Differences between revisions 1 and 41 (spanning 40 versions)
Revision 1 as of 2006-06-24 14:53:58
Size: 5267
Editor: OsamuAoki
Comment:
Revision 41 as of 2022-05-27 07:50:50
Size: 14164
Editor: PaulWise
Comment: drop the assumption that forwarding can be disabled, that doesn't appear to be true in practice
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Debian Services for the Debian Developper = = Debian Services for the Debian Developer =

This is my step-by-step guide of setting up typical work environment as a Debian developer (DD). See also [[MigrateToDDAccount]].

So far email forwarding did not work.

!!! WORK IN PROGRESS !!!!
Line 5: Line 11:
When we became Debian Developper (DD), we knew we obtained few privilages:
 * your GPG key in official Debian keyring (This is your source of power)
 * package upload privilage,
 * a cute debian.org mail address, like osamu@debian.org, on MX=master.debian.org
When we became Debian Developer (DD), we knew we obtained few privileges:
 * your OpenPGP key in official Debian keyring (This is your source of power)
 * package upload privilege,
 * a cute debian.org mail address, like <username>@debian.org
Line 11: Line 17:

Well, there is more to it. Let me go through them step-by-step.
 * You can use an email client like thunderbird with enigmail plugin and use inline pgp option to send signed mails to changes@db.debian.org

Well, there is more to it. Let me go through them step-by-step to set up Debian services.
Line 16: Line 23:
It is a good idea to set your new password through [http://db.debian.org/doc-mail.html mail gateway]. You must set your new password through [[https://db.debian.org/doc-mail.html|mail gateway]] first.
Line 20: Line 28:
After validating the request the daemon will generate a new random password, set it in the directory and respond with an encrypted message containing the new password. (The password can be changed using one of the other interface methods.)
After validating the request the daemon will generate a new random password, set it in the LDAP directory and respond with an encrypted message containing the new password. (The password can be changed using one of the other interface methods later.)

Please note many of the Debian service have similar [[https://db.debian.org/doc-mail.html|mail based configuration]].

'''This only works with a configured local MTA''', unless you instead copy the output of the gpg command above and send it with your normal MUA to chpasswd@db.debian.org.
Line 24: Line 37:
Configuration of your Debian account can be done through the web interface of [https://db.debian.org/login.html LDAP Debian server] after loging in with your password with "Update my info" button. Configuration of your Debian account can be done through the web interface of [[https://db.debian.org/login.html|LDAP Debian server]] after loging in with your password with "Update my info" button.
Line 43: Line 56:
Here you can set your password to a momorable one. Here you can set your password to a memorable one.

Here you can set up your forwarding mail address for "{{{<yourname>@debian.org}}}" and the subscription mail address for "{{{debian-private@lists.debian.org}}}" mailing list, too.
Line 47: Line 62:
Debian offers shell accounts to the developer using SSH service. See sshd(8). The virtual .ssh/authorized_keys file for each user can be set by the Debian LDAP server. Probably the most common way to use this function will be

{{{
cat .ssh/id_dsa.pub | gpg --clearsign | mail change@db.debian.org
}}}

which will set the authentication key to the identity you are using. Multiple keys per user are supported, but they must all be sent at once.

== Step 4: Set up your *.debian.net domain ==




We now have more less known benefits.
 * Alternative mail account like osamu@people.debian.org on MX=people.debian.org
   * check the latest DNS MX record.
 * Access to the third level domain names *.debian.net
   * Set this via GPG signed mail to changes@db.debian.org
   * virtual domain MX support on Debian host machines.
     * Accessible through SSH/BSMTP on debian hosts.
     * People seem to use people.debian.org machine.
     * The use of this eliminates needs for POP server at Debian or your external mail address.
 * additional mail accounts with suffix such as osamu-list@debian.org and osamu-list@people.debian.org.
   * Check /etc/exim4/* of each host

== Example of DNS and BSMTP setup ==

Let's login to debian machine. (Here, people.debian.org.) Let's see who uses this host for BSMTP by "{{{cat /etc/exim/bsmtp}}}" and check their domain set up. (I am not publishing exact content of these and hiding some contents here Try these command yourself.):
Debian offers shell accounts to the developer using SSH service. See sshd(8) and set up your SSH setup locally on your PC.

The virtual .ssh/authorized_keys file for each user can be set by the Debian LDAP server through [[https://db.debian.org/doc-mail.html|mail gateway]]. For example:

{{{
$ gpg --clearsign < .ssh/id_rsa.pub | mail changes@db.debian.org
}}}

If you use ssh-agent or OpenPGP key you should use:

{{{
$ ssh-add -L | gpg --clearsign | mail changes@db.debian.org
}}}
Multiple keys per user are supported, but they must all be sent at once.

You can send .ssh/authorized_keys files as content of inline pgp mail from mail clients like Thunderbird. Note: You will need to set `mailnews.wraptext` to -1 in [[https://support.mozilla.org/en-US/kb/config-editor|config editor]] to send long lines.

== Step 4: Setup your email ==

Although "<yourname>@debian.org" is most common e-mail address used by the DD on Debian system, there are many available mail addresses for you.

 * <yourname>@debian.org
 * <yourname>-<suffix>@debian.org
 * <yourname>@people.debian.org
 * <yourname>-<suffix>@people.debian.org

The email to "{{{<yourname>@debian.org}}}" address is forwarded by the data on [[https://db.debian.org/|the Debian LDAP server]]. This can be easily (re)configured through [[https://db.debian.org/doc-mail.html|mail gateway]]:

{{{
$ echo "emailforward: foo@bar.com" | gpg --clearsign | mail changes@db.debian.org
}}}

or through the web interface of [[https://db.debian.org/login.html|LDAP Debian server]] as in Step 2. See also [[https://db.debian.org/forward.html|Debian GNU/Linux -- Email Forwarding]] and Debian DNS set up to figure out exactly how you use all these.

You can test the email routing by using the command
{{{
$ /usr/sbin/exim -bt foo@debian.org
}}}

If you set the forwarding address to be a specific Debian machine, e.g., {{{master.debian.org}}} or {{{people.debian.org}}} and do not create a {{{.forward}}} file then that machine will spool the mail to /var/spool/mail instead of creating a mail loop.

When <yourname>@debian.org is forwarded to <yourname>@master.debian.org, extension addresses <yourname>-<suffix>@debian.org are always routed directly to {{{master.debian.org}}} for processing.

Extension addresses <yourname>-<suffix>@people.debian.org are routed in the same way as <yourname>-<suffix>@debian.org addresses.

{i} Sending mail via Debian machine using bsmtp is documented [[https://people.debian.org/~jdg/bsmtp.html|HOWTO: Using outgoing BSMTP with Exim]]

=== procmail ===

If you use procmail for your main mailbox, PLEASE, erase your {{{.forward}}} file and put a {{{.procmailrc}}} in its place instead. This feature has been supported on debian.org machines for a good while now, and will continue to be supported. .procmailrc files won't be synchronised to all hosts in the LDAP directory.

The correct way to invoke procmail for extension addresses is "|/usr/bin/procmail [options]" Ignore the IFS=".." stuff in the procmail man page.
MailBox formats
Email can be saved to mailboxes or maildirs by using the correct lines in a .forward file:

{{{
Mailbox format files "/debian/home/foo/Mbox"
Maildir format files "/debian/home/foo/MDir/"
}}}

To deliver to {{{/var/spool/mail/foo}}} use a construct like {{{'|/usr/bin/procmail -m /dev/null'}}}. Putting the mailbox path will not work. You must use absolute paths for mailboxes, qmail-like ./ paths are not supported by Exim.

Also, 'Exim Filter' files are deliberately turned off.

=== mail-suffix ===

See {{{/etc/exim4/*}}} on {{{master.debian.org}}}:
{{{
...
# Special Features for users:
# .forward-foo - is understood as an extension address for bar-foo@cow.com
# .forward-default - is understood to be a catch all for bar-*@cow.com
# .procmailrc - with no .forward file invokes procmail for delivery
# automatically.

