summaryrefslogtreecommitdiff
path: root/docs/configdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2016-05-08 01:53:10 +0200
committerJan Dittberner <jandd@cacert.org>2016-05-08 01:53:10 +0200
commit90cacc99121ff4c77d1b117e0da3e7034d09dff3 (patch)
treebcb5ab3cf219f4b43e4f837658a0b9f6f367c74f /docs/configdiff
parentbc7d3ddbd1da9c12c776330c0d93e2c8fe207e4e (diff)
downloadcacert-infradocs-90cacc99121ff4c77d1b117e0da3e7034d09dff3.tar.gz
cacert-infradocs-90cacc99121ff4c77d1b117e0da3e7034d09dff3.tar.xz
cacert-infradocs-90cacc99121ff4c77d1b117e0da3e7034d09dff3.zip
Document the emailout container
This commit adds documentation for emailout. The documentation is taken from https://wiki.cacert.org/SystemAdministration/Systems/Emailout?action=recall&rev=3 and data gathered from the actual system and a reference Debian Wheezy chroot on infra02.
Diffstat (limited to 'docs/configdiff')
-rw-r--r--docs/configdiff/emailout/canonical_maps2
-rw-r--r--docs/configdiff/emailout/postfix.diff61
-rw-r--r--docs/configdiff/emailout/transport3
3 files changed, 66 insertions, 0 deletions
diff --git a/docs/configdiff/emailout/canonical_maps b/docs/configdiff/emailout/canonical_maps
new file mode 100644
index 0000000..4b8c021
--- /dev/null
+++ b/docs/configdiff/emailout/canonical_maps
@@ -0,0 +1,2 @@
+/@(.*).intra.cacert.org$/ $1-admin@cacert.org
+/@(.*).infra.cacert.org$/ $1-admin@cacert.org
diff --git a/docs/configdiff/emailout/postfix.diff b/docs/configdiff/emailout/postfix.diff
new file mode 100644
index 0000000..1e1d759
--- /dev/null
+++ b/docs/configdiff/emailout/postfix.diff
@@ -0,0 +1,61 @@
+diff -urwN wheezy-chroot/etc/postfix/dynamicmaps.cf vm-emailout/rootfs/etc/postfix/dynamicmaps.cf
+--- wheezy-chroot/etc/postfix/dynamicmaps.cf 2016-05-08 00:51:54.738716333 +0200
++++ vm-emailout/rootfs/etc/postfix/dynamicmaps.cf 2015-02-02 13:58:10.151038663 +0100
+@@ -4,3 +4,4 @@
+ #==== ================================ ============= ============
+ tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open
+ sqlite /usr/lib/postfix/dict_sqlite.so dict_sqlite_open
++pcre /usr/lib/postfix/dict_pcre.so dict_pcre_open
+diff -urwN wheezy-chroot/etc/postfix/main.cf vm-emailout/rootfs/etc/postfix/main.cf
+--- wheezy-chroot/etc/postfix/main.cf 2016-05-08 00:51:55.514721219 +0200
++++ vm-emailout/rootfs/etc/postfix/main.cf 2015-02-02 19:13:43.370652677 +0100
+@@ -5,6 +5,8 @@
+ # line of that file to be used as the name. The Debian default
+ # is /etc/mailname.
+ #myorigin = /etc/mailname
++mydomain = emailout.intra.cacert.org
++smtp_helo_name = infrastructure.cacert.org
+
+ smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+ biff = no
+@@ -24,16 +26,37 @@
+ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
++smtp_tls_security_level = may
++
++# map internal host names to their corresponding admin addresses
++canonical_maps = pcre:/etc/postfix/canonical_maps
++
+ # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+ # information on enabling SSL in the smtp client.
+
+-myhostname = infra02.intra.cacert.org
++myhostname = emailout.intra.cacert.org
+ alias_maps = hash:/etc/aliases
+ alias_database = hash:/etc/aliases
+ myorigin = /etc/mailname
+-mydestination = infra02.intra.cacert.org, localhost.intra.cacert.org, , localhost
++mydestination = emailout.cacert.org, emailout, localhost.localdomain, localhost
+ relayhost =
+-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
++mynetworks = 172.16.2.0/24 10.0.0.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+ mailbox_size_limit = 0
+ recipient_delimiter = +
+ inet_interfaces = all
++inet_protocols = all
++
++# DKIM milter
++# http://www.postfix.org/MILTER_README.html
++# TODO: enable DKIM once the DNS record is in place
++#smtpd_milters = unix:/opendkim/opendkim.sock
++#non_smtpd_milters = $smtpd_milters
++
++# what to do if the dkim filter fails
++#milter_default_action = accept
++#milter_command_timeout = 5s
++#milter_connect_timeout = $milter_command_timeout
++#milter_content_timeout = 45s
++
++transport_maps = hash:/etc/postfix/transport
++local_transport = error:local delivery is disabled
diff --git a/docs/configdiff/emailout/transport b/docs/configdiff/emailout/transport
new file mode 100644
index 0000000..8c4f3d1
--- /dev/null
+++ b/docs/configdiff/emailout/transport
@@ -0,0 +1,3 @@
+lists.cacert.org smtp:[lists.intra.cacert.org]
+issue.cacert.org smtp:[issue.intra.cacert.org]
+cacert.org smtp:[email.intra.cacert.org]