Edit Rename Changes History Upload Download Back to Top

Anand's Handover Notes

The following is an extraction from an email that Anand sent to the list. It has been slightly modified to better conform to Wiki Syntax. Also, it is annotated with comments and questions. Horizontal lines delimit attributed annotations.

Here we go...


So, basically mail flows into openskills.org (and openskills.net) via crab first. crab is also an alias for lists.openskills.org (each entry in the .org domain is also in .net)

eve:[~]% host -t mx openskills.org
openskills.org mail is handled by 0 crab.openskills.org.
eve:[~]% host -t mx openskills.net
openskills.net mail is handled by 0 crab.openskills.net.
eve:[~]% host -t mx lists.openskills.org
lists.openskills.org is an alias for crab.openskills.org.
eve:[~]% host -t mx lists.openskills.net
lists.openskills.net is an alias for crab.openskills.net.


Further smtp.openskills.org is an alias for crab. This is important since other openskills machines use smtp.openskills.org as their smarthost.

Barry


So, crab is the first point of call should someone complain about an error with either the mailing lists or sending email to someone @openskills.org

crab uses standard Debian packages, but the configuration files have been customised. When upgrading the greatest danger will be overwriting those customisations.

For exim4, the first major place of configuration is /etc/exim4/update-exim4.conf

Here you will see the domains that crab accepts directly and which domains it is willing to relay for1. Importantly crab uses the 'split configuration', which means that the /etc/exim4/conf.d/ directory holds all the configuration elements.


I believe that Anand meant
/etc/exim4/update-exim4.conf.conf

This file provides input to the

update-exim4.conf
configuration script.

We currently relay for "trypticon.org" and "noll.id.au". These are both Daniel Noll. This was done as a favor to a member. Further, it is envisioned that this generally might be offered as a service to members.

Regarding the split configuration and the danger to the config files that Anand mentions - this is a real danger. In fact simple Debian configuration management could move your file to ".dpkg-old". This file will not be considered because of the full stop in the name. See the Configuration section of Email's Exceedingly Newbie Notes.

Barry


Each new openskills machine is supposed to relay via crab (i.e. crab is used as their smarthost). In order to bypass filtering and some other rules, you should enter the machine name and password in /etc/exim4/passwd -- there are some existing entries already and you should follow that format unless you have a good reason to modify things.


I was a little confused by this initially. The passwords being stored on the client machines and on the server seem to be hashes of something. But this is not the case. These are just unecrypted passwords agreed to by both parties in email. This is required for CRAM-MD5 authentication which the server is configured to use.

Barry


Mailman is connected to exim4 by following the instructions in /usr/share/doc/mailman/README.EXIM.gz; doing that results in two files /etc/exim4/conf.d/transport/30_mailman_transport and /etc/exim4/conf.d/router/350_mailman_router

Lists, when created via the web interface will work automatically with this configuration - the mailman administration password and the mailman list creation password can be reset by running (as root) /var/lib/mailman/bin/mmsitepass. Currently Bruce Badger has both of these password (and I do).

Aliases @openskills.org are managed via /etc/aliases; look in there to see how we archive things like press@openskills.org and ensure that a few common lists work even if @lists.openskills.org is dropped.

Email, prior to being accepted, is passed through a number of tests:

I've already mentioned the first and last ones; forwarding to @openskills.org is done by connecting to a postgresql database and checking a view.

The postgresql configuration is /etc/exim4/conf.d/05_postgres_config and the check to see if someone has @openskills.org is done in /etc/exim4/conf.d/450_mms_user

That all I can think of at the moment that will be useful for you guys to know, apart from that the log file /var/log/exim4/mainlog documents every action that exim4 takes and you should look there for problems first.

Regards, Anand

1: Future work was to pull the list of domains to relay for from a database rather than hard-coding.

2: We don't actually do that yet, I have some stuff related to pam_http to do the authentication bit but I never activated it

3: Interestingly, I see that while it is configured and running, this portion exim4 config isn't properly done, so in reality, clamav isn't checking the email at all.


Edit Rename Changes History Upload Download Back to Top