Wow, another MIPS running Windows NT appears in the wild!
This is a great tear down, and look at a MIPS desktop from back in the day, sold to run Windows NT. Â It’s hardware shares a lot from PC’s of the era, from the AT keyboard, serial mouse, ISA slots, with a VL S3 video card. Â One day I hope to get a MIPS NT machine, although they are incredibly rare to find.
Stylized logo!
Every so often, I’ll get either emails or messages from various people wanting to run their own exchange server setup in a similar method that I have setup, except that they are lacking either Windows NT Server discs, or even the Exchange server disc. Â I always end up pointing people to eBay, although contrary to the last few years, prices of old Exchange Server have gotten expensive. Â However there is a different SKU, and way to get them both, plus a lot more, enter the late 1990’s server craze of product consolidation, Microsoft Back office.
Back Office media kit
In all version 4.5 comes on 7 CD’s containing:
Before server virtualization took off, the trend for small branch offices and small organizations was to get a single server and try to run everything all at once. Â Of course this leads to an incredible amount of inter-tangled dependencies, and possible collisions when involving 3rd party software, along with possible performance issues for stacking so much onto one box. Â How times have changed! Â Where today we may run all the same services on a single physical box, however with each server component getting its own VM, it lends to far better stability as you don’t have so many applications with possible DLL/system versioning issues, and better resource management as you can easily prioritize VM’s or even suspended ones that are infrequently needed. Â Having lived through it, there was nothing like having a needed service pack for one issue on one component, which then broke something else. Â Needless to say this is why we have virtualization, and things like docker to deal with DLL hell.
CD’s
There is no real difference between these Back office versions of the server apps, which is why I would recommend this over a standalone package as you get so much more.
SMTP along with POP and IMAP, are largely unchanged. Â While Outlook 2016 may not support Exchange 5.5 directly, you can configure it as an IMAP server, and connect just fine. Â I’d highly recommend something like stunnel to wrap it with modern encryption, something that Windows NT 4.0 is lacking. Â Combined with an external relay to do “modern” features like DKIM, spam filtering and obscuring your server’s direct connection on the internet, there is nothing wrong with using it as a backed, even in 2017.
SQL 7 is the first version in the “rewrite” of Sybase SQL, supporting the new client libraries, which .Net 4.5 on Windows 10 can still happily connect to, unlike SQL 6.5 and below. Â I use it occasionally to quickly prototype stuff as needed or load up datasets to transform them. Â I also like the SQL scheduler to do jobs in steps, as it can catch error codes, and you can setup elaborate processes.
I can’t imagine having a use for SNA Server anymore as IBM had shifted all their mainframes from SNA, to TCP/IP. Â I would imagine with a current software contract that is what people would be using, but somehow I’d like to imagine some large organization still using 3270’s on people’s desks, and a SNA gateway to bring sessions to people’s desks. Â But that is highly unlikely. Â Back in the day COM/TI was a big deal to take COBOL transactions and package them up as Microsoft COM objects to later be called either directly, or middleware via DCOM. Â Although who knows, when it comes to legacy stuff, Im sure somewhere has type 1 token ring MAU’s, and SDLC links.
Packages like Back Office is what basically pushed out Novel from the market as they didn’t develop their own solutions in time, and deploying server software to Novel Netware proved to not only be very precarious, but along with it’s single application process space, proved to be extremely unreliable. Â Not to mention that older protocol companies like DEC, IBM or Novel were entrenched in their own proprietary network stacks, and TCP/IP was frequently seen as something to be purchased separately both for the OS, and the application. Â Microsoft certainly did the right thing by having a free TCP/IP for Windows for Workgroups, and including it in Windows NT, and Windows 95.
As always the option Pack for Windows NT 4.0 nearly brings it up to the functional level of Windows 2000, and is a great way to build that virtual corporation for testing.