# For virtual domains the first lookup is done against a linear text
# database called 'aliases', then .forward files are consulted. Exim
# filtering is available for these .forward files only. .forward-default
# is the universal catch all for everything not handled.

# For virtual domains the first lookup is done against a linear text
# database called 'aliases', then .forward files are consulted. Exim
# filtering is available for these .forward files only. .forward-default
# is the universal catch all for everything not handled.
...
}}}


== Step 5: Set up your <yourname>.debian.net domain ==

Debian provides DNS service for <yourname>.debian.net domain. Debian.net DNS zone entries can be set through [[https://db.debian.org/doc-mail.html|mail gateway]]. See DebianDotNet for more details.

Requests can take three forms:
 {{{
foo in a 1.2.3.4
}}}
 {{{
foo in cname bar.baz.
}}}
 {{{
foo in mx 10 bar.baz.
}}}

Here, please note:
 * The precise form is critical and must not be deviated from.
 * The name collisions are prevented automatically. (Please be considerate to avoid using other DD's account name.)
 * There is no trailing "{{{debian.net}}}" after "{{{foo}}}".
 * The trailing dot after "{{{bar.baz}}}".
 * You cannot combine CNAME with any other record types.
 * Zone entries for multiple hosts are supported, but they must all be sent at once.
 * The debian.net zone is only reloaded once per day at midnight -0700.

For example, the followings will to point {{{https://example.debian.net}}} to point to the web server of my home machine:
{{{
$ cat example.txt
example IN CNAME server.example.org.
$ gpg --clearsign < example.txt | mail changes@db.debian.org
}}}

Although there was neat BSMTP setup in {{{klecker.debian.org}}} described in [[https://lists.debian.org/msgid-search/Pine.LNX.3.96.1010215231820.12470F-100000@wakko.deltatee.com|BSMTP on debian.net]], this {{{klecker.debian.org}}} was '''restricted''' machine without SSH access. The alternative seems to be {{{gluck.debian.org}}} (instead of old {{{klecker.debian.org}}} ), so far I could not get BSMTP working on this host. :-( Please comment here if any one is actively using this.

= Junk contents =

== Step 5: Set up your PC to accept mail to <yourname>.debian.net domain ==

You need to set your local PC to accept mails addressed to "<yourname>.debian.net" including ones for "root".

See exim4 configuration.

{{{
$ sudo dpkg-reconfigure exim-config
}}}

Then, under "Configuring Exim v4 (exim4-config)" menu, you add "<yourname>.debian.net" to the list separated by colon.

== Step 6: Set up script to do BSMTP ==

You obtain BSMTP script run on Debian server from:
 * [[https://www.chiark.greenend.org.uk/ucgi/~cjwatson/git?p=bin.git;a=blob;f=bsmtp-pull-server;hb=HEAD|bsmtp-pull-server]]

I have modified it to be host name neutral ($FILE can be set from argument).
{{{
#! /bin/sh
set -e

DIR="$HOME/bsmtp"
FILE="$1"
TRANSIT="$FILE.transit"

cd "$DIR" || exit 0

# Is there anything to send?
[ -s "$FILE" ] || exit 0

lockfile-create "$FILE"
lockfile-touch "$FILE" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$FILE"' EXIT ERR HUP INT QUIT TERM

if [ -f "$TRANSIT" ]; then
    cat "$FILE" >> "$TRANSIT" && rm -f "$FILE"
else
    mv -f "$FILE" "$TRANSIT"
fi

cat "$TRANSIT"
rm -f "$TRANSIT"

exit 0
}}}

You obtain BSMTP script run on your local PC from:
 * [[https://www.chiark.greenend.org.uk/ucgi/~cjwatson/git?p=bin.git;a=blob;f=bsmtp-pull;hb=HEAD|bsmtp-pull]]

Here I adjusted to match above change.
{{{
#! /bin/sh
# Depends: lockfile-progs, ssh
set -e

if [ -z "$1" ]; then
    echo "Usage: $0 hostname" 2>&1
    exit 1
fi

DIR="$HOME/tmp/.bsmtp"
mkdir -p "$DIR"
cd "$DIR"

HOST="$1"
VHOST="$2"

# TODO: Note that this scheme may currently lose mail if the local disk
# fills up! This is obviously very bad. Fix this.

