OTRS
(→SpamAssassin: ip ranges) |
(→Mail setup: SpamAssassin setup in Exim) |
||
| Line 29: | Line 29: | ||
== Mail setup == | == Mail setup == | ||
In the new OTRS setup, OTRS is installed on [[williams]], and e-mail is sent and received through a special Exim instance on this server. Its configuration follows the lines of the setup described in [[Mail]], but OTRS specific configuration is listed below. | In the new OTRS setup, OTRS is installed on [[williams]], and e-mail is sent and received through a special Exim instance on this server. Its configuration follows the lines of the setup described in [[Mail]], but OTRS specific configuration is listed below. | ||
| + | |||
| + | === Exim === | ||
| + | |||
| + | ==== SpamAssassin scanning ==== | ||
| + | Spam filtering is done using [[#SpamAssassin|SpamAssassin]] and an Exim ACL which is run at the DATA phase during the SMTP connection. Should SpamAssassin fail for some reason, mail is let through. | ||
| + | |||
| + | acl_smtp_data = acl_check_data | ||
| + | |||
| + | <pre> | ||
| + | acl_check_data: | ||
| + | # Run a SpamAssassin check on any non-locally submitted messages. | ||
| + | # If the message is estimated to be spam, we discard it, since | ||
| + | # rejecting only moves the problem to mchenry. | ||
| + | |||
| + | accept hosts = : | ||
| + | |||
| + | discard message = This message scored $spam_score spam points. | ||
| + | spam = otrs/defer_ok | ||
| + | |||
| + | accept | ||
| + | </pre> | ||
=== SpamAssassin === | === SpamAssassin === | ||
Revision as of 21:06, 29 January 2009
OTRS is installed on bart.wikimedia.org.
- Source is in /opt/otrs
- Config file is /opt/otrs/Kernel/Config.pm
- URL is https://secure.wikimedia.org/otrs/index.pl
- The root user/pass is in /home/wikipedia/doc/otrs
- Primary db is on db9, replica on db10. OTRS uses only the primary DB, they apparently don't support slaves.
- The codebase is patched, e.g. for supporting one-click-spam. The patches can be found at http://svn.wikimedia.org/svnroot/mediawiki/trunk/otrs
You no longer need to invoke a specific script or update config files to add email addresses to OTRS; mchenry will automatically see that the queue exists or has disappeared.
It is possible (due to negative caching at the secondary mail exchangers) that new addresses will take up to two hours to begin working.
Contents |
To upgrade
- Stop postfix. You don't want to have mail coming in while OTRS is broken.
- Fetch new OTRS code
- Decompress into /opt/otrs-X.Y.Z
- Get the patches with svn export --force http://svn.wikimedia.org/svnroot/mediawiki/trunk/otrs /opt/otrs-cvs
- Apply them with quilt push -a
- Copy in Kernel/Config/Files/*, home, var/log, var/stats, var/sessions
- