mrnaz@hotmail.com
1885523
mrnazdotcom
Arthroscopy
Well hi there, dear readers. It may come as a surprise to many of you that I have just undergone surgery. Actually, it was a surprise to me too. Here's the scoop.
A few weeks ago I noticed a slight sensation in my right knee during Brazilian Jiu Jitsu training. It was not painful at all, but I could feel a slight sensation that let me know that there was something that may be not quite right. So, I decided to go for an MRI, which happened last week, Monday morning. Later that day, I went to see an orthopedic surgeon who had a look at the scans and informed me that I had a rather severe meniscus injury that required corrective surgery. I managed to get a spot in a hospital for the following Wednesday.
Having had the same operation, an arthroscopy, on the left knee several years ago, I was aware of what was going to happen. The surgery went well, and now, 6 days later I can definitely say that I can feel the knee slowly getting back to normal. I am still hobbling around on crutches, but the swelling is going down and I think I'll be back to normal in about 2 weeks.
Whenever one has experiences like this, where our body's limitations are illustrated with inescapable clarity, it is always an opportunity to ponder the real blessing that health and youth represent. Since the surgery, small things like showers and getting changed have become real challenges. The fact that I never noticed such things highlights just how true it is that we take everything for granted until it is lost. When one ponders this point, it becomes depressingly apparent how people today squander their very lives away; their health with things like alcohol, drugs and smoking, their time with tabloid junk and pointless television and their intelligence with obsession over sporting events and meaningless chatter.
It is only when one is faced with this sort of reminder that we are forced to contemplate our limits and our mortality. I pray that I do not lose sight of the fact that health, wealth and time are finite, and that failure to use these wisely and productively while I have them would be the most tragic waste of life as well as cause for unimaginable regret when, inevitably, I no longer have them.
Netgear SPH-101 WiFi Skype Phone review
I have recently purchased a Netgear SPH-101 WiFi Skype phone. Having previously owned a Netgear Skype Phone, the wired SPH-200D and having been pleased with it, I was expecting the newer WiFi version to be an improvement. Alas, I have to report that I am very disappointed with my experience thus far.
Before I launch into my whinings, I'll begin with the pros of the handset. After all, it's not all bad. Well, not quite, anyway. The handset is an attractive and simple design, making it accessible for non-techie users to approach without feeling intimidated. It feel reasonably sturdy in the hand. That's about all I can say to praise the unit. From here on, it's all bad.
Let me say right now that I do not recommend this phone. I had a far better experience with the SPH-200D, which gave far more reliable service and clearer connections. The 101 WiFi phone firstly seems to have a very poor WiFi chipset, as calls begin to garble as I walk away from my wireless access point. Ranges that are quite fine for my laptop cause the 101 to drop calls. This is my biggest gripe, as the 200D managed to get greater range from its base station than the 101 gets from the AP. There's not point in trading away the wired base station for WiFi connectivity if you're going to put a rubbish WiFi arrangement in the handset.
The other major problem I have with the phone is the software and CPU. While the software is familiar, essentially identical to the 200D with the exception that it cannot make calls from a normal landline (it has no base station to do this), the handset feels far more sluggish. The software is slow to respond to keypresses and takes upwards of a minute to boot from off. This is made all the more annoying by the fact that due to an abysmal battery life, the handset is almost always off when you want to use it, meaning your call becomes tethered to a charging cable.
Personally, had I a choice, I'd go back to the 200D. The ability to make normal landline calls, the far superior battery life, the greatly improved range and faster software performance far outweigh any benefit of having the handset WiFi enabled. Unless you plan on taking the handset traveling with you to hotspots elsewhere, this is not a benefit, and remember, it can only log onto hotspots where there is no authentication, only a simple WEP/WPA passphrase, making its usefulness even in this area severely limited.
In short, the SPH-101 is a poorly designed and badly thought out implementation of a Skype device. It is obvious to me that nobody from Netgear tested the device, as they would have discovered that its software speed is too slow to be considered tolerable. I will try to get my hands on a Belkin handset, and see if that is any better. When I have more information, I will report here. Watch this space!
