September 2002 - admins-discuss@lists.redbrick.dcu.ie

[Admin-discuss] more webmail
by Colm MacCárthaigh 05 Oct '02

05 Oct '02

o.k., I've created a 1000 day self signed cert for webmail.redbrick.dcu.ie and enigma now has that up on port 443. I've added webmail.redbrick.dcu.ie into DNS and it should propogate in the next day or so. Any http requests to webmail.redbrick.dcu.ie get rewritten to https, so that it's enforced. Courier really doesnt like it you try to check your mail without a ~/Maildir in place, so watch out for that. Basically what's left is: come up with a way for adding all of the Maildirs, which will be symlinks into /var/spool/mail/[letter]/username/ or something. maybe add a cronjob to recreate the symlinks every night in case of deletion fix the default procmailrc in /usr/local/etc to be sane fix the default muttrc,pinerc,elmrc .. etc to be sane the exim conf on enigma needs to be modified to take aliases from all of the mad places we like to do that, this is easy additional routers need to be added for forwards, procmails and local delivery with suffixes. Basically copies of what's there with local_part_suffix= +* added. This needs to be tested or whatever. another cert for IMAP TLS needs to be done, I'll see if can I can do that. This should all be well doable before clubs and socs day, but I'm going to need help, I've a busy week in work ahead of me aswell. Also what's the story with adding accounts on Enigma ? How is this goign to be done ? Has a way been figured out to sync things yet ? Is anyone intrested in porting their mail to enigma ? Giving all this a good week of tetsing can't do any harm. -- colmmacc(a)redbrick.dcu.ie PubKey: colmmacc+pgp(a)redbrick.dcu.ie Web: http://devnull.redbrick.dcu.ie/

8 40

[Admin-discuss] [colmmacc@Redbrick.DCU.IE: [Webgroup] IMAP rocks]
by Colm MacCárthaigh 28 Sep '02

28 Sep '02

----- Forwarded message from Colm MacCárthaigh <colmmacc(a)Redbrick.DCU.IE> ----- From: Colm MacCárthaigh <colmmacc(a)Redbrick.DCU.IE> To: admins(a)Redbrick.DCU.IE, The Fellowship Of The Brick <webgroup(a)Redbrick.DCU.IE> User-Agent: Mutt/1.2.5i X-Spam-Level: Subject: [Webgroup] IMAP rocks take a look at various screenshots in http://redbrick.dcu.ie/~colmmacc/imap/ everythign persist, no matter what way you access your mail. Any ideas how this should be setup initially ? Ie what folders, if any, peopel should have bu default -- colmmacc(a)redbrick.dcu.ie PubKey: colmmacc+pgp(a)redbrick.dcu.ie Web: http://devnull.redbrick.dcu.ie/

2 2

[Admin-discuss] Enigma + Array = Frustration
by Cillian Sharkey 04 Sep '02

04 Sep '02

Last evening John Bolger and myself got the 6 disk (RAID5) array setup (using his spare disk) in CTYI. His disk was a couple of meg smaller than the others so we've lost a few meg in storage but hey, it's nothing to worry about. So we took his disk out and verified that the array still worked (in degraded mode). We then moved the controller into enigma and hooked up the array, but it refused to see the disks! So we took out all the other cards until we had just the RAID card and the video (PCI) card left. Again, no joy. It was getting late at this stage so we put everything back together. The controller is still in enigma so bootup is slower now while it times out looking for the array (currently powered down). Once ("if", hah!) we get the damn thing to work in enigma, we can parition and mount the array on the current enigma and work on it remotely to build the new install. We can do a make installworld onto the new array (set DESTDIR), chroot into it to install stuff safely (or even set it up as a jail if we wanted to run/test network stuff in it on the default ports). When it's ready to go online, we put in the system disk (everything we need should be copied off it by then), let the array rebuild and finish off the setup etc. On a more positive note: Enigma has it's front cover back! So things are (slowly) starting to shape up.. -- Cillian

3 3

[Admin-discuss] Enigma (take 2)
by Cillian Sharkey 02 Sep '02

02 Sep '02

[in reply to my previous email on Enigma] > Options: > > - 6 disks w/ no spare (90GB) > - 6 disks w/ non hot spare (90GB) [need to purchase extra disk] > - 5 disks w/ hot spare (72GB) It looks like we'll go for 6 disks with a cold spare (which we'll need to buy at some stage, the system disk from Enigma would be a prime candidate to fail given its usage :) > 2. Filesystems > > Draft: > > / 100MB Small root okay for BSD. Current disk usage on > enigma is due to crap in /root which will be in > /local/admin in new setup instead.. > > swap 512MB or 1GB At least equal to total memory, worth allowing > for future expansion (e.g. 1GB). [current swap > on enigma is at 256MB] I think we should go for the 1GB, it may be underutilised now, but it's easier to create now then 1 or 2 years down the road when/if we upgrade RAM. > /usr 4GB Separate root and usr also okay with BSD ;) > 4GB should be sufficient for software and > /usr/{src,obj}. Might bump this to 5 or 6GB, just give us some more breathing room. > /var 4GB Should be sufficient. This will be bumped to the remaining disk space to accomodate [web]mail (i.e. /var/mail/<Maildirs>). This way we enforce the use of disk space on enigma for mail only. If we were to use $HOME/Maildir, users could use enigma for home storage which would "compete" with their mail. rb-radio will go under /var somwhere as it'll be the biggest partition (greedy music lovers!) > /local 2GB Similar to that on prodigy (promotes > consistency). Not as big though, note: not > *really* an essential f/s but handy to have. > > /home ~78GB [or 60GB] Size depends on 6 [or 5] disk array. Home quota will be set at 1Mb. Size will be reduced to 4GB (a rough estimate of 2000 users * 1MB + 100 users * 20MB). Quotas can of course be increased on a per-user request basis if necessary (e.g. they're doing project/devel work etc.) That's the 100 users above. > /tmp 64MB Use UFS, MFS or md? Any opinions as to which option? > /var/tmp 128MB Make bigger (512MB/1GB) if no "/scratch" f/s: > > /scratch ? GB Single disk or a possible vinum setup.. > > Quotas will be in force on /home and nosuid, nodev. Main data to be kept in > /local & /var. All filesystems to have soft updates enabled. Also, as of > 4.4-S the new dirprefs and dirhash code (both on by default) will result in > better layout & performance for the new filesystems. Just wondering how the defaults in newfs are for (large) filesystems? Especially if /var will be geared towards Maildir usage (think lots & lots of inode usage). *goes off to read tuning(7)* > Secondly, unified logins should really be implemented (regardless of giving > all users a login or not) ideally with LDAP (has been proposed before) as > this has many other benefits (e.g. mailman, nntpcache, Cyrus, etc.). This > should work even when prodigy is down (i.e. use replication). The hack > alternative is to copy the prodigy /etc/{passwd,shadow} files across > (securely) daily, merge into a master.passwd format, run pwd_mkdb, etc. and > possibly also prevent local password/finger info changes. Nanny (back on > the network now) can be used for testing this without borking prodigy :) A thought occurred to me - OpenLDAP can be configured to use /etc/passwd as it's "database" (read-only AFAIR). I haven't checked yet, but does anyone know off-hand if this setup can provide authentication? This would make LDAP authentication and name lookups etc. available, but leave password administration as-is (read: less work involved). If it doesn't, an alternative would be to build the database from the passwd file on a regular basis, making sure to include the crypted password. There's no reason why we couldn't migrate completely to LDAP, however this approach means we don't have to modify our user admin software (read: admins are lazy). -- Cillian

1 0