Solaris 10 Release and Solaris Cluster 3.x upgrade + patching

On the day of writing, the newest version of Solaris 10 is u11 (1/13) and Cluster (for Solaris 10) is 3.3u2.
Cluster 3.2 is still supported by Oracle, but patches are no longer released. Update 11 for Solaris 10 is probably last Release of Solaris 10 and has some new features, which are not available if you only patching a system with Recommended Patches.
Before starting with upgrade it is good to check and fix any issues with current system and environment.
Please check a Cluster status, Quorum device status, running services, zpools, metadevices, metasets, hardware components etc.
If you have any issues, fix them before you start. Plan your Maintenance Window, make backup of your files and configuration.
Continue reading Solaris 10 Release and Solaris Cluster 3.x upgrade + patching

Migration root disk into mirror in LVM

I’ve found several manuals describing how to add second disk to Volume Group and transform it into mirror. This does not looks complex, and everyone can do it, when everything is working like described in documentation. The problems start when something goes wrong, and one of steps failed.
In my environment there is virtual machine with CentOS 7 hosted by VMWare ESXi. This VM has system disk on one datastore. To provide redundation on OS level I decided to add second disk with the same capacity from another datastore and create RAID-1 (mirror) on them.
Continue reading Migration root disk into mirror in LVM

Trusted certificates for free – StartSSL

startsslHow many times did you see a pop-up message “Security certificate of this site is not trusted!”? We are used to it, and most of people even don’t check who is Certificate Authority and for who is certificate issued. Just click and confirms that they know the risk. This is not proper behavior, because the certificate should be trusted, issued for proper subject (domain), not expired and signed by Trusted Certificate Authority (CA). It’s very important, especially when you are dealing with bank, e-shop, mobile operator etc. But what about private blogs and sites? Most of them are using self-signed certificates. They have valid domain and date, but they are not signed by CA which is known to our browsers. What to do if you have your own site which is using SSL/TLS and you need a trusted certificate? You can get it from with no charge! Yes, I’m using them on my sites for a long time.

First you need to fulfill registration form with your own data. After data verification you will receive verification code to your email and you will be able to authenticate on StartSSL site. Personal certificate will be automatically installed in your browser. Good practice is to make a backup of it (export). How to do this export (backup) you can find in FAQ on StartSSL site. Next step is domain validation. To do this you will need email (or alias):, or You can choose one to which verification code will be send. Then, after validation you will be able to generate new certificate for website, mail server, jabber etc. Good luck!

Postscreen – Greylisting in Postfix

Greylisting is well known antispam technique. It’s idea basing on fact, that spamming hosts (zombies) doesn’t have time for retransmission and trying to send maximum amount of spam in shortest time period. This is achieved by connections to different mail servers and submission of message even without wait for server’s response. In opposition to that, legitimate mail servers presents themselves and waits for server’s response, and then beginning mail submission. If they receive temporary error code (4xx) from server, they will try to submit mail again after defined time period (e.g. 5 minutes)
Continue reading Postscreen – Greylisting in Postfix

Mail system implementation

My experience, which I gained during implementation of different systems shows, that implementation should be done in stages. Then, at each stage you can see if it works, if there are some fields to improve and then go to the next stage of implementation. Mail system implementation is not exception. We can divide this into following stages:

Stage I

Basic configuration of sending and receiving mail for system users
Continue reading Mail system implementation

Building mail system

This description is based on my experience, which I gained during mail system implementation on University of Silesia (Katowice/Poland). In the first stage there was about 3 000 of users, now the system is handling about 40 k of mail users. Whole system (exluding Sophos AV) is based on Open Source software. Their main components are:
Continue reading Building mail system

Postfix – compilation

MyszaPostfix does not have a configure script, so you need to add proper paths and libraries when you creating Makefiles (make makefiles). I must admit, that Postfix code is one of the least problematic code to compile on differents systems. To make my compilations reproducible, I wrote a script and set proper options for compilation.
Continue reading Postfix – compilation

Pigeonhole – compilation and installation

dovecotYou can download Pigeonhole for Dovecot from

% wget
% tar -xf dovecot-2.1-pigeonhole-0.3.1.tar.gz

This is my script to configure and compile Pigeonhole 0.3.1 for Dovecot 2.1:
Continue reading Pigeonhole – compilation and installation

Pigeonhole – Sieve support for Dovecot


Pigeonhole is the name of the project that adds support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC 5804) to the Dovecot Secure IMAP Server. In the literal sense, a pigeonhole is a a hole or recess inside a dovecot for pigeons to nest in. It is, however, also the name for one of a series of small, open compartments in a cabinet used for filing or sorting mail. As a verb, it describes the act of putting an item into one of those pigeonholes. The name `Pigeonhole’ therefore well describes an important part of the functionality that this project adds to Dovecot: sorting and filing e-mail messages.

Continue reading Pigeonhole – Sieve support for Dovecot

Work Smart, Not Hard