Long before websites, during the dark ages of the BBS, on the internet there was (well it’s still there!) a distributed messaging system called usenet. Â There are countless topics on just about everything that was full of all kinds of incredible conversations. Â Before the walled gardens, and the ease of running individual bulletin boards, the internet had prided itself on having one big global distributed messaging system. Â It was a big system, and one thing that was always taken for granted was that it was too big to save, and that whatever you put out there would probably be erased as all sites had a finite amount of very expensive disk space, and they would only keep recent articles.
But it turns out that in the University of Toronto, in the zoology department they had a tape budget, and were in fact archiving everything they could.  In all they had amassed 141 tapes spanning from February 1981 (though these are not Usenet posts, just internal netnews University stuff) all the way up to about midnight of July 01, 1991!
While the archive was made available to a few people in 2001, it was made generally available in 2009, and then in 2011 on archive.org where I downloaded a copy of it. Â There is some interesting backstory over on Dogcow land, as it took quite a bit of effort to get the data from the tapes, and then slowly released out into the wild.
As mentioned on the archive.org site:
This is a collection of .TGZ files of very early USENET posted data provided by a number of driven and brave individuals, including David Wiseman, Henry Spencer, Lance Bailey, Bruce Jones, Bob Webber, Brewster Kahle, and Sue Thielen.
OK, so back a few months ago, I had setup AltaVista personal desktop search along with the UTZOO usenet archive for the purpose of using something more sophisticated than grep, but maintaining that legacy/retro feel us using outdated technology. Â To recap the first challenge is that the desktop search product, is only meant to be used from the desktop of a Windows 98/NT 4.0 workstation. Â It uses a super ancient version of JAVA as the webserver, and they chose to bind it to 127.0.0.1:6688 . Â So the first thing to get around that was to build a stunnel tunnel allowing me to effectively connect to the webserver remotely. Â And since the server assumes it’s locally I had to use Apache with mod_rewrite to setup some simple regex expressions to massage the pages into something that would be usable from a non local machine.
So with that word salad up, let’s have a brief picture!
Flow diagram
On my ‘general’ hosting machine, I use haproxy to reverse proxy out multiple sites out the single address. Â This is a super simple solution that allows me to have all kinds of different backends using various hosting platforms, such as Apache 1.3 on Windows NT 3.1. Â So for this to work I just needed to create an altavista.superglobalmegacorp.com DNS record, and then the following in the haproxy config:
frontend named-hosts
bind 172.86.179.14:80
acl is_altavista hdr_end(host) -i altavista.superglobalmegacorp.com
use_backend altavista if is_altavista
backend altavista
balance roundrobin
option httpclose
option forwardfor
server debian8 10.0.0.18:80 check maxconn 10
So as you can see it’s really simple it looks for the string ‘altavista.superglobalmegacorp.com’ in the host header, and then sends it to the backend that has a single web server, in this case a lone Debian server, aptly named debian8 that throttles after 10 concurrent connections.
The next thing to do was generate a SSL self signed cert, which wasn’t too hard. Â The stunnel installer has a profile ready to go, so it was only a matter of finding a version of OpenSSL that’ll run on NT 4. Â As this isn’t public encryption I really don’t care about it using crap certs.
On the Debian server is where all the regex magic, is along with the stunnel client to connect to the NT 4.0 Workstation.
client = yes
debug = 0
cert = /etc/stunnel/stunnel.pem
[altavista]
accept = 127.0.0.1:8080
connect = 10.0.0.19:8443
Likewise on NT stunnel will need a config like this:
cert = c:\stunnel\stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 0
output = c:\stunnel\stunnel.log.txt
[altavista]
accept = 8443
connect = 127.0.0.1:6688
With the ability for the Debian box to talk to the AltaVista web server, it was now time to configure Apache. Â This is the most involved part, as the html formatting by AltaVista personal search is hard coded into the java binary. Â However thanks to mod_rewrite we can modify the page on the fly! Â So the first thing is that I setup to virtual directories, the first one /altavista maps to the search engine, and then I added /usenet which then talks to IIS 4.0 on the Windows NT 4.0 workstation, which is just allowing read & browse to the usenet files that will need to be indexed.