Hajj: My journey in 2008AD / 1429AH
Well hello there people. It's been a while since my last blog update. May of you may know that I recently went on Hajj. This blog entry will be an account of that journey, and there are also a bunch of photos available in the Hajj album.
The trip begins
The trip began with everyone meeting at Melbourne Airport. The group was mixed, some I knew well, others I'd only met in passing and many I had never met at all. It was an emotional farewell, many of us had not spent such a long time away from family, and the significance of the occasion to us seemed to elevate the emotions that everyone was feeling. We hugged our loved ones and wished each other well on the journey we were about to undertake. The flight to Singapore went smoothly, though I didn't manage to get any sleep, Not being tired, I spent the trip walking around getting to know my travel buddies.
When we arrived in Dubai, we had one day there to freshen up. We ate, napped and then our group leader made sure we all put on our ihram properly and prepared for the next leg of the journey. The flight to Jeddah was short, only about an hour, and when the aircraft was about to cross the Miquat we all read the dua and made our intention for entering into the proper state of ihram. This was the first part of the Hajj Tamattu, and we were all excited and looking forward to what was coming. Once we arrived in Saudi Arabia, we fell into the bureaucratic machine that is the Hujaj (visitors on Hajj) system. We passed passport control after about an hour of waiting in the terminal, and were then moved to the stage two waiting area where we endured around 8 hours before being cleared to board the bus. This time passed fairly easily, we all managed to get some sleep despite being in ihram and laden with our luggage. To be honest, I was expecting far worse.
Makkah and the first umrah
The bus ride to Makkah was pleasant. We stopped at a small Mosque for Fajr, where locals came and gave us dates and bottles of Zam Zam water. The locals all seemed very eager to provide services to visitors, and went out of their way to ensure that we were all taken care of. After arriving at our flats, we unpacked and settled in. The flats were modest, and we were sleeping 6 to 8 in a room. There was a small jamaat area on the ground floor where we made our salat, as well as an eating area where our meals were served. Our group was on the second floor. I liked the arrangement, the closeness with the rest of the group really encouraged us to get to know one another.
Soon after arriving at the flats, we had to make our way to the Masjid-al Haram to perform umrah as part of our Hajj Tamattu. The Haram itself is an enormous building, clad almost completely in marble. It is an imposing sight, both from far away and up close. I had visited Makkah before, but for many in the group, this was the first time they had seen the Ka'bah. Physically, it is a squat structure made from blocks of black granite quarried from the nearby hills and covered with a black cloth. To a non-Muslim, this would likely appear unimpressive, but to a Muslim who understands its significance, the spiritual impact of seeing it in reality is breathtaking, and I was no less awed seeing it this time than the first time.
After performing the rites of umrah, I returned with the group, now bare-headed, to the flats where we took off our ihram, showered, and freshened up. For me, the short period in ihram was like a trial run for the Hajj. Over the next few days we got used to the place, oriented ourselves with Makkah and spent time getting to know one another. One of the first things I did was go looking for shwarmas, as they were my favourite meal during my last visit back in 2000. I discovered, to my dismay, that all of the little stalls that I bought them from have been removed and the land around the Haram is being redeveloped into a complex of large hotels and shopping centres. I was also unable to find easy access to the Internet, the closest net café to our flats did not allow laptops. I had to ask around quite a long time before I found a place I could plug in my laptop and check my mail.
Hajj begins
The Hajj proper began a few days after arriving in Makkah. We all had showers, cleaned up thoroughly, and got ready for the journey, both in the physical sense by gathering the necessities, and in the spiritual sense by making our niyaat, extra salat as well as generally engaging in introspection and pondering the many benefits we hoped to derive from performing this holy rite and fulfilling a requirement of our religion. It was a sober preparation, and I personally was excited to be doing something that I had heard so many others talking about. I was also happy to have Mahmoud Kürkçu as our guide and group leader. I have always considered him to be a fantastic teacher, effective amir and close friend. It was also at his invitation that I came on the trip so my thanks go to him for giving me the little push that I needed in order to undertake this journey.
After leaving the flats, we arrived at the tents in Mina. I cannot describe the scale of the place, and no photo I can take would adequately capture it. I have no idea how many tents were there, but I am told that there are facilities for hosting up to 3 million people. The sea of tents stretched well out of sight. We unloaded from the bus, and moved to our designated tent number, only to find that it was already occupied. The officials moved us to another tent, which caused problems later when that tent's group showed up. They were moved elsewhere. I have no idea how the organizers managed to make the system work, but it seemed to be moving along fairly well. We settled in for the night, got out our sleeping bags had some quiet conversation and engaged in thikr and Qura'an reading. Being in Mina gave me a great sense of connectedness with the rest of the Muslim world. I met with some people from Senegal, and ate some dates and water with them. We also shared our tent with some brothers from France. Talking to all the people there from such a wide range of places really highlighted how diverse and yet united the Muslim world is. That same night in Mina there were nearly 2 million people, all there for the same reason, doing the exact same thing, thinking and feeling the same things. If only we, the Muslims of the world, could demonstrate such unity throughout the rest of the year, one can only imagine to what heights we as an ummah could soar.
The next morning we had to move 9km to Arafat. There was a bus, but many of the guys in my group, including myself, decided to walk it in order to get a small taste of what Hajj was like in centuries past. We gathered our belongings and started the hike. It was hot, probably over 30°C, but our ihram kept us cool. There was no shortage of water, as drinking fountains dotted the landscape, as well as food distribution points handing out meal packs which included things like date cookies, fruit juice and biscuits. The majority of people were walking, as buses were an expensive luxury that only those from comparatively wealthy nations were able to afford. For me, walking made the Hajj feel more like what I imagined Hajj would be like. Otherwise, it would have been just a few bus rides and sitting in tents. Yes, we engaged in extra thikr and Qura'an reading, but for me, the walk really pushed home the fact that I was in a different land, and that the journey I was on wasn't just another guided tour. The walk was reasonably easy, but when we got to Arafat we had a very difficult time finding the rest of the group. After all, there were 2 million people in the space of just a few square kilometers. Nonetheless, I am very glad I walked, and if I have the chance to go on Hajj again, I will definitely be doing as much of the distance on foot as possible إن شاء الله.
After the day of prayer at Arafat, we boarded a bus to take us to spend the night at Muzdalifah. This area had very few facilities, with only a few ablution blocks scattered around. Our supplies and water were running low, so we were all hungry and thirsty by the next morning. The girls managed to gather together the last of what we had and made sandwiches for everyone, and a supply truck dropped off some crates of bottled water. We packed up our bags but left the sleeping gear there. After Hajj, the area is scavenged by bedouins and poor people who collect anything of value, picking the place cleaner than any cleaning crew. We collected our rocks for use at the Jamarat, and headed back to our flats.
The Jamarat consists of three spots about 100 meters apart where pilgrims have to throw stones, symbolically stoning Shaytan the devil and expressing rejection of all of the undesirable aspects of ourselves such as greed, hatred and other sources of vice. This is the spot where Prophet Ibrahim was tempted by the Shaytan to disobey Allah. Rather than listening to him, he threw stones to indicate his refusal to be led astray, and pilgrims re-enact this to symbolise their own desire to cleanse themselves of disobedience.
We did it over 4 days. As our flats were in the Mina area, we were obliged to do it every day until we left. The Jamarat was a deeply spiritual experience. The physical act of throwing stones is supposed to translate into an internal desire to reject disobedience and sin. I don't know if I have the necessary willpower to convert the symbolic act of aggression into the complete rejection of wrongdoing, but I hope that Allah helps me improve myself and gives me a greater strength in the perpetual jihad against spiritual impurity إن شاء الله.
The Jamarat is where, in recent years, there have been people killed by crowd trampling. After going there, it is easy to see how. There are three spots where, in the space of 24 hours, 2 million people have to get within a few meters of. Imagining such large numbers of people in such a small space is difficult, and I can easily see how the crowd quickly becomes unmanageable. The problem, however, seems to have been solved. There are now ramps which ensure that the crowd only moves in one direction, rather than in and out from all directions. The ramps are enormous, 50 meters wide, and moving in a large loop, so the crowd comes in, moves past the Jamarat spots on both sides, and then goes on back to Makkah. The Jamarat spots themselves, which used to be small pillars, are now walls, around 20 meters long, running parallel to the crowd movement and in the centre of the ramps, which allow a large number of people on each side to approach at once. It is easy to approach and throw at leisure, whereas in past years getting within throwing range was difficult and many people had to throw from behind others, a practice which inevitably resulted in accidents. In addition to the ramp arrangement, there are multiple levels, stacked on top of each other. The Jamarat walls extend upwards through the levels, and the crowd is directed to move to whichever ramp is currently least crowded. The Jamarat now has capacity to handle crowds far larger than before. So large, I think, that when the Jamarat is finished, it will never be crowded again as bottlenecks elsewhere in the Hajj infrastructure, most notably the Haram itself, still limit the number that can be accommodated for the whole Hajj event.
