Saturday, April 28, 2007

The joys of e-mail administration

I've dabbled in e-mail services for sometime now. It's one of those things that would normally be within the sysadmin's domain but usually falls on the netadmins task list. I think it's something to do with the diagnostic/trouble shooting process - it's pretty much the same as most network issues.

This week was 'fix the mail server' week. Resurrect it and get the mail flowing as it should.

The mail server is a moderately new 'oem' box with average kit and runs CentOS 4. For some reason sendmail is what they have used, personally I have always liked postfix - especially when its combined with policyd.

Sendmail was having a lot of trouble sending e-mail to a few domains that were also fairly popular among the users. I quickly narrowed the problem down to a flaky link causing connections to time out - likely a issue with using PPPoE over wireless and then going though some magical shaping gateway to the 'net. So I set up forwarding to the service providers IronPort mail server - once I had figured out the particulars of getting sendmail to forward via an authenticating mta, the outgoing mail queue was kept nice and empty.

Once that was done, I then focused on the viral aspect of email. It appears the anti-virus in use on the mail server was way out of date and while its defs were up to date, the engine simply couldn't detect many of the popular worms. So I left it as it was and installed ClamAV - it's doing the job fine.

Next was figuring out how they were using procmail to process messages. This is where I discovered, to my displeasure, that they were using procmail to run spamassassin and the anti-virus, along with some basic procmail type spam filtering. What a waste of resources processing mail at the mailbox stage is. So I've shifted those tasks to the MTA where they belong. Procmail is for users to distribute mail among folders and vacation messaging when .forward isn't enough.

So now the server has basic virus and spam filtering abilities once again. Next step is to look at shifting over to postfix and implementing various policy daemons with their grey/white/black listing, SPF, spamtraps, HELO checking and weighted scoring goodness. I will also use amavis-new or xamime to run stuff through a few anti-virus scanners and deal with mail accordingly.

With all these changes I was forced to implement a rather draconian policy of limiting message sizes to 10MB. This was all that the ISPs mail server would accept, not that I disagree - it's e-mail, not FTP... So being the friendly BOFH I had to offer my flock an alternative to send those large files to outside recipients. In comes PaknPost, a http upload/emailer webapp. It's written in perl and free - what more could I ask for? This allows users to send up to ten files to anyone they like, with virus scanning, file encryption and HTTPS transfer. I'm quite happy with the initial results, user abuse will be the ultimate test.

Saturday, April 14, 2007

Another intense week

Today I spent the morning at the new Australia Zoo "On the Beach" shop opening. Basically making sure everything IT wise went smoothly, and that it did, until the afternoon when the main link into the Zoo decided to drop causing them to fail... that was an interesting hour.

I'm endeavoring to maintain the level of client satisfaction that I desire in the given environment. There needs to be changes made to streamline desktop support as much as possible to allow IT to concentrate on how to improve on other services such as telephony and core services. Plus there needs to be time given to proper planning and implementation with the necessary change control procedures. I guess I'm asking to be allowed to take a proactive approach to IT services.

The highlight of the week was seeing a wombat riding in a trolly/cart type thing.

Wednesday, April 11, 2007

First week at the 'zoo

It's been very intense. Point-of-sales terminal upgrade across the board, working alone on Saturday and planning and configuring various highly technical functions in a extremely short period of time. That's just a few of the many tasks I faced during the first week on the job.

There is much that needs to be done however the time frames for doing so is worrying. For example setting up dual DSL connections for load-balancing with VPNs between Mooloolaba and the 'zoo in a matter of hours isn't something I would like to do often. Other future plans are to upgrade the PBX system incorporating VoIP, site wide Wireless coverage and E-mail services upgrades.

There is also a LOT of tidying up to do of existing services. I will be working on various scenarios on how to address the zoo's requirements while also trying to reduce vulnerabilities, effort and cost.

Another note - I need to brush up on my 'controlling client expectations' exercises.

Wednesday, April 04, 2007

The end of one saga, the beginning of another

Today marks a turning point in my IT career. I have officially finalized my employment at AccessPlus and tomorrow I will continue my career at the Australia Zoo.

The send off wasn't that extravagant, a simple lunch with Don and Andrew and at the end of the day I said my goodbyes and left without further discussion.

I will continue to have something to do with Marinanet - that's still yet to be decided. I will also continue to consult independently to local businesses and individuals on their wireless/network, linux/bsd, OSS needs. Be it on a purely part time basis.

Given appropriate authority I will continue writing about my work at the 'zoo. I feel it will prove just as interesting, hopefully more, as my work at AccessPlus.