Gentoo E-mail System

1. Gentoo Developer E-mail Possibilities

This document describes the various options for checking your gentoo.org email address. You can opt for having the e-mails forwarded to a specific e-mail address, or let them stay on the dev.gentoo.org server to which you can connect using your favorite e-mail client with POP3S or IMAPS (the secure implementations of POP3 and IMAP respectively).

Forwarding E-mails

If you want to have your e-mails forwarded to another e-mail address, you should log on to dev.gentoo.org and put the e-mail address in ~/.forward. Logging on to dev.gentoo.org is similar to cvs.gentoo.org: you'll be using the same keys.

Code Listing 1.1: Forwarding e-mails to another e-mail address

$ ssh  username@dev.gentoo.org
username@woodpecker username $ echo new.e-mail@address.com > ~/.forward
username@woodpecker username $ exit

If you at some point want to change the e-mail address to which the e-mails should be forwarded, change the content of the ~/.forward file to the new e-mail address.

Note: If you use a forward please make sure that it is reliable. If the queue on dev.gentoo.org starts to grow due to bouncing e-mail Infra will be forced to remove you forward. All e-mail will then be delivered locally until you fix it.

Using the mailbox on dev.gentoo.org

If you want to use the mailbox on dev.gentoo.org, you must make sure that there is no .forward in your home directory. Doing this requires access to dev.gentoo.org (duh). Accessing dev.gentoo.org is no different than accessing cvs.gentoo.org: you'll be using the same keys.

Code Listing 1.2: Removing ~/.forward

$ ssh -l username dev.gentoo.org 'rm ~/.forward'

There are some things you must know about your mailbox on dev.gentoo.org:

You can only access it using POP3S or IMAPS (see the following chapter).
There are some local e-mail clients installed on dev.gentoo.org (mutt and pine to be exact). Only use those if you know how to use them :)
The password to access the mailbox is the same password you can set on dev.gentoo.org using passwd.

2. Using dev.gentoo.org for your e-mails

Accessing dev.gentoo.org using POP3S

POP3S is the secure variant of POP3, the Post Office Protocol version 3. POP3 is a pull-protocol, meaning that e-mails are pulled from the server to your local disk.

To set up your favorite e-mail client for POP3S, use the following settings:

POP3 server: dev.gentoo.org
Use SSL: yes
Account: your username
Password: your dev.gentoo.org password

Warning: POP3 without SSL is not supported! It is insecure because it transmits the password in plain text, which is a Bad Thing (TM).

For instance, if you are using fetchmail to fetch your e-mails, your .fetchmailrc should read something like this:

Code Listing 2.1: fetchmailrc

poll dev.gentoo.org proto pop3 
    user username pass password nokeep ssl
sslfingerprint "50:01:91:98:92:B3:40:1B:CC:52:4D:A9:53:58:1E:B1"

If you are using sylpheed for your e-mails, create a new account and make sure that the Receive tab uses POP3 and the SSL tab has the Use SSL for POP3 connection selected.

If you are using mutt, you're smart enough to figure this one out yourself.

Code Listing 2.2: dev.gentoo.org POP3 SSL fingerprints

MD5  = 50:01:91:98:92:B3:40:1B:CC:52:4D:A9:53:58:1E:B1
SHA1 = 5C:97:52:AF:AB:AF:66:D5:F7:B2:5A:6F:1C:15:79:93:FB:C9:54:B9

Accessing dev.gentoo.org using IMAPS

IMAPS is the secure variant of IMAP, the Internet Message Acces Protocol version 4. IMAP is a push-protocol, meaning that e-mails stay on the remote server and you can manage seperate mailboxes on that server.

To set up your favorite e-mail client for IMAPS, use the following settings:

IMAP server: dev.gentoo.org
Use SSL: yes
Account: your username
Password: your dev.gentoo.org password

Warning: IMAP without SSL is not supported! It is insecure because it uses static authentication, which is a Bad Thing (TM).

Note: Your *.gentoo.org LDAP password is the same as the one used on all Gentoo infrastructure you have access to. If you don't know your password anymore, ask infra to reset your password.

