The =distorted.org.uk= mail system * Delivery The mail delivery agent is Exim. If you don't do anything special, mail is delivered into =/var/mail/USER= on stratocaster, in mbox format. There are a number of ways you can affect mail delivery. ** The =~/.forward= file In traditional Unix style, you can write delivery instructions into a file named =.forward= in your home directory. This file can contain a comma-separated list of email address and/or file or directory names to which your mail should be sent. Mail is written to files in traditional Unix `mbox' format, and to directories in `Maildir' format. The =:fail:= and =:defer:= items are permitted, but may not be very useful. This file can instead be an Exim or Sieve filter file, as marked by a special comment on the first line. See the document `Exim's interfaces to mail filtering', available via the command =info filter=, for details about these files. ** The =~/.mail/forward= file If you prefer, you can write delivery instructions to =~/.mail/forward= instead. If you have lots of mail configuration files, you may find it tidier to keep them all together in =~/.mail=. ** The =~/.mail/forward.suffix= file You will receive mail sent to =USER@distorted.org.uk=. You can also receive mail sent to =USER-SUFFIX@distorted.org.uk= or =USER+SUFFIX@distorted.org.uk=, for any =SUFFIX= string if you create a file =~/.mail/forward.suffix=. While this can be a simple forward file, it's probably much more useful to write an Exim filter file to analyse the suffix string and take appropriate action. If this file exists, it should be world-readable, because it will be used by the mail server at SMTP time in order to decide whether a particular =SUFFIX= string is valid. * Reading mail ** Reading mail locally The servers =stratocaster= and =jem= have a few mail user agents installed, most notably trad BSD =mail=, =mutt=, and Emacs's various mail-reading interfaces; more can be added. ** Fetching mail through IMAP There's an IMAP server running on =mail.distorted.org.uk=. ... ** Forwarding mail off-site * Spam filtering The mail server checks incoming mail using SpamAssassin at SMTP time. Suspected spam is rejected immediately. There are no `junk' mail folders. Legitimate senders will likely receive bounces; spammers will probably ignore the error and continue. ** SpamAssassin SpamAssassin works by having a large collection of rules: it tests an incoming message against these rules, and adds up the /scores/ for the rules that match. If the total score is above a given threshold then the message is declared to be probably spam, and rejected. If the mail server accepts a message, it adds two headers to it. + =X-SpamAssassin-Score= has the form =SCORE/LIMIT (BAR)=, where =SCORE= is the actual score for the message, =LIMIT= is the maximum score allowed, and =BAR= is a little bar chart showing the score in a way which can be matched easily using regular expressions. The bar chart uses =+= or =-= signs, depending on whether the score is positive or negative, or consists of a single =/= sign if it's close to zero. + =X-SpamAssassin-Status= consists of space-separated =KEY=VAUE= pairs. The keys currently are: =score= and =limit=, which are the message's score and limit again; and =tests=, which lists the rules which matched the message and their individual scores, as a comma-separated list of items of the form =RULE:SCORE=. ** Custom spam limits The default spam limit is currently 5 points. However, you can override this limit for mail sent to you by creating a world-readable file =~/.mail/spam-limit= in your home directory on stratocaster. This file should contain lines of the form : PATTERN: LIMIT where =PATTERN= is an Exim =nwildlsearch= pattern matched against a string of the form =RECIPIENT/SENDER=, and the =LIMIT= is ten times the maximum SpamAssassin score you're willing to tolerate for this message. See the Exim manual for full details; in short, the pattern may be a literal string, a string beginning with a =*= to match a particular suffix (usually a sender address or domain, which is why the sender is on the right), or a Perl-style regular expression starting with =^=. You may not want information about who is sending you spam (or honest but spamlike mail) to be public knowledge, so instead you can make a file =~/.mail/spam-limit.userv= of the same format. This file need not be readable by anyone other than you. Be careful with this facility: if a single incoming message has multiple recipients, and they assign it different spam score limits (either explicitly, or implicitly by accepting the system default) then the sender will be told to defer delivery to some recipients. It's therefore probably a bad idea to apply custom spam score limits for mail for popular mailing lists, for example. ** SAUCE I'm not currently running SAUCE, but I'm giving it some consideration. If you have comments on the matter, either way, I'm interested. * Sending mail ** Submission mechanisms Mail can be sent in a number of ways. + The =sendmail= program. This is really Exim in disguise. + SMTP to =localhost= port 25. This doesn't require explicit authentication, since it relies on an identd, which is running on all =distorted.org.uk= hosts. + SMTP to =mail.distorted.org.uk= port 587. You must establish TLS, and authenticate using a username and password; the server uses a short-lived certificate signed by the =distorted.org.uk= certificate authority, whose root certificate is at =/etc/ca/ca.cert= on all servers. Use [[https://www.distorted.org.uk/chpwd/][Chopwood]] to set or change this password. ** Sender authenticity It is my intention that it be very hard for one =distorted.org.uk= user to impersonate another to a third. To this end, the mail server is rather picky about envelope sender addresses. + It won't accept an apparently local sender address from an external mail server at all. + It will check locally submitted mail against the submitter's user name. The precise details vary according to the submission mechanism: mail submitted through =sendmail= will have additional headers added; mail submitted through SMTP will be rejected unless the envelope sender is acceptable. If I see something like DKIM catching on then this will also provide external users with some kind of (probably fairly weak) sender authenticity. On the other hand, the mail server is aware of vanity domains, extension addresses, and so on, and should let you send mail apparently from an such an address that you control. If you think the mail server is being unnecessarily strict about something then I'm willing to discuss your requirements. If I'm hosting your mail domain for you then you get to decide the appropriate policy. * Mail hosting and custom domains I think I have a fairly sane way to set up stratocaster (or some other server, but strat is the obvious choice) to receive mail for domains other than =distorted.org.uk=. I can easily arrange to accept mail for such domains and deliver them locally or to other hosts. Pester me if this sounds useful to you. * Quick reference * COMMENT Emacs cruft ### Local variables: ### mode: org ### End: