| | 1 | = Schleuder3 setup = |
| | 2 | |
| | 3 | [https://schleuder.nadir.org | Schleuder] is an email hub for groups. It has also been described as a gpg-enabled mailinglist with remailer-capabilities. It is designed to serve as a tool for group communication: subscribers can communicate encrypted (and pseudonymously) among themselves, receive emails from non-subscribers and send emails to non-subscribers via the list. |
| | 4 | |
| | 5 | Schleuder3 has been setup by dkg on herman.mayfirst.org for testing. dkg describes this setup as "a minimally-configured debian stretch machine, using the |
| | 6 | schleuder and schleuder-cli packages from unstable. I removed basically every package that I could, and configured it entirely with systemd where possible. This means no ifupdown, no cron, no rsyslog, no ntp, no acpid, no isc-dhcp-client, systemd-resolved as a local DNS caching stub resolver, etc." |
| | 7 | |
| | 8 | The following is an attempt to document the steps necessary to recreate the same conditions and configuration currently active in herman. These are not the exact steps and order taken during the original install. |
| | 9 | |
| | 10 | == Debian install == |
| | 11 | |
| | 12 | Start from an initial install of Debian stretch (currently debian testing) with '''NONE''' of the tasksel tasks activated. Make sure to deselect both the '''standard''' and '''ssh-server''' tasks during install. Login through the console to complete the initial steps manually. |
| | 13 | |
| | 14 | === No recommends === |
| | 15 | Make sure all subsequent package instals with apt default to using the '''--no-install-recommends''' preference by adding a line to apt.conf |
| | 16 | |
| | 17 | {{{0 herman:~# echo 'APT::Install-Recommends "0";' >> /etc/apt/apt.conf}}} |
| | 18 | |
| | 19 | === Installing packages === |
| | 20 | |
| | 21 | Install the following packages. Some of these packages are essential to the application and others appear to be utilities that were used for debugging during the configuration process of schleuder. It may be possible to reduce this list. |
| | 22 | |
| | 23 | {{{ |
| | 24 | 0 herman:~# apt install openssh-server systemd-cron deborphan psmisc postfix tor cryptsetup libpam-systemd initscripts dbus dbus-user-session publicsuffix haveged screen less file lsof man-db manpages acl iputils-ping libcap2-bin bsd-mailx sqlite3 bash-completion |
| | 25 | }}} |
| | 26 | |
| | 27 | === Removing packages === |
| | 28 | |
| | 29 | Remove the following unnecessary or undesired packages. |
| | 30 | |
| | 31 | {{{ |
| | 32 | 0 herman:~# apt purge rsyslog logrotate cron tasksel installation-report wamerican console-setup keyboard-configuration kbd isc-dhcp-client isc-dhcp-common discover laptop-detect ifupdown dmidecode eject netcat-traditional traceroute usbutils iptables pciutils reportbug os-prober gcc-5-base linux-image-4.8.0-2-amd64 |
| | 33 | }}} |
| | 34 | |
| | 35 | Autoremove and purge automatically installed packages that are no longer necessary. |
| | 36 | |
| | 37 | {{{0 herman:~# apt autoremove --purge}}} |
| | 38 | |
| | 39 | Purge any orphaned packages. Repeat this next step as many times as necessary until there are no longer any results. |
| | 40 | |
| | 41 | {{{0 herman:~# apt purge $(deborphan)}}} |
| | 42 | |
| | 43 | === Install packages from unstable repository === |
| | 44 | |
| | 45 | Add the unstable repository. |
| | 46 | |
| | 47 | {{{ |
| | 48 | 0 herman:~# echo "deb http://ftp.us.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list |
| | 49 | 0 herman:~# echo -e "Package: *\nPin: release a=unstable\nPin-Priority: 200" >> /etc/apt/preferences.d/limit-unstable |
| | 50 | 0 herman:~# apt update |
| | 51 | }}} |
| | 52 | |
