Search | Running | Sailfish OS | All Posts | About Me

Moving my Linux mail server to OpenBSD.Amsterdam

February 19, 2024 — Nico Cartron

As I explained in previous articles here, here or here, I decided a few months back to migrate as much stuff as possible to *BSD, so of course my Linux server, running on an OVH dedicated machine for a few years, was part of that scope.

I decided to go with OpenBSD.Amsterdam following a recommendation from MichaƂ Sapka.

Ordering

The process to order a VM was super smooth and done in a few minutes.
All I had to decide was how much RAM and hard disk I needed. You specify your SSH public key at the same time, and when you're done, you receive your VM details some time after - which in my case, was litterally a few minutes after, as Mischa, who is one of the folks running the association, was super fast!

At that time, I hadn't paid yet, so Mischa just sent the payment information in the same email (they accept Stripe, iDEAL and Paypal) - I did it straight away.

First contact

Connect to the machine

By following this page, it's super easy to connect via SSH.

Getting to know OpenBSD

I first wanted to install Knot as Authoritative DNS, so did a quick search on how to do it on OpenBSD, since pkg does not exist.

Instead, you have to use pkg_info, such as:

# pkg_info -Q knot
debug-knot-3.2.5p2
knot-3.2.5p2 (installed)

You can then install knot with:

# pkg_add knot

Easy!

Updating packages

You'll have to use pkg_add -u, which will check for updates and do the update if needed:

# pkg_add -u

quirks-6.122 signed on 2023-10-13T21:05:16Z
quirks-6.122->6.122: ok
amavisd-new-2.12.2p0:curl-8.3.0->8.4.0: ok
Read shared items: ok

The output is obviously different than pkg update and pkg upgrade, I find it a bit short, but it does the job.

Differences with FreeBSD

Now there's no such thing as /usr/local/etc/ on OpenBSD - knot configuration files are installed in /etc/knot/

I just had to copy my knot.conf configuration file from the Linux server, change the IP addresses it listens on, and that was it!
(I lost a few minutes because of a bad path for Knot's storage directive, but once fixed it worked straight away).

Of course, I also had to change my PowerDNS' Primary DNS server to allow zone transfers from the OpenBSD server.

Setting up my Mail server

I went for roughly the same setup as the one I had on Debian, i.e.:

  • Postfix
  • Dovecot
  • Amavis
  • SpamAssassin
  • OpenDKIM

This was uneventful, and apart from changing a few settings here and there (like path), the only things I had to do were:

  • update the crypt method from SHA512-CRYPT to BLF-CRYPT for Dovecot,
  • rsync the folder with my mailboxes from the old server to the new one,
  • copy the Let's Encrypt folder,
  • backup and restore the SpamAssassin database (heck, I didn't want to lose years of learning!),
  • change the DNS records to point to my new server.

Of course, I did some tests with a domain I'm barely using, before moving my main domains!

Wrap Up

It took me some time to finalise this migration (I ordered the server mid-October, and completed the migration end of December 2023), but that's mostly because I took a few weeks "off" after the initial setup.

Overall I didn't encounter any issue with OpenBSD.Amsterdam, and I'd even say that the level of communications from them is far better than OVH - e.g., they did an upgrade of the host running the VM, from OpenBSD 7.3 to 7.4, and not only did they announce it one week before, but this upgrade was done on a Sunday.

Overall, I'm extremely happy about the service they provide, and can highly recommend them if you're looking for a reliable provider of BSD VMs, especially in Europe.


Tags: FreeBSD, IT


I don't have any commenting system, but email me (nicolas at ncartron dot org) your comments!
If you like my work, you can buy me a coffee!