ServerMcCarthy

mccarthy.hcoop.net is our first Debian Jessie VM, and is intended to run mail services and the member portal.

1. The Ugly

ServerDeleuze decided to start dying one day so a few evils were committed in moving services.

1.1. Courier

There was insufficient time to do a proper switch to dovecot, but courier seems to work with our patches at least for normal users.

/var/local/lib/spamd is symlinked to spamd's openafs home for legacy purposes -- shared index file is updated, but existing index files based on the template will have the old location.

/etc/pam.d/imap is ugly as hell though. We need to kill courier with fire asap, or see if we can customize using krb5.conf:

#@include common-auth
#@include common-account
#@include common-password
#@include common-session

session         required       pam_afs_session.so debug nopag always_aklog
auth            required       pam_krb5.so debug
auth            required       pam_afs_session.so debug nopag always_aklog
account         required       pam_krb5.so

1.2. Exim

Installed exim4-daemon-heavy procmail spf-tools-perl courier-authlib-userdb sasl2-bin, merged deleuze's config onto the current Debian base exim4 config. No config package has been created. History is lost from deleuze at the moment (diff -ur ...).

Added /etc/ferm/service.{in,out}.d/exim to allow connecting to spamd on hopper and open smtp generally.

adduser Debian-exim mail hcoop-tlscert sasl to allow it to read /etc/courier/exim.dat and hcoop tls cert, and auth against sasld

mkdir /etc/courier /etc/spamassassin for userdb and spamd. domtool-publish should at least make the spamassassin dir...

touch /var/domtool/{local,relay,mailman}_domains.cfg -- but domtool-publish's redo_exim function procedure should test if these exist before using (it is non-fatal for a mail node to not be relaying for anything, but currently requires creating empty files to actually work)

1.2.1. SASL Setup

sasl2-bin, default options except for setting START=yes in /etc/default/saslauthd worked for exim auth

1.2.2. Exim Notes

Blockers:

Things that need review in the config:

Misc Changes from Debian:

Major changes of note from deleuze:

ic not included (one time problem, years ago...)

1.3. Mailman Setup

Installed mailman which brought in apache2.4. We do not yet have a config package due to waklog not building, punting for now since mailman is on the local file system.

Installed /etc/cron.d/hcoop-mailman-update-exim-db from deleuze

Stock apache suexec will not suexec as users with UID < 100, bumped to 113:116.

todo:

1.4. Apache 2.4

fastcgi php support is not yet ready and suphp is gone in jessie with non-trivial work required to support it. Config is base apache, + vhosts dir (just enough to work for now).

todo:

2. Setup Issues


CategorySystemAdministration

ServerMcCarthy (last edited 2015-05-15 17:56:16 by ClintonEbadi)