Building a Postfix-based mail system for incoming and outgoing email, capable of successfully sending one million emails per day

It was necessary to build an updated mail system for a client which would handle all incoming and outgoing email, and which could handle successfully sending out an average of one million emails per day. This was based on Postfix, since Postfix is known for reliability, robustness, security, and relative ease of administration. Building a Postfix mail system capable of handling so many emails is quite a significant aim at a time when establishing a positive reputation for independent mail servers delivering high volumes of email is quite a challenging goal.

Continue reading “Building a Postfix-based mail system for incoming and outgoing email, capable of successfully sending one million emails per day”

Security hardening on CentOS 7, Red Hat Enterprise Linux 7 & Amazon Linux

A few years ago I wrote a quite popular post for security hardening on Ubuntu 14.04, and now here’s a new version for CentOS 7 and RHEL 7. Much of it should apply to CentOS/RHEL versions 6 and 8, with some tweaks required here and there. It should also largely work with Amazon Linux and Amazon Linux 2, although again some tweaks will be required for those.

Continue reading “Security hardening on CentOS 7, Red Hat Enterprise Linux 7 & Amazon Linux”

Script to detect MAC addresses of new devices connecting to local network

I wanted to get notified of any new machines connecting to my local network so that I could be reasonably sure there would be no unauthorised devices connecting wirelessly to use my network for unknown and potentially malicious purposes. I therefore wrote a simple script to detect new MAC addresses appearing on the network and notify me accordingly. The script requires nmap to be installed and should ideally be run from cron with the output going to a valid email account. The script can be obtained from my GitHub.

Monitoring HP ProLiant DL360 hardware in CentOS, with Nagios (optional)

My original post for monitoring HP storage hardware in CentOS is now out of date, so I decided to write an updated post for monitoring all hardware, not just storage hardware, and for optionally including this hardware monitoring in Nagios.

This is written primarily for CentOS 6. It should be largely fine for CentOS 5 and CentOS 7 too, although one or two modifications may be needed. It should also work with some other HP ProLiant servers such as the DL380.

Continue reading “Monitoring HP ProLiant DL360 hardware in CentOS, with Nagios (optional)”

Reclaiming storage space on two-node MongoDB replica sets

At mongodb.org they seem to assume we can create MongoDB replica sets using unlimited numbers of instances which have infinite amounts of storage. In practice, however, we often need to use replica sets with only two nodes (plus arbiter) which have limited storage. The problem then is that MongoDB has the tendency to use vast amounts of disk space without reclaiming the space from dropped data, so it consumes ever-increasing amounts of storage. It’s then hard to deal with this storage problem given the limited options available in a two-node replica set.

A solution to this is clearing all the data from each node in turn, which forces MongoDB to rebuild its data using only the disk space it needs. When performed on a regular basis, this stops the amount of storage which MongoDB is using from constantly increasing at an unacceptable rate.

Continue reading “Reclaiming storage space on two-node MongoDB replica sets”

Setting up an IPsec VPN on pfSense 2.1 for mobile OS X and iOS clients

I recently had to configure the open-source firewall pfSense to allow VPN access for mobile clients, particularly those using OS X on Macs and iOS on iPhones and iPads.

I haven’t found too many examples out there from people who have set this up successfully, so I thought it might be helpful to share this information for others who are trying to set up a similar VPN configuration.

Continue reading “Setting up an IPsec VPN on pfSense 2.1 for mobile OS X and iOS clients”

SysAdmin fame at last!

I was interviewed for a careers feature in the esteemed PC Pro magazine, and my article has been printed in the latest edition:

Matt Brock - Linux system administrator

I think they’ve done a great job of editing my original monologue into a compelling description of the excitement, challenges and rewards of administering computer systems and managing infrastructure, and I hope it helps to encourage college graduates and other potentially interested individuals into the field of system administration.

In the meantime, I’ll continue to enjoy my fifteen minutes of fame…

Monitoring PERC RAID controllers and storage arrays on Dell PowerEdge servers with Debian and Ubuntu

If you have a Dell PowerEdge server with a RAID array then you’ll probably want to be notified when disks are misbehaving, so that you can replace the disks in a timely manner. Hopefully this article will help you to achieve this.

These tools generally rely on being able to send you email alerts otherwise their usefulness can be somewhat limited, so you should make sure you have a functioning MTA installed which can successfully send email to you from the root account. Setting up an MTA is beyond the scope of this article, so hopefully you already know how to do that (or you can check out my new post on setting up a Postfix-based mail system).

Continue reading “Monitoring PERC RAID controllers and storage arrays on Dell PowerEdge servers with Debian and Ubuntu”