[arch-dev-public] [RFC] Moving mail away from gerolde
Hi, Since we moved dbscripts to nymeria there's not much left on gerolde. I believe all there is are mail and the devftp. The mail setup on gerolde is not particularly good (no spam filter, no IMAP, no sieve filters, no limits to reduce spam when account credentials get stolen, no accounts for TUs, ..) which I'd like to change. Changing that would be a lot easier if I could set it up on a different machine and once it works simply move everything. That would also mean that we could get rid of gerolde soonish (moving devftp should be pretty simple) which means we could even get rid of xen there. Given everyone has an account on nymeria I'd like to set up postfix, dovecot and spamassassin there (using system accounts). That would be pretty similar to my own setup. I could also install a spam filter on gerolde, but I'm not sure if gerolde is up to that. The hardware is pretty old after all. IMHO the way to go is to migrate away and get rid of xen in the long run. I haven't yet look into also migrating mailman from gudrun to nymeria or maybe alderaan. I'm mainly interested if people care if mail moves from the US to Germany (latency, laws, whatever).
On 23.06.2014 19:42, Florian Pritz wrote:
Hi,
Since we moved dbscripts to nymeria there's not much left on gerolde. I believe all there is are mail and the devftp.
Turns out devftp has already been moved ages ago.
On 23.06.2014 19:42, Florian Pritz wrote:
I haven't yet look into also migrating mailman from gudrun to nymeria or maybe alderaan.
When I created aur-requests I had to edit 3 files on 2 hosts to get the list to work. I'd like to change that so adding a new list is as easy as just adding it via the mailman webui. Best way to do that would be to move the list addresses to a subdomain and simply forward all mail for that domain to mailman. (I do that on my server) Any objections to ...@lists.archlinux.org? If not I'd probably also change this when moving the mail server and/or mailman. I will of course add forwards for the old addresses so this will only affect new lists (addresses displayed in mailman will probably change though)
On 25/06/2014 22:17, Florian Pritz wrote:
On 23.06.2014 19:42, Florian Pritz wrote:
I haven't yet look into also migrating mailman from gudrun to nymeria or maybe alderaan.
When I created aur-requests I had to edit 3 files on 2 hosts to get the list to work. I'd like to change that so adding a new list is as easy as just adding it via the mailman webui.
Best way to do that would be to move the list addresses to a subdomain and simply forward all mail for that domain to mailman. (I do that on my server)
To me, best way include to not change our mailing lists addresses. Put all the mail stuff on the same host, mx and mailman interface (which has already his own hostname) would offer an easy mailing list addition. I tend to think that a different machine than nymeria would be a better option to isolate our mail functions from package management on our infrastructure. We also have the same synchronization issue with accounts and we could easily save addition and removing time by adding an ldap server. But you could also sync mailman aliases over 2 hosts to solve this multiple edition and prevent to change our mailing lists addresses. Cheers, -- Sébastien "Seblu" Luttringer https://seblu.net | Twitter: @seblu42 GPG: 0x2072D77A
On wo, 2014-06-25 at 23:44 +0200, Sébastien Luttringer wrote:
I tend to think that a different machine than nymeria would be a better option to isolate our mail functions from package management on our infrastructure.
The whole reason for splitting Gerolde and Gudrun years ago was because our server was hacked through a web application it was running and integrity of our repositories was at risk because of that. The reason for our split mail setup is that we didn't want to have the mailman http interface running on Gerolde, so mailman had to move to gudrun. I won't accept moving stuff to nymeria that executes CGI binaries through a webserver.
On 26.06.2014 00:12, Jan de Groot wrote:
The reason for our split mail setup is that we didn't want to have the mailman http interface running on Gerolde, so mailman had to move to gudrun. I won't accept moving stuff to nymeria that executes CGI binaries through a webserver.
Fair enough.
On 26/06/14 06:17, Florian Pritz wrote:
On 23.06.2014 19:42, Florian Pritz wrote:
I haven't yet look into also migrating mailman from gudrun to nymeria or maybe alderaan.
