Portal:Cloud VPS/Admin/Email

This page is currently a draft.
Material may not yet be complete, information may presently be omitted, and certain parts of the content may be subject to radical, rapid alteration. More information pertaining to this may be available on the talk page.

This page contains information on the email setup and how to manage it inside Cloud VPS.

Servers

The general outgoing SMTP servers are hosted in the cloudinfra project. At the time of this writing the instances in use are:

mx-out03.cloudinfra.eqiad1.wikimedia.cloud
mx-out04.cloudinfra.eqiad1.wikimedia.cloud

Each servers uses a floating IP so we can reference the servers in SPF records. Additionally, each floating IP is referenced by a public FQDN:

mx-out-a.wmcloud.org --- 185.15.56.18
mx-out-b.wmcloud.org --- 185.15.56.19

Servers use the puppet role role::mail::smarthost::wmcs plus some hiera config:

profile::mail::smarthost::cert_name: mx-out-a.wmflabs.org
profile::mail::smarthost::cert_subjects: mx-out-b.wmflabs.org
profile::mail::smarthost::exim_primary_hostname: mx-out-a.wmflabs.org
profile::standard::has_default_mail_relay: false
standard::has_default_mail_relay: false

SPF

TODO: put here some info.

Toolforge

See also: Help:Toolforge/Email

The Toolforge email setup also uses Exim, but a bit different setup than the general Cloud VPS servers.

Email server use the puppet role role::wmcs::toolforge::mailrelay and hiera config:

profile::standard::has_default_mail_relay: false
profile::toolforge::active_mail_relay: tools-mail-02.tools.eqiad1.wikimedia.cloud
profile::toolforge::base::is_mail_relay: true
profile::toolforge::mailrelay::external_hostname: mail.tools.wmflabs.org

One of the features offered to Toolforge tools is $HOME/.forward processing via exim to route incoming emails to other addresses. This functionality relies on the tool and user $HOME directories being mounted on the mail servers (NFS).

Operations

Some information on administrative tasks, specifically related to how to handle Exim.

A few pointers:

Exim is hard. This documentation is not: http://bradthemad.org/tech/notes/exim_cheatsheet.php
sudo -i exim -q -v to manually run over the queue once
Log files are in /var/log/exim4/*

Total count for queue

$ sudo -i exim -bpc
286

Count for the queue per user

$ sudo -i exim -bp | grep '<' | awk '{print $4}' | sort | uniq -c |sort -n
      1 <someuser@some.tld>
    285 <>

Stats

$ sudo -i exim -bp | exiqsumm

Count  Volume  Oldest  Newest  Domain
-----  ------  ------  ------  ------

    1   106KB     28h     28h  A.tld
    1    4198      2h      2h  B.tld
    1   106KB      7h      7h  C.tld
    1   106KB     30h     30h  D.tld
    1   106KB     27h     27h  E.tld
    1   106KB     29h     29h  F.tld
    1   106KB     25h     25h  G.tld
    1   106KB     26h     26h  H.tld
    1   106KB     31h     31h  I.tld
    1   106KB      4h      4h  J.tld
    2    4300     31h     13h  K.tld
  271   629KB     22h      8h  tools.wmflabs.org
    1    87KB      5h      5h  L.tld
    1    57KB     12h     12h  M.tld
    1   106KB     46m     46m  N.tld
---------------------------------------------------------------
  286  1842KB     31h     46m  TOTAL

Blackhole an in-bound address

in /etc/aliases add a new line: <address>: :blackhole:

If this was for Tools exim to blacklist the user 'wiktcapt' we could do:

wiktcapt: :blackhole: