server

Let me explain a bit about this graph.

First, our firewall has already chopped entire countries off from being able to access our mail server. Since I don't do business outside of the US, several major spam countries like China and Korea have been denied at the firewall. This reduced our inbound spam around 50%.

Next, I've implemented Greylisting. Greylisting stops about 98% of all of the spam that would otherwise hit our user's mailboxes.

The "Rejected" item in the above graph is partly a result of this greylisting. I can safely state that 99.99% of those messages are spam. With that in mind, you can see that we are blocking a huge quantity of spam at the server. This is spam that is never even accepted. The remaining rejected are triggered by one of the various Internet spammer blacklists that we use.

The "Spam" entry in the graph is the result of Spamassassin flagging probable spam.

Despite the entry for viruses, we aren't actually doing server side virus prevention as we're 99% Linux desktops.

To compare, only around 61,000 email messages were delivered by our server after filtering. That includes all outbound mail as well.

This HOWTO assumes you are already an Ubuntu 8.04 or 8.10 server administrator, and have a good level of understanding that goes along with that. If you don't know how to use "vi" or "nano", or you don't understand basics of XML files, this tutorial is not for you.

With so many companies experiencing data breaches due to external backup media, we take a bit of extra precautions with our data. Considering that we deal with electronic medical records, having our backups encrypted is a necessity.

Our workflow system creates backup DVD's of data, but restoring from those DVD's would take weeks at best due to the sheer volume of information we store. I've never been a fan of using magnetic media for backups, particularly hard drives, but in this case we have one copy of the data on DVD's and just need a media that allows for faster restores.

We decided to use external 1 TB USB hard drives from Western Digital. This left us with the challenge of encrypting the data, and making the backup drives easily swappable without needing root access.

Getting Ready

First, a few packages are needed. In our Ubuntu servers we had to install the following (your mileage may vary):

sudo apt-get install cryptsetup hashalot hal pmount ivman

Pound proxy is a great solution for adding a bit of a security layer, flexibility or scalability to your web server(s). If you're doing anything much more complex than hosting a blog, Pound may have some added value for you.

What Pound Is
Pound is a reverse proxy - that means you put it on the server end in front of your web services, not in front of your clients who need to connect to the general Internet. It takes web requests from end-users and distributes them among several web servers or services you may be running. Pound is also load balancing, so you can run multiple servers that look to the outside world as if they are just one, allowing you to spread the workload around.

What Pound Is Not
Pound proxy is NOT a caching proxy. By itself it won't help to speed up your server or network, but there is a lot of flexibility in Pound that will help you overall.

In Ubuntu, installing and using Pound is very easy. Simply install it and configure two files and you're off and running.

apt-get install pound

To enable Pound, you must edit the following file:

/etc/default/pound

Change it from startup=0 to startup=1. Before doing this, Pound will refuse to start.

The primary configuration file is located here:

/etc/pound/pound.cfg

I've just finished building what is soon to become my new primary MySQL server. It's a dual CPU, dual-core AMD64 running at 2 GHz each. I've put 8 GB of RAM in it right now, but the board will support up to 64 GB. It's running three Raptor 10,000 RPM SATA drives in a Linux RAID 0 (striping) for performance. No, there's not a mirror or checksum because not only will it have daily off-machine backups but will also be replicating to a backup database server when it's up and running.

I've configured network bonding, so it effectively has a 2 Gbps connection to the network. Right now I'm doing some serious load testing on the Raptor's since I've had issues in the past with them on another chipset motherboard. So far so good!