Jurrie Lulofs wrote:

Greetings.

I do not see that anyone else has replied (at least not copied to the
list), so I will try to give a few comments.

> I've recently discovered 3 tasks for which I'd like to consider using a
> Qube2/RaQ2 + NetBSD solution.  I've got a RaQ2 with upgraded memory
> (don't recall if it's 64MB or 128MB) that hasn't been powered up in a
> year that I would start with, acquiring additional machines if
> appropriate.  I'd appreciate feedback if the hardware&software
> combination is suitable for the tasks at hand.
> 
> 1. Small Office mail server
> 
> All mail for mydomain.com is currently delivered to a single ISP POP
> server.  There's now a need to support multiple email addresses for the
> domain.  I'd be looking for a mail server to support POP and/or IMAP
> access from Outlook or other clients, retrieving the mail from the ISP's
> POP server similar-to or using fetchmail and providing the corresponding
> mail boxes.  Is there a recommended/preferred mail package for this on
> the Cobalt/NetBSD platform (i.e. Dovecot)?  I would expect the clients
> to use the ISP's SMTP server directly for outbound mail.  The ability to
> additionally forward mail to other email addresses (via .forward or
> similar) would also be desired.  Load is only 100-200 emails per day to
> 2-5 LAN users.

The Qube/Raq was designed for this sort of thing.  But ... if your ISP
is acting as your primary mail exchanger then you will need to ask your
ISP to add the extra mailboxes.  fetchmail would be ideal to suck mail
from your ISP's server into the equivalent mailboxes on your Raq.  The
alternative is for you to setup the Qube or Raq as a mail server for
your domain, have your ISP change the DNS information to point to your
server as primary mail exchanger, then you can create as many accounts
as you like.

This will be much easier if you have a fixed IP address, if not then you
will have to rely on a service like DynDNS (www.dyndns.org) and update
your IP address in their service if your connection drops.  This is
workable (I do it at home), but not for a mission critical service.

Dovecot is in pkgsrc, and is generally well regarded.  Personally I use
Cyrus-IMAP because I need shared mailboxes - that is in pkgsrc too.

There are also a number of POP3 servers in pkgsrc.

> 2. VPN server
> 
> For the same small office it would be nice to allow remote access to the
> machines at the office.  The office is connected via DSL and a
> simple/standard/commercial Internet router/switch.  Would openvpn or
> something similar on a Cobalt/NetBSD be workable?  The Internet router
> could be configured to do port forwarding for the required in-bound
> ports to the dedicated Cobalt/NetBSD box.

OpenVPN is also in pkgsrc, and binary packages are available for several
architectures, so I would guess that the chances of it compiling on the
NetBSD/cobalt platform are fairly good.

As to how workable it would be, I have not tried it, but this page:

http://www.unixadmintalk.com/f59/openvpn-hardware-requirements-138303/

suggests that a Linksys WRT54G with a 200MHz MIPS CPU was able to handle
300KB/s.  The Raq 2 has a 250MHz MIPS CPU afaik, so you should get
slightly better performance than that.

> 3. Dansguardian
> 
> For my home network, with little people present, I'd like to add extra
> protection from accidental exposure to mature content.  Dan's Guardian
> appears to be the right solution for my needs
> (http://dansguardian.org/).  Does anyone have any experience with this
> software on the Cobalt platform?

Although Dans Guardian does not appear to be in pkgsrc, their web site
does mention that it works on NetBSD.

> General:
> 
> What's the best NetBSD version to go with for reliable service
> (especially for the mail server application)?  I will be going with a
> fresh install, preferably via the netboot CD method.  Ideally I'd like
> to get one or more Qube2 boxes to handle the small office environment,
> as the form factor appears to be more appealing in that setting.  I'm
> prepared to max out the RAM on all boxes if needed.

Depending on how much you stress the system with OpenVPN, and how much
impact it has, you  might get away with a single Qube or Raq (especially
if it has 128M RAM).  For many months I was serving email (SMTP and
POP3), web (Apache), proxy (squid) and files (FTP, Samba) to a dozen
users with a Pentium 166MHz across a 33.6K modem connection with very
little system load - not a MIPS platform (and admittedly under GNU/Linux
rather than NetBSD), but this is just to illustrate that a slow machine
is more than capable of servicing dozens of users.

In general, the most recent release is usually the best, however some
ppl have experienced network issues with NetBSD/cobalt, pretty much
since or after version 2.0.  OTOH others report few problems.

I would probably suggest starting with 3.1, and if that does not work
you could try -current.  FWIW 1.6.1 is pretty much *known* to work well,
however it is no longer supported and no more security updates will be
issued for that version.

> Any feedback would be appreciated.

Depending on how much "spare" time you have, and given that your ISP is
currently handing some (most?) of your requirements, a good idea would
be to setup the Raq (or Qube), install the packages mentioned above or
equivalent alternatives, and just see how it goes.

Rowdy