Rags to riches; Moving to Zam Zam Towers
On the fourth day, we left the flats after performing our final Jamarat stoning and moved to our next stop; Zam Zam Towers. It is a luxurious five star hotel immediately outside the Haram and right next to the well-known Hilton building. The bottom 5 levels of the complex is a high class shopping centre, and the hotel is on floors above. This made getting into and out of the hotel annoyingly difficult, as one has to navigate the shopping centre, get into the special lifts, go up to the hotel lobby, and then take another set of lifts up to your rooms. This is an implementation of the design referred to by many US construction companies as Sky Lobby. However, it was badly executed, and the overall building design left much to be desired. Due to the poor floor plans, getting between the building's front door and your room could take upwards of 10 minutes.
The hotel itself was new and extravagantly designed. Constructed 2 years ago, it is the most expensive and luxurious hotel in Makkah. The management and staff were still getting their routines in order, so room cleaning and service levels were erratic, but overall, the experience was what one would expect from such an expensive establishment. The food was lavish, with daily buffets featuring an enormous range of well prepared, well presented dishes including appetisers and desserts.
Personally, I found it uncomfortable. I don't like such opulence, having always preferred to travel light and cheap to maximise the contact I have with the rest of humanity. Sitting in an expensive hotel, eating expensive food and being served by an army of imported labourers does not facilitate interaction with others. Worse yet, such extravagance detracts from one of the main goals of Hajj; namely, to concentrate on one's spirituality and disregard the physical self, even if only for a short while. While on Hajj, we wear ihram, and part of its purpose is ensuring that everyone ignores their physical state and also to highlight the equality of people before Allah. There is nothing more ironic than seeing a person in ihram standing in the lobby of a hotel where the nightly rate is above what three quarters of the world's population earns in a year. My view on luxury is that, at least for the Hajj season, all visitors should be equal. If we, people from the first world, cannot once in our lifetimes give up our luxury for the purpose of connecting with our fellow Muslims and demonstrating our awareness that we are all equal in the sight of Allah, then I feel that we have lost an important part of what it means to be Muslim. Perhaps we should look to people from poorer countries for guidance on this matter rather than arrogantly trying to "modernize" them.
Makkah is a buzz of development. All around the Haram are brand new buildings gleaming in the desert sun, most of which are only a few years old. This development is being carried out under the supervision of the Saudi royal family. Prices of everything from buses to visa applications are going up, and all the land in the immediate vicinity of the Haram is being redeveloped into expensive high rise hotels and shopping centres. Personally, I feel that the Saudi regime is destroying the Hajj and the sanctity of the holy sites. I met a man from Kenya, who said that already the Hajj prices were such that people from his country were having difficulty affording the trip. Everything from accommodation to food to transport costs were becoming more expensive, and there is no sign that the Saudi government is concerned about the welfare of the Hujaj as opposed to the profitability of the Hajj season.
The stay in Zam Zam Towers was, however, pleasant. We were scattered around the building, meaning that that close physical proximity that we had in the flats was lost, but many of the group preferred the greater creature comforts on offer. I made all but three of the salats of the stay in the Haram, and spent much of my time there reflecting and making thikr. It was a greatly enriching spiritual experience, as the physical proximity of the Ka'bah helped keep my mind focussed on striving for spiritual nearness to Allah. I hope that I have the opportunity to make the journey again, and owe great thanks to the group leader, Mahmoud Kürkçu for inviting me on the trip. Without his encouragement it is doubtful that I would have come.
