Project

General

Profile

ContactAddress » History » Version 11

Denis 'GNUtoo' Carikli, 04/20/2020 03:39 PM

1 1 Denis 'GNUtoo' Carikli
h1. ContactAddress
2
3
h2. Design
4
5 8 Denis 'GNUtoo' Carikli
This system was designed to be as simple as possible:
6 1 Denis 'GNUtoo' Carikli
It was designed in a way that enables it to receive mail but it does not to need to send any mail:
7 9 Denis 'GNUtoo' Carikli
* There is no need of reverse DNS for the IP address.
8
* We don't need to use DKIM. 
9
* It's easier to get the setup right and secure. We don't even need any authentication to receive the mail.
10
* We don't need to make sure that the system cannot be abused to send arbitrary mail to arbitrary address by anyone as it's not supposed to send any mail in the first place.
11 1 Denis 'GNUtoo' Carikli
12 9 Denis 'GNUtoo' Carikli
If we want to send mail we would need to implement all that:
13
* We would need to see with the FSF if they could handle us the control of the reverse DNS for the IP address we use.
14
* For DKIM, we would need to look if Trisquel 8 has DKIM implementations (like dkimproxy) that are easy to integrate with OpenSMTPD.
15
* We would need to make sure that the server configuration cannot be abused to send mails to arbitrary address by anyone else it would ended up being blacklisted by companies and project trying to fight SPAM.
16 1 Denis 'GNUtoo' Carikli
17 7 Denis 'GNUtoo' Carikli
We could also whitelist the servers used by the people receiving this mail through this system, through SPF, if we want people to send mail to the same address they received it from (which is probably not very important).
18
19
The DNS zones are configured to set the MX to the Replicant vm at the FSF.
20 9 Denis 'GNUtoo' Carikli
For more details on how the DNS is hosted, see [[DNS]].
21
22
For now this uses OpenSMTPD just because the person implementing that system initially (GNUtoo) already used OpenSMTPD at home, so it was faster as the configurations could be partially reused and the setup compared.
23
24
For consulting the mail we will use dovecot as the person willing to implement it (GNUtoo) already uses that at home too.
25
26
This will still need some authentication but as it's a separate part it also limit the risk of missconfiguration as for the ability to abuse the system to send mails.
27 6 Denis 'GNUtoo' Carikli
28
h2. Maintenance
29
30 2 Denis 'GNUtoo' Carikli
h3. Add new people
31
32 10 Denis 'GNUtoo' Carikli
To enable a new person to receive mail:
33 2 Denis 'GNUtoo' Carikli
* Create an account for the new person: @useradd -m <lowercase_username>@
34
* Add the lower_case_username to /etc/smtpd/aliases
35 4 Denis 'GNUtoo' Carikli
* run @smtpctl update table aliases@
36 10 Denis 'GNUtoo' Carikli
37
To enable a new person to consult mail:
38 11 Denis 'GNUtoo' Carikli
* ask the person for which *lowercase* username they wish to use
39 10 Denis 'GNUtoo' Carikli
* ask the person to run the following command: *@doveadm pw -u <username> -s SHA512-CRYPT@*
40 5 Denis 'GNUtoo' Carikli
41
Notes:
42
* The Maildir directory is created automatically when receiving the first mail
43
* There is no need to setup a password for the account
44 1 Denis 'GNUtoo' Carikli
* I didn't look how much we can lock down the accounts and still make openstmtpd work.
45 6 Denis 'GNUtoo' Carikli
46
h3. Switching to more recent OpenSMTPD
47
48
The configuration format changed in newer OpenSMTPD.
49
50
We will probably have to migrate the configuration when switching to to Trisquel 9.
51
52
TODO: Document the format change.