we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

  • ssm@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    smtpd.conf(5), pf.conf(5), and openssl(1) manpages and friends are your best resources for setting this up, I just provided that guide as examples as setting all this up can be daunting with just the manuals and no other context. The short guide provided in that blog is not going to teach you firewalling, filtering your maildir; and there’s definitely stuff missing, like restarting daemons after certs expire, and setting up your outbound dkimsign filter (was not available at the time of writing)

    • David Gerard@awful.systemsOPM
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      5 months ago

      oh my fucking god

      you have defnitely never been the guy on the hook professionally for email working

      • ssm@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        5 months ago

        I’ll eat as many downvotes as I’d like, though I don’t really know what I said that attracted so much ire.

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          8
          ·
          5 months ago

          you’re the type of reply guy who rattles off man page names when you’re out of your depth, and you’re reply guying about administrating email to people who professionally administrate email

          I don’t expect you to have caught onto that last bit, mainly because you never fucking shut up long enough to catch onto anything at all

          • froztbyte@awful.systems
            link
            fedilink
            English
            arrow-up
            5
            ·
            5 months ago

            who professionally administrate email

            I take immense offense at this utterly spurious insult! I only unprofessionally administer email these days, having managed to get the fuck out of having to do anyone else’s mail for money :D

            • froztbyte@awful.systems
              link
              fedilink
              English
              arrow-up
              5
              ·
              5 months ago

              there is a(n early career) period of my CV that literally has “mailserver administrator” as the job title/description, though

              it was kinda lol. apparently the guy who had the gig before me worked real, real hard (down to sometimes sleeping in the server room). I automated much of the role out with mairix, par2, a couple of extremely nasty shellscripts, and a bit of common sense. got pretty bored from month 4, and left a while after

        • flere-imsaho@awful.systems
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          5 months ago

          let me repeat something i wrote in another thread: bringing up the smtp daemon in basic configuration (and, by the way, my preferred one is exim) is trivial. managing working and usable mail service is not.

          it’s a process! you need to reserve time for that! you need to understand basic networking, you need to intimately know how dns works. you need to know how to use swaks. you need to know your RFCs, and the subtle breakages of the protocol that you need to introduce in order to reduce the amount of spam you’re receiving. you need to understand why everything that SPF promises is a lie, but you’ll be using it anyway. you need to know how DKIM works, and what is the true meaning of DMARC. you will learn that google wants you to use experimental features in order to be able to deliver your fucking mail to them. you need to understand that the anti-spam blacklists are managed by fucking racketeers, and that you can’t avoid them. you need to understand the difference between sending mail and receiving it, and why a correctly configured MX record does absolutely nothing to improve the ability to deliver remote mail. you need to have time to deal with petty tyrants on a mission, and with oblivious bureaucracy of large providers, and learn to be happy if you can reach a human person on the other side at all.

          and that’s just the SMTP part.

          • froztbyte@awful.systems
            link
            fedilink
            English
            arrow-up
            5
            ·
            5 months ago

            you need to understand why everything that SPF promises is a lie, but you’ll be using it anyway

            fuckin’ mood

            and that’s just the SMTP part.

            hi can I interest you in a serving of “you have 5 OSs and 25+ different versions of OS variants and even more client apps, please make autodiscovery work with” to go with that? no? how about a bit of caldav and carddav?