site report

Monday, 7. April 2008 19:36 - daniel - Server - 0 Comments

Some stuff has been going on behind the scenes at Mainly, we moved some of the services from the other servers to my box.

The first step was to move to my server. Our old host kicked the whole site off his server, because the update service created a too high load on his box. We were partly to blame, because we didn't spread the load of our update service properly, but it's still annoying if your website gets blocked without prior notice.
Well, in the end we moved the stuff and with that the update service to my box, and updated the autoupdate function of the add-ons to spread the load better. I didn't had any problems on my server since. The main site remained on the old server.

The next step was to update the forums. phpBB released version 2.0.23. It was kinda trick to install it since we use a lot of plugin to counter spam, add functions for the admins and users and make phpBB generally behave like we want. But in the end we had a up to date board again ;). We also enabled some addition checks to prevent spambots from registering. Namely, some bots that use addresses and a very distinctive usernames that may look like real ones but follow a clear pattern.

Recently, the svn and trac service was about to shut down. So I spend the whole day today to move svn and trac from the old box to mine. Both services seems to be running fine after I got the config right and installed all the previously enabled plug-ins for trac.

If you find errors or got suggestions, you can leave a comment or send me a mail to (PGP Key) or


Thursday, 14. February 2008 9:32 - daniel - Server - 0 Comments

There was a litte problem with the new SPF records yesterday. I'm running openvpn on my server and use SNAT to send the traffic to another IP than the http, ftp, dns services are listening on. But apparently it also sent the traffic originating from my server from this IP. Atleast one mail server had problems with this:

<> host[] said: 550-5.7.1 {mx090} The
recipient does not accept mails from '' over foreign
mailservers. 550-5.7.1 According to the domain's SPF record your host
'78.*.*.*' is not a designated sender. 550 5.7.1 ( ) (in reply to RCPT TO command)

The solution was simple. Instead of directing all traffic I added an additional source IP match to the command.

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 78.b.c.d

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 78.b.c.d --source

SPF record

Monday, 11. February 2008 8:34 - daniel - Server - 0 Comments

I just created a SPF (wiki) record for If anyone experiences problems sending or receiving mail from, let me know.

SSL for

Saturday, 20. October 2007 18:56 - daniel - Server - 0 Comments

We recently moved from NGZ to Hetzner. NGZ was a nice host, but they recently changed their price model, resulting in higher prices for our server.

The move gave me the opportunity to change a few things in the servers configuration, on of this is things is SSL for the web interface. SSL certificates are normally very expensive, but there are a few organisations that grant free class 1 certificates. One of them is startcom, a certification authority and linux vendor form Israel. You can even get a class 2 certificate (verification of your identity) for 20$. The startcom root cert is already recognized by a large number of browser and if your browser doesn't include it, you can install it.

Anyway, is now using SSL for http (including web interface, webmail, etc), FTP over SSL, imap/pop3-ssl and smtp-tls.

Poison for you mail server: virus scanning - Update

Monday, 6. August 2007 0:07 - daniel - Server - 0 Comments

I'm running spamassassin + clamav on my server to filter spam and virus emails. This is pretty effective and keeps my inbox nearly 100% clean. But this also has some downsides. Over the last few days I received hundreds of email bounces. Everyone of these messages is passed through the scanners. The result was a 14 hour email queue and a load of nearly 2 on my 2500+ AMD Athlon box. Since that box is also used as a webserver I had a problem. The solution was to disable clamav.

Without clamav parsing every message, the quese was gone within minutes and the load dropped to a normal value. I have no idea why clamav needs that much processor time, but if you have load problems on you system with a similar setup, consider disabling the anti virus scanner.

[Update Oct. 21, 2007]
You can avoid this by using clamav-daemon instead a direct call to clamav. Syscp's default is a direct call to clamav. Not very clever if you ask me.