... | ... | @@ -105,10 +105,8 @@ it will actually deliver emails to targets. |
|
|
|
|
|
## Pager playbook
|
|
|
|
|
|
TODO: pager playbook
|
|
|
<!-- information about common errors from the monitoring system and -->
|
|
|
<!-- how to deal with them. this should be easy to follow: think of -->
|
|
|
<!-- your future self, in a stressful situation, tired and hungry. -->
|
|
|
No pager playbook has been built yet. See the [Monitoring and
|
|
|
testing](#monitoring-and-testing) section below for ideas on how to debug things.
|
|
|
|
|
|
## Disaster recovery
|
|
|
|
... | ... | @@ -152,45 +150,47 @@ record. |
|
|
|
|
|
## SLA
|
|
|
|
|
|
TODO: <!-- describe an acceptable level of service for this service -->
|
|
|
There is no SLA specific to this service, but mail delivery is
|
|
|
generally considered to be high priority. Complaints about delivery
|
|
|
failure should be filed as [issues in our ticket tracker](#issues) and
|
|
|
addressed.
|
|
|
|
|
|
## Design
|
|
|
|
|
|
TODO: <!-- how this is built -->
|
|
|
<!-- should reuse and expand on the "proposed solution", it's a -->
|
|
|
<!-- "as-built" documented, whereas the "Proposed solution" is an -->
|
|
|
<!-- "architectural" document, which the final result might differ -->
|
|
|
<!-- from, sometimes significantly -->
|
|
|
The submission email service allows users to submit mail as if they
|
|
|
were on a `torproject.org` machine. Concretely, it is a Postfix server
|
|
|
which relays email to anywhere once [SASL authentication](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) is
|
|
|
passed.
|
|
|
|
|
|
<!-- a good guide to "audit" an existing project's design: -->
|
|
|
<!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html -->
|
|
|
Most of the code is glue code in Puppet, along with a small set of
|
|
|
patches to ud-ldap which were sent (and mostly accepted) upstream.
|
|
|
|
|
|
<!-- things to evaluate here:
|
|
|
### Authentication
|
|
|
|
|
|
* services
|
|
|
* storage (databases? plain text files? cloud/S3 storage?)
|
|
|
* queues (e.g. email queues, job queues, schedulers)
|
|
|
* interfaces (e.g. webserver, commandline)
|
|
|
* authentication (e.g. SSH, LDAP?)
|
|
|
* programming languages, frameworks, versions
|
|
|
* dependent services (e.g. authenticates against LDAP, or requires
|
|
|
git pushes)
|
|
|
* deployments: how is code for this deployed (see also Installation)
|
|
|
SASL authentication is delegated to a dummy Dovecot server which is
|
|
|
*only* used for authentication (i.e. it doesn't provide IMAP or POP
|
|
|
storage). Username/password pairs are deployed by [ud-ldap](howto/ldap) into
|
|
|
`/etc/dovecot/private/mail-passwords`.
|
|
|
|
|
|
how is this thing built, basically? -->
|
|
|
|
|
|
TODO: some interesting "best practices" notes: https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/
|
|
|
The LDAP server stores those passwords in a `mailPassword` field and
|
|
|
the web interface is used to modify those passwords. Passwords are
|
|
|
(currently) encrypted with a salted MD5 hash because of compatibility
|
|
|
problems between the Perl/ud-ldap implementation and Dovecot which
|
|
|
haven't been resolved yet.
|
|
|
|
|
|
## Issues
|
|
|
|
|
|
Project is coordinated in [ticket #30608][].
|
|
|
|
|
|
There is no issue tracker specifically for this project, [File][] or
|
|
|
[search][] for issues in the [team issue tracker][search].
|
|
|
|
|
|
When reporting email issues, do mind the [reporting email problems](doc/reporting-email-problems)
|
|
|
documentation.
|
|
|
|
|
|
[File]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
|
|
|
[search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues
|
|
|
|
|
|
Project was coordinated and launched in [ticket #30608][].
|
|
|
|
|
|
## Maintainer, users, and upstream
|
|
|
|
|
|
This service is mostly written as a set of Puppet manifests. It was
|
... | ... | @@ -201,8 +201,6 @@ the upstream, see [LDAP docs](howto/ldap#maintainer-users-and-upstream) for deta |
|
|
|
|
|
## Monitoring and testing
|
|
|
|
|
|
TODO: nagios monitoring?
|
|
|
|
|
|
To test delivery, make sure you have an `emailPassword` set
|
|
|
(e.g. through [update.cgi](https://db.torproject.org/update.cgi)). Then you should be able to use the
|
|
|
[swaks](https://tracker.debian.org/swaks) to test delivery.
|
... | ... | @@ -226,6 +224,10 @@ server (if you want to bypass `ud-replicate` altogether, note that the |
|
|
change might be overwritten fairly quickly). Note that [other schemes
|
|
|
can be used as well](https://doc.dovecot.org/configuration_manual/authentication/password_schemes/).
|
|
|
|
|
|
We do not have end to end delivery monitoring just yet, that is part
|
|
|
of the [improve mail services milestone](https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/4), specifically [issue
|
|
|
40494](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40494).
|
|
|
|
|
|
## Logs and metrics
|
|
|
|
|
|
The submission server is monitored like other mail servers that have
|
... | ... | |