On 11.07.24 03:41, Geoff Steckel wrote:
On 7/10/24 20:40, Christian Schulte wrote:
Hello misc@,
I understand I will need to setup a different system from scratch and
replace various things (e.g. sendmail, milter-greylist, clamav-milter,
spamass-milter, http, imap, etc.) with something else. I would really
take the time to do it. Does OpenBSD support such a host? One fixed
IPv4 and IPv6 address?
My web/mail server is on a VM and I literally have no idea what the host
is!
It runs from os release (every 6 months) to os release.
IIRC it has 768Meg of (virtual) ram and 50GB (virtual) disk
The system comes with a core set of utilities and server programs
A mail and web server -might- need addons but they will work well out of
the box.
I would *very* strongly recommend that you use the provided http and
smtp servers
and any other ones that match your needs. The standard servers have been
carefully audited
for security problems. The config files are -much- simpler than the
apache servers or legacy sendmail, etc. Many come already configured for
a simple server or client.
Some of the milters are in the standard distribution or are in ports.
There are a lot of utilities and servers and... in ports. Thousands.
My imapd is from ports. It needs a tweak that I'll put in and submit
Real Soon Now.
it does work quite well.
My setup has one IP4 address and a /64. I have a tunnel to my home network.
If you have VNC console access the half-yearly release update requires
"doas sysupgrade"
and afterwards
"doas package_add -u"
and you're done.
(doas is the sudo replacement - simple and easy to configure
IIRC it comes set up for group wheel or you remove a #)
The biggest downside is that the ports lag the "bleeding edge" by a year
or a little more.
The core system maintainers are very conservative. The group is small
and they concentrate
on the kernel and core utilities. There is a peripheral group of ports
maintainers, etc.
a "ps a" shows about 20 daemons running. Many are split into 2 or more
processes for
for security - one runs as root which configures and runs the others
without privileges.
hth
Geoff Steckel
good luck
Geoff Steckel
It's like migrating the last 3 decades of your life to a new system. I
knew that would hit me sometime in the future, when some commit made the
a/c controller disappear back then. Fan controller stopped working after
an update. And that was used to control air conditioning. Burn your
basement, set your house on fire -> use linux.
<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.10-rc7&id=c46c0e9188685c0276b4c0adf9fb7e903937e35b>
Running OpenBSD since then personally. Never had a chance to install it
to a server, because the providers did not support it. Now they do.
Making a list of what I need to do will take an awful lot of time. For
example, I would not want to install an apache http server, just because
I need DAV support for subversion, file uploads during automated release
processes and so on. So I understand how much effort it would take to
e.g. enhance the default httpd in OpenBSD base to support all of that.
Maybe no one wants that httpd to support such kind of things. What do I
know? And that's just one example. We are talking months fulltime here
already. This will need an awful lot of planning...and an awful lot of
asking questions here on how to replace this and that form here and
there with something the BSD way. Never had a single issue with OpenBSD
since I installed it back in 2009. Not a single one ever since.
Regards.
--
Christian
