welcome: please sign in
Edit

ServerMcCarthy

mccarthy.hcoop.net is our first Debian Jessie VM, and is intended to run mail services and the member portal.

1. The Ugly

ServerDeleuze decided to start dying one day so a few evils were committed in moving services.

1.1. Courier

There was insufficient time to do a proper switch to dovecot, but courier seems to work with our patches at least for normal users.

/var/local/lib/spamd is symlinked to spamd's openafs home for legacy purposes -- shared index file is updated, but existing index files based on the template will have the old location.

/etc/pam.d/imap is ugly as hell though. We need to kill courier with fire asap, or see if we can customize using krb5.conf:

#@include common-auth
#@include common-account
#@include common-password
#@include common-session

session         required       pam_afs_session.so debug nopag always_aklog
auth            required       pam_krb5.so debug
auth            required       pam_afs_session.so debug nopag always_aklog
account         required       pam_krb5.so

1.2. Exim

Installed exim4-daemon-heavy procmail spf-tools-perl courier-authlib-userdb sasl2-bin, merged deleuze's config onto the current Debian base exim4 config. No config package has been created. History is lost from deleuze at the moment (diff -ur ...).

Added /etc/ferm/service.{in,out}.d/exim to allow connecting to spamd on hopper and open smtp generally.

adduser Debian-exim mail hcoop-tlscert sasl to allow it to read /etc/courier/exim.dat and hcoop tls cert, and auth against sasld

mkdir /etc/courier /etc/spamassassin for userdb and spamd. domtool-publish should at least make the spamassassin dir...

touch /var/domtool/{local,relay,mailman}_domains.cfg -- but domtool-publish's redo_exim function procedure should test if these exist before using (it is non-fatal for a mail node to not be relaying for anything, but currently requires creating empty files to actually work)

1.2.1. SASL Setup

sasl2-bin, default options except for setting START=yes in /etc/default/saslauthd worked for exim auth

1.2.2. Exim Notes

Blockers:

Things that need review in the config:

Misc Changes from Debian:

Major changes of note from deleuze:

ic not included (one time problem, years ago...)

1.3. Mailman Setup

Installed mailman which brought in apache2.4. We do not yet have a config package due to waklog not building, punting for now since mailman is on the local file system.

Installed /etc/cron.d/hcoop-mailman-update-exim-db from deleuze

Stock apache suexec will not suexec as users with UID < 100, bumped to 113:116.

todo:

1.4. Apache 2.4

fastcgi php support is not yet ready and suphp is gone in jessie with non-trivial work required to support it. Config is base apache, + vhosts dir (just enough to work for now).

todo:

2. Setup Issues


CategorySystemAdministration

ServerMcCarthy (last edited 2015-05-15 17:56:16 by ClintonEbadi)