Changes

Page history
fix more link oddities authored by anarcat's avatar anarcat
Show whitespace changes
Inline Side-by-side
service/email.md
View page @ f088276b
......@@ -796,7 +796,7 @@ Anything with a header from @torproject.org will be DKIM signed by the submissio
### Regular nodes
Regular nodes have no special mail needs and just need to be able to deliver mail. They can be recognised in puppet by having profile::postfix::independent set to false (the default value). They use our MTA servers as relayhost. This is taken care of by the profile::postfix manifest, which is included on all TPO nodes.
Regular nodes have no special mail needs and just need to be able to deliver mail. They can be recognised in puppet by having `profile::postfix::independent` set to false (the default value). They use our MTA servers as `relayhost`. This is taken care of by the `profile::postfix` manifest, which is included on all TPO nodes.
Currently regular nodes have no local mail delivery whatsoever, though this is subject to change, see [#42024](https://gitlab.torproject.org/tpo/tpa/team/-/issues/42024).
......@@ -809,17 +809,17 @@ We should ideally ensure an @torproject.org address is used for outgoing mail.
### Independent mailers
Independent mailers are nodes that receive mail on their own subdomain (which should be different from the node's fqdn) and/or deliver mail themselves without using our MTA. They can be recognised in puppet by having profile::postfix::independent set to true.
Independent mailers are nodes that receive mail on their own subdomain (which should be different from the node's fqdn) and/or deliver mail themselves without using our MTA. They can be recognised in puppet by having `profile::postfix::independent` set to true.
There are several things to take into consideration when setting up an independent mailer. In nearly all cases you need to make sure to include profile::rspamd.
There are several things to take into consideration when setting up an independent mailer. In nearly all cases you need to make sure to include `profile::rspamd`.
If your node is going to accept mail, you need to:
- ensure there's an entry in the letsencypt-domains repo
- ensure there's an ssl::service with the appropriate tlsaport notifying Service['postfix']
- add appropriate postfix configuration for handling the incoming mail in profile::postfix::extra_params
- ensure there's an entry in the `letsencypt-domains.git` repo
- ensure there's an ssl::service with the appropriate `tlsaport` notifying `Service['postfix']`
- add appropriate postfix configuration for handling the incoming mail in `profile::postfix::extra_params`
- open up firewalling
- potentially adjust the profile::postfix::monitor_ports and monitor_tls_ports
- potentially adjust the `profile::postfix::monitor_ports` and `monitor_tls_ports`
- set an MX record
- ensure there's a PTR record
- add it to [dnswl.org](https://www.dnswl.org/)
......@@ -828,8 +828,8 @@ If your node is going to deliver its own mail, you need to:
- if you're mailing as something other than @fqdn or @torproject.org, set an MX record (yes, an MX record is needed, it doesn't need to actually receive mail, but other mailers hate receiving mail from domains that don't have any MX)
- set / add to the appropriate SPF records
- set profile::rspamd::dkimdomain
- consider setting profile::rspamd::antispam to false if you're not receiving mail or don't care about spam
- set `profile::rspamd::dkimdomain`
- consider setting `profile::rspamd::antispam` to false if you're not receiving mail or don't care about spam
Examples of independent mailers are: lists-01.torproject.org, crm-int-01.torproject.org, rt.torproject.org
......
......