#This part connect to a stunnel connection to the Altavista server
ProxyPass “/altavista” “http://localhost:8080”
ProxyPassReverse “/altavista” “http://localhost:8080”
#This connects to IIS 4.0 on the NT 4.0 machine
ProxyPass “/usenet” “http://10.0.0.19/usenet”
ProxyPassReverse “/usenet” “http://10.0.0.19/usenet”
ProxyRequests Off
RewriteEngine On
Because we mounted it on a sub directory we need to redirect the root to /altavista so I simply add:
#Redirect the root to the /altavista path.
#
RedirectMatch 301 ^/$ /altavista
To get the images to work, along with fixing the 127.0.0.1 hardcoding, Â I copied them from the NT workstation onto the Apache server, then added this regex statement:
#clean up urls
Substitute “s|Copyright 1997|Copyright 2017|n”
Substitute “s|127.0.0.1:6688|altavista.superglobalmegacorp.com/altavista|n”
Substitute “s|file:///c:\Program Files\DIGITAL\AltaVista Search\My Computer\images\|/images/|n”
And now the site is starting to work. Â The most involved regex is to change the links from local text files, into a path to point to the usenet shares. Â This changes the text for u:\usenet\a333\comp\33.txt into a workable URL.
Substitute “s|>u:\\\\usenet.([a-z]{1,}[0-9]{3,})\\\([0-9a-z\+\-]{1,})\\\([0-9]{1,})|—><a href=\”http://utzoo.superglobalmegacorp.com/usenet/$1/$2/$3.txt\”>[$2\] Click for article|“
Naturally there is a LOT of these type of statements to match various depths, and pattern types as there is A news, B news and C news archives, plus scavenged bits.
Additionally I disabled a bunch of URL’s that would either try to alter the way the engine works, or allow the search location to change, just giving you empty results, along with altering some of the branding, as digital.com doesn’t exist anymore, and various tweeks. Â The finished config file for Apache is here.
Now with that in place, I can hit my personal AltaVista search. Â The next insane thing was to rename all the files from the UTZOO dump adding a .txt extension, and then re-encoding them in MS-DOS CR/LF format. Â I found using ‘find -type f’ to find files, and then a simple exec to rename them into a .txt extension. Â Then it was only a matter of using ZIP to compress the archives, and then transferring them to Windows NT, and running UNZIP on them with the -a flag to convert them into CR/LF ASCII files on Windows. Â This took a tremendous amount of time as there are about 2.1Â million files in the archive.
Now with the files on Windows, now I had to run the indexer.
Indexed in under 7 hours!
While I had originally had an IIS 4.0 instance on the same NT 4.0 Workstation serving up the result files, I thought it may make more sense to just serve them from the UTZOO mirror server I have in the same collocation so it’d be much faster, so that way only the queries are relying on servers in Hong Kong, instead of being 100% located in the United States.
So here we go, my search portal for all that ancient usenet goodness:
altavista.superglobalmegacorp.com
If you are hoping for the wealth of knowledge to be gained from people posting on usenet from 1981 to 1991 then this is your ticket. Â Keep in mind that usenet being usenet, there is discussions on everyone and everything, and like all other forums before you know it it’ll end with calling people Hitler, and how the Amiga is the greatest computer ever (well it was!). Â A tip when searching by year, is that people commonly wrote the year as 2 digits. Â However when looking for numbers like, say Battletech 3025, it will pull up files named 3025.txt. Â To prevent this just add -3025.txt to stop names like 3025.txt, or if you want to find out about the movie Bladerunner from 1982, try searching for bladrunner 82 -82.txt +review +movie. Â If you have any questions, there is of course the manual with a guid on how to search.
While the story of AltaVista is somewhat interesting, but much like how Digitial screwed up the Alpha market by trying to hoard high end designs, they also didn’t set the search people free to focus on search. Â And the intranet stuff was crazy expensive, look at this ad from 1996Â which translate to a minimum of $10,000 USD a year to run a single search engine! Â But as we all know, the distributed model of google won search and AltaVista never had a chance as it was caught up in the Compaq/HP mess then spun out to be quickly absorbed by Yahoo.
