minsky.hcoop.net is a virtual machine at DigitalOcean that will become our primary mail server, and replaces ServerMcCarthy

It is named after professor Marvin Minsky.

1. Setup Notes

Similar issues as ServerMarsh:

• had to manually add "domain hcoop.net" to resolv.conf
• had to open puppetserver port 8140 (bootstrap problem: new server can't connect to the puppetserver to request a cert, so it can't add its ip to the whitelist...)

• Default /etc/hosts is no good, sets marsh to loopback, with no ipv6. Had to munge like ServerGibran to public IP and add IPv6 alias. Really need to look deeper into this before perpetuating bad practice even further.

2. TODO

• courier
• ejabberd

3. SpamAssassin

• make sure firewall allows spamd to contact external services
  • everything is closed currently, so likely needs to be updated
  • Not sure if sa-update works either
• we don't have a dns cache enabled, do we need one to avoid annoying zen.spamhaus.org ?

  • https://www.spamhaus.org/organization/dnsblusage/ zen has 100k message / 300k lookup per day ... something we will not hit for a long time

  • but also upstream dns servers are blocked from URIBL so we may need one anyway

4. Exim

• Exim is not configured to forward mailman mail to mccarthy
• Exim can't lookup addresses if there are no vmail users present

  • This makes mailNodes_admin not work.

• spamassassin addrs are only updated when someone toggle their status with setsa, this needs to also happen during a domtool-admin regen

5. Courier

• /etc/pam.d/imap from ServerMcCarthy was not included, works for normal accounts so far

  • need to test vmail accounts, IIRC that is why we had to disable pags for courier

CategorySystemAdministration