Replicant » Replicant infrastructure

h1. ContactAddress

h2. Description

For the DNS part, see [[DNS]].

For now this uses OpenSMTPD just because the person implementing that system initially (GNUtoo) already used OpenSMTPD at home, so it was faster as the configurations could be partially reused and the setup compared.

h2. Design

This system was designed to be as simple as possible:

It was designed in a way that enables it to receive mail but it does not to need to send any mail:

* There is no need of reverse DNS for the IP address

* We don't have to have DKIM

* It's easier to get the setup right and secure

If we want to send mail we would need to implement all that.

We could also whitelist the servers used by the people receiving this mail through this system, through SPF, if we want people to send mail to the same address they received it from (which is probably not very important).

The DNS zones are configured to set the MX to the Replicant vm at the FSF.

h2. Maintenance

h3. Add new people

* Create an account for the new person: @useradd -m <lowercase_username>@

* Add the lower_case_username to /etc/smtpd/aliases

* run @smtpctl update table aliases@

Notes:

* The Maildir directory is created automatically when receiving the first mail

* There is no need to setup a password for the account

* I didn't look how much we can lock down the accounts and still make openstmtpd work.

h3. Switching to more recent OpenSMTPD

The configuration format changed in newer OpenSMTPD.

We will probably have to migrate the configuration when switching to to Trisquel 9.

TODO: Document the format change.