Differences between revisions 4 and 5
Revision 4 as of 2006-06-25 06:24:00
Size: 7009
Editor: OsamuAoki
Comment:
Revision 5 as of 2006-06-25 11:19:36
Size: 8864
Editor: OsamuAoki
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
 * a cute debian.org mail address, like osamu@debian.org, on MX=master.debian.org  * a cute debian.org mail address, like <username>@debian.org, on MX=master.debian.org
Line 12: Line 12:
Well, there is more to it. Let me go through them step-by-step. Well, there is more to it. Let me go through them step-by-step to set up Debian services.
Line 16: Line 16:
It is a good idea to set your new password through [http://db.debian.org/doc-mail.html mail gateway]. You must set your new password through [http://db.debian.org/doc-mail.html mail gateway] first.
Line 21: Line 22:
After validating the request the daemon will generate a new random password, set it in the directory and respond with an encrypted message containing the new password. (The password can be changed using one of the other interface methods.) After validating the request the daemon will generate a new random password, set it in the LDAP directory and respond with an encrypted message containing the new password. (The password can be changed using one of the other interface methods later.)
Line 48: Line 49:
Since Debian does not supply POP3 service, you may think that mails sent to "<yourname>@debian.org" and the "debian-private" mailing list subscription must be picked up at external mail address. This is not the case. You can keep direct secure access to these mail address using Debian service. I will explain it following information described in [http://lists.debian.org/debian-devel/2001/debian-devel-200102/msg00965.html BSMTP on debian.net] .
Since Debian does not supply POP3 service, you may think that mails sent to "<yourname>@debian.org" and the "debian-private" mailing list subscription must be picked up at external mail address. This is not the case. You can keep direct secure access to these mail address using Debian services.

I will explain this neat tricks following the information described in [http://lists.debian.org/debian-devel/2001/debian-devel-200102/msg00965.html BSMTP on debian.net] .
Line 90: Line 92:
You need to set your local PC to accept mails addressed to "osamu.debian.net" including ones for "root". You need to set your local PC to accept mails addressed to "<yourname>.debian.net" including ones for "root".
Line 95: Line 97:
Example --- FIXME
}}}

Then you obtain BSMTP script from:
$ sudo dpkg-reconfigure exim-config
}}}

Then, under "Configuring Exim v4 (exim4-config)" menu, you add "<yourname>.debian.net" to the list separated by colon.

== Step 6: Set up script to do BSMTP ==

You obtain BSMTP script from:
Line 100: Line 106:
{{{
#! /bin/sh
set -e

DIR="$HOME/bsmtp"
FILE="riva.debian.net"
TRANSIT="$FILE.transit"

cd "$DIR" || exit 0

# Is there anything to send?
[ -s "$FILE" ] || exit 0

lockfile-create "$FILE"
lockfile-touch "$FILE" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$FILE"' EXIT ERR HUP INT QUIT TERM

if [ -f "$TRANSIT" ]; then
    cat "$FILE" >> "$TRANSIT" && rm -f "$FILE"
else
    mv -f "$FILE" "$TRANSIT"
fi

cat "$TRANSIT"
rm -f "$TRANSIT"

exit 0
}}}

In the above code, {{{riva.debian.net}}} needs to be replaced with your debian.net domain name.
Line 101: Line 139:

{{{
Example ---- FIXME
{{{
#! /bin/sh
# Depends: lockfile-progs, ssh
set -e

if [ -z "$1" ]; then
    echo "Usage: $0 hostname" 2>&1
    exit 1
fi

DIR="$HOME/tmp/.bsmtp"
mkdir -p "$DIR"
cd "$DIR"

HOST="$1"

# TODO: Note that this scheme may currently lose mail if the local disk
# fills up! This is obviously very bad. Fix this.

# By default, lockfile-create gives up after three minutes, so don't cron
# this any more frequently than that without supplying a --retry argument.
lockfile-create "$HOST"
# Race condition pointed out by pjb: this doesn't guarantee that the lock is
# held before the critical section starts.
lockfile-touch "$HOST" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$HOST"' EXIT ERR HUP INT QUIT TERM

ssh -2 -i "$HOME/.ssh/id-bsmtp-$HOST" -C "$HOST" bsmtp-pull-server > "$HOST"
[ -s "$HOST" ] || exit 0
/usr/sbin/sendmail -bS -odq < "$HOST"
rm -f "$HOST"

exit 0
Line 108: Line 177:
These days, the value of this set up has been more for security and stability.  (If it is just to get subscription to high volume Debian ML, I would use free (commercial) service such as gmail.com.)

== Step 6: Alternative mail addresses ==
These days, the value of this setup has been more for the security and stability.

If it is just to get subscription to high volume Debian ML, I would use free (commercial) service such as {{{gmail.com}}}.