| | 53 | Install the unstable version of the following packages. dkg's patch https://bugs.debian.org/851732 to schleuder to avoid a dependency on cron has already been applied in newest unstable releases. |
| | 54 | |
| | 55 | {{{ 0 herman:~# apt install gnupg/unstable schleuder-cli/unstable schleuder/unstable }}} |
| | 56 | |
| | 57 | Omitting the emacs-nox package and its's dependencies that aren't essential here the above setup should give us a package list very close to what is on herman now. |
| | 58 | |
| | 59 | === Networking === |
| | 60 | |
| | 61 | Since ifupdown has been removed and systemd.network will be used instead. A new .network file should created as {{{ /etc/systemd/network/50-static.network }}} |
| | 62 | |
| | 63 | The contents of this file look something like this, although the original ip numbers have been removed here. |
| | 64 | |
| | 65 | {{{ |
| | 66 | [Match] |
| | 67 | Name=ens3 |
| | 68 | |
| | 69 | [Network] |
| | 70 | Address=XXX.XXX.XXX.XXX/XX |
| | 71 | Address=XXXX:XXXX:XXXX:XXXX::XXXX/XXXX |
| | 72 | Gateway=XXX.XXX.XXX.XXX |
| | 73 | Gateway=XXXX:XXXX:XXXX:XXXX::XXXX |
| | 74 | DNS=XXX.XXX.XXX.XXX |
| | 75 | DNS=XXX.XXX.XXX.XXX |
| | 76 | Domains=mayfirst.org |
| | 77 | }}} |
| | 78 | |
| | 79 | Notice the interface is not named eth0. The version of Systemd in Debian Stretch now uses [https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ | Predictable Network Interface Names] , which automatically assigns static names to network devices. |
| | 80 | udev is responsible for [https://major.io/2015/08/21/understanding-systemds-predictable-network-device-names/ | which device gets which name ] . |
| | 81 | You can get a list of available network interfaces using commands {{{ls /sys/class/net}}} or {{{ip link}}} |
| | 82 | |
| | 83 | After creating the new .network file you need to restart systemd-networkd |
| | 84 | {{{ |
| | 85 | systemctl restart systemd-networkd |
| | 86 | }}} |
| | 87 | |
| | 88 | At this point the server should be accessible over ssh. |
| | 89 | |
| | 90 | === No logs === |
| | 91 | |
| | 92 | When both journald and rsyslog are installed, the default is that journald spits out all its messages to syslog and syslog writes them to disk. Without syslog, journald is responsible for writing whatever needs to be written. See configuration choices for {{{/etc/systemd/journald.conf}}} with {{{man journald.conf}}} |
| | 93 | |
| | 94 | By default {{{Storage=auto}}} is set which basically means "if /var/log/journal is present, then write the logs to disk; if it's not, then write them to /run" |
| | 95 | note that /run is a tmpfs, meaning it's ephemeral, and disappears when the machine loses power so since we've avoided placing a permanent journal everything is being logged in /run |
| | 96 | |
| | 97 | The following command will show any processes still holding open files in /var/log |
| | 98 | |
| | 99 | {{{ |
| | 100 | find /var/log/ -mount -type f -print0 | xargs -0 lsof |
| | 101 | }}} |
| | 102 | |
| | 103 | The only listing that should still appear at this point is the debian-tor user writing to /var/log/tor/log . This can be stopped by uncomment the following line in {{{/etc/tor/torrc}}} |
| | 104 | |
| | 105 | {{{ |
| | 106 | Log notice syslog |
| | 107 | }}} |
| | 108 | |
| | 109 | Why syslog? syslog is just an interface -- something listening on a socket at /dev/log where journald also listens |
| | 110 | |
| | 111 | After making the above change to {{{/etc/tor/torrc}}} restart tor. |
| | 112 | {{{ |
| | 113 | systemctl restart tor |
| | 114 | }}} |
| | 115 | |
| | 116 | === tmpfs for /tmp === |
| | 117 | |
| | 118 | Setup the /tmp directory with temporary file storage facility so that all writes to /tmp are written to volatile memory and not to disk. |
