So, I attempted to upgrade my mail server … it didn’t work …
Actually, it started out as an idea for me to start another mail server from scratch … I wanted to create a test email server so I could learn more about all the interaction that goes on … As I was researching this, I determined from my reading that it would probably be very simple to upgrade the existing mail server … You know, the one that’s serving thousands of actively live email addresses, whether email is stored on the server or forwarded … I have upgraded plenty of servers in place and have never had major issue … This changed yesterday …
Normally what I’m upgrading is PHP … They update PHP on a pretty regular basis, and it ain’t no thing to cvsup to the latest ports and deinstall, reinstall to the latest and greatest … but with the mail server, this is a bit different … there are many dependencies … I can usually handle this very well too … I can backtrack failures or Google errors and find a fix …
Up until yesterday, I have always paid a consultant to work on my mail server … Email is not something to take lightly … It is the most exploited thing on the Internet … Too much SPAM and Viruses to think that I could handle all of this on my own … So for years now, I have had someone else do the thinking and I do the tinkering … Because of all the tinkering I’ve done myself, and I’m pretty proud of myself that I setup authoritative name servers and an inline firewall all doing multiple amounts of graphing, etc … I thought that I was at the point where I could handle the email server on my own …
All that seemed to be required was that I bring the ports tree up to current and then compile the new programs … Since this was something I wasn’t familiar with, I figured I would let portupgrade have at it and upgrade all the ports that needed upgrading … That’s why it had sounded so easy to me … I also figured I had all the time in the world to do this as the active system would remain active until I rehashed and restarted the services … Not the case …
First thing to fail, the MySQL server … When it’s portupgraded, it stops the MySQL server … So that was the first problem that immediately ceased mail flow … I started the “new” MySQL server and all seemed well … but then things just degredated from there … Now it was a race to compile the programs and get everything in sync once again … The phone kept ringing, but I didn’t have immediate answers … I wanted to try to fix it before I talked to anyone … One hour became two … Then two became four … I didn’t have much sleep, so I was purty tired …
Once I got to the point that everything was finished compiling, out of the hundreds of ports that were checked and upgraded, there were three that didn’t make it … cronolog, fastest_cvsup and maildrop … Two of those stopped the operation of webmail as well as normal mail flow … cronolog stopped apache from operating and maildrop, well, it’s a mail server so something called maildrop was probably pretty important, eh? So I attempted to deinstall, reinstall those programs … When they didn’t work (and maildrop took some time to fail) I Googled to find answers … Those answers were not readily found … I suppose in retrospect, it’s because maildrop is probably not as popular as PHP or apache …
So, I am dead in the water … I could continue to tinker my way through and make it work, but there was two things going against me … The major one, there was a bunch of people that wanted their email … After all it was a Monday, and Monday is the most important (busiest) day … Man, when I screw something up, I do it right! The second thing was, no matter how I got it working, I would not feel confident that it was done right … That’s the most important thing to me … Again, email is something that I don’t think should be messed with or taken lightly …
I resort to turning my mess over to the consultant … Now normally I book time with him … We schedule a time and I open up the firewall, etc and we get it done … Him proceeding with the necessary steps and me babysitting in case he needs to restart the machine or something goes goofy … There’s been only one time that I can recall that I actually had to help him … Most things just worked when he did them … Anyway, by the time he straightened out what I had brought the mail server to, it cost me $200.00 … I figure it probably cost me more due to the fact that people couldn’t get their email … but it’s working now, and that’s all that matters I guess …
The problem is that I don’t understand the mail server … There are many programs working in concert to facilitate the flow of mail and in that process weed out the bad mail and forward the good … The good thing is that I understand the mail server more after this experience … Where I left all of the thinking to the consultant and Mr. Bernstein, knowing the steps in which to rectify the situation I have a better understanding of what’s going on … The other problem is that the mail server isn’t just a mail server … It’s a web server, and imap server, pop, smtp, etc and a bunch of applications talking to one another again, to facilitate the flow of what is to be determined as good email …
This brings me back to the beginning … I am going to set up a parallel mail server … One that I can break and not affect the masses that depend on the mail server … In doing this, I will be able to learn more about all of those applications that work together to stop the bad people on the Internet … There are many ways to do this, and I would like to get more of them in place … The more I can do on my own to figure out how to make it work, the better off I will be in providing this for other people as I will actually know what’s going on … That is becoming more important to me as the cost of running the mail server starts to hit my wallet more … While it’s all Open Source programs, they’re getting much more sophisticated since the baddies are getting that much more sophisticated … I don’t want SPAM … I want to stop it … I could certainly pay someone to make that happen, but that goes beyond the scope of a working mail server … That goes into to custom stuff, and that’s what I want to pursue …
If you’re someone that relies on my mail server for mail, sorry about yesterday (Monday, September 18th) … I had nothing but good intentions in bring the mail server up to date on the applications processing the mail … portaudit was informing me of application that contained vulnerabilites, and I wanted to get them fixed … I just didn’t want to spend the money for a simple portupgrade … Well, now I know that all things that may seem simple aren’t always so simple …
This goes back to things I have said in the past, and they certainly ring true by this example … It may be very easy to set something up … There are many people out there setting up hosting servers that are all encompassing and selling cheap hosting on them … $1/mo., etc … They’re very easy to put in place, either by paying someone to do it or by using a basic understanding of server setups … Where the important stuff comes in is in the ability to maintain that server/application … Vulnerabilities pop up all the time … Microsoft and Apple have facilitated an automatic update feature to solve this … Every once in a while, my iMac tells me, “Hey, you need to update this piece of software!” and I do it … The Microsoft guys, I manually check on a regular basis, sooner if I know something is up, and that’s due to having one machine that still checks and informs me if there’s something going on …
So, I want to get to know my mail server since I have been working on a control panel of sorts that is keeping track of many things for me … The more I update it, the more things are revealed that I was unaware of … This is just things that people were able to get out of me for free since I wasn’t paying very close attention … The more I got this working, the better handle I got on things, and with the mail server also keeping a database, I want to tap into that and merge that into the control panel … If something can be queried, it can be updated and eventually I will be able to get my application running the entire network … I work on this as time allows … The more and more I work on it, the more and more I get to a hands off solution … But I digress …