Version 3 (modified by gismo, 10 years ago) (diff)

--

This page was ported from the old wiki and needs to be reworked.

Philosohpy

The general philosophy is that every machine has it's own MTA and sends/receives its mail. Thus, all machines have their respective MX pointing to themselves.

We do not use Backup MX, since they would not be able to do recipient verification in case the primary MX is down. This in turn would result in tons of problems

MTA

We're using Debian's pre-packaged exim4 on all systems. We also use their configuration management system, with scriptlets in /etc/exim4/conf.d/

Architecture

Frontend Mailservers

A frontend mailserver is a machine that receives mails from other places in the internet, i.e. is listed as MX for one of our domains.

We have two frontend mailservers, one co-located in Germany (see [Hosting infrastructure]), and one in Taipei.

sita.openmoko.org

This is the mailserver in Germany. It acts as MX for @openmoko.{com,net,org}.

aakash.openmoko.org

This is the mailserver in Taipei. It acts as MX for @mc.fic.com.tw

Backend Mailservers

A backend mailserver is a machine that delivers mails into user mailboxes, i.e. has some form of IMAP server on it.

We have two backend mailservers, one co-located in Germany (see [Hosting infrastructure]) and one in Taipei.

imap.openmoko.org

This machine is hosting the IMAP accounts for project members in the "western world" who very likely have only slow access to Internet in Taiwan.

The machine is a virtual host on chandra.openmoko.org

Webmail

at https://webmail.openmoko.org/, users with IMAP4 account on imap.openmoko.org can access their mail without a MUA.

at https://webmail.tw.openmoko.org/, users with IMAP4 account on imap.tw.openmoko.org can access their mail without a MUA.

Server-based filtering

We do server-based filtering using cyrus Sieve. For users of imap.openmoko.org, there is a web frontend available for filter configuration (websieve.pl).

URL: https://webmail.openmoko.org/cgi-bin/websieve.pl

URL: https://webmail.tw.openmoko.org/cgi-bin/websieve.pl

imap.mc.fic.com.tw

deprecated

This machine is also known as imap.tw.openmoko.org. It hosts email accounts of employees of [OpenMoko?, Inc.] as well as [FIC Mobile Communications] located in Taiwan.

The reason for locating this server in Taiwan is mainly to provide high-performance (low-latency, high-bandwidth) access to the [future] majority of our project members in Taiwan.

imap.mc.fic.com.tw is a virtual machine on [Servers/aakash].

shared folders

This server has a special setup, where a virtual user is subscribed to all major lists of the project. The mails are then sorted into a hierarchy of shared imap folders using a sieve-script.

This hierarchy of shared folders can be subscribed by any user. The status flags (read/replied/...) are stored per-user. The mailbox hierarchy is read-only.

This ensures that everyone can get easy access to all lists, including their backlog. It also relieves users from having to do their own custom filtering, and nobody can claim that he didn't receive a certain message ;)

Mailing Lists

A service mailserver is a mailserver running a particular service, such as mailing lists.

lists.openmoko.org

This server is running mailman to host all public mailing lists of the project.

lists.openmoko.org is an alias to sita.openmoko.org

lists.internal.openmoko.org

This server is running mailman to host all private mailinglists of [OpenMoko?, Inc.]

lists.internal.openmoko.org is an alias to varaha.openmoko.org

create a list

create lists (public/internal) and setup IMAP share

  • create list on lists.internal.openmoko.org
    • turn moderation on
    • set password/mail to whom request
  • create sieve rule on aakash
    • rule is placed here: /etc/sieve/s/subscriber/default
    • and compiled with: /usr/lib/cyrus/bin/sievec default defaultbc
  • create cyrus mailbox on aakash
    • permission for user subscriber ip and cyrus lrswipcda
  • add to imapsync
    • /home/imapsync/bin/imapsync_lists_parallel.sh
  • subscribe subscriber@… to list
  • create cyrus mailbox on mail.openmoko.org (perms!)
  • add sender filter with mailman admin interfave
    • in Privacy options/ Seonder filter/ accept_these_nonmembers
    • [@]+@(.+\.|)openmoko.(org|com)$

Incoming User Mail

Users with an IMAP4 account on imap.openmoko.org can also deliver their incoming mail to imap.openmoko.org. The protocol used is SMTP over TLS (not SSL) on port 25. Username and password are the same as for IMAP4.

It's the same for users with IMAP4 account on imap.tw.openmoko.org or imap.mc.fic.com.tw, who can also deliver their mails directly to the respective incoming server, using SMTP over TLS (not SSL) on port 25.

The authentication database for SMTP and IMAP4 are shared (on each server separately).

Administration

Mail forwards

@openmoko.{com,net,org}

mail forwarding configuration for @openmoko.{com,net,org} can be found on sita:/etc/exim4/virtusers

@mc.fic.com.tw

deprecated

mail forwarding configuration for @mc.fic.com.tw can be found on varaha:/etc/exim4/virtusers

User mailboxes (IMAP4)

If project members don't have reasonable email accounts themselves, we can provide them with an IMAP4 (over SSL) and SMTP (over TLS) account on imap.openmoko.org (aka mail.openmoko.org) port 993.

We don't provide POP3 since it's a legacy protocol.

In order to add a user, the following things need to be done

# Add the user to the sasl authentication db using saslpasswd2 # Create a 'user.username.INBOX' mailbox using cyradm

Creating an Account

Let's assume we want to create the account 'john@…'. (Note, we automatically create forwards for @openmoko.org and @openmoko.com.

On mail.openmoko.org or aakash.openmoko.org

create the user inbox

(cyradm password in /root/cyradm-password.txt)

mail:~# cyradm -u cyrus localhost
Password: ****
mail.openmoko.org> cm user.john
mail.openmoko.org> quit

On murder.openmoko.org, you need to

create a sasl password
murder:~/bin/sasl_merge# ./chpasswd.sh john <plain password>
run distribution script
murder:~/bin# ./run.sh 
(optional) test routing of account
mail:~# exim4 -bt john@openmoko.org
R: system_aliases for john@openmoko.org
john@openmoko.org
  router = imapuser, transport = cyrus_lmtp_transport

That's it ;) IF you want a forward from john@openmoko.{org,com,net}, you will have to edit /etc/exim4/virtusers on sita.

Sysadmin Mail

Currently, all mail to webmaster@…, as well as root@*.openmoko.org is forwarded to the sysadmin@… mailinglist, which is read by roh and gismo

The reason for aggregating this in this list is mainly archiving.