Diff for "ServerMinsky"

Differences between revisions 3 and 5 (spanning 2 versions)

minsky.hcoop.net is a virtual machine at DigitalOcean that will become our primary mail server, and replaces ServerMcCarthy

It is named after professor Marvin Minsky.

1. Setup Notes

Similar issues as ServerMarsh:

had to manually add "domain hcoop.net" to resolv.conf
had to open puppetserver port 8140 (bootstrap problem: new server can't connect to the puppetserver to request a cert, so it can't add its ip to the whitelist...)
Default /etc/hosts is no good, sets marsh to loopback, with no ipv6. Had to munge like ServerGibran to public IP and add IPv6 alias. Really need to look deeper into this before perpetuating bad practice even further.

is get-token working correctly?
- may be due to setup, but on first call I didn't get tokens. second and later were fine. test after reboot
make sure firewall allows spamd to contact external services
spamassassin is using /var/spool/exim4/.spamassassin to store bayes and txrep for some reason... see if passing --helper-home-dir /var/lib/spamassassin fixes it
exim is not configured to forward mailman mail to mccarthy
we don't have a dns cache enabled, do we need one to avoid annoying zen.spamhaus.org ?
- https://www.spamhaus.org/organization/dnsblusage/ zen has 10k per day limit, which we were getting close to (when we had 150 members, but better to solve early)

Exim can't lookup addresses if there are no vmail users present
- This makes mailNodes_admin not work.
spamassassin addrs are only updated when someone toggle their status with setsa, this needs to also happen during a domtool-admin regen

-  ⇤ ← Revision 3 as of 2018-04-23 04:37:44 → 
  Size: 950
  Editor: ClintonEbadi
  Comment: more exim/domtool weirdness, fixed spamd args
+   ← Revision 5 as of 2018-04-23 06:07:28 → ⇥
  Size: 1813
  Editor: ClintonEbadi
  Comment: a few things to look at before putting into production
-Deletions are marked like this.
+Additions are marked like this.
 Line 13:
+== TODO ==

 * courier
 * ejabberd

== Immediate Issues ==

 * is get-token working correctly?
   * may be due to setup, but on first call I didn't get tokens. second and later were fine. test after reboot
 * make sure firewall allows spamd to contact external services
 * spamassassin is using `/var/spool/exim4/.spamassassin` to store bayes and txrep for some reason... see if passing `--helper-home-dir /var/lib/spamassassin` fixes it
 * exim is not configured to forward mailman mail to mccarthy
 * we don't have a dns cache enabled, do we need one to avoid annoying zen.spamhaus.org ?
   * https://www.spamhaus.org/organization/dnsblusage/ zen has 10k per day limit, which we were getting close to (when we had 150 members, but better to solve early)
-Line 18:
+Line 32:
- * `mailNodes_admin` doesn't get any spam filtering
+ * spamassassin addrs are only updated when someone toggle their status with `setsa`, this needs to also happen during a `domtool-admin regen`