Operations grimoire/Mail

From Nasqueron Agora
Revision as of 09:37, 20 January 2017 by Dereckson (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

📕📁📜 Old technical information :: content warning

⌛ This Nasqueron Operations Grimoire page hasn't been updated for a long time.

☣ As our infrastructure evolves quickly, there is a good chance this information is outdated or now inaccurate. Be careful and consider update it.

➡️ To assert the information is still up-to-date or not, you can check the history of the relevant role in our Operations repository.

The mail infrastructure is shared between third party services (Mailgun, Sendgrid) for web applications willing to use API and our own mail server for regular mailboxes.

Third party services

Mainly, they provide configuration wizards, logs, and API keys on a web interface.

Operations grimoire/External services says who to contact to debug any issue, configure them, etc.

Nasqueron mail services

Architecture

We use the following servers:

  • Postfix
    • 25 is for mail servers
    • 587 is for STARTTLS + user auth
  • dovecot for IMAP / POP
  • SpamAssassin, OpenDKIM (see /DKIM)
  • Sympa for the mailing lists
  • MySQL to store user accounts mailboxes and sympa data
  • nginx to serve web applications

/etc/postfix and /etc/dovecot are Git repositories, so commit your configuration changes.

User accounts are stored in a MySQL database. They are managed by ViMbAdmin (on https://vma.nasqueron.org).

Sympa manages the mailing lists.

A nginx server serves vma as vma.nasqinternal, Roundcube as mail.nasqinternal and Sympa. On Dwellers, nginx assumes SSL termination and the relevant vhosts like mail.nasqueron.org, mail.wolfplex.be, etc.

All that should be migrated to configuration as code to be managed through Salt.

A lxc container has been chosen for more stability: Docker assumes we can respin containers, host OS can change. The lxc container is isolated, stable and lxc doesn't ask restarts.

Log in to the server

Mail server lives on the lxc container mailserver on Dwellers.

To access it, you must so:

 * ssh dwellers
 * attach to the container (lxc-attach -n mailserver [tcsh])

If you need to access a lxc container, you can script something do to: $SSH $LXC_SERVER $LXC_EXEC $CONTAINER_NAME $LXC_COMMAND

Here, it would be ssh -t dwellers.nasqueron.org sudo lxc-attach -n mailserver tcsh.

To be able to use sudo for lxc-attach, you must belong to the `ops` group.

Add a domain

  1. Add it to https://vma.nasqueron.org
  2. Follow /DKIM procedure

It's ready.

You can also be willing to declare the domain to autoconfig/autodiscover, but that's blocked by https://devcentral.nasqueron.org/T1116.