Rich Kulawiec on 15 Sep 2016 10:13:37 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Strawman proposal: common mailing list infrastructure for LUGs

(I started a new thread because it looks like/sounds like the PLUG
mailing list hosting issue is probably resolved.)

This follows on a comment that I made (and that some others responded to)
in the course of the PLUG mailing list discussion.  This is a set of
hasty, incorrect, obscure, etc., notes on what a design for a mailing
list system for all LUGs might look like.   I think there could be
a major win here, because as things are now, there are a lot of people
doing a lot of overlapping work, and there are a lot of LUGs using
really outdated software (with accompanying impact on performance,
security, etc.).  This *does* come with technical problems, however
nearly all of these are well-known and well-understood, so that's
probably not the roadblock.

The roadblock (as it is so often) is people.  Getting everyone on
the same page won't be easy.  And just like there are people using
outdated code, there are people using outdated practices...and
getting them to let go will require persuasion and maybe bourbon.

But let me shaddup about that and give you the strawman in bullet
point form:

Live server plus identical hot spare.  Rsync of /var/local/mailman
	at least once every 24 hours, maybe every 6? 4?  Hot spare
	needs to be somewhere else, geographically/ASN-wise.

Manual cutover.  (Automatic cutover isn't necessary and it's too risky)
	Cutover procedure tested pre-production.  Cutover used as
	necessary for things like OS upgrades.  (This will shake out
	any bugs in the procedure periodically.)

Mailman 2.x now, probably Mailman 3.x later

Insert argument about Linux vs. BSD, sendmail vs. postfix,
	BIND vs. unbound, Apache vs. nginx, etc.

Minimal OS install.  Basic OS plus servers for DNS, HTTP, SMTP, SSH.
	Turn off everything that's not needed.  Better: don't install it.
	Separate partitions for root, usr, var, etc.

OS configuration minimized.  DNS server configured to allow recursive
	queries from localhost only, given fairly large cache.
	HTTP server with as many features as possible turned off.
	SSH access only allowed from geographic regions where necessary.

Insert argument about physical vs. virtual servers.  Complicate with
	argument about CPU architecture.

List configuration under revision control.  RCS will suffice but
	more people know subversion/git now.  List configurations
	as cookie-cuttered as possible to minimize surprises and
	ease maintenance.  Consistify list naming as much as possible,
	e.g., yourlug-announce, yourlug-discuss, yourlug-jobs.

Standardize list hostnames across LUGs, e.g.
	Make sure list traffic separated from other LUG traffic.

Make sure -owner/owner- aliases go to the right people.  Set up
	mailing list for all-the-people-at-all-the-LUGS-who-deal-with-lists,
	sync it with this.

Change control procedures so that nobody breaks the MTA at 3 AM
	when nobody else knows.  All configuration documented.  No whining
	about doing documentation.

Minimum of three DNS servers on minimum of two different ASNs.  Set TTL
	so that cutover to hot spare is feasible in reasonable time.

Full support for RFC 2142 role addresses, e.g., "postmaster", abuse".
	These should connect to private mailing lists so that archives
	are automagically created.

Make sure the host uses NTP correctly.

Insert argument about common standards for email netiquette.  Take
	guidance from "Miss Mailers Answers Your Questions
	on Mailing Lists" ;)

List configuration tailored for Linux-ish content, e.g., suitable
	size limits, MIME attachment support, etc.

DMARC mitigation.  Sigh.  ARC, when it's ready for prime time.

Liason with big four gorillas to pre-empt some mail acceptance issues.

Minimum of three people handling postmaster/abuse/hostmaster/webmaster.
	Simple procedures in place to avoid overlapping work.

Make sure the network the host is on complies with BCP 38.

Backups every 24 hours.  That means backups, not copies.  (Dump makes
	backups.  Rsync makes copies.)  Backups stashed somewhere else.

Retain Mailman logs forever.  (They're not that big.)  Retain all
	messages to -request, -owner, etc., forever.  (Also not that big.)
	Retain all replies get the idea.

Size guesstimation: figure 150 mailing lists averaging 150 people each.
	10 years of traffic each, at 250M for the mbox, 750M for the
	expanded archive.  Thus 150G for archives.  This is probably
	an overestimate by a factor of 3-5.  Point is that all of this
	will fit comfortably on $100 worth of disk with room to grow.

Standard anti-abuse measures: Spamhaus DROP/EDROP, enforce DNS/rDNS
	match, use "greetpause", "Xen" DNSBL, support local domain
	and LHS and network allocation blocks, maybe graylisting, etc.

Avoid VERPing unless really really necessary.  "You are finite.
	 Zathras is finite.  This is wrong tool."

Create "umbrella" list to notify subscribers of all lists of changes.
	Set expectations appropriately: email is not instant messaging
	and doesn't need to be THAT fast.

Set up DMCA compliance process.  (Resist temptation to just
	send back "pound sand".)  Register per 512(c).

Do NOT obfuscate email addresses: it stopped being even marginally
	useful in 2002.   Insert spamtrap addresses to catch at
	least some harvesters, and name/shame them if they abuse

Implement RFC 2919 (which Mailman does anyway).

Insert argument about policies for problem subscribers.

RFC 2369 headers throughout.  Subject-line tags off by default
	and discouraged (but subscribers can switch them on).
	Standardize message footers.

Cause rejects/bounces to be sent to list owners and to be copied
	to a read-only keep-forever mbox.  (Enables diagnosis of
	issues that cross users, lists, and time.)  Monitor
	this mbox and quash problems pre-emptively when possible.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --