Ubuntu 9.04 (jaunty) on a soekris net-4801

Introduction

For a couple of years I've been running FreeBSD on a Soekris Net-4801 and it has served me very well indeed: 256MB of ram and a 266MHz Geode processor doesn't seem like much but were actually quite sufficient to run a mailserver, a nameserver and a webserver. However, time has come to upgrade some of the packages (apache was still a 1.3 version) and because using Ubuntu has been a very positive experience so far I decided to install a minimal Ubuntu on the Soekris as well. These pages document almost everything I have done to get it running and it turned out to be surprisingly easy. On the way I point out some relevant issues about tuning and I intend to show some performance measurements as well. Where relevant, links to external documentation are provided as well.

Please remember that none of this is rocket science, but some experience with Unix, preferably some version of Linux, is neccessary. Also, installing a new operating system on a soekris is a screwdriver job, so elementary precautions for working with electronics should be taken. Like any intricate job, things might screw up, you might for instance screw up your soekris. Now I consider that very unlikely but you have been warned and although great care has gone into checking this document I accept no responsibilty nor liability for anything that might go wrong.

Credit where credit is due: quite a number of the initial steps for configuring (an older version of) Ubuntu were already documented here and here (that last one is in Indonesian, but configuration examples are quite understandable). I took those as a starting point add added the specifics for Ubuntu 9.04 and all the additional packages.

Usecase

We will be building quite a multitalented server: Not only will it be serving web pages but it will be a nameserver for several domains as well and it will process mail. There will be local mailboxes accessible with pop3 and imap from internal networks and webmail for access from elsewhere. And since spam was one of the greater annoyances we'll be installing some antispam measures as well. This all boils down to the following list of software (between parentheses the name of the Ubuntu package):

ssh server (openssh-server)
We need to be able to access the server in a secure way and openssh has a good track record.
ntpdate (ntpdate)
A server needs accurate logging and therefore a correct time. We are not going for a full ntp server but just run ntpdate every 20 minutes or so.
name server (nsd)
This server is an authorative nameserver for two domains and nsd provides us with a solid implementation and can do dnssec as well. Note that as this is an authorative nameserver only our soekris will depend on another nameserver for it own queries! (our external firewall will provide that service)
mail server (dovecot-postfix)
A complete mailsystem can be tricky to install but the people at Ubuntu have done all the hard work already. Dovecot provides use with a MTA (postfix), a local delivery agent, a pop3 and an IMAP server, the latter two also availble as secure servers. Choosing for postfix makes it very simple to integrate anti-spam measures as well.
http(s) server (apache2-mpm-prefork)
We host three virtual webservers and have a long and healthy relationship with Apache. We choose the latest and greatest (version 2.2) but stay with a simple and stable preforking variant.
database (mysql-server-5.1)
Some of my users like to have a database available on the webserver and MySQL is a conservative choice. It will be used by our anti spam software as well.
webstatistics (awstats)
I have been using Awstats for more than five years now and I like it.
webmail package (prayer)
There aren't that many good webmail packages provided by Ubuntu but this one promisses to be a fairly lightweight, all C implementation that runs on its own rather than as a component of another webserver. We'll give it a try ... but I can't get it to work: it keeps complaining about self signed certifcates. Out!
webmail package (squirrelmail)
Not exactly lightweight but at least it does the job and has a nice, user configurable interface.
pop or imap server (dovecot-postfix)
These are bundled already in the dovecot package, so that'll save us work.
antispam (postfix-policyd)
This package integrates seamlessly with postfix and implements greylisting. I am not sure this will be sufficient but we will see. We do not install any virusscanning solution since we have integrated security solutions on all our PCs, but we might install clamav later.
python (python2.6)
A personal wish since I want to implement some services and I am quite proficient in Python. Since we don't want to burden our server with more than one implementation, we stay with 2.6 and don't install 3.x as well.
some form of backup
I will be using a automated script that uses scp to transfer data. This is not covered here.
We'll be installing some additional utilities as well but the above pretty much illustrates the main purpose of the server. All of these packages will fit easily on a 4GB CF-card, actually they will fit in 1 GB root partition without a problem. The score after installing all packages:
Filesystem1K-blocks Used Available Use% Mounted on
/dev/sda1969288 487540 432512 53% /
/dev/sda2969792 284124 636404 31% /var
/dev/sda31745192 528844 1127696 32% /home
The rest (about 200M) is present as swap on /dev/sda4

