Keeping the system time precise using NTP
Published on 2009-03-15. Modified on 2016-07-26.
This tutorial describes how you can keep the system time precise using a NTP server.
Keeping the correct system time is important when you are trying to figure out problems. If you are maintaining a mail server and you need to go beyond the boundaries of your system to work out mail problems with other postmasters, a correct timestamp might be exactly what you need to link actions on your mail server with actions on foreign servers. NTP is a great and easy way to do just that.
Several NTP servers exists for Linux, but my favorite is OpenNTPD from OpenBSD.
The goals with OpenNTPD is to be as secure as possible. This is done by coding carefully, do strict validity checks especially in the network input path, and use bounded buffer operations. Use privilege separation to mitigate the effects of possible security bugs.
On Devuan GNU/Linux you can install OpenNTPD by issuing the command:
# apt-get install openntpd
When you have installed it, you should ensure that you get the best time you can. The best way to do that is to locate a NTP pool in your country.
Read the How do I use pool.ntp.org?
If you are setting up your NTP server in Denmark for example, you can setup your
/etc/ntp.conf to use the following pool:
server 0.dk.pool.ntp.org server 1.dk.pool.ntp.org server 2.dk.pool.ntp.org server 3.dk.pool.ntp.org
Once the pool is setup you need to restart the NTP server:
# /etc/init.d/openntpd restart
The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.
If you want to view a status report on the servers in your pool, you can loop up the pool of your country at the address: http://www.pool.ntp.org/zone/dk, this is the pool for Denmark, you need to change the "dk" part with the letters for your country.
Warning! If you are running Dovecot then you need to know that Dovecot isn't very forgiving if your system's time moves backwards. It will kill itself.
If that happens you might find this in your log:
Jan 12 11:12:24 mybox dovecot: Time just moved backwards by 279 seconds. This might cause a lot of problems, so I'll just kill myself now. http://wiki.dovecot.org/TimeMovedBackwards
In the Dovecot Wiki it states: Use ntpd. It periodically checks the current time from NTP server and slows down or speeds up the clock if necessary. Unlike ntpdate, it doesn't just move the time forwards or backwards (unless the difference is large).
Make sure you monitor this condition. Normally it is not a problem with ntp, but it might be the first time it is run. If the problem persists, maybe due to a bad network connection, I suggest that you create a script in a cronjob that will monitor if Dovecot is up and running.
If you have any comments or corrections please feel free to email them to me. Also, if you found this content useful consider supporting me on Patreon