A Debian install: it rocks, but…

May 18th, 2004 § 3 comments

I have been using Debian in this server for a few weeks, and it really rocks. I have used Linux for a few years already, both as a server and as a desktop system in various settings, but I was always reluctant to install Debian in any of them. Debian’s reputation for reliability was equaled by its fame as a hard-to-install Linux distribution. After using Mandrake Linux for over ten months as my primary desktop, I was loath to install a system where I would have to forget the handy configuration tools and edit countless text files instead.

Anyway, a few weeks before I started configuring the server, a co-worker installed a Debian server at work. Curious to check whether Debian’s reputation was true or not, I decide to help him — or rather, to see how he would do it. After following the install procedure, I’m convinced that installing Debian is a bare machine is not a task for the faint of heart. Despite Debian’s installer, if anything goes wrong an intimate knowledge of Linux is required to handle the problems that may arise from the install process. After using the installer that comes with Mandrake Linux a couple times in the past years, I was hardly impressed.

Things changed when I saw apt-get in action. As I said in a previous entry, apt-get was so useful that I was instantly hooked. Also, after using the server for a couple weeks, I noticed that the packages provided with Debian went far ahead the packages provided in other distributions in terms of easy of configuration. Dependencies and conflicts were smoothly solved, and everything worked just fine. So, when I rented a server with Bytemark Hosting, and was offered a choice of four different Linux distributions, I had decided that I would try Debian there. I could use Debian, Gentoo, Slackware, or a customized Red Hat clone. Slackware was out of question since I have no experience with that distribution. A Red Hat clone was also out of question because I only tolerate RPM packages because Mandrake makes it easy to install them. I almost considered Gentoo, but I had tried it a few months before, and apt-get is much better than emerge in my opinion.

Bytemark hosts user-mode Linux virtual machines. Although they are a bit limited sometimes, they more than compensate for those limitations in their ease of maintenance. If, for any motive, you decide you need a fresh install, it’s just a matter of typing a couple commands in the prompt and you have a brand new install to tinker with. I happily installed Debian, and started the long effort to configure all I needed.

The following two weeks proved to be a huge learning lesson. I had administered Linux servers before, but I never had had total control over the system, and never had to install everything from the scratch. Luckily, since the Debian install from Bytemark has a lot of goodies already set up so I didn’t need to configure the most basic services like network and such.

When I decided to have my own server, I decided that I would run everything the way I wanted, including SMTP, IMAP, POP3, HTTP and CVS servers. After a lot of research, I settled on the following configuration:

For the web server, Apache was the way to go. Since I have control over what modules I can install, I added modgzip, modlogsql, modauthmysql, and modpython. With modlogsql I can log all my web traffic on MySQL and run quick queries to feed my ever-growing narcissistic self. Also, as I’m doing a lot of Python development now, modpython will be an interesting addition to the tools I’m using. With modauth_mysql I can authenticate users and groups directly from MySQL tables, which are much easier to maintain them password files.

For web traffic analysis, I also configure AWStats. Not all my uses want or know how to query a database so I set it up as a cron job for the users who require this kind of stuff.

On the mail server end, I decided to go with Postfix. I don’t know how it compares with other mail transport agents out there, but I found there seems exist more documentation about it. Since I wanted to integrate the mail server to other tools like virus scanners and spam filters, Postfix seemed a good route. And I think it was.

Once Postfix was up and running, I need to configure it to support multiple domains, IMAP, POP3, spam filtering, virus filtering, and mail filtering. For IMAP and POP3, I used Courier Mail Server. Courier is a complete mail transport agent, but I decided to just integrate it to Postfix, using the parts I needed. I also configured it for SASL authentication, to provide better security. From Courier, I also used Maildrop, which is a local delivery agent with filtering capabilities. Configuring Maildrop was very difficult but I managed to get it running after a few sleepless nights.

To reduce the amount of trash in my users’ mailboxes, I integrated Postfix with Amavis, ClamAv, and SpamAssassin. It worked like a charm, although I still need to find out why SpamAssassin is not detecting as much spam as it detects when running locally at home. So far, its accuracy has been a bit low. ClamAv, on the other hand, has detected and eliminated every single virus that reached my server.

Webmail was done with SquirrelMail, which, albeit being terribly ugly, supports plugins and virtual domains.

Since I will also run mailing lists in some sites here, I had to choose a mailing list manager. After a bit of research, I had to decide between Mailman and Sympa. Sympa had better virtual domain support and lacked none of Mailman features so it was an easy choice.

FTP was done using Pure-FTPd. I don’t have much experience with it, but so far it has proved to be a good FTP server. It has a focus on security, has lots of useful features, it’s easy to run and manage, and just works.

One of the things that motivated to go with the programs I describe above was their ability to integrate with MySQL. As I host a bunch of domains, I didn’t want to keep track of a myriad of text files across a lot of directories every time I need to add a new domain, sub-domain, change a password or modify any other setting. MySQL gives me a central place to host that data, and it’s easier to write scripts to update databases than to write scripts to parse and change text files in dozens of different formats.

Setting up all those applications was a very hard thing to do. Without Google, I would never have managed to do it. Postfix and Courier, for example, took me a couple days to configure since their Debian packages lacked some of the features I needed out of the box. Also, in some cases documentation was very sparse and I had to guess how some files looked like on Debian. It was quite an adventure, I can say now.

So, Debian rocks, butÂ… But what?

As I mentioned before, I’m used to Mandrake Linux at home. RPM packages suck, but Mandrake hides most of the problem behind user-friendly tools and nicely packaged distributions. And what I like the most about Mandrake Linux is that it’s always up-to-date with regards to the latest and greatest releases out there. Debian, on the other hand, has a much longer release cycle. Woody — its latest stable version — it’s almost two years old already. And as only security patches make their way into the stable version, almost all packages on it are outdated. So, when I started configuring the system, I found out that many of the versions of the applications I needed didn’t support the features I wanted if they came from Debian stable.

Debian testing and unstable had newer versions of most of those applications. But their names clearly show that you can’t always trust the packages in them to work correctly. Also, even the packages in those releases were slightly out-of-date with regards to the some versions I needed.

In the end, I had to run a mixed system, which involved getting packages from a bunch of different sources. Thanks God for backports, which solved most of my problems. My Postfix version, for example, runs directly from a backported package. In a couple cases, I had to create a local repository since I couldn’t find the packages I wanted in any of the official or backported sources. Maildrop was the most complicated part of this process, since no version I found had MySQL support built-in. I ended up compiling it separately, from the sources in its site — for some strange reason, the Debian packages failed to compile under my system.

All in all, I liked the experience. Debian is truly a stable system. Needless to say, although I spent a couple of days configuring the system, using my very copious free day, I never had to reboot the system to get some service running. I’m still learning to tread my way across the difference between Mandrake and Debian, but I’m loving every moment of it.

§ 3 Responses to A Debian install: it rocks, but…"

What's this?

You are currently reading A Debian install: it rocks, but… at Reflective Surface.