|
Size: 1665
Comment: get-token wasn't working, but has been fixed
|
← Revision 11 as of 2018-04-24 15:19:05 ⇥
Size: 2287
Comment: dns cache options, djbdns dncache is too annoying to use on stretch
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 18: | Line 18: |
| == Immediate Issues == | == SpamAssassin == |
| Line 21: | Line 21: |
| * spamassassin is using `/var/spool/exim4/.spamassassin` to store bayes and txrep for some reason... see if passing `--helper-home-dir /var/lib/spamassassin` fixes it * exim is not configured to forward mailman mail to mccarthy |
* everything is closed currently, so likely needs to be updated * Not sure if sa-update works either |
| Line 24: | Line 24: |
| * https://www.spamhaus.org/organization/dnsblusage/ zen has 10k per day limit, which we were getting close to (when we had 150 members, but better to solve early) | * https://www.spamhaus.org/organization/dnsblusage/ zen has 100k message / 300k lookup per day ... something we will not hit for a long time * but also [[http://uribl.com/refused.shtml|upstream dns servers are blocked from URIBL]] so we may need one anyway * https://wiki.apache.org/spamassassin/CachingNameserver check unbound or powerdns, to avoid complications with bind since we have authoritative nameservers using it too |
| Line 27: | Line 29: |
* Exim is not configured to forward mailman mail to mccarthy |
|
| Line 32: | Line 36: |
| == Courier == * /etc/pam.d/imap from ServerMcCarthy was not included, works for normal accounts so far * need to test vmail accounts, IIRC that is why we had to disable pags for courier * IMAP THREAD/SORT are disabled -- should we enable them? * Likewise for a few other settings we intentionally disable (e.g. keywords), review if any can be / are worth enabling while server is in testing phase |
minsky.hcoop.net is a virtual machine at DigitalOcean that will become our primary mail server, and replaces ServerMcCarthy
It is named after professor Marvin Minsky.
1. Setup Notes
Similar issues as ServerMarsh:
- had to manually add "domain hcoop.net" to resolv.conf
- had to open puppetserver port 8140 (bootstrap problem: new server can't connect to the puppetserver to request a cert, so it can't add its ip to the whitelist...)
Default /etc/hosts is no good, sets marsh to loopback, with no ipv6. Had to munge like ServerGibran to public IP and add IPv6 alias. Really need to look deeper into this before perpetuating bad practice even further.
2. TODO
- courier
- ejabberd
3. SpamAssassin
- make sure firewall allows spamd to contact external services
- everything is closed currently, so likely needs to be updated
- Not sure if sa-update works either
- we don't have a dns cache enabled, do we need one to avoid annoying zen.spamhaus.org ?
https://www.spamhaus.org/organization/dnsblusage/ zen has 100k message / 300k lookup per day ... something we will not hit for a long time
but also upstream dns servers are blocked from URIBL so we may need one anyway
https://wiki.apache.org/spamassassin/CachingNameserver check unbound or powerdns, to avoid complications with bind since we have authoritative nameservers using it too
4. Exim
- Exim is not configured to forward mailman mail to mccarthy
- Exim can't lookup addresses if there are no vmail users present
This makes mailNodes_admin not work.
spamassassin addrs are only updated when someone toggle their status with setsa, this needs to also happen during a domtool-admin regen
5. Courier
/etc/pam.d/imap from ServerMcCarthy was not included, works for normal accounts so far
- need to test vmail accounts, IIRC that is why we had to disable pags for courier
- IMAP THREAD/SORT are disabled -- should we enable them?
- Likewise for a few other settings we intentionally disable (e.g. keywords), review if any can be / are worth enabling while server is in testing phase