| 1 | The =distorted.org.uk= mail system |
| 2 | |
| 3 | * Delivery |
| 4 | |
| 5 | The mail delivery agent is Exim. If you don't do anything special, mail |
| 6 | is delivered into =/var/mail/USER= on stratocaster, in mbox format. |
| 7 | |
| 8 | There are a number of ways you can affect mail delivery. |
| 9 | |
| 10 | ** The =~/.forward= file |
| 11 | |
| 12 | In traditional Unix style, you can write delivery instructions into a |
| 13 | file named =.forward= in your home directory. This file can contain a |
| 14 | comma-separated list of email address and/or file or directory names to |
| 15 | which your mail should be sent. Mail is written to files in traditional |
| 16 | Unix `mbox' format, and to directories in `Maildir' format. The |
| 17 | =:fail:= and =:defer:= items are permitted, but may not be very useful. |
| 18 | |
| 19 | This file can instead be an Exim or Sieve filter file, as marked by a |
| 20 | special comment on the first line. See the document `Exim's interfaces |
| 21 | to mail filtering', available via the command =info filter=, for details |
| 22 | about these files. |
| 23 | |
| 24 | ** The =~/.mail/forward= file |
| 25 | |
| 26 | If you prefer, you can write delivery instructions to =~/.mail/forward= |
| 27 | instead. If you have lots of mail configuration files, you may find it |
| 28 | tidier to keep them all together in =~/.mail/=. |
| 29 | |
| 30 | ** The =~/.mail/forward.suffix= file |
| 31 | |
| 32 | You will receive mail sent to =USER@distorted.org.uk=. You can also |
| 33 | receive mail sent to =USER-SUFFIX@distorted.org.uk= or |
| 34 | =USER+SUFFIX@distorted.org.uk=, for any =SUFFIX= string if you create a |
| 35 | file =~/.mail/forward.suffix=. While this can be a simple forward file, |
| 36 | it's probably much more useful to write an Exim filter file to analyse |
| 37 | the suffix string and take appropriate action. |
| 38 | |
| 39 | If this file exists, it should be world-readable, because it will be |
| 40 | used by the mail server at SMTP time in order to decide whether a |
| 41 | particular =SUFFIX= string is valid. |
| 42 | |
| 43 | ** Permissions for filter files |
| 44 | |
| 45 | Your various filter files are used by Exim's SMTP server, which runs as |
| 46 | an unprivileged user =Debian-exim= for security reasons. Therefore your |
| 47 | filter files must be readable by this user. Currently, the only way to |
| 48 | do this is to make the filter files world-readable. If this is |
| 49 | unsatisfactory for some reason I'll try to come up with a way to arrange |
| 50 | privacy for your filters. |
| 51 | |
| 52 | |
| 53 | * Reading mail |
| 54 | |
| 55 | ** Reading mail locally |
| 56 | |
| 57 | The servers =stratocaster= and =jem= have a few mail user agents |
| 58 | installed, most notably trad BSD =mail=, =mutt=, and Emacs's various |
| 59 | mail-reading interfaces; more can be added. Your mail is delivered to |
| 60 | =/var/mail/USER=; any further arrangements, e.g., multiple folders, are |
| 61 | left to you. |
| 62 | |
| 63 | ** Fetching mail through IMAP |
| 64 | |
| 65 | There's an IMAP server running on =mail.distorted.org.uk=. It expects |
| 66 | your main inbox to be in =/var/mail/USER=, and further folders are put |
| 67 | in =~/mail/=, in mbox format. |
| 68 | |
| 69 | The IMAP server listens on ports 143 (plain IMAP) and 993 (IMAP over |
| 70 | TLS). In the former case, you'll have to configure your client to send |
| 71 | =STARTTLS=, because the server simply won't allow non-encrypted |
| 72 | communication. |
| 73 | |
| 74 | The server's certificate is signed by my certificate authority, whose |
| 75 | own certificate can be fetched from |
| 76 | https://www.distorted.org.uk/ca/ca.cert. (The web server's certificate |
| 77 | is signed by the StartCom Class 1 CA, which should be in most browser's |
| 78 | certificate stores.) I issue new short-term certificates daily, so |
| 79 | telling your mail client to pin the certificate won't help. (The public |
| 80 | key doesn't change, though, so if you can do public-key pinning you'll |
| 81 | be OK.) |
| 82 | |
| 83 | ** Forwarding mail off-site |
| 84 | |
| 85 | You can redirect all of your mail to some other site if you prefer to |
| 86 | consolidate it: just write the destination mailbox to =~/.forward=. |
| 87 | Everything else is left to you. |
| 88 | |
| 89 | |
| 90 | * Sending mail |
| 91 | |
| 92 | ** The =sendmail= program |
| 93 | |