The workflow

Now we know what we we'll be installing, it is time for the how:

  1. Choose a working platform to prepare the CF-card
  2. Partition the CF-card
  3. Install and configure basic packages
  4. Boot our working platform
  5. Install and configure additional packages
  6. Make the CF-card bootable
  7. Install the CF-card in the Soekris
  8. Boot the Soekris
Each of these steps will be explained in detail in the following sections.

Working Platform

We need something to partition and initialize our CF-card. I happen to own a Samsung NC-10 Netbook but any PC will do as long as it has a intel-i386 compatible processor (since the Geode Processor in the soekris is that as well so we will be able to use the same kernel), some way to read/write a CF-card (we'll be using an usb card reader), a way to boot from a usb stick (to install a Ubuntu Live image without thrashing your current OS), and a serial port to connect to the soekris console. (I use a usb-to-serial converter since the NC-10 doesn't have a serial port).

My netbook is running windows and I want to stay it that way. However we need a Ubuntu platform to initialize our CF-card and windows is a difficult platform to partition CF-cards with non-windows filesystems and furthermore is unable to find a suitable driver for my brandless usb-to-serial connector, even though it uses a very common prolific chip. Needless to say that under Ubuntu everything works out of the box and even the usb-to-serial adaptor is recognized without the need to install anything extra.

The exact platform is the Ubuntu 9.04 netbook remix. Installation instructions for making a bootable usb-stick are on that site as well.

The live remix usb stick is inserted in the right (bootable) usb port of the NC-10. This port is identified as /dev/sdb by Ubuntu, but on your platform it might be different. Booting a live image takes some time, but in the end you will see a simple desktop. We will hardly be using this desktop since most of the work will be done from a simple commandline prompt. (select Accessoires->Terminal on the left of your desktop).

Partitioning the CF-card

The CF-card in inserted in a multicard reader and connected to one of the left usb ports. It is identified as /dev/sdc by Ubuntu and automounted if it contains one or more recognizable filesystems. You can check the /var/log/syslog to check which devicename is selected and use mount to verify if anything is mounted. umount any mounted partitions before you start partitioning. Remember that any content on the CF-card will be permanently overwritten. 

sudo parted /dev/sdc

We'll be creating 4 partitions:

After using partedmy CF-card looks like this: 
ubuntu@ubuntu:~$ sudo fdisk -l /dev/sdc

Disk /dev/sdc: 4034 MB, 4034838528 bytes
16 heads, 63 sectors/track, 7818 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Disk identifier: 0x000dee16

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1               1        1954      984784+  83  Linux
/dev/sdc2            1955        3909      985320   83  Linux
/dev/sdc3            3910        7427     1773072   83  Linux
/dev/sdc4            7428        7818      197064   82  Linux swap / Solaris

Next, we initialize neccessary filesystems. Note that we use ext2 (no need for journaling, look here for some arguments. 

sudo mke2fs /dev/sdc1
sudo mke2fs /dev/sdc2
sudo mke2fs /dev/sdc3

Installing basic packages

mount partitions in target filesystem 

ubuntu@ubuntu:~$ sudo mkdir /mnt/target
ubuntu@ubuntu:~$ sudo mount /dev/sdc1 /mnt/target
ubuntu@ubuntu:~$ sudo mkdir /mnt/target/var
ubuntu@ubuntu:~$ sudo mount /dev/sdc2 /mnt/target/var
ubuntu@ubuntu:~$ sudo mkdir /mnt/target/home
ubuntu@ubuntu:~$ sudo mount /dev/sdc3 /mnt/target/home
get debootstrap and install a minimal jaunty from ftp 
sudo apt-get install debootstrap

ubuntu@ubuntu:~$ sudo debootstrap --arch i386 jaunty /mnt/target ftp://ftp.ubuntu.com/ubuntu
At this point we have installed a minimal Ubuntu. From now on we can work from within this new installation but we have yet some preparations to make before we can boot this minimal Ubuntu.

