# My new virtual private server: Gandi

### 23 Feb 2008

I’ve been contemplating switching to a virtual private server for quite some time. The cheapest one I could find was SliceHost. While their services seem to be great, $20 a month was too steep a price. A few weeks ago, I stumbled upon Gandi. Gandi is a known name in the domain registrar space, but they recently launched a “beta” version of their Xen-based hosting service. Because the service is beta, they offer a rock-bottom price of$7 per month for 256 MB RAM, 1/64th the processing power of a Quad Dual-Core AMD, and ~500GB of monthly traffic! Talk about tempting, I wasted no time in signing up :)

It’s been 3 weeks now, and I must say that their service is absolutely fantastic. My server was up in no more than 10 minutes (that includes the time taken for payment). I chose a Debian-based machine (Gentoo isn’t on their list yet :(). As soon as I logged in, I got to work - I needed to setup my web and mail server. Here’s what I did first:

Now to setup the web server with PHP 5:

Edit the default configuration files to your liking and get the default web site running:

Now, onto the mail server. I chose the postfix, procmail, saslauthd, spamassassin and dovecot combo:

You’ll be asked a few questions, but we’re going to be reconfiguring anyway so it doesn’t matter what you say:

To get postfix to play along with saslauthd, we need to make some changes to the postfix configuration. You can edit /etc/postfix/main.cf directly, or use postconf:

Since postfix on Debian runs in a chroot, you need to make sure it can access saslauthd:

The most important thing while setting up a mail server is to test at every interval so you can know where a problem came from, if one comes at all. I tested whether postfix + saslauthd were working file using telnet. For the PLAIN authentication type, you can find your auth string by determining the Base64 encoding of the string “usernamepassword”. Here’s a transcript of the telnet session (‘<’ is data sent from you to the server - meaning you have to type it and press the return key, ‘>’ is data sent to your computer from the server):

When you see “Authentication successful”, you can be sure that saslauthd is working fine with postfix. Now, edit the .procmailrc file in your home directory as required. I love procmail because it lets me do all sorts of preprocessing on my mail (liking moving spam to /dev/null and arranging mails into the proper IMAP folders).

I also use greylisting, a technique used to block 99% of incoming spam (while spamassassin catches the rest 1%). This comes at a price though, whenever someone genuine sends you mail for the first time, it may take upto 20 minutes for it to reach your inbox. I’m not going to discuss greylisting in detail here, but I think 20 minutes is a fair compromise to keep my inbox spam-free:

Time for another test to see if postgrey is doing its work. You also might want to send yourself a test mail to see if your system is working.

Now, for spamassassin:

You need to create a user so you can run spamassassin securely:

Now edit the spamassassin configuration:

Get postfix to start using spamassassin:

Time for a final test!

Now how do you check if you actually got the mail? You can ssh into the server and use something like mutt, but a long term solution would be to setup an IMAP server so you can connect with your favorite mail client:

The most important portions in the configuration file are the protocols, mail_location and auth sections. Once again, I chose to authenticate against /etc/passwd. Start the server and check for any warnings or errors:

Now, I also wanted to transfer all my mail from an old server to the new one. I came across a nifty utility called imapsync to do that for me:

Phew!