Version 3 (modified by gismo, 10 years ago) (diff)


This page was ported from the old wiki and needs to be reworked.


The general philosophy is that every machine has it's own MTA and sends/receives its mail. Thus, all machines have their respective MX pointing to themselves.

We do not use Backup MX, since they would not be able to do recipient verification in case the primary MX is down. This in turn would result in tons of problems


We're using Debian's pre-packaged exim4 on all systems. We also use their configuration management system, with scriptlets in /etc/exim4/conf.d/


Frontend Mailservers

A frontend mailserver is a machine that receives mails from other places in the internet, i.e. is listed as MX for one of our domains.

We have two frontend mailservers, one co-located in Germany (see [Hosting infrastructure]), and one in Taipei.

This is the mailserver in Germany. It acts as MX for @openmoko.{com,net,org}.

This is the mailserver in Taipei. It acts as MX for

Backend Mailservers

A backend mailserver is a machine that delivers mails into user mailboxes, i.e. has some form of IMAP server on it.

We have two backend mailservers, one co-located in Germany (see [Hosting infrastructure]) and one in Taipei.

This machine is hosting the IMAP accounts for project members in the "western world" who very likely have only slow access to Internet in Taiwan.

The machine is a virtual host on


at, users with IMAP4 account on can access their mail without a MUA.

at, users with IMAP4 account on can access their mail without a MUA.

Server-based filtering

We do server-based filtering using cyrus Sieve. For users of, there is a web frontend available for filter configuration (




This machine is also known as It hosts email accounts of employees of [OpenMoko?, Inc.] as well as [FIC Mobile Communications] located in Taiwan.

The reason for locating this server in Taiwan is mainly to provide high-performance (low-latency, high-bandwidth) access to the [future] majority of our project members in Taiwan. is a virtual machine on [Servers/aakash].

shared folders

This server has a special setup, where a virtual user is subscribed to all major lists of the project. The mails are then sorted into a hierarchy of shared imap folders using a sieve-script.

This hierarchy of shared folders can be subscribed by any user. The status flags (read/replied/...) are stored per-user. The mailbox hierarchy is read-only.

This ensures that everyone can get easy access to all lists, including their backlog. It also relieves users from having to do their own custom filtering, and nobody can claim that he didn't receive a certain message ;)

Mailing Lists

A service mailserver is a mailserver running a particular service, such as mailing lists.

This server is running mailman to host all public mailing lists of the project. is an alias to

This server is running mailman to host all private mailinglists of [OpenMoko?, Inc.] is an alias to

create a list

create lists (public/internal) and setup IMAP share

  • create list on
    • turn moderation on
    • set password/mail to whom request
  • create sieve rule on aakash
    • rule is placed here: /etc/sieve/s/subscriber/default
    • and compiled with: /usr/lib/cyrus/bin/sievec default defaultbc
  • create cyrus mailbox on aakash
    • permission for user subscriber ip and cyrus lrswipcda
  • add to imapsync
    • /home/imapsync/bin/
  • subscribe subscriber@… to list
  • create cyrus mailbox on (perms!)
  • add sender filter with mailman admin interfave
    • in Privacy options/ Seonder filter/ accept_these_nonmembers
    • [@]+@(.+\.|)openmoko.(org|com)$

Incoming User Mail

Users with an IMAP4 account on can also deliver their incoming mail to The protocol used is SMTP over TLS (not SSL) on port 25. Username and password are the same as for IMAP4.

It's the same for users with IMAP4 account on or, who can also deliver their mails directly to the respective incoming server, using SMTP over TLS (not SSL) on port 25.

The authentication database for SMTP and IMAP4 are shared (on each server separately).


Mail forwards


mail forwarding configuration for @openmoko.{com,net,org} can be found on sita:/etc/exim4/virtusers


mail forwarding configuration for can be found on varaha:/etc/exim4/virtusers

User mailboxes (IMAP4)

If project members don't have reasonable email accounts themselves, we can provide them with an IMAP4 (over SSL) and SMTP (over TLS) account on (aka port 993.

We don't provide POP3 since it's a legacy protocol.

In order to add a user, the following things need to be done

# Add the user to the sasl authentication db using saslpasswd2 # Create a 'user.username.INBOX' mailbox using cyradm

Creating an Account

Let's assume we want to create the account 'john@…'. (Note, we automatically create forwards for and

On or

create the user inbox

(cyradm password in /root/cyradm-password.txt)

mail:~# cyradm -u cyrus localhost
Password: ****> cm user.john> quit

On, you need to

create a sasl password
murder:~/bin/sasl_merge# ./ john <plain password>
run distribution script
murder:~/bin# ./ 
(optional) test routing of account
mail:~# exim4 -bt
R: system_aliases for
  router = imapuser, transport = cyrus_lmtp_transport

That's it ;) IF you want a forward from john@openmoko.{org,com,net}, you will have to edit /etc/exim4/virtusers on sita.

Sysadmin Mail

Currently, all mail to webmaster@…, as well as root@* is forwarded to the sysadmin@… mailinglist, which is read by roh and gismo

The reason for aggregating this in this list is mainly archiving.