== Step 7: Alternative mail addresses ==
Line 124: Line 195:
Let's login to debian machine. (Here, people.debian.org.) Let's see how people uses this host for BSMTP by "{{{cat /etc/exim/bsmtp}}}" and check their domain set up. (I am not publishing exact content of these and hiding some contents here Try these command yourself.): Let's login to debian machine to see how other people are doing. (Here, people.debian.org.)

Let's see how people uses this host for BSMTP by "{{{cat /etc/exim/bsmtp}}}" and check their domain set up. (I am not publishing exact content of these and hiding some contents here Try these command yourself.):
Line 159: Line 233:
The first one is for one with just fast internet connection without any SMTP mail hosts to get BSMTP service via Debian host.  (The second one is for you with fixed IP SMTP mail hosts. Let's leave this for now.) The first one is for one with just fast internet connection without any SMTP mail hosts to get BSMTP service via Debian host as described above.

The second one is for you with semi-stable fixed IP SMTP mail hosts. This ensures mail delivary to the home PC on Cable/DSL/Optical connection (with some risk).

Debian Services for the Debian Developper

Following is not tested contents. This is under contraction.

When we became Debian Developper (DD), we knew we obtained few privilages:

  • your GPG key in official Debian keyring (This is your source of power)
  • package upload privilage,
  • a cute debian.org mail address, like <username>@debian.org, on MX=master.debian.org

  • subscription to debian-private@lists.debian.org mailing list

  • shell accounts on many fast/strange architecture machines.

Well, there is more to it. Let me go through them step-by-step to set up Debian services.

Step 1: New password

You must set your new password through [http://db.debian.org/doc-mail.html mail gateway] first.

$ echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org

After validating the request the daemon will generate a new random password, set it in the LDAP directory and respond with an encrypted message containing the new password. (The password can be changed using one of the other interface methods later.)

Please note many of the Debian service have similar [http://db.debian.org/doc-mail.html mail based configuration].

Step 2: Set up your Debian account LDAP data

Configuration of your Debian account can be done through the web interface of [https://db.debian.org/login.html LDAP Debian server] after loging in with your password with "Update my info" button.

  • Change password
  • Street address
  • City/State
  • Country
  • Postal code
  • Latitude / Longitude
  • Phone
  • FAX
  • ICQ UIN
  • Jabber ID
  • Preferred shell
  • email forwarded to
  • debian-private subscript addr
  • IRC nickname
  • Web page
  • Vacation message

Here you can set your password to a momorable one.

Since Debian does not supply POP3 service, you may think that mails sent to "<yourname>@debian.org" and the "debian-private" mailing list subscription must be picked up at external mail address. This is not the case. You can keep direct secure access to these mail address using Debian services.

I will explain this neat tricks following the information described in [http://lists.debian.org/debian-devel/2001/debian-devel-200102/msg00965.html BSMTP on debian.net] .

Step 3: Set up your shell accounts

Debian offers shell accounts to the developer using SSH service. See sshd(8) and set up your SSH setup locally on your PC.

The virtual .ssh/authorized_keys file for each user can be set by the Debian LDAP server. Probably the most common way to use this function will be:

$ gpg --clearsign < .ssh/id_dsa.pub | mail change@db.debian.org

which will set the authentication key to the identity you are using. Multiple keys per user are supported, but they must all be sent at once.

Step 4: Set up your <yourname>.debian.net domain for mail

Although there seems to be no explicit rule on what 3rd level domain name we can pick, the common sense is to use your Debian account name. Let's set up osamu.debian.net, for example , by creating a text file osamu.txt:

$ cat osamu.txt
osamu.debian.net   IN MX  10 gluck.debian.org.
osamu.debian.net   IN TXT    "Osamu Aoki <osamu@debian.org>"
osamu.debian.net   IN TXT    "PGP 253A 4076 6A3B CCE2 A426  DEF5 E80F C4C1 A806 1F32"
$ gpg --clearsign <osamu.txt | mail change@db.debian.org

Here please note that there is a "." (period) after "gluck.debian.org".

If you also want a web service on the domain, you can set it by adding your host IP (e.g. 123.123.123.123):

$ cat osamu.txt
osamu.debian.net   IN A       123.123.123.123
osamu.debian.net   IN MX  10 gluck.debian.org.
osamu.debian.net   IN TXT    "Osamu Aoki <osamu@debian.org>"
osamu.debian.net   IN TXT    "PGP 253A 4076 6A3B CCE2 A426  DEF5 E80F C4C1 A806 1F32"
$ gpg --clearsign <osamu.txt | mail change@db.debian.org

Step 5: Set up your PC to accept mail to <yourname>.debian.net domain

You need to set your local PC to accept mails addressed to "<yourname>.debian.net" including ones for "root".

See exim4 configuration.

$ sudo dpkg-reconfigure exim-config

Then, under "Configuring Exim v4 (exim4-config)" menu, you add "<yourname>.debian.net" to the list separated by colon.