Meanwhile it appears the original owners of altavista.com, AltaVista Technology, Inc. of California, are actually still in business.  If anyone cares I’ll put the installation files, and some of the config’s in this directory.
From Spain!
I cannot understand why you want this, or why I’m even going to do it. Â At this point in GCC history the winnt-3.5 target had been dumped in favour of going all in with Cygwin. Â So yeah, this does not either clearly configure, or compile. Â But a little bit of mashing files, and I have it at least compiling some assembly that can be translated into an object file that a later version of MinGW can actually compile.
All I’ve built is the gcc driver, the cpp pre-processor, and the cc1 aka C backend.
D:\proj\gcc-3.0.4\gcc>xgcc -c -v hi.c
Using builtin specs.
Configured with:
Thread model: single
gcc version 3.0.4
cc1 -lang-c -v -iprefix ../lib/gcc-lib/i386-winnt35/3.0.4/ -D__GNUC__=3 -D__GNUC_MINOR__=0 -D__GNUC_PATCHLEVEL__=4 -Dunix -DWIN32 -D_WIN32 -DWINNT -D_M_IX86=300 -D_X86_=1 -D__STDC__=0 -DALMOST_STDC -D_MSC_VER=800 -D__stdcall=__attribute__((__stdcall__)) -D__cdecl=__attribute__((__cdecl__)) -D_cdecl=__attribute__((__cdecl__)) -D__unix__ -D__WIN32__ -D_WIN32 -D__WINNT__ -D_M_IX86=300 -D_X86_=1 -D__STDC__=0 -D__ALMOST_STDC__ -D_MSC_VER=800 -D__stdcall=__attribute__((__stdcall__)) -D__cdecl=__attribute__((__cdecl__)) -D__cdecl__=__attribute__((__cdecl__)) -D__unix -D__WIN32 -D__WINNT -D__ALMOST_STDC -D__cdecl=__attribute__((__cdecl__)) -Asystem=unix -Asystem=winnt -D__NO_INLINE__ -D__STDC_HOSTED__=1 -Acpu=i386 -Amachine=i386 -Di386 -D__i386 -D__i386__ -D__tune_i386__ hi.c -quiet -dumpbase hi.c -version -o C:\Users\jason\AppData\Local\Temp\ccpflisr.s
GNU CPP version 3.0.4 (cpplib) (80386, BSD syntax)
GNU C version 3.0.4 (i386-winnt35)
compiled by GNU C version 5.1.0.
ignoring nonexistent directory "../lib/gcc-lib/i386-winnt35/3.0.4/include"
ignoring nonexistent directory "../lib/gcc-lib/i386-winnt35/3.0.4/../../../../i386-winnt35/include"
ignoring nonexistent directory "D:/pcem/building/MinGW/msys/1.0/local/include"
ignoring nonexistent directory "NONE/include"
ignoring nonexistent directory "D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/i386-winnt35/3.0.4/include"
ignoring nonexistent directory "D:/pcem/building/MinGW/msys/1.0/local/lib/gcc-lib/i386-winnt35/3.0.4/../../../../i386-winnt35/include"
ignoring nonexistent directory "/usr/include"
#include "..." search starts here:
End of search list.
hi.c: In function `main':
hi.c:3: warning: return type of `main' is not `int'
as --traditional-format -o hi.o C:\Users\jason\AppData\Local\Temp\ccpflisr.s
D:\proj\gcc-3.0.4\gcc>gcc hi.o -o hi
D:\proj\gcc-3.0.4\gcc>hi
Hello from GCC 3.0.4
So there you go, mysterious internet user! Â Download my source dump with binaries in the tree because I’m lazy.
