Portal:Cloud VPS/Admin/Email

From Wikitech

This page contains information on the email setup and how to manage it inside Cloud VPS.


The general outgoing SMTP servers are hosted in the cloudinfra project. At the time of this writing the instances in use are:

  • mx-out03.cloudinfra.eqiad1.wikimedia.cloud
  • mx-out04.cloudinfra.eqiad1.wikimedia.cloud

Each servers uses a floating IP so we can reference the servers in SPF records. Additionally, each floating IP is referenced by a public FQDN:

  • mx-out-a.wmcloud.org ---
  • mx-out-b.wmcloud.org ---

Servers use the puppet role role::mail::smarthost::wmcs plus some hiera config:

profile::mail::smarthost::cert_name: mx-out-a.wmflabs.org
profile::mail::smarthost::cert_subjects: mx-out-b.wmflabs.org
profile::mail::smarthost::exim_primary_hostname: mx-out-a.wmflabs.org
profile::standard::has_default_mail_relay: false
standard::has_default_mail_relay: false


TODO: put here some info.


The Toolforge email setup also uses Exim, but a bit different setup than the general Cloud VPS servers.

Email server use the puppet role role::wmcs::toolforge::mailrelay and hiera config:

profile::standard::has_default_mail_relay: false
profile::toolforge::active_mail_relay: tools-mail-02.tools.eqiad1.wikimedia.cloud
profile::toolforge::base::is_mail_relay: true
profile::toolforge::mailrelay::external_hostname: mail.tools.wmflabs.org

One of the features offered to Toolforge tools is $HOME/.forward processing via exim to route incoming emails to other addresses. This functionality relies on the tool and user $HOME directories being mounted on the mail servers (NFS).


Some information on administrative tasks, specifically related to how to handle Exim.

A few pointers:

Total count for queue

$ sudo -i exim -bpc

Count for the queue per user

$ sudo -i exim -bp | grep '<' | awk '{print $4}' | sort | uniq -c |sort -n
      1 <someuser@some.tld>
    285 <>


$ sudo -i exim -bp | exiqsumm

Count  Volume  Oldest  Newest  Domain
-----  ------  ------  ------  ------

    1   106KB     28h     28h  A.tld
    1    4198      2h      2h  B.tld
    1   106KB      7h      7h  C.tld
    1   106KB     30h     30h  D.tld
    1   106KB     27h     27h  E.tld
    1   106KB     29h     29h  F.tld
    1   106KB     25h     25h  G.tld
    1   106KB     26h     26h  H.tld
    1   106KB     31h     31h  I.tld
    1   106KB      4h      4h  J.tld
    2    4300     31h     13h  K.tld
  271   629KB     22h      8h  tools.wmflabs.org
    1    87KB      5h      5h  L.tld
    1    57KB     12h     12h  M.tld
    1   106KB     46m     46m  N.tld
  286  1842KB     31h     46m  TOTAL

Blackhole an in-bound address

in /etc/aliases add a new line: <address>: :blackhole:

If this was for Tools exim to blacklist the user 'wiktcapt' we could do:

wiktcapt: :blackhole:

See also