Category Archives: Server Notes - Page 2

Recompiling a Debian Linux kernel package

I’m recompiling my linux kernel on one of my home (Debian) servers that has dual processors today. When I initially compiled the kernel on this system I mostly followed the instructions on this site. I’m going to base my recompile on those same instructions. If you’re looking for a very detailed guide to building a kernel package you might try this site.

The first thing I needed to do was make sure I had the appropriate tools to build a Debian kernel package (my preferred method of kernel installation) so I issued a command like this:

# apt-get install debhelper modutils kernel-package libncurses5-dev fakeroot

The next step is to download appropriate kernel source packages. I want both a 2.6.x and a 2.4.x kernel so I selected both:

# apt-get install kernel-source-2.4.27 kernel-source-2.6.8

To do this correctly you should change the kernel package config file to include specific (name & email) details about your package. I also made sure to set the SMP concurrency_level to 2.

# vi /etc/kernel-pkg.conf

Next I entered the source directory, unpacked the source and moved into the unpacked directory.

$ cd /usr/src
$ tar --bzip -xvf kernel-source-2.4.27.tar.bz2
$ cd kernel-source-2.4.27

Since I haven’t been having any problems with my existing kernel configuration and just want to make some changes to it I copied the existing config file into the source directory.

$ /usr/src/kernel-source-2.4.27
# cp /boot/config-2.4.26-20040815-1-chiefgreen .config

I like to modify my kernel settings using the menuconfig program.

$ make menuconfig

You want to clean existing build files before attempting a build.

$ make-kpkg clean

Time to build the kernel package, you can change the append information to match your specifics.

$ fakeroot make-kpkg --append_to_version -20051203-1-686-smp --initrd --revision=rev.01 kernel_image modules_image

You’ll get a warning about using initrd without the cramfs patch, we’re ok because we are using debian kernel sources and not pristine ones. Continue past the warning and take a break while your kernel builds. Next you’ll probably want to install your new kernel using the dpkg tool.

$ cd ..
# dpkg -i kernel-image-2.4.27-20051203-1-686-smp_rev.01_i386.deb

Check to make sure the boot loader is set to boot the new kernel, reboot and kick the tires.

If you want to add the MPPE patch to the kernel package you’ll need to do some additional work. I did this based on the instruction on this site. First get a copy of the MPPE patch.

# apt-get install kernel-patch-mppe

When you do your make-kpkg you need to add an –added-patches mppe command.

# make-kpkg --added-patches mppe --append_to_version -20051203-1-686-smp-mppe --initrd --revision=rev.01 kernel_image modules_image
During the build you will be asked if you want to include PPP MPPE compression. If you include it as a module after you reboot with your new kernel you can test it with:

# modprobe ppp-compress-18 && echo success

If this works, “success” will be displayed. If you are on a console or watching syslog, you may see:

ppp_mppe: module license 'BSD without advertisement clause' taints kernel.
PPP MPPE Compression module registered

These messages do not stop it from working.

If you find it’s taking far too long to build your kernel packages and you have other systems availible you may be able to use distcc to help speed the compiling process.

Postfix SMTP AUTH support for relayhost

Tonight I changed my relayhost for my outgoing home mail server to one that requires me to use SMTP AUTH so I needed to modify my main.cf on the outgoing server as follows.

Added the following settings to /etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Create /etc/postfix/sasl_passwd as follows:
my.mail.relay.net username:password

Because the password is in cleartext make it root only:
# chown root:root /etc/postfix/sasl_passwd && chmod 600 /etc/postfix/sasl_passwd

Create the hash file:
# postmap /etc/postfix/sasl_passwd

Make the hash file world readable:
# chmod 644 /etc/postfix/sasl_passwd

Reload the Postfix config:
# /etc/init.d/postfix reload

Using a CACert Certificate for Postfix TLS

Last year I started using TLS encryption on my email server with a self signed 365 day certificate. Since that time I started using CAcert for certificates so when my self signed certificate expired early this week I was able to modify the instructions found on this website to use a CAcert certificate on my Postfix mail server.
Read more »