(This is a guest post from Tenox)
Just stumbled across this: someone has forked Windows NT 4.0 and created an open source version of it. But wait, forked what? Windows source code doesn’t live on Github. Is it ReactOS? No! Upon some digging, it was apparently born from the leaked source code of NT4.0, some W2K bits and 2003 WRK…
Enter NT version 4.5:
More screenshots here: http://www.opennt.net/projects/opennt/wiki/Screenshots
The main project site: http://www.opennt.net/
Looking at activity the project seems to be alive and well. There is some background information and discussion going on BetaArchive for those interested.
I wonder what Microsoft has to say about this 🙂
EDIT* for those from the future, you may be interested in this followup – OpenNT 4.5 revisited, where it’s compiled and run!
In this attempt to get NT 4.0 running on my machine, here is what I did. This holds true for 2008r2, and 2012 along with the Windows 10 preview.
old versions of Windows are not supported, but with a little bit of fun from PowerShell you can get them to work.
First make sure you run PowerShell as Administrator!
PS C:\WINDOWS\system32> get-vm
Name State CPUUsage(%) MemoryAssigned(M) Uptime Status
—- —– ———– —————– —— ——
NT40Â Off 0 0 00:00:00Â Operating normally
Windows 2000(wks) Off 0 0 00:00:00 Operating normally
As you can see here I have two virtual machines. Â Both of them are ‘off’ since there is no memory assigned, nor is there any uptime. Â It’s weird to me how they are “Operating normally’ since they aren’t running but I guess that’s a feature. Â Make sure the VMs are powered off before trying to do this.
Restricting the CPU capabilities was the checkbox to enable in the first version of Hyper-V. Â Now it’s hidden from the user, so you need to enable this in Power Shell.
First let’s check a VM:
PS C:\WINDOWS\system32> Get-VMProcessor NT40 | fl CompatibilityForOlderOperatingSystemsEnabled
CompatibilityForOlderOperatingSystemsEnabled : False
As you can see it’s disabled. Â Now to enable it with:
PS C:\WINDOWS\system32> Set-VMProcessor NT40 -CompatibilityForOlderOperatingSystemsEnabled $true
Now we can verify it’s turned on:
PS C:\WINDOWS\system32> Get-VMProcessor NT40Â | fl CompatibilityForOlderOperatingSystemsEnabled
CompatibilityForOlderOperatingSystemsEnabled : True
And we are good to go.
NT 4.0 Service Pack 6 on Hyper-V / Windows 10 Technical Preview 9879
Now for the networking part, remember to remove the existing network adapter, and add the ‘legacy’ network adapter. Â On my PC there was an additional snag, which is that every time a VM reboots, or is powered on the legacy adapter will receive NO packets. Â Go into the Hyper-V console, and disconnect the legacy adapter, and reconnect it, and network traffic will flow.
And additional note on installing Windows 2000. Â You *MUST* change the HAL uppon instalation. Â By default it’ll detect an ACPI system, but the driver ACPI.SYS will bluescreen the VM. Â Hit F5 when it prompts about storage adapters, and select the ‘STANDARD PC’ HAL from the list.
now, and I figured I should see if I can get it running on NT 4.0…
There was some minor issues with the way it handles for loops, but making them more C89 friendly was trivial.
8086tiny on NT 4.0
You can download my project (source and binary) here. Â The ‘killer’ feature is that it being built with Visual Studio 97 on NT 4, the needed Visual C++ LIBC DLL ought to be in place on anything modern these days.
You can always find the home page for 8086tiny, right here, at megalith.co.uk.  Code is maintained on github.
Building on my ‘has anyone ever used’ this feature of the NT 4.0 option pack‘, I thought it’d be interesting to build a simple MSMQ deployment. Â MSMQ is another technology I never saw deployed, as everyone was instead far more interested in MTS. Â So I thought I’d take a stab at MSMQ.
The only deployment guide I can find is here.
And I have to say, that it looks and feels a *LOT* of what became Active Directory.
So let’s look at a few things through the guide.
Top features of MSMQ are:
Which for 1997 technology sounds pretty great! Â But obviously what is the cost? Â To deploy MSMQ you *NEED* the following:
Optionally you can install for greater redundancy and speed..
