Categories
Uncategorized

The file you lost is in my vault

There has been a lot going on at the office since my last post. I’ve managed to install a local mailserver and network backup. It was easy setting up one, but not so much the other!

There are a lot of e-mail servers out there. You can choose from postfix, courier and good old sendmail. I chose to install exim. Exim is a e-mailer built by the University of Cambridge and is relatively simple to setup and maintain. If you are using a Debian-based Linux distribution then the setup is very simple. And I found exim far easier to understand and customise than postfix.

To install exim on Ubuntu simple enter sudo apt-get install exim4-daemon-heavy

Exim comes in two versions on Ubuntu. A ‘Light’ version and a ‘Heavey’ version. There are some features messing from the light version. Importantly for me it was the LDAP features that were needed and these were only in the heavy version.

To configure the basics you run the prompted configuration script by using dpkg reconfigure exim4. This enters information into a configuration file which is then used to build the actual configuration files which exim uses. To do this simply reload or restart the exim service.

As I had already have fetchmail and dovecot running downloading e-mail from my e-mail hoster, all I needed was local delivery and relay capabilities. I selected this on the install and entered the appropriate domain names. I made sure to enter 0.0.0.0 for the valid hosts. This way all my local users can access the server. I keep everything in a single file – its far easier to determine what is going on and making customisations that way. I then modified the /etc/exim4/passwd.client file so my server could send e-mail through my mail host’s server. I had to make a small change to the config file, which I will document next.

My ISP blocks access to thrid-party servers on port 25 – to prevent spammers from using other servers. My email hoster gets around this by having authentication and using a different port. The authentication is handled by modifying the passwd.client file I mentioned. The port requires a change to the exim configuration file. Simple enough as it was easily documented.

The next bit was the tricky bit – modifying the actual. The header rewriting bit. That’s where on outgoing e-mail the from (and other lines) are rewritten to represent your external e-mail address and not your internal one. Exim has a basic line setup but I have a nonunique situation where my users are stored in OpenLDAP. Their internal and external addresses are stored in there. So internally my e-mail is salik@mycompany.local externally it would be salik.rafiq@mydomain.com. This mapping is stored in LDAP. I found the lines I needed to change but it was not easy. I eventually got it to work by using these lines:

REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains "${lookup ldap {ldap:://localhost/uid=$sender_address_local_part,ou=[LDAPDOMAIN]?mailRoutingAddress}{$value}}" frs

REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${lookup ldap {ldap://localhost/uid=$sender_address_local_part,ou=[LDAPDOMAIN]?mailRoutingAddress}{$value}}}}

Which does the mapping just nicely. Note the ‘::’ without those the line won’t work as the separator (you can have multiple matches) is :. Took me a while to figure that one out.

The only issue I have left to sort out is to check e-mail being send to user@mydomain.com and rewrite that to user@mydomain.local and use the local delivery. Without that the e-mail will go to my email hoster and then come back via fetchmail. not critical but it takes about two minutes for that loop.

Overall I’d say that exim was relatively easy to setup. It just needs better support. There are are mailing lists, but these are never as good as forums.

Next up was getting a backup going. We’d not really had a proper backup service going and desperately needed one. I selected backuppc. I had ready about it in Linux Journal and decided that this was just what I needed. One of my Linux boxes would be the backup server and store all the backups on it’s redundant disks. And the other PC’s would be the slaves.

Currently, as there is data being stored on the (soon to be) backup server. I am also backing up the server itself! Though this would not normally be something one would do. And it would also be advisable that you backup to an entirely separate device rather than the disk the OS and configuration files are on.

Backuppc can be downloaded from the backuppc home page.
There’s not much to setup in backuppc. It has a splendid web portal to configure it

One thing you need to lookout for is that the config files are mostly in perl. Some day perhaps they’ll get rid of that and have standard config files. The other thing is that to backup linux machines backuppc can use rsync. To use rsync the PC and the server must exchange keys to allow the remote user – backuppc – to gain root access to the machine. This is not hard but is something you must take care of beforehand and there is plenty of documentation and samples on this. These pages at howtoforge give a good example of a backuppc setup.

Another issue is that on Ubuntu some tasks need to be run as root, so it is necessary to add the backuppc user to the sudoers file with the nopasswd option. eg: %backuppc ALL=(ALL) NOPASSWD: ALL. Very important only edit the sudoers file with the visudo program. Do not change the file to writeable and then edit it. If you forget to revert the file back to readonly you will not be able to sudo anymore. This gives the backuppc group access to all command without a password. Perhaps a bit of overkill. I think I may tune it later. It will then be necessary to change the commands to tar and ssh to prefix them with sudo. This will be pretty obvious in the config file..and web portal.

I now have a fully configured backup which backs up each machine every night and there is a schedule of incremental and full backups. I haven’t tried a restore yet, which really is something that one needs to do. You need to know if this will really work!

Next time I will go on about the trials of setting up MS Dynamics CRM 4.0 on my Windows server. What a drag.

Salik.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.