders ..
# Jkx

Just wondering why you passed up getting a Linode www.linode.com

Very professional. More disk space per $. More distros to choose from including Debian. I've been using them for over a year. I just don't see that pdxcolo has any advantages.

Randall
# Randall Smith

I seem to remember when I was looking that linode wasn't taking any clients for their VPS plan -- all their servers must have been fully committed. PDXColo also has cheaper disk space -- $1/GB/mo, vs. $5/GB/mo. This is nice, since I am keeping all my mail on the server; instead of upgrading to a more expensive plan, I can just add on the particular resource I want. And of course, I don't care about the distribution selection, as long as they have the one I want ;)
# Ian Bicking

I must agree about Qmail, 'though I've been using it for 7 years. Postfix seems like the right way to go and may do that some time in future (along with switching to http://www.gentoo.org from Debian :-).
# Robert