Chroot to or new directory tree: 
sudo chroot /mnt/target /bin/bash
Edit fstab. Note that some Linux on soekris recipes always talk about /dev/hda as the first drive but this is probably only the case if you equip the soekris with a hard disk. The CF-card is recognized as /dev/sda. 
editor /etc/fstab
# note we expect the cf-card as /dev/sda on the soekris, but in a usb cardreader
# on the nc10 it will be /dev/sdb  Now / will be mounted by grub, so that will work
# but /var and /home will fail to mount
------------------------------------------------------------------------
# file system   mount point     type    options                dump    pass
/dev/sda1       /               ext2    noatime                0       0
/dev/sda2       /var            ext2    noatime                0       0
/dev/sda3       /home           ext2    noatime                0       0
/dev/sda4       none            swap    sw                     0       0
tmpfs           /tmp            tmpfs   size=128m,mode=1777    0       0
proc            /proc           proc    defaults               0       0
sys             /sys            sysfs   defaults               0       0
------------------------------------------------------------------------
Next we mount some special filesystems within our chrootes tree, initialize a swap partition (outside the chroot) and get back in again: 
mount /proc
mount /sys

exit
sudo mkswap /dev/sdc4
sudo chroot /mnt/target /bin/bash
To configure networking we have to define an interface. Again, in older recipes it is stated that the first ethernet interface on the soekris will be recognized as eth0 but on my 3 interface soekris the first one will be recognized as eth1. We won't configure the other interfaces. 
editor /etc/network/interfaces

auto lo
iface lo inet loopback
iface eth1 inet static
address 172.16.12.200
netmask 255.255.255.0
gateway 172.16.12.2
auto eth1

echo misspiggy > /etc/hostname
adduser michel
echo 'michel ALL=(ALL) ALL' >> /etc/sudoers
chmod 0440 /etc/sudoers

editor /etc/resolv.conf
domain swineworld.org
search swineworld.org
nameserver 172.16.12.2
Now on the soekris there may or may be not a wireless interface present but on the NC-10 there certainly is and it would be very convenient if we could use that after we boot the CF-card on the soekris to test and finalize our configuration. 
apt-get install wireless-tools
apt-get install wpasupplicant
root@ubuntu:/# cp /usr/share/doc/wpasupplicant/examples/wpa-psk-tkip.conf /etc/wpa_supplicant.conf
vi !$
chmod o-r /etc/wpa_supplicant.conf

editor /etc/event.d/ttyS0
----------------------------------------
start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5

stop on runlevel 0
stop on runlevel 1
stop on runlevel 6

respawn
exec /sbin/getty -L ttyS0 9600 vt102
-----------------------------------------

vi /etc/initramfs-tools/modules
-----------------------------------------
# List of modules that you want to include in your initramfs.
#
# Syntax:  module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod
# usb -storage is needed to boot from cf-card in usb reader it is not
# strictly needed for the soekris.
ext2
ide_generic
usb-storage
------------------------------------------
update-initramfs -u
Get the latest kernel and bootloader 
apt-get update
apt-get install linux-image-generic grub memtest86+

mkdir -p /boot/grub
cp /usr/lib/grub/i386-pc/* /boot/grub
editor /boot/grub/menu.lst
----------------------------------------------
default         0
timeout         5

serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=5  serial console

title           Ubuntu, kernel 2.6.28-11-generic
root            (hd0,0)
kernel          /boot/vmlinuz-2.6.28-11-generic root=/dev/hda1 ro console=tty0 console=ttyS0,9600n8
initrd          /boot/initrd.img-2.6.28-11-generic
quiet
savedefault

title           Ubuntu, memtest86+
root            (hd0,0)
kernel          /boot/memtest86+.bin console=tty0 console=ttyS0,9600n8
quiet
-----------------------------------------------
ALTERNATIVE FOR DUALPURPOSE soekris and nc10 boot: 
editor /boot/grub/menu.lst
-----------------------------------------------
default         saved
timeout         60

serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1
terminal --timeout=5  serial console

title           NC10 Ubuntu, kernel 2.6.28-11-generic
root            (hd0,0)
kernel          /boot/vmlinuz-2.6.28-11-generic root=/dev/hda1 ro console=tty0 console=ttyS0,9600n8
initrd          /boot/initrd.img-2.6.28-11-generic
quiet
savedefault

title           SOEKRIS Ubuntu, kernel 2.6.28-11-generic
root            (hd0,0)
kernel          /boot/vmlinuz-2.6.28-11-generic root=/dev/sdb1 ro console=tty0
initrd          /boot/initrd.img-2.6.28-11-generic
quiet
savedefault

title           Ubuntu, memtest86+
root            (hd0,0)
kernel          /boot/memtest86+.bin console=tty0 console=ttyS0,9600n8
quiet
------------------------------------------------
Run this from outside the chroot() 
exit
grub
grub>
find (hd0,0)/boot/grub/menu.lst
find (hd1,0)/boot/grub/menu.lst
...
cat (hd1,0)/boot/grub/menu.lst
# verify it really is the correct menu list (especially when having more than 1 grub disk )
setup (hd1) (hd1,0)
-----------------------
Chroot again and add any additionial users (you can do this later as well) 
sudo chroot /mnt/target /bin/bash
adduser clementine (w. my password)
adduser sjaak (w. his old pw)
Not essential but very convenient: add manpages and tools to read them: 
apt-get install manpages
apt-get install mandb

Booting the CF-card on the NC-10

Power down the NC-10 and transfer the cardreader from the left usb port to the right port (my NC-10 refuses to boot from the left usb ports). You should now be able to boot if you made a dual purpose menu.lst. If this doesn't work, go back to where you configured grub and rename menu.lst to menu.lst1 and redo the steps to write the bootloader. With the menu file missing you will be able to boot manually and (if you want) to boot the NC-10 with less memory than it really has to simulate the rather spartan conditions on the soekris: 

#in the boot menu (after switching the power on):
grub> root (hd0,0)
grub> kernel /boot/vmlinuz-2.68-11-generic root=/dev/sdb1 mem=256m
grub> initrd /boot/initrd-2.68-11-generic
grub> boot
Again, filenames of kernel and ramdisk image may be slightly different but you can type TAB after the first couple of characters and grub will expand the filename for you.

If everything went well, you will boot and you will be presented with a login prompt. Login and start installing additional packages.

Additional packages

As mentioned before, we could hookup our ethernet port on the NC-10 but I like to work wireless. Therefore we have to start wpa_supplicant to connect to our wireless accesspoint and next use dhclient to get an ip-adress and configure routes and resolver for us: 

sudo wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
sudo dhclient wlan0

Now the real work starts, so we quit using sudo and become root more permanently: 

sudo /bin/bash

Next we install ssh and sshserver (and configure them to run: the installer asks all kinds of things and configures sshserver for you): 

apt-get install ssh
Note that the sshserver is configured to authenticate people by password. This might not be secure enough for yor needs e.g. you might want to use client certicates, but that is out of scope for this document.

