Posts tagged Postfix
Shell service available
Jan 29th
Been a long week and I had to deal with some red tape internally (of my own creation!), but finally have some working shell service to sell to people who want it.
I had posted last week about the issue(s) of shell services and decided that I would do the work to put this kind of service together as I have both the experience and gumption to do so. Even includes my smiley, happy-go-lucky support attitude!
So it is available and sales is ready to take the orders. I don’t expect a lot of people signing up for this, but it takes care of a sect of customers that still want to do things in a manner that isn’t web based, that isn’t all mouse driven.
I can relate to that!
- Ubuntu Hardy
- FreeBSD 8
- emacs, vi, joe
- mutt (no elm, no pine – all Maildir oh well)
- procmail filtering
- IMAP, POP3, SMTP, with SSL and STARTTLS goodness
- reasonable and ample disk storage quota on our NetApp gear
Let the nerding begin!
Outbound Email Spam is teh suck
Jul 23rd
No mispelling, just playing ‘new internet lingo’ game. Did I win?
Let’s get serious…
This week, multiple customer accounts were breached. Starting approximately 3 weeks ago, a phish was sent out that some of our customers responded to, giving out their account information.
We looked through our mail logs and found the users who had been phished and we changed their passwords.
Along the way, we either missed some users who were phished, or another phish was done that we did not detect.
On Monday, 2 accounts that had been phished at some time were used to send spam through our outbound email servers. By default, our outbound email servers require SASL authentication. The abusers authenticated to our servers, and over the next couple of hours, we were thoroughly abused, and our servers started slowing down. Not enough to trigger monitoring, though. Kudos for performance tuning, spankings for not noticing this until a customer told us.
On Wednesday, we got hit again, by a single account this time, and 18,640 connections later, our servers were again getting exercised.
All this preamble, what is it for, Mike?
I’ll tell you – on Monday our outbound mail servers got onto some of the anti-spam lists, including Yahoo, Hotmail, Comcast. We did what we could to remove the IPs of our servers from the lists, but Hotmail (in particular) has a 72 hour period for removal. Ah well. 72 hours does suck, but it is survivable.
Then came Wednesday…and another account was abused, putting us back on those same lists we just got off of, and while still on the Hotmail list, our 72 hours got reset. Oh that is frustrating.
Virtualization and the ISP (part 4)
Oct 20th
The fun is getting going – ordered up the 8 servers as listed in the configuration in my blog post from October 4th, 2008 on October 14th, 2008.
This will give me 8 host systems and one spare on the shelf (I’ll be using it for test deployments and such as well).
Ship date: October 16th, 2008.
Weight: 862lb
Due date: Today! October 20th, 2008. (Dell tracking said Friday the 17th, but obviously that wasn’t correct, but was in Minneapolis at 8:49am and out for delivery)
I have moved one production system over already (one of the POP/IMAP servers) and performance has been excellent. Over the next few days I’ll get 3 more of the host systems online and migrate the other POP/IMAP physical servers over, then tear down the old systems and remove them from the rack(s).
There is one snag holding us back for the web server side of things – a PDF library that was used by our in-house web guy for automatic formating of PDF documents. We’ll get this worked out soon and start that migration as well.
Once I get these initial 10 systems retired and out of the racks, we’ll rack up the other 4 host systems and prep them for the eventual task of migration of our caching and authoritative name servers (4), our SMTP servers (8), and measure again how things are going (performance, power, etc).
Part 4.1 coming soon, with pictures if I remember a camera…
Virtualization and the ISP (part 3.2)
Oct 10th
I measured another system at the office today looking at usage on a 2950 with Energy Smart power supplies, and L series processors (50W each).
Idle usage was 2.1A, and when I pushed the system as hard as I could to light up 4 cores the system went to 2.9A of power. This is .3A higher than the PE2900 system I am looking at deploying.
There were 2 differences, first, L5410 processors – 2 of them and not just one. The E5420 used in the 2900 is 80W, the L5410 (and L5420) are 50W each. That 50W *could* account for ~0.43A of power at 115V.
Second difference – 6 7200 RPM SATA disks vs the 4 15K SAS disks in the 2900.
I’ll continue to see if I can get an even closer match to test against, but I am beginning to wonder if I should drop the whole idea of the 2950 with L series processors just because the cost savings in power do not rack up enough to cover the much higher cost in the server ($450-$700).
EDIT: Updated from .23A to .43A as the difference for 50W CPU at 115V – bad math!
Virtualization and the ISP (part 3.1)
Oct 9th
Time for some power measurements!
ESXi was the hypervisor involved in the tests.
System installed, 4 virtuals powered on, but not doing anything: 2.2A @115V
System installed, 4 virtuals being installed hitting the I/O system: 2.4A @115V
System installed, 4 virtuals pushing 100% CPU each, no tuning: 2.6A @115V
While the virtuals were pushing the high CPU load, they were also hitting the disk I/O system as well, though not nearly as hard as 4 concurrent installs occuring.
Part 3.2 will continue with real life power measurements of the systems these PE2900s would replace so that I can do a comparison based on idle vs full load against current production systems (mix of idle and load).
Part 3.3 will have information as I cut over a couple of the clustered systems onto the PE2900 virtualized servers starting with one of the web servers and a POP/IMAP server, continuing from there to a couple of the SMTP servers. I’ll be able to report back subjective performance reactions as well as some actual measured data via different utilities.
While this is happening, I am working on learning how to make my own ‘appliances’ for faster configuration and turn-up of the different servers I’d like to deploy. It has been kind of boring so far, but maybe I’ll get’er all figured out.
Until next time…
