User Tools

Site Tools


workparty2010q3

Work Party 2010 Q3 (focus on e-mail subsystem)

Goals:

Offload spamassassin functionality

  • Get Board approval
  • Sign OCLUG up with Roaring Penguin for Hosted CanIt Dave O'Neill

Other steps:

  • Let Dave O'Neill know what he should configure as the email address for this account (right now, it's him). An alias for the tech people responsible for managing OCLUG's email would be preferable to a single address.
  • Someone responsible for email contacts Dave and he'll pass along the admin password for OCLUG's Hosted CanIt realm.
  • That person plays around with the interface for a bit to see if they're comfortable with it. (More info here on how to set up our domain with Hosted CanIt.)
  • Disable spam filtering and greylisting on Tux for email relayed via Hosted CanIt's MX machines.
  • Change MX records for oclug.on.ca and lists.oclug.on.ca to Hosted CanIt's server:

oclug.on.ca. 1d IN MX 10 oclug.on.ca.mf.canit.ca.

     oclug.on.ca.  1d  IN  MX  20 oclug.on.ca.mg.canit.ca.\\\

\

     You should avoid publishing MX records that point directly to your back-end mail server; such records will permit spammers         to bypass Hosted CanIt completely.
* Firewall off port 25 from the rest of the world.
* Turn off SpamAssassin on Tux, and disable postgrey and other spam-filtering features.

Optimize mailing lists

  • Gather and document all mailing lists and e-mail addresses, such as Board, SysAdmins, etc.
  • Eliminate any unneeded lists

Postgres

  • close port on outside interface
    • It seems trac is using that interface. I'm going to try to configure trac to use the localhost interface, then close the the outside interface for postgres. –bjb 2010/08/06
    • Although postgres opens a port on the outside interface, it is configured to refuse every authentication via that interface. Clearly trac isn't using the outside interface. But why does trac access to the database fail when postgres is configured to stop listening on the outside interface? –bjb 2010/08/06
    • DONE. I turned off postgres listening to any network interface. It does all its work by unix sockets. dump.sh still works, trac still works, django still works. Let me know if anything else is broken. –bjb 2010/08/06
    • ah, probably broke sqledger … I will ask mcr if it is so –bjb 2010/08/06
workparty2010q3.txt · Last modified: 2015/06/09 15:23 (external edit)