Net we get lynx ad a convenient and lightweight text-only browser that we can use to check things on the web: 

apt-get install lynx

I think it is crucial for a server to have the correct time e.g. to be able to correlate server logfiles so we can't trust the clock of the soekris to be accurate till inifinity. (see here for some additional info. So we set the time and our timezone and get cron (and logrotate now we're at it). We configure cron to execute ntpdate twice per hour. Note that it is a good thing to have a pool of reliable timeservers at your disposal so check ntp.org to help you choose. 

ntpdate 0.europe.pool.ntp.org
dpkg-reconfigure tzdata
# get cron daemon TODO remove cron cruft in /etc/cron/daily
apt-get install cron
apt-get install logrotate
# add frequent ntpdate syncs (that log to /var/log/syslog)
vi /etc/crontab
1,31 * * * * root /usr/sbin/ntpdate -s 0.europe.pool.ntp.org

Now we start downloading some pretty hefty packages so it is a good time to change apt to get regular and universe stuff from a fast local mirror: 

vi /etc/apt/sources.list
## main
deb http://ftp.telfort.nl/ubuntu/ jaunty main restricted
deb-src http://ftp.telfort.nl/ubuntu/ jaunty main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://ftp.telfort.nl/ubuntu/ jaunty-updates main restricted
deb-src http://ftp.telfort.nl/ubuntu/ jaunty-updates main restricted
## universe
deb http://ftp.telfort.nl/ubuntu/ jaunty universe
deb-src http://ftp.telfort.nl/ubuntu/ jaunty universe
deb http://ftp.telfort.nl/ubuntu/ jaunty-updates universe
deb-src http://ftp.telfort.nl/ubuntu/ jaunty-updates universe
## multiverse
deb http://ftp.telfort.nl/ubuntu/ jaunty multiverse
deb-src http://ftp.telfort.nl/ubuntu/ jaunty multiverse
deb http://ftp.telfort.nl/ubuntu/ jaunty-updates multiverse
deb-src http://ftp.telfort.nl/ubuntu/ jaunty-updates multiverse
## don't forget this after editing
## sudo apt-get update

Lets get an editor that's a little bit easier than vi: 

apt-get install joe
joe is a simple to use editor with a lot of functionality without all the quirks of vi (I say that without shame although I am a Unix veteran :-)

Next get a solid nameserver implementation (authorative only) 

apt-get install nsd3
and some essential tools we might need to troubleshoot: 
apt-get install traceroute
We need dig if we want to set / test our dns 
apt-get install dnsutils

Configuring a nameserver is of course completely site specific, however, I still include the relevant parts of the configuration process in nsd as an example. I won't go into details on the zonefiles though, since I have already working domains, I simply get those zonefiles via nsd from the current nameservers (I simply ask the firewall, 192.168.12.77 is this case): 
 
cd /etc/nsd3
mkdir zonefiles
cd zonefiles/
nsd-xfer -z clementine.nl -f clementine.nl.zone 192.168.12.77
nsd-xfer -z swineworld.org -f swineworld.org.zone 192.168.12.77

cd /etc
ln -s nsd3 nsd
cd nsd
vi nsd.conf
------------------------------------------------
# nsd.conf , new version for ubuntu on misspiggy

# options for the nsd server
server:
	database: "/var/lib/nsd3/nsd.db"
	zonesdir: "/etc/nsd3/zonefiles"


zone:
	name: "clementine.nl."
	zonefile: "clementine.nl.zone"
	provide-xfr: 0.0.0.0/0 NOKEY

zone:
	name: "swineworld.org."
	zonefile: "swineworld.org.zone"
	provide-xfr: 0.0.0.0/0 NOKEY
------------------------------------------------

/etc/init.d/nsd3 stop
/etc/init.d/nsd3 start

Next stop: mail. A complete mailsystem consists a quite a number of components that are all interdependent. Luckily all the hard work is already done for us and the result is called the dovecot package. That'll give us both Mail Transfer capabilities in the form of postfix and access to mailboxes via pop3 or IMAP. We get telnet as well s we can test our system by directly talking to the mailservers on their respective ports. 

