ezjail-jail: making a full backup of a FreeBSD jail with Bacula

Leave a Comment / Backups, Bacula, ezjail, FreeBSD, Jails / By /

I’ve been using Bacula since early 2004. I’ve been using FreeBSD since 1998. Jails are a relatively newcomer. I starting using it later in 2004. But it’s only recently that I’ve started using them intensively. Backups are always a touchy subject. With ezjail, the files you need to backup are greatly reduced. You’re not backing up the base OS, just the local files. I’ve created a fileset which seems to do the right […]

ezjail-jail: making a full backup of a FreeBSD jail with Bacula Read More »

Mail backups using newsyslog.conf for rotation

1 Comment / Mail, maildrop / By /

I first mentioned this idea yesterday. This morning I started implementing it. UPDATE: this strategy is mentioned in Scenic BGP Route | TechSNAP 137 at about 0:47:30. I back up my mail. On a regular and frequent basis. However, I wanted something more. What about the email which comes in between backups? How can I capture them and restore them after restoring my backup? Yesterday I had an idea: Keep a copy of

Mail backups using newsyslog.conf for rotation Read More »

Using mbox for mail backup

3 Comments / Mail, Open Source / By /

I’ve taken to the concept of sending a copy of each incoming email to a second server, for backup. This could be achieved by an alias. Store them in mbox format. Use newsyslog to rotate it over time. UPDATE: this strategy is mentioned in Scenic BGP Route | TechSNAP 137 at about 0:47:30. As part of disaster recovery, my Maildir would be restored from backup. The emails which arrived after the backup would

Using mbox for mail backup Read More »

Using nullmailer instead of a full blown mail server

Leave a Comment / Mail, Open Source / By /

My mail server of choice is Postfix. I’ve been using it since 1992. It is what I install on all my servers. But that is going go change today. I just installed nullmailer on my DHCP server. When your machine just sends outgoing email, just as notices, you don’t need a full blown MTA. Something like nullmailer should suffice. The system I’m working on is a FreeBSD jail running FreeBSD 9.1-RELEASE-p4. I’m about

Using nullmailer instead of a full blown mail server Read More »

Using ezjail-admin archive to create a new jail, almost like an existing jail

Leave a Comment / ezjail, FreeBSD, Jails, PostgreSQL / By /

I use FreeBSD Jails. I use them a lot. I have jails for websites. I have jails for regression testing, mail servers, OpenVPN servers, etc. I like jails for many reasons. One of which is being able to create a new jail which is pretty much identical to another jail, except for a few things. In this case, I wanted to create a new jail to do regression testing for Bacula, the best

Using ezjail-admin archive to create a new jail, almost like an existing jail Read More »

One StartCOM cert works; the other does not

Leave a Comment / Open Source / By /

Following on from the StartCOM verus Apple issues I mentioned yesterday, I have created a new 4K certificate from StartCOM. Apple has no problem with that certificate. I was in the process of setting up some test servers: Dovecot with a 2048-bit cert Dovecot with a 4096-bit cert Cyrus with a 2048-bit cert Cyrus with a 4096-bit cert I started with Dovecot and was testing each one as I set it up. As

One StartCOM cert works; the other does not Read More »

Postfix client certificate verification

Leave a Comment / FreeBSD, Mail, Open Source, Postfix / By /

I decided to set up some of my mail servers to require certification authentication on the submission port (587). In my case, I want to forward mail from my server at home to my public servers out there on the Internet. I don’t want just anyone to be able to submit mail here, so the easiest way for me do to this was with certification. I could have done it with IP addresses,

Postfix client certificate verification Read More »

mail.app on Apple OSX and IOS fail when connecting to 4096-bit StartCOM certificates

Leave a Comment / Security / By /

NOTE: this post title is inaccurate. It was not until later that I discovered the problem was related to 4908-bit certs, not 4096-bit certs. I appear to have found a bug with OSX and iOS. Neither one can handle a 4096-bit certificate by StartCom. Changing to a 2048-bit cert allowed the connection. I have not tested 4096-bit certs from other issuers. The scenario in question is an IMAP server running Dovecot. I tested

mail.app on Apple OSX and IOS fail when connecting to 4096-bit StartCOM certificates Read More »

Unable to load config info from /etc/ssl/openssl.cnf

Leave a Comment / General / By /

There I was, just minding my own business, creating a new certificate request, when bang! I got hit with this: # openssl sl genrsa -des3 -out imaps.unixathome.org.key 2048 Generating RSA private key, 2048 bit long modulus ………………………………………………+++ ……………………………………………………………………………..+++ e is 65537 (0x10001) Enter pass phrase for imaps.unixathome.org.key: Verifying – Enter pass phrase for imaps.unixathome.org.key: # openssl req -new -key imaps.unixathome.org.key Unable to load config info from /etc/ssl/openssl.cnf What? Are you in a jail?

Unable to load config info from /etc/ssl/openssl.cnf Read More »

different times despite running ntpd

Leave a Comment / FreeBSD, Nagios, nrpe / By /

Last week, while at EuroBSDCon in Malta, I noticed that one of my servers had the wrong time. It was Bacula who told me, through this message in one of the backup jobs: 28-Sep 21:59 nyi-fd JobId 144899: DIR and FD clocks differ by -5 seconds, FD automatically compensating Fixing the time I connected to all my systems, and ran date(1). One system was by 2 seconds, and another was off by 5

different times despite running ntpd Read More »

Scroll to Top