Systems administration of mail
MTA
We run Postfix on mail.dfri.se.
Other systems that need to send email can do so by pointing out
mail.dfri.se
as their relayhost in /usr/local/etc/postfix/main.cf
like this:
relayhost = [mail.dfri.se]
Note that mail.dfri.se needs to be configured to allow relaying for
each host separately by adding its IP addresses to mynetworks
in
main.cf.
Submission
Users with a sasldb account on mail.dfri.se can submit email messages using mail.dfri.se:587 (submission) using STARTTLS.
A new user is added by - creating an entry in sasldb using saslpasswd2 -u dfri.se $USERNAME - adding a line to mail.dfri.se:/usr/local/etc/postfix/sender_login_map (and rebuild the db file using postmap)
TODO: - use letsencrypt to get a real certificate - use opendkim to set up DKIM signing of outgoing messages
Mailing lists
We run mlmmj on mail.dfri.se. List info is kept in /var/mlmmj. Maintenance is run from cron with
5 */2 * * * /usr/local/bin/mlmmj-maintd -F -d /var/mlmmj/lists.dfri.se
Public archives
Public lists are archived at https://lists.dfri.se/ using MHonArc.
Creating a new list
export LIST_NAME=YOUR_LIST_NAME # change this!
export MODERATOR_EMAIL=noc@dfri.net # or something else
export LD=/var/mlmmj/lists.dfri.se
mlmmj-make-ml.sh -s $LD -L ${LIST_NAME}
# domain is lists.dfri.se, list owner is probably noc@dfri.net
# ignore the instructions about a crontab entry -- we have `-d /var/mlmmj/lists.dfri.se`
# ignore the instructions about /etc/aliases
chown -R mlmmj:mlmmj $LD/${LIST_NAME}
vi /usr/local/etc/postfix/transport # add "${LIST_NAME}@lists.dfri.se mlmmj:"
postmap /usr/local/etc/postfix/transport
cd $LD/${LIST_NAME}/control && touch modnonsubposts notifysub noget subonlypost tocc
echo $MODERATOR_EMAIL > $LD/${LIST_NAME}/control/moderators
echo \[${LIST_NAME}\] > $LD/${LIST_NAME}/control/prefix
echo "List-Id: ${LIST_NAME}.lists.dfri.se" > $LD/${LIST_NAME}/control/customheaders
To create a list where new subscribers go through moderation before
being subscribed, touch submod
in the control directory. If you're
going to mass-subscribe people to the list, wait with touching
submod
until after this has been done.
For a complete list of knobs, see http://mlmmj.org/docs/tunables/.
Subscribe people to the list using mlmmj-sub
with -L $LD/$LIST_NAME
and -a EMAIL-ADDRESS
.
Tweaking the postfix + mlmmj configuration
2020-04-14
Until now we've been running mlmmj-receive like this (master.cf):
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
mlmmj unix - n n - 1 pipe
flags=BFXhu
user=mlmmj:mlmmj
argv=/usr/local/bin/mlmmj-recieve -L /var/mlmmj/${domain}/${user} -s ${sender} -e ${extension}
and with mlmmj_destination_recipient_limit unset, resulting in the default (100) being used.
In an attempt to handle more than one list as the recipient of the same email message, this is now changing to
mlmmj_destination_recipient_limit = 1
mlmmj unix - n n - - pipe
flags=DORXhu
user=mlmmj:mlmmj
argv=/usr/local/bin/mlmmj-recieve -L /var/mlmmj/${domain}/${user} -s ${sender} -e ${extension}
So, the changes are
- mlmmj_destination_recipient_limit = 1
- Stop limiting the number of running mlmmj processes
- Pass arguments DOR and not BF to pipe
- D adds Delivered-To: and enforces loop detection
- O adds X-Original-To:
- R adds Return-Path:
- B adds a blank line at the end of email messages (add this back)
- F adds "From sender time_stamp" to the envelope
Web interface
TODO: There are supposedly two web front ends to mlmmj. One in PHP and one other.
Autoresponding to some abuse complaints
[root@mail /etc]# cat /home/autoresponder/README
In the file, .procmailrc
There is a honestly ripped and modified version off:
https://www.torservers.net/wiki/abuse/dmca
This will respond automatically to emails sent from certain hosts.
[root@mail /etc]# cat /home/autoresponder/.procmailrc
LOGFILE=$HOME/procmail.log
LOGABSTRACT = "all"
#VERBOSE = yes
SHELL=/usr/local/bin/bash
:0 c
* ^To:.*abuse@dfri.(se|net|org)
* ^From:.*(mediasentry.com|copyright-compliance.com|copyright-notice.com|ip-echelon.com)
* !^X-Loop: abuse@dfri.net
{
REPLYTO = `formail -xFrom:`
SUBJECT = `formail -xSubject:`
:0 fhb
| (/usr/local/bin/formail -r \
-I"To: $REPLYTO" \
-I"CC: DFRI Abuse Team <abuse@dfri.net>" \
-I"From: DFRI Abuse Team <abuse@dfri.net>" \
-I"Subject: Re: $SUBJECT" \
-I"Return-Path: <abuse@dfri.net>"; \
/bin/cat /home/autoresponder/dmca-autoreply.txt) \
| /usr/sbin/sendmail -oi -t
}
The %-hack for the AT4AM list
Från http://pad.epfsug.eu/p/IAG-percent-hack---
Problem statement:
- The mail server of the European Parliament does not allow incoming messages that come from another server, but have a @europarl.europa.eu address in the From: header
- The result was that:
- email from non-EP addresses would be delivered without a problem, even
to people subscribed with an EP address
- email from EP addresses would be delivered without a problem to people subscribed with a non-EP address, but not to people subscribed with an EP address
Solution:
- The address rewriting functionality [1] in Exim is used to replace a From: address of the form username@europarl.europa.eu with the form username%europarl.europa.eu@epfsug.eu
- This is done with a single configuration file: /etc/exim4/conf.d/rewrite/90_europarl, whose content is a single line regular expression:
- ^([^@]+)@europarl.europa.eu $1%europarl.europa.eu@epfsug.eu fF
- Additionally, it is necessary to tell Sympa to accept messages from addresses containing the % sign (it normally doesn't)
- This is done by modifying the regular expression in line 55 of the file /usr/share/sympa/lib/tools.pm, like this:
- from this: my %regexp = ('email' =>
'([\w-_.\/+\=\'\&]+|\".\")\@[\w-]+(.[\w-]+)+',
- to this: my %regexp = ('email' => '([\w-_.\/+\=\'\&\%]+|\".
References: [1] http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html
Vi har gjort samma sak med postfix (retrograde.dfri.se):
# cat sender_canonical
> /^(.*)@europarl[.]europa[.]eu$/ ${1}%europarl.europa.eu@at4am.eu
> /^(.*)@ep[.]europa[.]eu$/ ${1}%ep.europa.eu@at4am.eu
> /^(.*)@ext[.]europarl[.]europa[.]eu$/ ${1}%ext.europarl.europa.eu@at4am.eu
> # grep sender_canonical main.cf
> sender_canonical_maps = regexp:/usr/local/etc/postfix/sender_canonical