As you may guess MSMQ needs a server infrastructure of it’s own. Â I thought for my limited experiment, I would use a simple two site network, comprising of a Windows NT 4.0 PDC, a Windows NT 4.0 BDC and two Windows NT 4.0 workstations.
As MSMQ stores it’s topology database in SQL Server 6.5 service pack 3, I found out the hard way that It will not install correctly with SQL Server 7.  Nor will it work with sp1, and it’ll bomb with 2.  It must be SP3.  I’ve also found it works best with the ‘restricted’ cut down version specifically for MSMQ.  Which is on CD2 of the Enterprise edition of Windows NT 4.0 (I stuck a copy here).  Basically it’s 6.5 slip-streamed to SP3, with no books (don’t’ try to install the books!).  However I found it works best on the PDC, and installing it on a BDC you should set the SQL services to login as local system for the installation, then set them for a domain account.  I also had to change the security model to “Windows NT Integrated”.  I’m not sure if that is 100% a requirement, but the installer demanded it.
Setting SQL’s security to Integrated mode
With that out of the way, I ran setup from the option pack, selecting MSMQ.
Select MSMQ
And the install proceeds as normal installing the base components of IIS 4.0.
Select a MSMQ type
Then we get to decide what kind of Server this Server will become. Â The first server I installed this on was the PDC, so I made it the PEC. Â It installed without any further incident.
I installed the option pack on the BDC, which was located in a different network, and set it up as the PSC. Â I then installed the workstation option pack on both of my workstations making them independent clients, and assigning them to their closest PEC/PSC.
MSMQ Enterprise
As you can see the Enterprise view of MSMQ looks a LOT like the AD Sites and Computers view. Â No doubt MSMQ was on the way to Cairo.. Although I’ve always thought Exchange would have been better served by SQL, having directory services being hosted on SQL would have made life a bit easier for doing backups and restores, making it less of a black box. Â However the prospect of managing all those SQL servers.. I guess there is always trade offs.
MSMQ in action
This is a small ‘demo’ application where MSMQ can pass messages between a shared paintbrush application. Â Very cool stuff. Â And no doubt a missed opportunity to run something fun and subversive. Â Although I was always the network admin so I never had to hide my traffic.
I’ve setup MSMQ in 2000 & 2003 networks, and it is not only far more simpler to deploy, but it relies on Active Directory to figure out it’s topology, and nominated MSMQ servers to forward traffic between sites. Â I’m more surprised that AD doesn’t rely on MSMQ, but rather it seems it uses common technology.
and higher? Â It was part of the Option Pack, and later incorporated into the OS starting with Windows 2000.
I’ve always seen people mistakenly install it, but I don’t think anyone ever really used it, as it cannot feed from other servers, and is really all around inept. Â Then I stumbled onto this post, from 1998, which mentions that you can feed NT’s NNTP with a 3rd party program, and then he gives a simple example written in perl.
Now the program hinges on the NEWNEWS command.  Although I’m sure with a little perl knowhow it could work with the normal user list commands, as it would then need a database of what messages it has already transferred.  I was interested in taking a peek of MS NNTP in action, so I installed a copy of NT 4.0 in Qemu, redirected port 119 (which needs elevated privileges).  The next thing you need is a news server.  Once upon a time netnews was a feature of your ISP, and they would keep local news servers to reduce network loads.  But times have changed, and now Netflix and it’s cache boxes are the bandwidth kings, as people want to turn the internet into VOD.  But whatever.  Finding a news service requires some googling around, and the one I found that is the best deal (free), text groups only (yay!), and it’s online stores go back at least four years is Eternal September. Another contender is Aioe, which doesn’t require a user id.  Since I’m going with eternal september, I had to create a userid, get the password in the mail, and then I was able to do a group listing.