| 94 | Exim provides a =/usr/sbin/sendmail= program with a plausible interface, |
| 95 | and most traditional Unix programs will use this by default to send |
| 96 | mail. |
| 97 | |
| 98 | ** SMTP to =localhost= |
| 99 | |
| 100 | Another traditional way of submitting mail is by connecting to port 25 |
| 101 | on the loopback address 127.0.0.1 and speaking SMTP. This will work on |
| 102 | most servers, and you will be authenticated automatically using the |
| 103 | system's =identd=. NB: servers other than stratocaster won't |
| 104 | understand unusual domains. |
| 105 | |
| 106 | ** The Submission protocol |
| 107 | |
| 108 | The `modern' way to submit mail involves connecting to port 587 on the |
| 109 | =mail.distorted.org.uk= (the `submission' service) and speaking SMTP. |
| 110 | If you use this service, then (a) you must tell your client to send |
| 111 | =STARTTLS=, and (b) you will have to provide a user name and password. |
| 112 | |
| 113 | As with IMAP, the SMTP server's certificate is signed by the |
| 114 | =distorted.org.uk= CA; see above. |
| 115 | |
| 116 | ** Sender authenticity |
| 117 | |
| 118 | It is my intention that it be very hard for one =distorted.org.uk= user |
| 119 | to impersonate another to a third. To this end, the mail server is |
| 120 | rather picky about envelope sender addresses. |
| 121 | |
| 122 | + It won't accept an apparently local sender address from an external |
| 123 | mail server at all. |
| 124 | |
| 125 | + It will check locally submitted mail against the submitter's user |
| 126 | name. The precise details vary according to the submission |
| 127 | mechanism: mail submitted through =sendmail= will have additional |
| 128 | headers added; mail submitted through SMTP will be rejected unless |
| 129 | the envelope sender is acceptable. |
| 130 | |
| 131 | If I see something like DKIM catching on then this will also provide |
| 132 | external users with some kind of (probably fairly weak) sender |
| 133 | authenticity. |
| 134 | |
| 135 | On the other hand, the mail server is aware of vanity domains, extension |
| 136 | addresses, and so on, and should let you send mail apparently from an |
| 137 | such an address that you control. If you think the mail server is being |
| 138 | unnecessarily strict about something then I'm willing to discuss your |
| 139 | requirements. |
| 140 | |
| 141 | If I'm hosting your mail domain for you then you get to decide the |
| 142 | appropriate policy. |
| 143 | |
| 144 | |
| 145 | * Chopwood, and passwords |
| 146 | |
| 147 | Users don't have login passwords on =distorted.org.uk= machines; but the |
| 148 | SMTP and IMAP services require user names and passwords, which are |
| 149 | managed using the `Chopwood' service (whose name is `chpwd' -- short for |
| 150 | `change password' -- with some additional vowels). |
| 151 | |
| 152 | You can communicate with Chopwood in three different ways. |
| 153 | |
| 154 | 1. Using Userv. On stratocaster, run =userv chpwd help= for a list |
| 155 | of commands. |
| 156 | |
| 157 | 2. Using SSH. You will need to send me an SSH public key (or |
| 158 | several), which I'll install for you. Then you'll be able to run |
| 159 | =ssh chpwd@stratocaster.distorted.org.uk help= for a list of |
| 160 | commands, as for Userv. (This is mainly intended for people who |
| 161 | don't have login accounts.) |
| 162 | |
| 163 | 3. Using the web interface. Point your browser at |
| 164 | =https://www.distorted.org.uk/chpwd/=. For this, you'll need a |
| 165 | user name and password for Chopwood itself: if you have a local |
| 166 | login, you can set this up yourself using Userv (say); otherwise |
| 167 | I'll generate a password for you and send it to you. |
| 168 | |
| 169 | If you're using Userv or SSH, you can list which password-using services |
| 170 | you have accounts with the =list= command, and request new passwords |
| 171 | with =reset=, which prints the new password to stdout; the =clear= |
| 172 | command will disable a service's password, preventing you from logging |
| 173 | in at all. There is a command =set= for setting a password that you |
| 174 | choose, but that's disabled as a matter of local policy: it's possible |
| 175 | that I can be persuaded to enable it, but not very likely. Note that |
| 176 | you can reset several services' passwords with the same command, and |
| 177 | this will use the same (freshly generated) password for all of them. |