For instance, if you are using fetchmail to fetch your e-mails, your .fetchmailrc should read something like this:

Code Listing 2.3: fetchmailrc

poll dev.gentoo.org proto imap
    user username pass password nokeep ssl
sslfingerprint "8F:F0:BF:83:1E:F4:90:42:64:39:9F:A7:01:05:37:C6"

If you are using mutt, you're smart enough to figure this one out yourself.

Code Listing 2.4: dev.gentoo.org IMAP SSL fingerprints

MD5  = 8F:F0:BF:83:1E:F4:90:42:64:39:9F:A7:01:05:37:C6
SHA1 = 0E:1F:7B:42:0F:71:20:8B:BC:C9:4E:A7:EC:9A:A8:24:86:70:82:98

Using dev.gentoo.org as a mail relay server

Warning: Do not do this unless absolutely necessary. Please use your ISPs relay server whenever possible.

If you need a relay-server desperately and have no other means of sending e-mails, you can use dev.gentoo.org as a relayserver.

Note: For devs unable to use port 25 to send mail, dev.gentoo.org also accepts inbound SMTP connections on TCP port 587.

Now setup your e-mail client to use dev.gentoo.org as the SMTP server. Select yes when asked if the server uses authentication. If you get the choice, select plain as the hash-method. Use your username and your LDAP password for authentication.

Setting up procmail rules for Spam Checking

All email coming into dev.gentoo.org is scanned for spam and viruses. Viruses are automatically deleted so there is no need to check for them yourself. To check for spam use something like the following procmail recipie.

Code Listing 2.5: ~/.procmailrc

 :0:
 * ^X-Spam-Status: Yes
 .maildir/.spam/

If you wish to check your spam based on spam level a recipie like the following can be used (adjust the number of '\*' to the level that fits you best, the more stars the greater the possibilty that what you are filtering is spam).

Code Listing 2.6: ~/.procmailrc

 :0:
 * ^X-Spam-Level: \*\*\*
 .maildir/.spam/

Note: Mail placed into ~/.maildir/.spam is auto cleaned every 14 days. If you wish to save your potential spam for an extended period of time please place it in another directory. The usage of ~/.maildir/.spam is strongly encouraged.

3. Frequently Asked and/or Anticipated Questions

What happens when dev.gentoo.org goes down?

When dev.gentoo.org goes down, e-mails will stay in the mailqueue on mail.gentoo.org and will be delivered whenever dev.gentoo.org is up again.

Can I use procmail on dev.gentoo.org?

Yes you can. You need to create a ~/.forward file thought with the following content:

Code Listing 3.1: ~/.forward for procmail usage

| /usr/bin/procmail

Can I use SpamAssassin on dev.gentoo.org?

Spam is automatically marked for you. There is no need to run your mail through any additional filters just check for the appropriate headers.

Why don't you set up a system-wide (spam|virus) filter?

Due to the rapid spread of e-mail bourne viruses we have had to filter all of these despite the risk of loosing legitimate e-mail. Spam filtering is not 100% accurate so although we tag all e-mail with Spam level headers we do not filter it. We leave that option to the developers to do so if they choose.

How can I exempt myself from Sender Address Verification?

By default all @gentoo.org users get Sender Address Verification enabled for them for free. We recognize that there are times when this is less than ideal and put a system in place for you to exempt yourself from it. You can simply touch ~/.permissive and wait about an hour for the recipient_filtering to be rechecked. Note however that when you opt for permissive mode that no spam or virus filtering is done for your account.

Are my e-mails or the contents of my home directory backed up regularly?

No, it's the responsibility of the individual to back up their own important files and mail.

How can I copy over files from/to dev.gentoo.org?

Use scp.

Updated January 14, 2008

Summary: This document describes what you, as Gentoo Developer, can expect from our new e-mail system.

Sven Vermeulen
Author

Kurt Lieber
Editor

Lance Albertson
Editor

Daniel Ostrow
Editor

Mike Doty
Editor

Ned Ludd
Editor

Ned Ludd
Editor