I made a small change to this section of the perl program:
#Open connection to Master and slave
$nntp = Net::NNTP->new($NNTPMASTER, Debug => $opt_debug ? 1 : 0) or die “no connection: $!”;
$nntps = Net::NNTP->new($NNTPSLAVE, Debug => $opt_debug ? 1 : 0) or die “no connection: $!”;
#passwords..?
#$nntp->authinfo($usr,$pw) or die “Could not authenticate $usr”;
$nntp->authinfo(‘myusername’,’automagicpassword’);
This lets me know if there was an error connecting to the servers, and of course inserting in the username/password. Â Since we don’t have the newnews command at hand (I don’t see how to pay for it either..) I just did a simple one line change to grab a whole group. Â Obviously you wouldn’t set this up on cron.
#Uncomment line 2 for an initial feed… after this, run as an “At” job every 24 hrs.
#$new = $nntp->newnews(time – 86400, lc $group);
#$new = $nntp->newnews(time – 31536000, lc $group); #initial feed – 1 YEAR
$new = $nntp->listgroup($group);
if(ref($new) && scalar(@$new))
But if my perl-fu was stronger I’d whip it up, but I suspect it wouldn’t be too hard to have the script maintain what is the last message it’s posted to NT.
Next create the groups on the NT side, and we are ready to run. Â I foolishly tried a massive (well it seemed big) group comp.os.linux.advocacy, and after some 10,000 posts I just aborted it, and set the script to manually updates groups of my choice. Â I remembered an ancient article about writing socket software on Windows, and the small group alt.fan.surak, which I figured would make a better test. Â There is only one article and it’s spam, but what can you expect..
alt.fan.surak
Even better, it worked!
The next step was to run perl directly from NT.  And to make this difficult, not only do I need an obsolete version of perl, but I need one with the optional network modules, specifically Net::NNTP.  This took a bit longer to find, but thankfully Jeffery Baker kept his build around!
There really wasn’t an install program, but rather adding the perl.exe into the path. Â And it works, too!
Perl feeding MS NNTP
So there we go, after all these years, 100’s of option pack installs later, and I’ve finally used it.
Well thanks to my latest outage, I’ve gone back from having an Exchange server in the “cloud” (well really a server I rented), to a Virtual Server at home.
First my ‘plan’ is to get a VPS that I can run OpenVPN on. Â From there I’m going to build a VMÂ at home that will also run OpenVPN, and it will connect to the VPS. Â I will then setup routing, so that the Exchange server can then communicate with the VPS’s internal interface, and the VPS can communicate directly with the exchange server. Â I’ll then configure postfix to store & forward email to the Exchange server. Â This way if the link drops, the VPS will just spool the mail. Â Finally I’ll setup SpamAssasin to filter out the SPAM.
First you will need to have a tun0 interface in your VPS. Â Almost everyone supports this these days so it shouldn’t be too hard… If you cannot get a tun0 interface, perhaps ppp0 with pptp..?
I followed these instructions on setting up OpenVPN on Debian 6. Â Now granted, I’m using Debian 7, but the instructions are pretty much the same. Â Basically you have to setup a CA (Certificate Authority), and then you generate a Server certificate, and a client certificate. Â For my needs, I’m going to issue single certificates for everything(one) that connects into my VPN. Â I also have a network at home that I want routed to the VPS, so this is included (192.168.0.0/24).
A simple server.conf looks like this:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
And a the client configuration I’m using is this:
client
dev tun
proto udp
remote MYHOST MYPORT
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert hong-kong-home.crt
key hong-kong-home.key
ns-cert-type server
comp-lzo
verb 3
In the directory /etc/openvpn/ccd on the server, I have to ensure that I have a file called ‘homefw’ which is the common name of the client certificate. Â It has to contain the following line to ensure that my home network is routed to the VPS.
iroute 192.168.0.0 255.255.255.0
Don’t forget to turn on ip forwarding on both the VPS, and the local ‘tunnel router’. Â For Linux based stuff you need to make sure that “/proc/sys/net/ipv4/ip_forward ” is a 1. Â You can just do a simple “echo 1 > /proc/sys/net/ipv4/ip_forward ” in “/etc/rc.local” or go through your distributions networking documentation to make sure you set it up ‘correctly’.