# By default, lockfile-create gives up after three minutes, so don't cron
# this any more frequently than that without supplying a --retry argument.
lockfile-create "$HOST"
# Race condition pointed out by pjb: this doesn't guarantee that the lock is
# held before the critical section starts.
lockfile-touch "$HOST" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$HOST"' EXIT ERR HUP INT QUIT TERM

#ssh -2 -i "$HOME/.ssh/id-bsmtp-$HOST" -C "$HOST" bsmtp-pull-server "$VHOST" > "$HOST"
# Since above did not work for me I tried
ssh -2 -C "$HOST" bsmtp-pull-server "$VHOST" > "$HOST"
[ -s "$HOST" ] || exit 0
/usr/sbin/sendmail -bS -odq < "$HOST"
rm -f "$HOST"

exit 0
}}}

FIXME: I do not see $HOME/bsmtp directory in gluck :( I am stuck here!


Now you can invoke following to retrieve your message.

{{{
$ ~/bin/bsmtp-pull <yourname>@people.debian.org <yourname>.debian.net
}}}

Now you have mail address on which you do not rely any external resorces.

These days, the value of this setup has been more for the security and stability.

If it is just to get subscription to high volume Debian ML, I would use free (commercial) service such as {{{gmail.com}}}. Note: please [[https://lists.debian.org/msgid-search/17524.41824.549990.735018@davenant.relativity.greenend.org.uk|do not forward debian-private emails to gmail]]!

=== symlink ? ===

Since above script is designed to work with SSH key named "{{{$HOME/.ssh/id-bsmtp-$HOST}}}", we make link:

{{{
$ cd ~/.ssh
$ ln -f id_dsa id-bsmtp-gluck.debian.org
}}}

Here I assumed you have set up {{{$HOME/id_dsa.pub}}} as the SSH public key described in Step 3. If you make custom SSH keys for Debian activity, that is even better.


== Further study ==

Let's login to a Debian machine to see how other people are doing. (Here, people.debian.org.)

Let's see how people uses this host for BSMTP by "{{{cat /etc/exim/bsmtp}}}" and check their domain set up. (I am not publishing exact content of these and hiding some contents here Try these command yourself.):
Line 92: Line 326:
osamu@gluck:exim$ dig snoopy.debian.net ANY osamu@gluck:exim$ dig s*****.debian.net ANY
Line 109: Line 343:
The first one is for one with just fast internet connection without any SMTP mail hosts to get BSMTP service via Debian host. (The second one is for you with fixed IP SMTP mail hosts. Let's leave this for now.)

I will set up "osamu.debian.net" to be BSMTP host.


See following original documents for how exactly to do these.
 * [http://db.debian.org/forward.html Debian GNU/Linux -- Email Forwarding]
 * [http://db.debian.org/doc-mail.html Debian GNU/Linux -- LDAP Gateway]
 * [http://lists.debian.org/debian-devel/2001/debian-devel-200102/msg00965.html BSMTP on debian.net]
 * [http://riva.ucam.org/svn/cjwatson/bin/bsmtp-pull-server bsmtp-pull-server]
 * [http://riva.ucam.org/svn/cjwatson/bin/bsmtp-pull bsmtp-pull]

[:OsamuAoki: Osamu Aoki]
The first one is for one with just fast internet connection without any SMTP mail hosts to get BSMTP service via Debian host as described above.

The second one is for you with semi-stable fixed IP SMTP mail hosts. This ensures mail delivary to the home PC on Cable/DSL/Optical connection (with some risk).

[[OsamuAoki| Osamu Aoki]]

Debian Services for the Debian Developer

This is my step-by-step guide of setting up typical work environment as a Debian developer (DD). See also MigrateToDDAccount.