One of the trips we made while in Makkah was to Jabal Noor, the mountain where the first contact between Prophet Muhammad (صلى الله عليه و سلم) and the angel Jibreel occurred, and the first verse of the Qura'an was transmitted. The mountain has no special significance in Islam, however it was still a great experience being able to walk up the same mountain and go to the same spot where Rasulullah (صلى الله عليه و سلم) must have sat. We took a minibus to the base of the mountain and then walked up the trail to the summit. It was good going during the night, as the heat of day would have made progress up the slope very difficult. It took about 40 minutes to reach the summit, and we spent about a half hour there taking photos and relaxing.
Towards the end of the stay in Makkah, I went with a few of the other guys in the group to perform an extra umrah. The closest miqat border was a place called the Masjid-al Aisha. When Aisha (رضي الله عنه) was traveling to Makkah with Rasulullah (صلى الله عليه و سلم), she was unable to enter ihram upon arrival. A few days later, when she was ready, Rasulullah sent her with a mahram to a place where he instructed her to enter into ihram and then perform her umrah. A masjid was built at this place, which is now known as Masjid-al Aisha, and this is considered a miqat area for the purpose of entering into ihram. So, on the last night of our stay, a few of the guys and I put on our ihram, went to this masjid and performed umrah. The masjid features a very modern and elegant design. It was night time and the lighting was poor, which meant that I was unable to take a photo, but I am sure that there are many photos on the Internet that one can find. I would highly recommend to anyone visiting Makkah the performance of an umrah from this masjid. The whole umrah from start to finish when using this spot as a miqat takes less than two hours from the making of intention for ihram to the cutting of the hair.
Onward to Medina
The next morning we packed our luggage and boarded a bus which was to take us to Medina for 8 days of visiting and tours. The journey took about 9 hours with breaks and a checkpoint clearance. It was a comfortable and pleasant ride. We were staying at the Mövenpick hotel just on the north west corner of Masjid-al Nabawi. According to a hadith, it is highly meritorious for a visitor to make 40 salat in this masjid without skipping any. We intended to do this, and to my knowledge, everyone in the group managed to make all 40 in a row. Medina was a great experience. Mahmoud spent a long time showing us many places in the area, taking great care to ensure that we all got at least a brief introduction to the historical significance of each site that we visited. The places included the site of the battle of Uhud, Masjid Quba and of course, the sites within what is now Masjid-al Nabawi. Visiting the tomb of Rasulullah (صلى الله عليه و سلم) was a deeply emotional experience, and visiting it and indeed spending time getting to know Medina should be a part of every Hajj trip.
Personally, I enjoyed the Medina stay far more than I enjoyed the Makkah stay. The people in Medina were far more friendly and warm, the available food on the street was of a far higher quality (although the hotel food was just as opulent) and the place generally felt less mercantile. In future Hajj trips, I would probably prefer to shorten the Makkah part and lengthen the Medina part. My favourite foods were shwarmas from a particular shop on the east side of the north row facing Masjid-al Nabawi, and ta'mia. I've always liked local food over hotel food, and while the local food shops are obviously being replaced by the 5 star facilities that the Saudi government is encouraging, there were still ample opportunities for the good food hunter to find authentic local food. There was also a far greater sense of history. In Makkah, virtually all of the old buildings had been torn down and replaced, in Medina however, one did not have to walk far to find buildings that were 100 years old or more. I made the effort to talk to the locals, and the prevailing view seemed to be that they favoured the simple lifestyle that Medina offered, and were glad that, aside from the development of the area around Masjid-al Nabawi, the city remained fairly untouched by the inroads that westernization had made into the rest of the country.