Step 6: Set up script to do BSMTP

You obtain BSMTP script from:

set -e

DIR="$HOME/bsmtp"
FILE="riva.debian.net"
TRANSIT="$FILE.transit"

cd "$DIR" || exit 0

# Is there anything to send?
[ -s "$FILE" ] || exit 0

lockfile-create "$FILE"
lockfile-touch "$FILE" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$FILE"' EXIT ERR HUP INT QUIT TERM

if [ -f "$TRANSIT" ]; then
    cat "$FILE" >> "$TRANSIT" && rm -f "$FILE"
else
    mv -f "$FILE" "$TRANSIT"
fi

cat "$TRANSIT"
rm -f "$TRANSIT"

exit 0

In the above code, riva.debian.net needs to be replaced with your debian.net domain name.

# Depends: lockfile-progs, ssh
set -e

if [ -z "$1" ]; then
    echo "Usage: $0 hostname" 2>&1
    exit 1
fi

DIR="$HOME/tmp/.bsmtp"
mkdir -p "$DIR"
cd "$DIR"

HOST="$1"

# TODO: Note that this scheme may currently lose mail if the local disk
# fills up! This is obviously very bad. Fix this.

# By default, lockfile-create gives up after three minutes, so don't cron
# this any more frequently than that without supplying a --retry argument.
lockfile-create "$HOST"
# Race condition pointed out by pjb: this doesn't guarantee that the lock is
# held before the critical section starts.
lockfile-touch "$HOST" &
TOUCH="$!"
trap 'kill "$TOUCH"; lockfile-remove "$HOST"' EXIT ERR HUP INT QUIT TERM

ssh -2 -i "$HOME/.ssh/id-bsmtp-$HOST" -C "$HOST" bsmtp-pull-server > "$HOST"
[ -s "$HOST" ] || exit 0
/usr/sbin/sendmail -bS -odq < "$HOST"
rm -f "$HOST"

exit 0

Now you have mail address on which you do not rely any external resorces.

These days, the value of this setup has been more for the security and stability.

If it is just to get subscription to high volume Debian ML, I would use free (commercial) service such as gmail.com.

Step 7: Alternative mail addresses

Although "<yourname>@debian.org" is most common e-mail address used by the DD on Debian system, there are many available mail addresses for you.

  • <yourname>@debian.org on MX=master.debian.org

  • <yourname>-<suffix>@debian.org on MX=master.debian.org

  • <yourname>@people.debian.org on MX=people.debian.org

See /etc/exim4/* on people.debian.org and Debian DNS set up to figure out exactly how you use all these.

See also [http://db.debian.org/forward.html Debian GNU/Linux -- Email Forwarding].

Further stady

Let's login to debian machine to see how other people are doing. (Here, people.debian.org.)

Let's see how people uses this host for BSMTP by "cat /etc/exim/bsmtp" and check their domain set up. (I am not publishing exact content of these and hiding some contents here Try these command yourself.):

osamu@gluck:exim$ cat bsmtp
r****.debian.net: user=d** group=Debian file=/home/d**/bsmtp/r*****.debian.net
s*****.debian.net: user=b** group=Debian file=/home/b**/bsmtp/s*****.debian.net
...
r***.debian.net: user=c******* group=Debian file=/home/c*******/bsmtp/r***.debian.net
...
osamu@gluck:exim$ dig r***.debian.net ANY
...
;; QUESTION SECTION:
;r***.debian.net.               IN      ANY

;; ANSWER SECTION:
r***.debian.net.        3600    IN      MX      0 gluck.debian.org.

...

osamu@gluck:exim$ dig s*****.debian.net ANY
...
;; QUESTION SECTION:
;s*****.debian.net.             IN      ANY

;; ANSWER SECTION:
s*****.debian.net.      3600    IN      MX      10 s*****.a****.org .au.
s*****.debian.net.      3600    IN      MX      20 s*****.m****** u*****.com.au.
s*****.debian.net.      3600    IN      MX      30 alts*****.m***** o*********.com.au.
s*****.debian.net.      3600    IN      MX      0 gluck.debian.org.
s*****.debian.net.      3600    IN      TXT     "PGP ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **"
s*****.debian.net.      3600    IN      TXT     "PGP **** **** **** **** **** **** **** **** ****"
s*****.debian.net.      3600    IN      TXT     "******** <b**@debian.org>"
s*****.debian.net.      3600    IN      A       2**.1**.1**.8*
...

The first one is for one with just fast internet connection without any SMTP mail hosts to get BSMTP service via Debian host as described above.

The second one is for you with semi-stable fixed IP SMTP mail hosts. This ensures mail delivary to the home PC on Cable/DSL/Optical connection (with some risk).

[:OsamuAoki: Osamu Aoki]