The mailing list for listmasters using Sympa

[Tom Browder <address@concealed>]

On Wed, Jan 29, 2020 at 4:34 PM McLaren, Terry <address@concealed> wrote:
> It works just fine.   Here’s the network part of a checklist we use to 
> create consistent robots:
>
> SSL cert:  Include robot.Name on SSL cert for lists.illinois.edu
> CNAME for robot.Name to point to lists.illinois.edu
...

Terry, that is a lot for my old brain to chew on. A few questions, please:

1. Are you managing your own DNS server?
2. When you mention "robot.Name" is that an alias for "some.example.com?"
3. Where do you get your single cert with the bunch of domains and
hosts you have?
4. Are you using one IP address for the whole system?

-Tom

>
> the robot will inherit the MX and TXT records from the CNAME.
>
> If mail is received in a different domain .  e.g.  @some.email.domain and 
> web interface https://lists.robot.Name
>
> then an MX and TXT record for robot.email.domain
>
>                                                                i.      An 
> MX record to use incoming-relays.illinois.edu   (where to send inbound 
> email)
>
>                                                              ii.      A TXT 
> record  "v=spf1 +include:lists.illinois.edu -all"  (authorization to use 
> outbound-relays)
>
> If legacy domains exist that still receive email, then...
>
> MX record for each legacy domain to point to incoming-relays.illinois.edu
>
> Note: incoming-relays.illinois.edu is our gateway for the +380 email 
> domains we host for campus.
>
> Do some DNS queries and you’ll see the details.  e.g.
>
> https://lists.aces.illinois.edu
>
> - in this case the web server sits at lists.aces…. but the email domain is 
> @aces.illinois.edu. (option 2 & 3 above.)
>
> >nslookup -type=any lists.aces.illinois.edu
>
>   lists.aces.illinois.edu canonical name = lists.illinois.edu
>
> >nslookup -type=mx aces.illinois.edu
>
>   aces.illinois.edu       MX preference = 10, mail exchanger = 
> incoming-relays.illinois.edu
>
> >nslookup -type=txt aces.illinois.edu
>
>   aces.illinois.edu       text =  "v=spf1 +include:lists.illinois.edu 
> +include:illinois.edu -all"
>
>
>
> https://lists.ischool.illinois.edu
>
> https://mail.krannertcenter.illinois.edu
>
> https://lists.beckman.illinois.edu
>
> https://lists.btaa.org
>
> https://lists.cs.illinois.edu
>
> https://lists.education.illinois.edu
>
> https://lists.illinois.edu
>
> https://lists.mste.illinois.edu
>
> https://lists.ncsa.illinois.edu
>
> https://lists.poets-erc.org
>
> https://lists.psychology.illinois.edu
>
> https://lists.sharps.org
>
> etc…
>
>
>
> I recently did stats so here are some ball park numbers for our robots.
>
> The 25 robots are hosted on a VM (3 processor, 12GB RAM 300GB HD)
> ~7300 lists across all robots,
> ~914,500 (total subscribers)
> ~439,300 (unique email addresses from ~29,700 unique domains)
>
> The VM runs smoothly with:
>
> 1 sympa process
> 1 task_manager
> 9 bulk.pl processes
> 8 wwsympa processes
>
>
>
> Sympa Rocks!
>
>
>
> Terry McLaren
>
> University of Illinois Listmaster
>
>
>
> -----Original Message-----
>
> From: Tom Browder <address@concealed>
>
> Sent: Wednesday, January 29, 2020 11:52 AM
>
> To: McLaren, Terry <address@concealed>
>
> Cc: address@concealed
>
> Subject: Re: [sympa-users] DNS settings for multiple virtual hosts: best 
> practices
>
>
>
> [Note: I don't usually top post but Terry forgot to CC this list.]
>
>
>
> Terry, I don't understand how that will work when my virtual hosts are 
> unique domains. So, my mail server (mail.example.com) should work for:
>
>
>
> address@concealed
>
> address@concealed
>
> address@concealed
>
> address@concealed
>
> ...
>
>
>
> -Tom
>
>
>
> On Wed, Jan 29, 2020 at 10:05 AM McLaren, Terry <address@concealed> 
> wrote:
>
> >
>
> > Hi Tom - We run 25 robots on the same server at U of I and cname all of 
> > them to our primary robot, lists.illinois.edu.  This way they inherit all 
> > other dns settings (mx, spf, etc).
>
> >
>
> > Terry McLaren
>
> >
>
> > -----Original Message-----
>
> > From: address@concealed
>
> > <address@concealed> On Behalf Of Tom Browder
>
> > Sent: Wednesday, January 29, 2020 9:29 AM
>
> > To: address@concealed
>
> > Subject: [sympa-users] DNS settings for multiple virtual hosts: best
>
> > practices
>
> >
>
> > It seems like every guide I read about DNS settings to handle a single 
> > mail server for multiple virtual hosts has a slightly different approach 
> > for required DNS records.
>
> >
>
> > Can anyone point me to a good recipe for how to do such?
>
> >
>
> > Here is what I have come up with so far with help from experts on the 
> > Postfix mailing list (from several years ago):
>
> >
>
> >
>
> > https://github.com/tbrowder/apache-httpd-tidbits/blob/master/MAIL-DNS.
>
> > md
>
> >
>
> > Repeated less clearly here:
>
> > ===================
>
> >
>
> > Given:
>
> >
>
> > a single Debian server
>
> > running Apache httpd
>
> > use as a mail server
>
> > use as a webserver with multiple virtual hosts static IP address:
>
> > 192.168.2.100 mail server name: mail.example.com
>
> >
>
> > DNS records for all virtual hosts named X.TLD (including example.com):
>
> >
>
> > X.TLD.      IN   A       w
>
> > WWW.X.TLD.  IN   CNAME   X.TLD.
>
> > @.          IN   MX      X.TLD.
>
> > @.          IN   TXT     "v=spf1 mx ?all"
>
> > X.TLD.      IN   MX      10 mail.example.com.
>
> >
>
> > additional DNS records for example.com:
>
> >
>
> > mail.example.com.           IN CNAME  example.com
>
> > 100.2.168.192.in-addr.arpa. IN PTR    mail.example.com.
>
> >
>
> > A PR would be cool for corrections.
>
> >
>
> > Thanks.
>
> >
>
> > -Tom