Tuesday, August 26th, 2008
Xen is really good for running Virtual Private Servers with root access and dedicated RAM. It’s a true virtualization platform that offers multiple local root servers on one physical server hardware. With XEN VPS you get your own virtual server with fully dedicated memory (RAM), process list, file system and a share of central hardware CPU.
Xen Virtual Private Server is perfect for sites that require custom software installation, or even custom daemon configuration that canāt be run on a shared server. Plus, VPS offers better security because you have your own file system that is not shared with other web sites.
However, VPS is a like a small dedicated server - you will probably need skills to manage it. I suggest you read some Linux books and on-line manuals to get familiar with it, otherwise someone may compromise your VPS.
No Comments 
Posted by Linux in Linux tips 
Thursday, November 22nd, 2007
If you are installing Mailscanner and Spamassassin from source or some RPMs it’s been know to use Bayesian statistics engine with it’s database kept forever. This fills up /var/spool/MailScanner/spamassassin folder pretty quickly if you have a moderate load SMTP incoming server. To fix this problem and rebuild Bayesian filters you need to change the following value in /etc/MailScanner/MailScanner.conf file
find the following setting:
Rebuild Bayes Every = 0
and replace it with
Rebuild Bayes Every = 12000
This will rebuild Bayesian spamassassin database/files every 200 minutes. You can of course aim for a higher value if you have enough disk space.
No Comments Posted by Linux in Linux tips
Tuesday, September 25th, 2007
We have been playing around with Linux syn cookies to test out the performance and we have came to the following conclusions.
It’s always good to detect SYN floods and then turn on SYN cookies to better use the CPU power - so the SYN flood must be detected and sysctl SYN cookie value set to 1 in the real time. If you have Syn cookies turned on you server CPU and Network stack will be slightly affected, however, no RAM usage will increase in case of SYN flood. The kernel does not allocate the TCP buffers unless there is a positive reply to ACK/SYN packet.
So if you have a dual core box with 1GB RAM and good enough connectivity, you can leave Syn Cookies enabled without much of the performance loss, even if you get quite decent legitimate traffic.
Sysctl Syn cookie protection for Linux can be activated in real time, by:
sysctl -w net.ipv4.tcp_syncookies=1
You can also increase Syn backlog, to let’s say 1536:
sysctl -w net.ipv4.tcp_max_syn_backlog=1536
For FreeBSD you can tune TCP queue length by issuing:
sysctl -w kern.ipc.somaxconn=1024
No Comments Posted by Linux in FreeBSD tips, Linux tips
