Loading howto/submission.md +31 −29 Original line number Diff line number Diff line Loading @@ -105,10 +105,8 @@ it will actually deliver emails to targets. ## Pager playbook TODO: pager playbook <!-- information about common errors from the monitoring system and --> <!-- how to deal with them. this should be easy to follow: think of --> <!-- your future self, in a stressful situation, tired and hungry. --> No pager playbook has been built yet. See the [Monitoring and testing](#monitoring-and-testing) section below for ideas on how to debug things. ## Disaster recovery Loading Loading @@ -152,45 +150,47 @@ record. ## SLA TODO: <!-- describe an acceptable level of service for this service --> There is no SLA specific to this service, but mail delivery is generally considered to be high priority. Complaints about delivery failure should be filed as [issues in our ticket tracker](#issues) and addressed. ## Design TODO: <!-- how this is built --> <!-- should reuse and expand on the "proposed solution", it's a --> <!-- "as-built" documented, whereas the "Proposed solution" is an --> <!-- "architectural" document, which the final result might differ --> <!-- from, sometimes significantly --> The submission email service allows users to submit mail as if they were on a `torproject.org` machine. Concretely, it is a Postfix server which relays email to anywhere once [SASL authentication](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) is passed. <!-- a good guide to "audit" an existing project's design: --> <!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html --> Most of the code is glue code in Puppet, along with a small set of patches to ud-ldap which were sent (and mostly accepted) upstream. <!-- things to evaluate here: ### Authentication * services * storage (databases? plain text files? cloud/S3 storage?) * queues (e.g. email queues, job queues, schedulers) * interfaces (e.g. webserver, commandline) * authentication (e.g. SSH, LDAP?) * programming languages, frameworks, versions * dependent services (e.g. authenticates against LDAP, or requires git pushes) * deployments: how is code for this deployed (see also Installation) SASL authentication is delegated to a dummy Dovecot server which is *only* used for authentication (i.e. it doesn't provide IMAP or POP storage). Username/password pairs are deployed by [ud-ldap](howto/ldap) into `/etc/dovecot/private/mail-passwords`. how is this thing built, basically? --> TODO: some interesting "best practices" notes: https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/ The LDAP server stores those passwords in a `mailPassword` field and the web interface is used to modify those passwords. Passwords are (currently) encrypted with a salted MD5 hash because of compatibility problems between the Perl/ud-ldap implementation and Dovecot which haven't been resolved yet. ## Issues Project is coordinated in [ticket #30608][]. There is no issue tracker specifically for this project, [File][] or [search][] for issues in the [team issue tracker][search]. When reporting email issues, do mind the [reporting email problems](doc/reporting-email-problems) documentation. [File]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new [search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues Project was coordinated and launched in [ticket #30608][]. ## Maintainer, users, and upstream This service is mostly written as a set of Puppet manifests. It was Loading @@ -201,8 +201,6 @@ the upstream, see [LDAP docs](howto/ldap#maintainer-users-and-upstream) for deta ## Monitoring and testing TODO: nagios monitoring? To test delivery, make sure you have an `emailPassword` set (e.g. through [update.cgi](https://db.torproject.org/update.cgi)). Then you should be able to use the [swaks](https://tracker.debian.org/swaks) to test delivery. Loading @@ -226,6 +224,10 @@ server (if you want to bypass `ud-replicate` altogether, note that the change might be overwritten fairly quickly). Note that [other schemes can be used as well](https://doc.dovecot.org/configuration_manual/authentication/password_schemes/). We do not have end to end delivery monitoring just yet, that is part of the [improve mail services milestone](https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/4), specifically [issue 40494](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40494). ## Logs and metrics The submission server is monitored like other mail servers that have Loading Loading
howto/submission.md +31 −29 Original line number Diff line number Diff line Loading @@ -105,10 +105,8 @@ it will actually deliver emails to targets. ## Pager playbook TODO: pager playbook <!-- information about common errors from the monitoring system and --> <!-- how to deal with them. this should be easy to follow: think of --> <!-- your future self, in a stressful situation, tired and hungry. --> No pager playbook has been built yet. See the [Monitoring and testing](#monitoring-and-testing) section below for ideas on how to debug things. ## Disaster recovery Loading Loading @@ -152,45 +150,47 @@ record. ## SLA TODO: <!-- describe an acceptable level of service for this service --> There is no SLA specific to this service, but mail delivery is generally considered to be high priority. Complaints about delivery failure should be filed as [issues in our ticket tracker](#issues) and addressed. ## Design TODO: <!-- how this is built --> <!-- should reuse and expand on the "proposed solution", it's a --> <!-- "as-built" documented, whereas the "Proposed solution" is an --> <!-- "architectural" document, which the final result might differ --> <!-- from, sometimes significantly --> The submission email service allows users to submit mail as if they were on a `torproject.org` machine. Concretely, it is a Postfix server which relays email to anywhere once [SASL authentication](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) is passed. <!-- a good guide to "audit" an existing project's design: --> <!-- https://bluesock.org/~willkg/blog/dev/auditing_projects.html --> Most of the code is glue code in Puppet, along with a small set of patches to ud-ldap which were sent (and mostly accepted) upstream. <!-- things to evaluate here: ### Authentication * services * storage (databases? plain text files? cloud/S3 storage?) * queues (e.g. email queues, job queues, schedulers) * interfaces (e.g. webserver, commandline) * authentication (e.g. SSH, LDAP?) * programming languages, frameworks, versions * dependent services (e.g. authenticates against LDAP, or requires git pushes) * deployments: how is code for this deployed (see also Installation) SASL authentication is delegated to a dummy Dovecot server which is *only* used for authentication (i.e. it doesn't provide IMAP or POP storage). Username/password pairs are deployed by [ud-ldap](howto/ldap) into `/etc/dovecot/private/mail-passwords`. how is this thing built, basically? --> TODO: some interesting "best practices" notes: https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/ The LDAP server stores those passwords in a `mailPassword` field and the web interface is used to modify those passwords. Passwords are (currently) encrypted with a salted MD5 hash because of compatibility problems between the Perl/ud-ldap implementation and Dovecot which haven't been resolved yet. ## Issues Project is coordinated in [ticket #30608][]. There is no issue tracker specifically for this project, [File][] or [search][] for issues in the [team issue tracker][search]. When reporting email issues, do mind the [reporting email problems](doc/reporting-email-problems) documentation. [File]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new [search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues Project was coordinated and launched in [ticket #30608][]. ## Maintainer, users, and upstream This service is mostly written as a set of Puppet manifests. It was Loading @@ -201,8 +201,6 @@ the upstream, see [LDAP docs](howto/ldap#maintainer-users-and-upstream) for deta ## Monitoring and testing TODO: nagios monitoring? To test delivery, make sure you have an `emailPassword` set (e.g. through [update.cgi](https://db.torproject.org/update.cgi)). Then you should be able to use the [swaks](https://tracker.debian.org/swaks) to test delivery. Loading @@ -226,6 +224,10 @@ server (if you want to bypass `ud-replicate` altogether, note that the change might be overwritten fairly quickly). Note that [other schemes can be used as well](https://doc.dovecot.org/configuration_manual/authentication/password_schemes/). We do not have end to end delivery monitoring just yet, that is part of the [improve mail services milestone](https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/4), specifically [issue 40494](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40494). ## Logs and metrics The submission server is monitored like other mail servers that have Loading
