OpenBSD as Mail Server

Right now i have no idea about qmail as good MTA, it was good but the way it sends email by creating 1 process for delivering 1 email sometimes made me worry about my resources.

New idols coming, it’s dovecot and postfix. well with combination of these i believe strong email system will be delivered.

With OpenBSD in your hand, many application can be installed using ports, but you only install 1 application, complete with with all dependencies, how about 1 script for all?

Few years ago i used lazyinstaller on any linux and freebsd, but it was past… now the era has changed.

After googling, i found application named mailserv, integrated email application for OpenBSD

the steps also simple

export PKG_PATH=http://ftp.OpenBSD.org/pub/OpenBSD/`uname -r`/packages/`uname -m`/ 
pkg_add git 
cd /var 
git clone git://github.com/mailserv/mailserv.git 
/var/mailserv/install/install.sh


After finished open your web browser to https://ip_server:4200
and then what you got?
1. Email platform with multiple domain support 
2. statistic for each domain 
3. health report of your server 
4. managing domain,user,quota etc 
5. grey list 
6. white list 
7. anti spam etc 


Happy OpenBSDing 

redundancy using carp

huh after 3 hours stuck doing this … read the manual and read again .. but still unable to connect .. i’m sure nothing wrong with the rules …

after checking and checking i forgot to enable pf on primary server .. 🙂

now it’s my clue to create redundancy using openbsd 4.0

on /etc/rc.conf ensure you enable pf

pf=YES # Packet filter / NAT

and as internet gateway you should have at least 3 NICs , 1 for lan , 1 for wan and 1 for failover (sync) between primary and backup firewall (utp cross cable)

next step is you shoud change your /etc/sysctl.conf

net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
net.inet.carp.preempt=1 # used for carp

the network will look like this

         +----| WAN/Internet |----+
         |                        |
      xl0|                        |xl0
      +-----+                  +-----+
      | fw1 |-nfe0--------nfe0-| fw2 |
      +-----+                  +-----+
      xl1|                        |xl1
         |                        |
      ---+-------Shared LAN-------+---

here’s the ip address:

Fw1

• xl1 : 192.168.0.2/24
• xl0: 202.x.x.147/29
• nfe0: 10.0.0.2/24

Fw2

• xl1: 192.168.0.3/24
• xl0: 202.x.x.148/29
• nfe0: 10.0.0.3/24

we can make failover works for lan or wan or both

in this case i just make failover works for lan side , the virtual ip for lan is 192.168.0.1 and it means the station at lan will pointing to 192.168.0.1 as gateway

here’s the rule in /etc/pf/conf (snipped some ..)

ext_if=”xl0″
int_if=”xl1″
internal_net=”192.168.0.0/24″

nat on $ext_if from $internal_net to any -> $ext_if

pass out keep state
pass in keep state
pass quick on $int_if
pass on nfe0 proto pfsync
pass out quick on {xl0 xl1 } proto carp keep state

last but not least is how to make this activeautomatic after booting

simply edit /etc/hostname.*

Fw1 (Primary Firewall)

• /etc/hostname.carp1
  inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 1 carpdev xl1 pass lanpasswd
• /etc/hostname.pfsync0
  up syncdev nfe0

Fw2 (Backup Firewall)

• /etc/hostname.carp1
  inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 1 carpdev xl1 pass lanpasswd advskew 128
• /etc/hostname.pfsync0
  up syncdev nfe0

that’s all folks .

happy reading

mysql and openbsd

hmmm after along fail installing mysql on openbsd .. now finally succeded the easiest way is install from remote

# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.0/packages/`machine -a`/
# pkg_add mysql-server

another way is using ports ,the package located at /usr/ports/databases/mysql  and then do make install

but it’s onlu install mysql client .to install the server change to /usr/ports/packages/i386/all/

then do pkg_add mysql-server-5.0.22.tgz 

next step is how to run this properly on openbsd

on /etc/sysctl.conf add kern.maxfiles=4096

on /etc/login.conf add

_mysql:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=2048:\
:openfiles-max=4096:\
:stacksize-cur=8M:\
:localcipher=blowfish,8:\
:tc=default:

next put something on /etc/rc.local

if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c _mysql root -c ‘/usr/local/bin/mysqld_safe &’ > /dev/null & echo -n ‘ mysql’
fi

don’t forget to run mysql_secure_installation

just reboot the server and all is done

pf

after a while doing research with openbsd pf and hfsc ,,

i have bad news about hfsc where the documentation is really bad, bad this is good schedulling algorithm

#bw management rules for incoming works
altq on $int_if hfsc bandwidth 100Mb queue{noc_in,atas,bawah}
queue bawah bandwidth 10Kb hfsc (realtime 16Kb upperlimit 64Kb linkshare (10% 1000 25%))
queue noc_in bandwidth 20Kb hfsc (realtime 64Kb upperlimit 100% linkshare 20% default)

#bw management rules for outgoing
altq on $ext_if hfsc bandwidth 100Mb queue{noc_out,hayam_wuruk_int,hayam_wuruk_iix}
queue noc_out bandwidth 256Kb hfsc (realtime 64Kb upperlimit 100% linkshare (10% 1000 25%)default)
queue hayam_wuruk_int bandwidth 128Kb hfsc (realtime 32Kb upperlimit 128Kb linkshare (0% 1000 32Kb))
queue hayam_wuruk_iix bandwidth 256Kb hfsc (realtime 64Kb upperlimit 256Kb linkshare (0% 1000 64Kb))

how to apply the rules?

pass out on $int_if from <iix-ip> to $budi queue noc_in keep state