So far email forwarding did not work.

!!! WORK IN PROGRESS !!!!

Following is not tested contents. This is under contraction.

When we became Debian Developer (DD), we knew we obtained few privileges:

  • your OpenPGP key in official Debian keyring (This is your source of power)
  • package upload privilege,
  • a cute debian.org mail address, like <username>@debian.org

  • subscription to debian-private@lists.debian.org mailing list

  • shell accounts on many fast/strange architecture machines.
  • You can use an email client like thunderbird with enigmail plugin and use inline pgp option to send signed mails to changes@db.debian.org

Well, there is more to it. Let me go through them step-by-step to set up Debian services.

Step 1: New password

You must set your new password through mail gateway first.

$ echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org

After validating the request the daemon will generate a new random password, set it in the LDAP directory and respond with an encrypted message containing the new password. (The password can be changed using one of the other interface methods later.)

Please note many of the Debian service have similar mail based configuration.

This only works with a configured local MTA, unless you instead copy the output of the gpg command above and send it with your normal MUA to chpasswd@db.debian.org.

Step 2: Set up your Debian account LDAP data

Configuration of your Debian account can be done through the web interface of LDAP Debian server after loging in with your password with "Update my info" button.

  • Change password
  • Street address
  • City/State
  • Country
  • Postal code
  • Latitude / Longitude
  • Phone
  • FAX
  • ICQ UIN
  • Jabber ID
  • Preferred shell
  • email forwarded to
  • debian-private subscript addr
  • IRC nickname
  • Web page
  • Vacation message

Here you can set your password to a memorable one.

Here you can set up your forwarding mail address for "<yourname>@debian.org" and the subscription mail address for "debian-private@lists.debian.org" mailing list, too.

Step 3: Set up your shell accounts

Debian offers shell accounts to the developer using SSH service. See sshd(8) and set up your SSH setup locally on your PC.

The virtual .ssh/authorized_keys file for each user can be set by the Debian LDAP server through mail gateway. For example:

$ gpg --clearsign < .ssh/id_rsa.pub | mail changes@db.debian.org

If you use ssh-agent or OpenPGP key you should use:

$ ssh-add -L | gpg --clearsign | mail changes@db.debian.org

Multiple keys per user are supported, but they must all be sent at once.

You can send .ssh/authorized_keys files as content of inline pgp mail from mail clients like Thunderbird. Note: You will need to set mailnews.wraptext to -1 in config editor to send long lines.

Step 4: Setup your email

Although "<yourname>@debian.org" is most common e-mail address used by the DD on Debian system, there are many available mail addresses for you.

  • <yourname>@debian.org

  • <yourname>-<suffix>@debian.org

  • <yourname>@people.debian.org

  • <yourname>-<suffix>@people.debian.org

The email to "<yourname>@debian.org" address is forwarded by the data on the Debian LDAP server. This can be easily (re)configured through mail gateway:

$ echo "emailforward: foo@bar.com" | gpg --clearsign | mail changes@db.debian.org

or through the web interface of LDAP Debian server as in Step 2. See also Debian GNU/Linux -- Email Forwarding and Debian DNS set up to figure out exactly how you use all these.

You can test the email routing by using the command

$ /usr/sbin/exim -bt foo@debian.org

If you set the forwarding address to be a specific Debian machine, e.g., master.debian.org or people.debian.org and do not create a .forward file then that machine will spool the mail to /var/spool/mail instead of creating a mail loop.

When <yourname>@debian.org is forwarded to <yourname>@master.debian.org, extension addresses <yourname>-<suffix>@debian.org are always routed directly to master.debian.org for processing.

Extension addresses <yourname>-<suffix>@people.debian.org are routed in the same way as <yourname>-<suffix>@debian.org addresses.

{i} Sending mail via Debian machine using bsmtp is documented HOWTO: Using outgoing BSMTP with Exim

procmail

If you use procmail for your main mailbox, PLEASE, erase your .forward file and put a .procmailrc in its place instead. This feature has been supported on debian.org machines for a good while now, and will continue to be supported. .procmailrc files won't be synchronised to all hosts in the LDAP directory.

