... | ... | @@ -42,6 +42,50 @@ This document describes the implementation of a **MSA**, although the |
|
|
service will most likely also include a **MTA** functionality in that
|
|
|
it will actually deliver emails to targets.
|
|
|
|
|
|
## Setting an email password
|
|
|
|
|
|
To use the email submission service, you first need to set a "mail
|
|
|
password". For this, you need to update your account in LDAP:
|
|
|
|
|
|
1. head towards <https://db.torproject.org/update.cgi>
|
|
|
2. login with your LDAP credentials (here's how to do a [password
|
|
|
reset](howto/ldap#password-reset) if you lost that)
|
|
|
3. be careful to hit the "Update my info" button (not the "Full
|
|
|
search")
|
|
|
4. enter a new, *strong* password in the `Change mail password:`
|
|
|
field (and save it in your password manager)
|
|
|
5. hit the "Update..." button
|
|
|
|
|
|
What this will do is set a "mail password" in your LDAP
|
|
|
account. Within a few minutes, this should propagate to the submission
|
|
|
server, which will then be available to relay your mail to the
|
|
|
world. Then the next step is to configure your email client, below.
|
|
|
|
|
|
## Thunderbird configuration
|
|
|
|
|
|
In Thunderbird, you will need to add a new SMTP account in "Account
|
|
|
settings", "Outgoing Server (SMTP)". Then click add and fill the form
|
|
|
with:
|
|
|
|
|
|
* Server name: `submission.torproject.org`
|
|
|
* Port: `587`
|
|
|
* Connection security: `STARTTLS`
|
|
|
* Authentication method: `Normal password`
|
|
|
* User Name: (your LDAP username, e.g. in my case it is `anarcat`,
|
|
|
**without** the `@torproject.org` part)
|
|
|
|
|
|
Then you can set that account as the default by hitting the "Set
|
|
|
default" button, if only your `torproject.org` identity is configured
|
|
|
on the server.
|
|
|
|
|
|
If not, you need to pick your `torproject.org` account from the
|
|
|
"Account settings" page, then at the bottom pick the `tor` SMTP server
|
|
|
you have just configured.
|
|
|
|
|
|
Then on first email send you will be prompted for your email
|
|
|
password. You should *NOT* get a certificate warning, a real cert
|
|
|
(signed by Let's Encrypt) should be presented by the server.
|
|
|
|
|
|
## Pager playbook
|
|
|
|
|
|
TODO: pager playbook
|
... | ... | @@ -154,7 +198,7 @@ This will try to relay an email through server example.net to the |
|
|
example.com domain using TLS over the submission port (587) with user
|
|
|
name anarcat and a prompted password (`-ap -pp`).
|
|
|
|
|
|
swaks -f anarcat@example.net -t anarcat@example.com -s example.net -tls -p 587 -au anarcat -ap -pp
|
|
|
swaks -f anarcat@torproject.org -t anarcat@torproject.org -s submission.torproject.org -tls -p 587 -au anarcat -ap -pp
|
|
|
|
|
|
To set a new password by hand in LDAP, you can use `doveadm`:
|
|
|
|
... | ... | |