Inherited Systems

I was recently given an old Sun SparcStation by a former collegue and know that I want to use it to manage my Linux servers from my desk. I’m also interested in using it as an Xserver (which is really a client, confusing I know) for some graphical applications. Being an Linux believer I would prefer to do this with Linux as opposed to Solaris. While searching the web I found these sites to be of use and made these notes:

SuSE supposedly supports SPARC. It appears such support has been discontinued in newer versions of SuSE. Of course Debian supports nearly everything but I don’t really want to mess around with a full distro for such a simple project.

UltraLinux is a SPARC based distro

TLDP (The Linux Documentation Project) has a SPARC HOWTO

The Linux Terminal Server Project supports SPARC

A specific howto for getting the LTSP to work with SPARC

Testing mailserver DNS records

The other day I needed to check on some DNS mail (MX) records and stumbled across the “Interactive DNS MX-verify” CGI page which checks to see your mailserver is accessible from the internet and taking SMTP connections.

Case #: 108688087, The Evil AOL

A problem has cropped up with moving my email server in-house (literally) as I mentioned last time. No, my email server is working great and my configs are impeccable. The problem is with the evil postmaster at aol.com. Although we no longer have any problem getting our mail server to send mail to people it seems that the evil powers that be at aol don’t want anyone at AOL to get email from us. I never noticed the problem as I don’t typically communicate with people that use such an inferior service and pay such inflated rates, unfortuantely my Mom has a bunch of friends that haven’t yet discovered the joy of brodband or the locally-owned (and less expensive) alternatives.

After digging around for some time I discovered that AOL has decided to block all incoming email from servers that do not have static IP (business class) addresses. While this effort may seem prudent to block spammers sending massive quantities of spam through home email servers, in fact more spam gets through to AOL users than almost any other service and my legitimate email does not. I was able to track down a phone number for sysadmins with problems sending mail to AOL (imagine having a phone number for just that problem) of course it was long distance and not an 800 number. After getting a postmaster from AOL on the line I was asked (interregated) as to why I needed to run a server from home, I explained that my ISP provided unreliable mail services, they proceeded to tell me that I needed to upgrade my broadband to business class service (more than twice what I pay now per month) or I needed to relay my mail (hmm interesting they suggest doing the same thing spammers do to hind where the mail really comes from) I found both solutions totally unacceptable.

I proceeded to call their standard customer support 800 number as if I were a customer (my parents are) of AOL who could not receive mail. I got some poor lady in India who tried to tell me first I had mail controlls set up on my AOL screen name preventing the mail from getting through. Finally I got her to beleive this was not the case and shoe could hardly believe this was the case. Eventually she opened a trouble ticket with the real engineers who would “look into and promptly solve my problem, very promptly” of course I had no faith that this would happen. To add insult to injury before she let me off the hook I “needed to talk to a ‘benefit’s specialist’ about getting $35 free in my AOL online shopping account” the “benefit’s specialist” was someone playing pre-recorded messages trying to get me to sign up for some service, when I made a comment such as “no thanks” they would hit a button saying “if you would take a moment to reconsider this valuable offer from AOL…” it was an endless and vicious cycle, I finally gave up and said “I am now terminating this call” what kind of psycho organization tries to sell you something when you finish with a tech support call? This is stooping to a new low, even for AOl…it was entertaining though.

In the end I gave in, sort of. I have set Postfix to route mail going to AOL.Com and only AOL.Com email addresses through my ISP’s unrelaible mail server. It’s not the best solution, nor the internet standards based correct one, but after all someone has to help these poor AOL users see the light, next project… Tag all messages to AOL addresses with a link to this post so everyone we send mail to at AOL understands why AOL really is an evil corporation that just won’t play with the same internet standards everyone else does.