The correct way to invoke procmail for extension addresses is "|/usr/bin/procmail [options]" Ignore the IFS=".." stuff in the procmail man page. ?MailBox formats Email can be saved to mailboxes or maildirs by using the correct lines in a .forward file:

Mailbox format files "/debian/home/foo/Mbox"
Maildir format files "/debian/home/foo/MDir/"

To deliver to /var/spool/mail/foo use a construct like '|/usr/bin/procmail -m /dev/null'. Putting the mailbox path will not work. You must use absolute paths for mailboxes, qmail-like ./ paths are not supported by Exim.

Also, 'Exim Filter' files are deliberately turned off.

mail-suffix

See /etc/exim4/* on master.debian.org:

...
# Special Features for users:
# .forward-foo - is understood as an extension address for bar-foo@cow.com
# .forward-default - is understood to be a catch all for bar-*@cow.com
# .procmailrc - with no .forward file invokes procmail for delivery
#               automatically.

# For virtual domains the first lookup is done against a linear text
# database called 'aliases', then .forward files are consulted. Exim
# filtering is available for these .forward files only. .forward-default
# is the universal catch all for everything not handled.

# For virtual domains the first lookup is done against a linear text
# database called 'aliases', then .forward files are consulted. Exim
# filtering is available for these .forward files only. .forward-default
# is the universal catch all for everything not handled.
...

Step 5: Set up your <yourname>.debian.net domain

Debian provides DNS service for <yourname>.debian.net domain. Debian.net DNS zone entries can be set through mail gateway. See DebianDotNet for more details.

Requests can take three forms:

  • foo in a 1.2.3.4
    foo in cname bar.baz.
    foo in mx 10 bar.baz.

Here, please note:

  • The precise form is critical and must not be deviated from.
  • The name collisions are prevented automatically. (Please be considerate to avoid using other DD's account name.)
  • There is no trailing "debian.net" after "foo".

  • The trailing dot after "bar.baz".

  • You cannot combine CNAME with any other record types.
  • Zone entries for multiple hosts are supported, but they must all be sent at once.
  • The debian.net zone is only reloaded once per day at midnight -0700.

For example, the followings will to point https://example.debian.net to point to the web server of my home machine:

$ cat example.txt
example   IN CNAME server.example.org.
$ gpg --clearsign < example.txt | mail changes@db.debian.org

Although there was neat BSMTP setup in klecker.debian.org described in BSMTP on debian.net, this klecker.debian.org was restricted machine without SSH access. The alternative seems to be gluck.debian.org (instead of old klecker.debian.org ), so far I could not get BSMTP working on this host. :-( Please comment here if any one is actively using this.

Junk contents

Step 5: Set up your PC to accept mail to <yourname>.debian.net domain

You need to set your local PC to accept mails addressed to "<yourname>.debian.net" including ones for "root".

See exim4 configuration.

$ sudo dpkg-reconfigure exim-config

Then, under "Configuring Exim v4 (exim4-config)" menu, you add "<yourname>.debian.net" to the list separated by colon.

Step 6: Set up script to do BSMTP

You obtain BSMTP script run on Debian server from:

I have modified it to be host name neutral ($FILE can be set from argument).

set -e

DIR="$HOME/bsmtp"
FILE="$1"
TRANSIT="$FILE.transit"

cd "$DIR" || exit 0

# Is there anything to send?
[ -s "$FILE" ] || exit 0

lockfile-create "$FILE"
lockfile-touch "$FILE" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$FILE"' EXIT ERR HUP INT QUIT TERM

if [ -f "$TRANSIT" ]; then
    cat "$FILE" >> "$TRANSIT" && rm -f "$FILE"
else
    mv -f "$FILE" "$TRANSIT"
fi

cat "$TRANSIT"
rm -f "$TRANSIT"

exit 0

You obtain BSMTP script run on your local PC from:

Here I adjusted to match above change.