apt-get install dovecot-postfix
apt-get install telnet

Actually configuring mail domains is of course very site specific but an example might be helpfull. We run two maildomains here and a couple of users have special aliases. Note that I have changed the domain-names to example.org and example.com not because they are secret but to prevent harvesting of mailadresses: 

cat /etc/aliases
# See man 5 aliases for format / run newaliases after editing
postmaster:    root
moi:	clementine


cat /etc/postfix/virtual
moi@example.org				clementine

cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = swineworld.org, localhost, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8, 192.168.12.0/24, 192.168.14.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom

virtual_alias_maps = hash:/etc/postfix/virtual
===============================================

postmap hash:/etc/postfix/virtual

/etc/init.d/postfix stop
/etc/init.d/postfix start

A little bit less spam would be nice and we are gonna try greylisting: 

apt-get install postfix-policyd
Getting this package gets you MySQL as well and configures it for you. This works fine, but out of the box it comes with the InnoDB engine enabled and this takes up a lot of memory. Luckily the greylisting database uses the MyISAM engine, so we can simple turn InnoDB off: Just uncomment skip-innodb in my.cnf and restart mysql: 
joe /etc/mysql/my.cnf
/etc/init.d/mysql restart

Next we install apache2.2. It's preforking variant starts default with quite a number of server instances so it's better to configure it to just a couple of preforked instances for our very low trafic sites. This is left a an excercise for the reader. (Hint, see /etc/apache2/apache2.conf) 

apt-get install apache2-mpm-prefork

We also want awstats. Now unfortunately, contrary to all other packages so far you need to do quite a bit of work to get this going especially if you do not want interactive updates (since they can criple the server performance) and if you want some virtual servers with their own statistics. We won't go into that here, but just getting the package is simple: 

apt-get install awstats

Finally we get Python. Somewhere along the line we already picked up a full python 2.6.2 so we don't have to install it seperately! (I haven't paid enough attention which package had python a prerequisite)

Make the CF-card bootable

You can either rename /boot/grub/menu.lst1 to /boot/grub/menu.lst again en setub grub again, or leave it as it is and boot the soekris by hand.

Install the CF-card in the Soekris

Use a screwdriver and common sense to fit the CF-card into the soekris.

Boot the Soekris

Power up the soekris and everything should work :-) . Of course there might be trouble and if you are booting by hand you'll need access to the console of the soekris. Now here is were all talk about usb-to-serial converters at the beginning of this document comes in: I boot the NC-10 again with the Ubuntu memory stick, install picocom (a terminal emulator) and insert the usb-to-serial cable an hook it up to the soekris via a null modem cable. If you have a serial port you won't need the converter, but the null modem cable is still essential since we're connecting two computers here, rather than a computer and a peripheral.

Performance

After a couple of days it is possible to show a representative graph of the cpu load and the use of memory. Of course our websites don't see heavy trafic (a thousand unique visitors/month, i.e. maybe thousand pagehits a day for the websites and mainly spam as incoming mail (about 500 to 600 mails a day) but it is cleat that our humble soekris has plenty to spare: graph of daily cpu load. Actually the only part that is disappointing a bit performance wise is squirrelmail. Showing the inbox after initial login takes about seven seconds. It is not clear at the moment where this time is spent however since connecting to the IMAP server 'by hand' or via outlook is quite fast. It seems that either PHP or maybe the Perl backend incurs quite some overhead.

If you wonder by the way what causes the distinct rythm in the the cpu load, this is caused by mrtg in updating the graphs. The large peak around six o clock is awstats and broader and lower one between eight and nine is a backupprocess.

Considering memory use it is clear that 256MB is plenty even when running mysql and apache. The installation consumes about 70MB and the rest is mainly used as (disk)buffers (but counted as available in the graph since it may be claimed by processes). Swap is not used at all.

graph of daily memory use

Sections