CAcert System Admins discussion list

[Jan Dittberner <jandd AT cacert.org>]

After giving a basic introduction to our infrastructure in the first post in
this series [1] I continue with some information related to our mail
infrastructure.

[1] https://lists.cacert.org//wws/arc/cacert-sysadm/2016-06/msg00000.html


Mail systems
============

Our current mail system is split into four parts:

- email (outdated Debian 5.0 with a partly MySQL backed Postfix and Dovecot)
- emailout (relatively well maintained outgoing mail relay for
  infrastructure systems)
- community (horribly outdated Debian 4.0 providing Roundcube and
  unfortunatelly some completely unrelated things like the Board motion
  system and the staff list, email password reset functionality)
- lists (the mailing list server serving lists.cacert.org)

The email container receives all incoming mail addressed to cacert.org and
lists.cacert.org. Mails for lists.cacert.org are dispatched to the lists
container and lists for some aliases are dispatched to an OTRS setup in the
issues container [2].

[2] https://wiki.cacert.org/SystemAdministration/Systems/Issue

There were some plans to setup a new mail system using LDAP, Postfix and
Dovecot that have not been implemented yet. We already have two containers
ldap and mail with (lacking) documentation in the Wiki [3], [4]. I would not
like to have yet another system so I would suggest to go with these or
replace them with one or more new containers on our infrastructure host. We
had external systems in the past and that proved less than optimal due to
reasons like lacking documentation, systems beeing unmaintained/shut down
without notice and so on.

[3] https://wiki.cacert.org/SystemAdministration/Systems/Mail
[4] https://wiki.cacert.org/SystemAdministration/Systems/Ldap

The current approach to handle email accounts and aliases involves manual
SQL queries to the underlying database. This should be replaced by some
(ideally web based) tool. This would allow the separation of user faced
email administration from the system administration itself.

I would prefer to have the mailbox data separated from the operating system
partition to allow easier backups. Currently mailboxes are just stored in
the /home directory on the email container and are mixed with the home
directories of users with shell access on this container which is bad from
my point of view.

Another area that needs improvement is DKIM signing for outgoing mails.

IPv6 support would be another goal for the near future.

From my point of view we need to design how a future mail system should look
like before starting to implement something that we can not migrate our
existing users, mailboxes, aliases and integrations to or that will not
serve our users needs.

That's it for now. Feel free to give feedback and share your ideas and
opinions.


The following mails will discuss:

- our IRC system(s)
- our Monitoring setup
- other systems
- my idea for the future of our infrastructure administration


Best regards

Jan

-- 
Jan Dittberner - CAcert Infrastructure Team Lead
Software Architect, Debian Developer
GPG-key: 4096R/0xA73E0055558FB8DD 2009-05-10
         B2FF 1D95 CE8F 7A22 DF4C  F09B A73E 0055 558F B8DD
https://jan.dittberner.info/

Attachment: smime.p7s
Description: S/MIME cryptographic signature