When I created aur-requests I had to edit 3 files on 2 hosts to get the list to work. I'd like to change that so adding a new list is as easy as just adding it via the mailman webui.
I added arch-security through the webui - I don't remember needing to edit more... Allan
Am 26.06.2014 01:11, schrieb Allan McRae:
On 26/06/14 06:17, Florian Pritz wrote:
On 23.06.2014 19:42, Florian Pritz wrote:
I haven't yet look into also migrating mailman from gudrun to nymeria or maybe alderaan.
When I created aur-requests I had to edit 3 files on 2 hosts to get the list to work. I'd like to change that so adding a new list is as easy as just adding it via the mailman webui.
I added arch-security through the webui - I don't remember needing to edit more...
When you added the list, it didn't work - you don't remember doing anything because it was me who did it.
I've completed the setup on nymeria and I will switch dns tomorrow so I'm available if issues arise. All accounts currently forward email to outside email addresses so you will only notice this change if you use gerolde to send mail from your @archlinux.org address. In this case you'll need to reconfigure your clients to use the following credentials: SMTP/IMAP/POP3 server: mail.archlinux.org (DNS TTL was 1 day so this might take a little longer to update) SMTP port: 587, 25 Username: your nymeria username Password: your nymeria password. If you don't have one yet, set it with passwd. Since I use dovecot for authentication local mail storage will also be available (simply remove or empty your ~/.forward file to use it) and can be accessed via IMAP or POP3 (default ports). Please note that currently it is not properly backed up if at all. If anyone actually wants to use it I'll set up the backups. Also note that local storage is currently configured to use dovecot's mdbox storage format which is more efficient than maildir, but can't be read directly by software like mutt. You'll have to go through IMAP/POP3. I believe nobody currently uses local storage on gerolde so this shouldn't be a problem. All connections involving authentication are required to be encrypted (STARTTLS for SMTP, STARTTLS or TLS/SSL for IMAP and POP3) I plan to move mailman to luna (bbs, wiki, aur box) once this transition is done. If desired I will also set up roundcube on luna so we can have a webmail for our local (well nymeria) mail storage. PS: I've currently enabled soft_bounce on nymeria so any mail that would hard bounce will only be deferred with a temporary error. This could lead to bounce mail being delayed for a few days. It will be turned off once I'm confident the setup works as expected.
[2014-07-14 22:33:11 +0200] Florian Pritz:
All accounts currently forward email to outside email addresses
Not mine. My emails are currently delivered into /var/spool/mail/bisson on gerolde, and I fetch them only when I am about to read them. I really appreciate your work moving to a newer host; could you just tell me what new hostname I should SSH to and fetch my emails from? Cheers. -- Gaetan
I just read this part (and should have read everything before sending my previous reply, sorry about that): [2014-07-14 22:33:11 +0200] Florian Pritz:
Since I use dovecot for authentication local mail storage will also be available (simply remove or empty your ~/.forward file to use it) and can be accessed via IMAP or POP3 (default ports). Please note that currently it is not properly backed up if at all. If anyone actually wants to use it I'll set up the backups.
Also note that local storage is currently configured to use dovecot's mdbox storage format which is more efficient than maildir, but can't be read directly by software like mutt. You'll have to go through IMAP/POP3. I believe nobody currently uses local storage on gerolde so this shouldn't be a problem.
I did, though I don't mind fetching via IMAP instead of SSH+mbox. Cheers. -- Gaetan
On 14.07.2014 22:33, Florian Pritz wrote:
I've completed the setup on nymeria and I will switch dns tomorrow so I'm available if issues arise.
DNS has been switched and this mail should go through the new server.
[2014-07-15 14:35:10 +0200] Florian Pritz:
DNS has been switched and this mail should go through the new server.
I got it from the old one, but I got other pieces of mail later from the new one over IMAPS. Thanks a lot for your work making this transition near seamless! -- Gaetan
participants (6)
-
Allan McRae
-
Florian Pritz
-
Gaetan Bisson
-
Jan de Groot
-
Sébastien Luttringer
-
Thomas Bächler