One of the most memorable experiences for me was the night that we went to visit the site of the battle of Uhud. A few days before, we'd been to the spot where visitors often go, but we went again one night, when the officials were not watching, so that we could climb the mountain to see the cave where Rasulullah (صلى الله عليه و سلم) and his companions retreated to after the battle had turned. The mountain itself has had housing built right up to its foot, and there are now small dwellings within a stone's throw of the cave itself, only a short climb up the slope. After navigating the slope, we entered the cave, really just a rocky niche, and sat in the same spot where they sat after the battle was over. This was not allowed by the officials, and we had to be on the lookout for police cars. This small re-tracing of the actual steps of Rasulullah (صلى الله عليه و سلم) was an exciting experience for me, and I am very glad that we had the opportunity to do it. Knowing that we were sitting on the very same rocks in the very same place that Rasulullah (صلى الله عليه و سلم) and his companions sat in over 1,400 years ago gave us a heightened sense of nearness to our Prophet, helping to overcome the chasm created by distance and time that separates us from him and his guidance for most of our lives in Australia. Were I to get the chance to go back to Medina, I would spend even more time going to as many original sites like this to try to more firmly establish a strong spiritual and emotional link with the life and times of Rasulullah (صلى الله عليه و سلم) and his companions.
The sad farewell
On the ninth day after arriving in Medina, it was time to leave. After the moving experiences of staying among the people of Makkah and Medina as well as being in the place where our religion was born, I was sad to leave, and, Allah willing, hope to return. The trip home involved taking a bus to Medina airport, then a plane to Jeddah and another to Dubai. We spent a night in Dubai, and then we all went our separate ways. Overall, I don't think that there was a single person in our group who did not have an excellent experience. We all owe Mahmoud a big thanks for being such an excellent guide for the journey, and I hope I get a chance to travel with him again at some point إن شاء الله, perhaps to perform another Hajj. For me, the journey was a deeply spiritual one, and I hope that I am able to implement the changes in my life that are needed for me to become a person and a better Muslim. I would also encourage any Muslim who is reading this and who has not yet done their Hajj to make an effort to do it as soon as possible. It really is an experience that cannot be described in words, and I hope that my feeble attempt to communicate the events of my journey do not in any way diminish the true value of Hajj.
So there you have it. My experience with Hajj 2008AD, or 1429AH. I do apologize for not having this entry ready sooner, but better late then never. If you haven't already, head over to my gallery and check out the photos from the Hajj album.
ThinkPad X40 problem with Xubuntu
I've been having some problems installing Xubuntu 8.04 and 8.10 on an old IBM ThinkPad X40 I've got here, and I thought I'd share the solution. I initially thought the problem was hardware related, but it was replicated on two identical units, and after I purchased a brand new hard drive for both of them.
The problem was that after installing Xubuntu, the laptop would boot fine once or twice, but after that, boots would fail and I would get the following error:
Could not start the X server (your graphical environment) due to some internal error. Please contact your system administrator or check your syslog to diagnose. In the meantime this display will be disabled. Please restart GDM when the problem is corrected.
I would then be given a CLI log in prompt. Logging in dropped me into a read only file system, and not even sudo would allow me to edit any files.
To skip to the end of this story, I believe that the problem is related to and combination of the drivers in use for the X40 hardware, hot un-docking of the UltraBase docking station, and the JFS file system. JFS is usually my filesystem of choice on Linux, but so far, reinstalling Xubuntu using ext3 seems to have solved the problem.
Archiveopteryx mail server from scratch with Debian
So I have finally set up my own managed mail server. Why? Well, there are many benefits to running your own mail server. POP3 is the standard ISP service offered by ISPs today, however IMAP offers many benefits over it, mainly the ability to have your email accessible from many PCs and have it automatically synced. The other main benefit is that there is no need to back up your email any more, because it is stored on a server. Thus, you get all the power of a full email program without losing the safety and portability of web mail. The following table compares web mail (such as Hotmail), POP3 which is the usual mail type offered by your ISP and IMAP.
| Benefit | Webmail | POP3 | IMAP |
|---|---|---|---|
| Available on multiple PCs | Yes | No | Yes |
| Available Offline | No | Yes | Yes |
| Easy to manage large mail volumes | No | Yes | Yes |
| Can use standard email client | Maybe | Yes | Yes |
| Can apply filters to sort mail | Maybe | Yes | Yes |
| Free of annoying ads | No | Yes | Yes |
| Safe against PC crashes etc | Yes | No | Yes |
Running a mail server is not easy, there are many potentially complex programs that are involved, each of which needs configuration. You also need to own or control the domain name you want to run it on. This article will show you, step by step, how to set up a fast, scalable and reliable mail server using Postfix and the most excellent Archiveopteryx package on a Debian server. Archiveopteryx is a mail server that uses a PostgreSQL database back end to store and retrieve mail. This makes it incredibly fast and scalable out of the box. It also supports all relevant mail standards such as POP3, IMAP, SMTP/LMTP, TLS and Sieve. I have been using it now for only a few days and I must say that my experience thus far has been excellent.