| 178 | For example, |
| 179 | |
| 180 | : userv chpwd reset smtp imap |
| 181 | |
| 182 | will generate a new password which will work both with the SMTP |
| 183 | submission service and the IMAP server. |
| 184 | |
| 185 | Similar functionality is available through the web interface. |
| 186 | |
| 187 | |
| 188 | * Spam filtering |
| 189 | |
| 190 | The mail server checks incoming mail using SpamAssassin at SMTP time. |
| 191 | Suspected spam is rejected immediately. There are no `junk' mail |
| 192 | folders. Legitimate senders will likely receive bounces; spammers will |
| 193 | probably ignore the error and continue. |
| 194 | |
| 195 | ** SpamAssassin |
| 196 | |
| 197 | SpamAssassin works by having a large collection of rules: it tests an |
| 198 | incoming message against these rules, and adds up the /scores/ for the |
| 199 | rules that match. If the total score is above a given threshold then |
| 200 | the message is declared to be probably spam, and rejected. |
| 201 | |
| 202 | If the mail server accepts a message, it adds two headers to it. |
| 203 | |
| 204 | + =X-SpamAssassin-Score= has the form =SCORE/LIMIT (BAR)=, where |
| 205 | =SCORE= is the actual score for the message, =LIMIT= is the maximum |
| 206 | score allowed, and =BAR= is a little bar chart showing the score in |
| 207 | a way which can be matched easily using regular expressions. The |
| 208 | bar chart uses =+= or =-= signs, depending on whether the score is |
| 209 | positive or negative, or consists of a single =/= sign if it's close |
| 210 | to zero. |
| 211 | |
| 212 | + =X-SpamAssassin-Status= consists of space-separated =KEY=VAUE= |
| 213 | pairs. The keys currently are: =score= and =limit=, which are the |
| 214 | message's score and limit again; and =tests=, which lists the rules |
| 215 | which matched the message and their individual scores, as a |
| 216 | comma-separated list of items of the form =RULE:SCORE=. |
| 217 | |
| 218 | ** Custom spam limits |
| 219 | |
| 220 | The default spam limit is currently 5 points. However, you can override |
| 221 | this limit for mail sent to you by creating a world-readable file |
| 222 | =~/.mail/spam-limit= in your home directory on stratocaster. This file |
| 223 | should contain lines of the form |
| 224 | |
| 225 | : PATTERN: LIMIT |
| 226 | |
| 227 | where =PATTERN= is an Exim =nwildlsearch= pattern matched against a |
| 228 | string of the form =RECIPIENT/SENDER=, and the =LIMIT= is ten times the |
| 229 | maximum SpamAssassin score you're willing to tolerate for this message. |
| 230 | See the Exim manual for full details; in short, the pattern may be a |
| 231 | literal string, a string beginning with a =*= to match a particular |
| 232 | suffix (usually a sender address or domain, which is why the sender is |
| 233 | on the right), or a Perl-style regular expression starting with =^=. |
| 234 | |
| 235 | You may not want information about who is sending you spam (or honest |
| 236 | but spamlike mail) to be public knowledge, so instead you can make a |
| 237 | file =~/.mail/spam-limit.userv= of the same format. This file need not |
| 238 | be readable by anyone other than you. |
| 239 | |
| 240 | Be careful with this facility: if a single incoming message has multiple |
| 241 | recipients, and they assign it different spam score limits (either |
| 242 | explicitly, or implicitly by accepting the system default) then the |
| 243 | sender will be told to defer delivery to some recipients. It's |
| 244 | therefore probably a bad idea to apply custom spam score limits for mail |
| 245 | for popular mailing lists, for example. |
| 246 | |
| 247 | ** SAUCE |
| 248 | |
| 249 | I'm not currently running SAUCE, but I'm giving it some consideration. |
| 250 | If you have comments on the matter, either way, I'm interested. |
| 251 | |
| 252 | |
| 253 | * Mail hosting and custom domains |
| 254 | |
| 255 | I think I have a fairly sane way to set up stratocaster (or some other |
| 256 | server, but strat is the obvious choice) to receive mail for domains |
| 257 | other than =distorted.org.uk=. I can easily arrange to accept mail for |
| 258 | such domains and deliver them locally or to other hosts. Pester me if |
| 259 | this sounds useful to you. |
| 260 | |
| 261 | * COMMENT Emacs cruft |
| 262 | |
| 263 | #+LaTeX_CLASS: strayman |
| 264 | |
| 265 | ### Local variables: |
| 266 | ### mode: org |
| 267 | ### End: |