# Depends: lockfile-progs, ssh
set -e

if [ -z "$1" ]; then
    echo "Usage: $0 hostname" 2>&1
    exit 1
fi

DIR="$HOME/tmp/.bsmtp"
mkdir -p "$DIR"
cd "$DIR"

HOST="$1"
VHOST="$2"

# TODO: Note that this scheme may currently lose mail if the local disk
# fills up! This is obviously very bad. Fix this.

# By default, lockfile-create gives up after three minutes, so don't cron
# this any more frequently than that without supplying a --retry argument.
lockfile-create "$HOST"
# Race condition pointed out by pjb: this doesn't guarantee that the lock is
# held before the critical section starts.
lockfile-touch "$HOST" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$HOST"' EXIT ERR HUP INT QUIT TERM

#ssh -2 -i "$HOME/.ssh/id-bsmtp-$HOST" -C "$HOST" bsmtp-pull-server "$VHOST" > "$HOST"
# Since above did not work for me I tried
ssh -2  -C "$HOST" bsmtp-pull-server "$VHOST" > "$HOST"
[ -s "$HOST" ] || exit 0
/usr/sbin/sendmail -bS -odq < "$HOST"
rm -f "$HOST"

exit 0

FIXME: I do not see $HOME/bsmtp directory in gluck :( I am stuck here!

Now you can invoke following to retrieve your message.

$ ~/bin/bsmtp-pull <yourname>@people.debian.org <yourname>.debian.net

Now you have mail address on which you do not rely any external resorces.

These days, the value of this setup has been more for the security and stability.

If it is just to get subscription to high volume Debian ML, I would use free (commercial) service such as gmail.com. Note: please do not forward debian-private emails to gmail!

Since above script is designed to work with SSH key named "$HOME/.ssh/id-bsmtp-$HOST", we make link:

$ cd ~/.ssh
$ ln -f id_dsa id-bsmtp-gluck.debian.org

Here I assumed you have set up $HOME/id_dsa.pub as the SSH public key described in Step 3. If you make custom SSH keys for Debian activity, that is even better.

Further study

Let's login to a Debian machine to see how other people are doing. (Here, people.debian.org.)

Let's see how people uses this host for BSMTP by "cat /etc/exim/bsmtp" and check their domain set up. (I am not publishing exact content of these and hiding some contents here Try these command yourself.):

osamu@gluck:exim$ cat bsmtp
r****.debian.net: user=d** group=Debian file=/home/d**/bsmtp/r*****.debian.net
s*****.debian.net: user=b** group=Debian file=/home/b**/bsmtp/s*****.debian.net
...
r***.debian.net: user=c******* group=Debian file=/home/c*******/bsmtp/r***.debian.net
...
osamu@gluck:exim$ dig r***.debian.net ANY
...
;; QUESTION SECTION:
;r***.debian.net.               IN      ANY

;; ANSWER SECTION:
r***.debian.net.        3600    IN      MX      0 gluck.debian.org.

...

osamu@gluck:exim$ dig s*****.debian.net ANY
...
;; QUESTION SECTION:
;s*****.debian.net.             IN      ANY

;; ANSWER SECTION:
s*****.debian.net.      3600    IN      MX      10 s*****.a****.org .au.
s*****.debian.net.      3600    IN      MX      20 s*****.m****** u*****.com.au.
s*****.debian.net.      3600    IN      MX      30 alts*****.m***** o*********.com.au.
s*****.debian.net.      3600    IN      MX      0 gluck.debian.org.
s*****.debian.net.      3600    IN      TXT     "PGP ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **"
s*****.debian.net.      3600    IN      TXT     "PGP **** **** **** **** **** **** **** **** ****"
s*****.debian.net.      3600    IN      TXT     "******** <b**@debian.org>"
s*****.debian.net.      3600    IN      A       2**.1**.1**.8*
...

The first one is for one with just fast internet connection without any SMTP mail hosts to get BSMTP service via Debian host as described above.

The second one is for you with semi-stable fixed IP SMTP mail hosts. This ensures mail delivary to the home PC on Cable/DSL/Optical connection (with some risk).

Osamu Aoki