By the end of this guide you will have a mail server that can handle multiple domains, provides IMAP and optionally POP3, authenticated SMTP services as well as TLS security on all communications. Lets get started.
Preliminary server configuration
First things first; set up a firewall. My personal favorite script is Arno's iptables script, which can be installed with the following line:
aptitude install arno-iptables-firewall
This script is great, as it allows you to configure your firewall with a "wizard" type set of questions using the familar Debian configuration tool. You will need to leave the following ports open:
- 22 (ssh)
- 25 (smtp)
- 143 (imap)
- 587 (smtp-submission)
If you need to reconfigure your firewall at a later date, you can do so by typing:
dpkg-reconfigure arno-iptables-firewall
Now that your new server is secure, you'll need to install a few packages that will be used later on.
aptitude install build-essential libreadline5-dev \ zlib1g-dev vim
Configure your MTA
I changed the MTA (program that relays mail to and from the server) to Postfix from Debian's default exim4, because my reading on the web gave me the impression that people consider Postfix to be a higher performing MTA than exim. This is done by issuing the following commands:
aptitude install postfix dpkg-reconfigure postfix
Debian will ask you a few questions, just say "yes" to all of them. Note that Postfix needs to be given the mail server type "Internet site", and also needs to be told what domains it will be receiving mail for. You can put in multiple entries, if your mail server will be handling mail for more than one domain. In addition, make sure that you leave the value for "Local networks" as 127.0.0.0/8, as we do not want your mail server acting as an open relay to be abused by spammers. Leave all other values at their defaults.
Domain Configuration
MX Record
You need to be aware that in order for the rest of the world to know where your mail server is, at very least, you need to put its host name into your domain's MX record. You can usually do this by logging into the web site for your DNS registrar, or whoever manages your DNS. Personally, I use No-IP, as they offer a very reliable and competitively priced service. They also have an excellent and easy to use control panel. Just go into your domain name's properties page, and put the host name for your mail server (e.g., mail.mydomain.com) into the MX record field. You can have multiple mail servers for redundancy, but that's a story for a more advanced article.
Add SPF to your domains
It is also advisable to enable SPF on your domain to reduce the incidence of email backscatter. I won't provide detailed instructions on how to do this, except to say that you should add the following string to your domain names' DNS TXT records:
"v=spf1 a mx ptr -all"
PTR records on your mail server's IP
You can further increase the "reputation" of your SMTP server by ensuring that your server's PTr record resolves to the host name that Postfix claims to own, so that other MTAs don't think that your MTA is faking its address for nefarious reasons. You can do this by ensuring that the domain name that your mail server thinks it has matches the reverse lookup on the IP that you are using. In other words, you should have a valid PTR record on your IP that matches your machine's fully qualified domain name (FQDN). To find out your machine's FQDN as perceived by Postfix, you can issue this command:
postconf | grep myhostname
And look for the value under myhostname = . If your IP is able to be reverse resolved to this host name, your outgoing mail will be far less likely to be classified as spam.
So that's Postfix and your domain configuration taken care of. Next, we need to install PostgreSQL. I don't use the Debian packages for PostgreSQL, I prefer building it from source (this is why the -dev packages were installed earlier, just in case you were wondering).
Install PostgreSQL
Go to the PostgreSQL web site and download the latest stable source package, and install it according to the PostgreSQL documentation's installation instructions. This is very easy to do, and shouldn't take more than 5 minutes. This blog entry is not about installing PostgreSQL, and if you need help with that, please go to the PostgreSQL mailing lists or #postgresql on Freenode IRC. You'll find the community is exceptionally active, helpful and friendly.
There is no reason that you can't use Debian package management to install PostgreSQL, and if you want a recent version then you can get it from Debian's backports repository. Personally however, I've always preferred PostgreSQL from source, however the choice is yours.
