I Give Up.

‘I give up’ is not a phrase you will hear from me all that often. But I just can’t take any more. Novell has me at my wits end. I can’t believe people use this with any sort reliability.

Throughout my months of toying with it I have issues and stopping blocks with each and every component. Some servers require many, many components to effectively work.

Here’s a brief run down of just a couple of the annoyances:

Updates and patches come rapid fire (about two per day) and often leave the system broken. I have had them cause dependency issues each time I have applied them. This will do crazy stuff from switching the physical network card that eth0-2 are assigned or out right breaking NSS. In fact, every update I have run broke NSS. You just can’t have that in a production environment. Technically you could script an auto-updater, however, per Novell support “Automating the updates might have its own risks […] because of that, rug doesn’t have a –force option the way RPM does.”

Things that should be done by installers must be done manually. A great example of this is having to manually enable remote administration of a GroupWise server. For example, you need to share out /usr/local/gw using samba. But first you have to install and configure samba. That’s essentially all the docs say on the subject is to ‘install samba’. Not ‘Download package X, install it using command Y, tweak this directive in X.conf, and so on’. So I installed Samba from source. After struggling to get it integrated into the eDirectory I discover Novell-Samba. Who knew, they just said ‘Install samba’.
The install process for the OS and packages drives me insane! The OES cd set consists of 10 CDs. During the initial install you are asked to supply almost all 10 CDs in varying order and you have to re-insert a number of them multiple times. It also asks for the Suse Core 2 CD2 and 3. Which end up being the Suse Linux Enterprise Server disk 3 and 4. I figured that out just out of desperation and feeding it random CDs.

The documentation is lacking. It assumes that all Novell customers are intimately familiar with Novell terminology and technology (see previously mentioned GroupWise/samba example).

GroupWise acts as an open relay by default and no settings changes will help that. Users hate the GroupWise client, the outlook plug-in makes Outlook buggy and slow. The cross platform GroupWise client (Linux and Mac) is really bad. The only way to remedy this is to purchase an expensive third party app

I purchased the only (at the time) official Novell Press book for Open Enterprise entitled “Open Enterprise Server, Administrators Handbook, Suse Linux Edition”. Being the only official book I assumed it would be comprehensive and cover anything and everything relating to OES. What I found was that it is entirely based on a pre-release version of OES and a large number of important things have changed since it was published. In fact, a couple of things the book tells you to do regarding updates will break an otherwise happy server.

Overall I would just Novell to hammer all these things out, test thoroughly and make the docs useful. Don’t assume everyone using the product is a 15 year Novell-Netware veteran.

GroupWise Open Relay Crap

I started testing my GroupWise 7 server and found that I received a bounce back while trying to send to domains that block mail from servers in the ORDB (Open Relay DataBase).

Upon receiving this, one Saturday, I sent out a quick email scolding my tech who set up the gwia (GroupWise internet agent) and drove into work to fix it. I pulled up the area in ConsoleOne that contains the relay information and found a check in the box that reads “disable open relay”. Hmmm, you can’t get much clearer than that.

I quickly whipped up a web app that will attempt to relay mail off the server. No luck. So I went into my office and submitted the IP to ordb.org again for re-scan.

I was assuming that it was scanned while it was initially being set up, and that they had caught it in an open relay state.

A while later I received an email stating that it is still blocked by ORDB, because they still think its an open relay.

Puzzled I hit ordb.org faq to come with this…

My Novell GroupWise is not an open relay!

We’re sorry to say that it is. We are aware that GroupWise does not filter until after receiving the mail, but our test-method requires that at least one of our probes be delivered to its final destination before addition to the database occurs. Your server will not be added to the database just because it accepts the probe for later processing. Please see the section on securing your open relay for information on the latest patches for GroupWise. Additionally, please refer to this link for information about claims that ORDBs way of testing is flawed, when testing GroupWise and friends.
Additionally, a user has provided information that at least Groupwise6 (and possibly Groupwise5.x as well) may be vulnerable to various relaying exploits unless sufficiently patched. The patch you need to download is called fgwia63a.exe, and is so far only provided as a beta quality patch by Novell.

So, that wasn’t very helpful. I am running GroupWise 7 so that fits the “at least Groupwise6” requirement and I am running it on Suse Linux Enterprise Server so its safe to say that an exe patch isn’t going to work.

I could ask Novell about it, but support requests cost $500/, purchased in minimum quantities of 5.

On a number of forums I heard talk of a mysterios patch, but was unable to find any mention of it on the novell download site. I also read that Novell acknowledges that its a stupid way to handle relay attempts and that it would be fixed in GW6. Well, I’m on 7 and its not fixed.

The best ways I came up with to fix this are to use a incoming/outgoing relay host. Something free like exim or postfix. This also provides you with the ability to run antivirus and antispam on this host. Set up GroupWise to allow incoming and force outgoing relays through this host.

Or you can do what I did; purchase a Barracuda 300 from barracuda networks and use the same configuration as above.

My barracuda has gone through its initial testing very well and I’m quite fond of the web interface.

But its also very sad that GroupWise forces admins to do something like this. Its almost as if they intentionaly included this inadequacy in the hopes that you will have no choice, but to go to one of their channel partners for a fix… and spend more money.