| | 119 | |
| | 120 | Add the following line to the end of {{{/etc/fstab}}} |
| | 121 | |
| | 122 | {{{ |
| | 123 | tmpfs /tmp tmpfs mode=1777,nosuid,nodev 0 0 |
| | 124 | }}} |
| | 125 | |
| | 126 | |
| | 127 | === Postfix === |
| | 128 | |
| | 129 | Add these 2 lines to the end of {{{/etc/postfix/master.cf}}} |
| | 130 | |
| | 131 | {{{ |
| | 132 | schleuder unix - n n - - pipe |
| | 133 | flags=DRhu user=schleuder argv=/usr/bin/schleuder work ${recipient} |
| | 134 | }}} |
| | 135 | |
| | 136 | This says "if the transport is for schleuder, then pipe the message to a process owned by user "schleuder" that runs "/usr/bin/schleuder work ${recipient}" |
| | 137 | |
| | 138 | In {{{/etc/postfix/main.cf}}} edit the myhostname and mydestination variables appropriately. |
| | 139 | |
| | 140 | {{{ |
| | 141 | myhostname = herman.mayfirst.org |
| | 142 | mydestination = $myhostname, herman.mayfirst.org |
| | 143 | }}} |
| | 144 | |
| | 145 | Then at the bottom of {{{/etc/postfix/main.cf}}} add the following lines |
| | 146 | |
| | 147 | {{{ |
| | 148 | virtual_transport = schleuder |
| | 149 | virtual_mailbox_domains = x.mayfirst.org |
| | 150 | virtual_alias_maps = hash:/etc/postfix/virtual_aliases |
| | 151 | virtual_mailbox_maps = sqlite:/etc/postfix/schleuder_sqlite.cf |
| | 152 | schleuder_destination_recipient_limit = 1 |
| | 153 | compatibility_level = 2 |
| | 154 | }}} |
| | 155 | |
| | 156 | The above portion of the config is devoted to figuring out when to trigger this transport. First: dedicate postfix's "virtual transport" to schleuder itself and tell postfix that anything coming to x.mayfirst.org should be handled by the virtual transport |
| | 157 | |
| | 158 | The contents of the file {{{/etc/postfix/virtual_aliases}}} is a list of first-pass "catch-all" addresses, forwarding the usual things to their @mayfirst.org counterparts. |
| | 159 | |
| | 160 | {{{ |
| | 161 | postmaster@x.mayfirst.org postmaster@mayfirst.org |
| | 162 | abuse@x.mayfirst.org abuse@mayfirst.org |
| | 163 | MAILER-DAEMON@x.mayfirst.org MAILER-DAEMON@mayfirst.org |
| | 164 | root@x.mayfirst.org root@mayfirst.org |
| | 165 | }}} |
| | 166 | |
| | 167 | virtual_mailbox_maps is what postfix uses to look up whether an address is valid. If it's not in that list, it declines the message at attempted SMTP delivery time. This directive tells postfix "look up the incoming address to see whether schleuder is willing to handle it; if it is not, then don't even bother feeding it to schleuder". The contents of {{{/etc/postfix/schleuder_sqlite.cf}}} look like this: |
| | 168 | |
| | 169 | {{{ |
| | 170 | dbpath = /var/lib/schleuder/db.sqlite |
| | 171 | |
| | 172 | query = select 'present' where '%s' in ( |
| | 173 | select email from lists union |
| | 174 | select replace(email, '@', '-bounces@') from lists union |
| | 175 | select replace(email, '@', '-owner@') from lists union |
| | 176 | select replace(email, '@', '-request@') from lists union |
| | 177 | select replace(email, '@', '-sendkey@') from lists) |
| | 178 | }}} |
| | 179 | |
| | 180 | In the master.cf this line {{{schleuder_destination_recipient_limit = 1}}} means, "if a message comes in headed for the schleuder transport and it is headed for multiple recipients, feed it to each of them separately, one at a time." {{{compatibility_level = 2}}} just disables backwards compatibility. |
| | 181 | |
| | 182 | === Dedicated user for schleuder-cli === |
| | 183 | |
| | 184 | Create a separate "schleuder-mgmt" user that is able to talk to the API but doesn't have r/w access to the sqlitedb |
| | 185 | {{{ |
| | 186 | adduser schleuder-manager --gecos 'Schleuder Manager,,,' --disabled-password |
| | 187 | }}} |