Download, install and configure Archiveopteryx
Once you have PostgreSQL up and running, you can download and install Archiveopteryx. Go to the website and download the latest package. Unpack it, and then type make && make install. Note that you do not type ./configure. This will install Archiveopteryx to /usr/local/archiveopteryx. Once it has been installed, you need to create Archiveopteryx's initial configuration files using the command:
/usr/local/archiveopteryx/lib/installer
Once you have done that and supplied the details that it asks for, you will need to make a small modification to your Postfix configuration, so that it knows to deliver the mail to Archiveopteryx, and not store it in the file system. Add the following to the bottom of your /etc/postfox/main.cf file:
mailbox_transport = lmtp:inet:127.0.0.1:2026 local_destination_recipient_limit = 10 local_recipient_maps =
Secure access
If you like, you can disable plain text log in. Archiveopteryx supports TLS by default, so disabling plain text is enough to enforce secure access. I highly recommend this, as there is no real down side. Do this by setting the following directive in your archiveopteryx.conf file:
allow-plaintext-access = never allow-plaintext-passwords = never
If you do this, users need to tell their email client to use TLS when logging in. It's a simple check box, and is supported by all common email programs such as Thunderbird, Outlook and Outlook Express.
Start Archiveopteryx
Archiveopteryx is now installed, and you can start it with the following command:
/usr/local/archiveopteryx/bin/aox start
If all has gone well, the server should now be running. The following are some useful commands you can use to get started using and administering your new mail server:
- Start the server:
./aox start- Stop the server
./aox stop- Restart the server
./aox restart- Show the server's configuration
./aox show cf- Add a user
./aox add user [username] [password] [email address]E.g., ./aox add user me@mydomain.com mypass me@mydomain.com- List the users on the server
./aox list users- Delete a user
./aox delete user [username]
Note when adding a user I recommend using the full email address as the user name, and not just the part before the @. This ensures that the user name will be unique if you run a mail server that serves multiple domains. If you add a user using the command above, you'll be able to log into your server using any email IMAP client such as Outlook, Outlook Express or Thunderbird, using the email address as a username.
Set up outgoing SMTP (optional)
At this stage you're nearly done. You can stop here if you don't want to worry about TLS and you're happy to use your ISP's SMTP server for sending email. Personally, I travel a lot, and so I wanted to be able to send mail from anywhere and not worry about hunting for the local SMTP server when at Internet cafes in some foreign city, so I continued setting up Aox so that it would handle mail sending as well. I also wanted to use TLS to secure it, so my passwords weren't sent over hostile networks in plain text.
First, enable SMTP submit by adding the following to the bottom of your archiveopteryx.conf file:
# Configuring SMTP Submission use-smtp-submit = enabled smtp-submit-address = mail.mrnaz.com smtp-submit-port = 587 use-smtps = enabled auth-login = enabled check-sender-addresses = on
Because you set Postfix to relay mail from 127.0.0.0/8 Archiveopteryx will be allowed to relay mail through it to the open Internet, but no remote machines will be allowed to do so. Your email clients will now be able to use your mail server's address as an SMTP server. They will need to use port 587, and the same username and password as for their IMAP log in. I.e., their email address as the username and the password that was set when you created the account with ./aox add user
The line auth-login is to work around an Outlook bug. If you know for a fact that none of your users are using Outlook, you should remove it, however there is no harm in leaving it on, so I do, just in case.
The last line is optional, however it will prevent users from sending mail unless they use a From or Sender address that is their Archiveopteryx email address or an alias. This will ensure that the only mail that goes through your servers is authenticated email from your users and that they do not inadvertently expose email addresses that they want to keep private. I recommend this setting, disable it only if you know what you are doing and why.
Done!
You now have a fully functional mail server that allows your users to send and receive mail using the same username and password as well as TLS security for all communication with the server. You will also need to set up anti-spam, which is quite easy to do, but that's another article. There are plenty of guides on the Internet that explain how to set up SpamAssassin with Postfix under Debian.
One final note: Please keep in mind that your new, highly scalable, high performance mail server was made possible because of Archiveopteryx, Postfix and PostgreSQL. If you have used this tutorial to set up a mail server, please stop by their project sites and thank them for their exceptional contributions to the open source software ecosystem.