In OpenBSD I just simply uncomment the following line from /etc/sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
If you don’t have routing in place you’ll notice that you can only ping the tunnel interfaces, but not the IP’s on the LAN. Â While this may be fine for a p2p or client setup it isn’t good enough if you want to route traffic.
I’m running VMWare ESXi 5 at home, and thankfully it does support Windows NT 4.0 Server out of the box. Â I setup a Domain Controller running DNS & WINS. Â The VMWare tools won’t work properly with some service pack (4 I think?) but I went all the way to 6, along with the rollup. Â Until you load the service pack, the network adapter will *NOT* work.
I’m going with Exchange 5.5, so again I installed another NT 4.0 server, service packed it, and joined it with the domain controller. Â Remember to install IIS, and the ASP update, as 5.5 OWA needs asp. Be sure to apply the latest service pack for Exchange, SP4 – in the case of Exchange 5.5 .
Now for routing I could go with dynamic routing, or static routing. Â I chose static as I didn’t want to get too involved for this project, as I needed to get email flowing as quickly as possible.
route add 10.8.0.1 mask 255.255.255.255 192.168.0.49 -p
From Windows NT.
It is imperative no matter what version of Exchange you run, that you turn off the open relay “feature”.  A great step by step guide is available here on msexchange.org .
With the basic routing in place you should be able to talk to the Exchange servers’ SMTP engine. Â You may want to setup either a local DNS and populate the VPS’s source address or put in some host entries for it.
# telnet 192.168.0.55 25
Trying 192.168.0.55…
Connected to 192.168.0.55.
Escape character is ‘^]’.
220 exchange.superglobalmegacorp.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
HELO
250 OK
Now it would be insane to place an Exchange server directly onto the internet. Â Plus when the VPN link is down, it’d be nice to have the VPS store email and forward it when it can. Â So for this task I installed postfix.
For me the big changes in main.cf were:
mydestination = nodedeploy.superglobalmegacorp.com, localhost.superglobalmegacorp.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.8.0.0/24 192.168.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = superglobalmegacorp.com work.com
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = virtuallyfun.com
virtual_alias_maps = hash:/etc/postfix/virtual
This will permit my exchange server to relay out my VPS, and tell postfix that it’s OK to accept email for the various domains I have.
My transport database is very simple. Â For the email accounts I’m using two domains, so I simply instruct postfix to forward emails destined to these domains to the exchange server
superglobalmegacorp.com smtp:192.168.0.55
work.com smtp:192.168.0.55
And for domains I couldn’t be bothered to create mailboxes for, instead I have their email setup to forward to an existing box using a virtual domain in the ‘virtual’ file.
[email protected] [email protected]
[email protected] [email protected]
Now due to the nature of postfix you need to generate database hashes for it to work, so my script to kick this off is:
postmap hash:/etc/postfix/transport
postmap /etc/postfix/virtual
newaliases
postfix reload
Which isn’t too involved once you get the bits in the right place.
Assuming you’ve got your MX records setup on the outside, with any luck you should start seeing some mail flow through. Â If not telnet to port 25 and start talking to your mail server.
One problem I have is that superglobalmegacorp.com is an old domain, and it’s lapsed a few times to different idiots who not only added to the ridiculous spam lists I’m on, but also spammed from it as well. Â So to deal with SPAM, I went ahead and installed spamassassin, as described in this page.
As mentioned adding the two lines to master.cf got it going
smtp inet n – – – – smtpd -o content_filter=spamassassin -o syslog_name=postfix/submission
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
And I did change the spamassasin local.cf
use_razor2 1
use_dcc 1
use_pyzor 1
As I do get a lot of spam.
I don’t think most people will care, but this is more so for me keeping my notes straight. Â So yeah I run Exchange 5.5 at home (which I got on ebay for $25!) with Outlook 2003 on Windows XP x64. Â It works well enough for me.