A follow up to our previous blog regarding Slackware and our development of a new hosting control panel.

We’re now well underway in building the control panel that we’ve codenamed: Mantis.

Features:
- Source built server daemons for improved speed and security. We have custom configured all aspects of ALL web facing daemons based on 8 years of using various control panels and taking on board what customers have noted / requested.
- Improved Email subsystems. We are moving away from Qmail / Courier IMAP to Postfix / Dovecot. Dovecot is a fully indexed IMAP / POP3 server with high performance and security. IDLE IMAP which is akin to push email (if your email clients support it) and rapid indexing gives everyone improved email performance.
- Integrated mod_security (modsecurity.org) in the web platform. Dynamic pages are served through the modsecurity web application firewall giving greater protection from common exploits. Static content (images, pdfs, zips etc) are served automatically via a lightweight backend webserver called Lighttpd thus reducing the performance hit of mod_security via the Apache web server. Mod_security will be a per domain customer controlled option with the default being active.
- FTP improvements. We are moving to a ‘traffic light’ system for FTP. Default will be SFTP or FTP over SSH; the most secure FTP transfer protocol available. Should customers not be able to use this for whatever reason (ISP limits, firewalls etc) FTP can be dropped down to FTP over SSL (FTP TLS) and finally (the ‘red’ in the traffic light system) plain FTP. FTP access will be IP limited to prevent brute force and password harvester access.
- Modular build. With the system being based on Slackware rather than a package RPM Linux distribution, there is no ‘dependency hell’. We can upgrade aspects of the server platform as and when. We are not tied into a third party vendor release schedule, nor are we limited as to what we can customise for fear of future control panel releases. We control and built the system. We upgrade it.

More updates to follow

One of my earliest memories of Linux was of slackware. The hardcore distro, the most unix-like Linux of all Linuxes, it enshrined my geekyness. Our revered maestro is Pat Volkerding.

Linux is widespread now mainly because of Canonical’s ubuntu. It’s ease of use, it just ‘works’.

This establishes a 2-tier system of Linux that only previously existed in basement-source forum arguments. RPM versus source distributions.

If you’re not too familiar with this, RPM is so named after the RedHat Package Manager system. It provides generic packages of applications and daemons that can work out of the box. Coupled with a package manager such as yum or apt-get, it can be an effective tool to get a Linux installation on its feet quickly and without much effort.

‘yum install httpd php php-mysql mysql-server perl’ is a common command for a RPM source distro admin. It resolves everything and ‘just works’.

Source is a bit different. But it has the alluring draw that it can be faster, more secure, totally customised. It requires more work than RPM distributions for obvious reason. Rather than automatic package dependency resolution, it needs building to work with each package that you choose to install.

It doesn’t half teach you about Linux though.

3dpixel.net has been running RPM based, CentOS for several years. Mainly because of the compatibility with the Plesk control panel. Plesk is rpm based and has no source package installation.

We’ve decided now to switch to a self-built slackware based control panel for two reasons.

1. Plesk costs an absolute fortune and is perpetual. We’re leasing this software and so are our customers.
2. We’ve discovered a few major bugs in the plesk control panel that we won’t share here, but plesk are not forthcoming with any fixes. As they lock down their control panel we cannot effectively close these holes without major software edits.

I’ll post some in-development blog posts over the coming weeks on our experiences on building a source based control panel.

Our customers, prepare for an upgrade you won’t believe!

All customers of BT retail or BT business who currently use our SMTP services are advised to change their outgoing email server to BT’s own system.

BT themselves add a positive RBL (blacklist) spam score (i.e. more spam) to all BT customers who do not use their own BT outgoing mail servers despite authentication and SSL.

Please reference: http://www.spamhaus.org/pbl/query/PBL231592

We find this situation quite disturbing considering BT only offer plain SMTP authentication and not SSL as we do, nor do they offer domainkey or SPF validation for your domain.