User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

workparty2010q3 [2015/06/09 15:23] (current)
Line 1: Line 1:
 +====== Work Party 2010 Q3 (focus on e-mail subsystem) ======
 +===== Goals: =====
 +==== Offload spamassassin functionality ====
 +  * <del> Get Board approval </​del>​
 +  * <del> Sign OCLUG up with Roaring Penguin for Hosted CanIt </​del>​ Dave O'​Neill
 +Other steps:
 +  * Let Dave O'​Neill know what he should configure as the email address for this account (right now, it's him).  An alias for the tech people responsible for managing OCLUG'​s email would be preferable to a single address.
 +  * Someone responsible for email contacts Dave and he'll pass along the admin password for OCLUG'​s Hosted CanIt realm.
 +  * That person plays around with [[https://​​canit/​|the interface]] for a bit to see if they'​re comfortable with it.  (More info here on [[http://​​preparing-for-hosted-canit|how to set up our domain with Hosted CanIt]].)
 +  * Disable spam filtering and greylisting on Tux for email relayed via Hosted CanIt'​s MX machines.
 +  * Change MX records for and to Hosted CanIt'​s server:\\
 +       ​ ​ 1d  IN  MX  10\\
 +       ​ ​ 1d  IN  MX  20\\\
 +       You should avoid publishing MX records that point directly to your back-end mail server; such records will permit spammers ​        to bypass Hosted CanIt completely.
 +  * Firewall off port 25 from the rest of the world.
 +  * Turn off SpamAssassin on Tux, and disable postgrey and other spam-filtering features.
 +==== Optimize mailing lists ====
 +  * Gather and **document** all mailing lists and e-mail addresses, such as Board, SysAdmins, etc.
 +  * Eliminate any unneeded lists
 +==== Postgres ====
 +  * close port on outside interface
 +     * It seems trac is using that interface. ​ I'm going to try to configure trac to use the localhost interface, then close the the outside interface for postgres. ​ --bjb  2010/08/06
 +     * Although postgres opens a port on the outside interface, it is configured to refuse every authentication via that interface. ​ Clearly trac isn't using the outside interface. ​ But why does trac access to the database fail when postgres is configured to stop listening on the outside interface? ​ --bjb 2010/08/06
 +     * DONE.  I turned off postgres listening to any network interface. ​ It does all its work by unix sockets. ​ still works, trac still works, django still works. ​ Let me know if anything else is broken. ​ --bjb 2010/08/06
 +     * ah, probably broke sqledger ... I will ask mcr if it is so  --bjb 2010/08/06
workparty2010q3.txt ยท Last modified: 2015/06/09 15:23 (external edit)