... | @@ -66,6 +66,12 @@ TODO: how to setup the service from scratch. puppet role and DNS? |
... | @@ -66,6 +66,12 @@ TODO: how to setup the service from scratch. puppet role and DNS? |
|
|
|
|
|
_submission._tcp.example.com. SRV 0 1 587 mail.example.com.
|
|
_submission._tcp.example.com. SRV 0 1 587 mail.example.com.
|
|
|
|
|
|
|
|
In `letsencrypt.git`, add an entry for that host's specific TLS
|
|
|
|
certificate. For example, the `submit-01.torproject.org` has a line
|
|
|
|
like this:
|
|
|
|
|
|
|
|
submit-01.torproject.org submit.torproject.org
|
|
|
|
|
|
## SLA
|
|
## SLA
|
|
|
|
|
|
<!-- this describes an acceptable level of service for this service -->
|
|
<!-- this describes an acceptable level of service for this service -->
|
... | @@ -125,7 +131,7 @@ The submission server is monitored like other mail servers that have |
... | @@ -125,7 +131,7 @@ The submission server is monitored like other mail servers that have |
|
|
|
|
|
To test delivery, make sure you have an `emailPassword` set
|
|
To test delivery, make sure you have an `emailPassword` set
|
|
(e.g. through [update.cgi](https://db.torproject.org/update.cgi)). Then you should be able to use the
|
|
(e.g. through [update.cgi](https://db.torproject.org/update.cgi)). Then you should be able to use the
|
|
[swaks](https://tracker.debian.org/swaks) to test delivery:
|
|
[swaks](https://tracker.debian.org/swaks) to test delivery.
|
|
|
|
|
|
This will try to relay an email through server example.net to the
|
|
This will try to relay an email through server example.net to the
|
|
example.com domain using TLS over the submission port (587) with user
|
|
example.com domain using TLS over the submission port (587) with user
|
... | @@ -133,6 +139,17 @@ name anarcat and a prompted password (`-ap -pp`). |
... | @@ -133,6 +139,17 @@ name anarcat and a prompted password (`-ap -pp`). |
|
|
|
|
|
swaks -f anarcat@example.net -t anarcat@example.com -s example.net -tls -p 587 -au anarcat -ap -pp
|
|
swaks -f anarcat@example.net -t anarcat@example.com -s example.net -tls -p 587 -au anarcat -ap -pp
|
|
|
|
|
|
|
|
To set a new password by hand in LDAP, you can use `doveadm`:
|
|
|
|
|
|
|
|
doveadm pw -s BLF-CRYPT
|
|
|
|
|
|
|
|
Then copy-paste the output (minus the {} prefix) into the
|
|
|
|
`mailPassword` field in LDAP (if you want to bypass the web interface)
|
|
|
|
or the `/etc/dovecot/private/mail-passwords` file on the submission
|
|
|
|
server (if you want to bypass `ud-replicate` altogether, note that the
|
|
|
|
change might be overwritten fairly quickly). Note that [other schemes
|
|
|
|
can be used as well](https://doc.dovecot.org/configuration_manual/authentication/password_schemes/).
|
|
|
|
|
|
## Logs and metrics
|
|
## Logs and metrics
|
|
|
|
|
|
TODO: logs and metrics
|
|
TODO: logs and metrics
|
... | @@ -148,6 +165,12 @@ No special backup of this service is required. |
... | @@ -148,6 +165,12 @@ No special backup of this service is required. |
|
|
|
|
|
TODO: <!-- references to upstream documentation, if relevant -->
|
|
TODO: <!-- references to upstream documentation, if relevant -->
|
|
|
|
|
|
|
|
* https://anarc.at/services/mail/
|
|
|
|
* https://doc.dovecot.org/configuration_manual/authentication/passwd_file/
|
|
|
|
* https://wiki.dovecot.org/VirtualUsers
|
|
|
|
* https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/
|
|
|
|
* https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb/
|
|
|
|
|
|
# Discussion
|
|
# Discussion
|
|
|
|
|
|
## Overview
|
|
## Overview
|
... | | ... | |