welcome: please sign in

The following 614 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
20a   20different   20do   20installation   20list   20move   20server   20to   abuse   account   Actually   actually   add   Add   Added   adding   addition   addr   addresses   adduser   Adjust   Administration   afaict   afs   after   against   ago   aklog   Alias   alias   aliases   all   All   allow   almost   Also   always   an   and   another   any   anyone   anything   Apache   apache   apache2   appear   arbitrary   are   articles   as   asap   Assassin   at   attempts   au   auth   authlib   back   backups   base   based   basic   be   because   been   before   better   bin   bit   Blockers   broken   brought   building   bumped   but   By   by   call   can   cannot   Category   cause   cert   cfg   Changes   changes   check   checking   chown   Cloned   come   command   committed   compromise   condition   conf   config   Config   configuration   configured   connecting   Contents   Copied   copied   could   Courier   courier   created   creating   cron   current   currently   customize   daemon   daemontools   dat   database   day   db   dc   debug   decided   Default   default   defaults   Deleuze   deleuze   delivering   Delivery   deny   deprecated   descriptive   detect   dev   diff   different   dir   directory   discovered   dns   Dns   dnscache   Do   do   does   doesn   doing   Dom   domain   domainlist   domains   Domtool   domtool   done   double   dovecot   dpkg   drop   due   dying   earlier   effects   Either   email   empty   end   enough   ensure   environment   equiv   errno   etc   ever   everywhere   evils   except   Exim   exim   exim4   exist   existing   fail   fail2ban   far   fastcgi   fatal   ferm   few   file   filename   files   filter   fire   firewall   first   Fix   For   for   forward   from   function   gain   general   generally   generate   generated   get   gid   going   gone   Google   got   goto   grab   hack   Hacked   has   have   having   hcoop   heavy   hell   help   History   home   hook   hopper   host   hosted   hostnames   hosts   How   however   http   ic   id   idea   if   imap   immediately   important   in   included   index   information   insert   installed   Installed   instead   insufficient   intended   interfering   into   is   Issues   it   its   jamesh   jessie   Jessie   job   just   kill   kiniting   krb5   krenew   late   later   least   legacy   Let   lib   like   likely   limits   list   listening   Load   local   localhost   location   log   logs   look   looks   lookup   lost   lowuid   lowuids   made   mail   Mail   mailbox   Mailman   mailman   mailmandb   mailname   major   Major   make   manually   may   May   mccarthy   member   members   merged   message   minutes   Misc   mkdir   mode   modify   moment   momentarily   more   move   moving   multiple   must   mx   name   named   native   need   Need   needed   needs   net   nets   new   No   no   node   nodes   Nodes   non   nopag   normal   not   note   Notes   now   nss   null   obvious   Of   of   official   ok   old   on   one   only   onto   open   openafs   option   options   or   org   other   our   out   output   overloaded   override   overrides   own   package   pam   patches   path   paths   per   perhaps   perl   permitted   perms   persistent   php   pipermail   piping   place   places   please   plus   port   portal   possible   postmaster   Probably   probably   problem   problems   procedure   procmail   procmailrc   programs   proper   pts   publish   punting   purposes   Put   py   quick   rather   re   read   ready   really   reconfigure   redirection   redo   references   relay   relayed   relaying   reload   reloads   remote   removed   renewed   replace   required   requires   resets   resolution   retry   return   review   Revisit   right   routed   router   rules   run   sasl   sasl2   saslauthd   sasld   script   security   See   see   seem   seems   send   sender   seriously   Server   servers   service   services   session   Set   set   setgid   setting   settings   Setup   Several   shared   should   shouldn   side   Similarly   simplifying   since   smarthost   smtp   smtps   so   solution   some   something   Spam   spamassassin   spamd   spf   sprintf   squelch   start   starting   starts   Still   Stock   store   stores   string   stuck   succeeds   sudo   suexec   suphp   support   switch   switching   symlinked   symlinking   sync   system   System   systemd   Table   target   template   terrible   test   than   that   The   the   their   them   then   There   these   they   Things   things   think   this   This   though   ticket   time   times   tls   tlscert   tmp   to   todo   token   tokens   Tool   tools   touch   traffic   transition   transport   trivial   trouble   try   Uchmod   Uchown   Ugly   ugly   uid   Uncomment   unified   unit   unix   unless   unused   up   update   updated   upstream   ur   use   used   user   userdb   users   uses   Using   using   usr   var   variable   various   verification   very   vhost   vhosts   virtue   visible   visiblename   visit   void   waklog   want   Wanted   warn   was   way   We   we   website   weird   were   what   when   where   which   while   wiki   wildcard   will   with   won   work   worked   works   wrong   www   years   yes   yet   you   zone  

Clear message
Edit

ServerMcCarthy

mccarthy.hcoop.net is our first Debian Jessie VM, and is intended to run mail services and the member portal.

1. The Ugly

ServerDeleuze decided to start dying one day so a few evils were committed in moving services.

1.1. Courier

There was insufficient time to do a proper switch to dovecot, but courier seems to work with our patches at least for normal users.

/var/local/lib/spamd is symlinked to spamd's openafs home for legacy purposes -- shared index file is updated, but existing index files based on the template will have the old location.

/etc/pam.d/imap is ugly as hell though. We need to kill courier with fire asap, or see if we can customize using krb5.conf:

#@include common-auth
#@include common-account
#@include common-password
#@include common-session

session         required       pam_afs_session.so debug nopag always_aklog
auth            required       pam_krb5.so debug
auth            required       pam_afs_session.so debug nopag always_aklog
account         required       pam_krb5.so

1.2. Exim

Installed exim4-daemon-heavy procmail spf-tools-perl courier-authlib-userdb sasl2-bin, merged deleuze's config onto the current Debian base exim4 config. No config package has been created. History is lost from deleuze at the moment (diff -ur ...).

Added /etc/ferm/service.{in,out}.d/exim to allow connecting to spamd on hopper and open smtp generally.

adduser Debian-exim mail hcoop-tlscert sasl to allow it to read /etc/courier/exim.dat and hcoop tls cert, and auth against sasld

mkdir /etc/courier /etc/spamassassin for userdb and spamd. domtool-publish should at least make the spamassassin dir...

touch /var/domtool/{local,relay,mailman}_domains.cfg -- but domtool-publish's redo_exim function procedure should test if these exist before using (it is non-fatal for a mail node to not be relaying for anything, but currently requires creating empty files to actually work)

1.2.1. SASL Setup

sasl2-bin, default options except for setting START=yes in /etc/default/saslauthd worked for exim auth

1.2.2. Exim Notes

Blockers:

Things that need review in the config:

Misc Changes from Debian:

Major changes of note from deleuze:

ic not included (one time problem, years ago...)

1.3. Mailman Setup

Installed mailman which brought in apache2.4. We do not yet have a config package due to waklog not building, punting for now since mailman is on the local file system.

Installed /etc/cron.d/hcoop-mailman-update-exim-db from deleuze

Stock apache suexec will not suexec as users with UID < 100, bumped to 113:116.

todo:

1.4. Apache 2.4

fastcgi php support is not yet ready and suphp is gone in jessie with non-trivial work required to support it. Config is base apache, + vhosts dir (just enough to work for now).

todo:

2. Setup Issues


CategorySystemAdministration

ServerMcCarthy (last edited 2015-05-15 17:56:16 by ClintonEbadi)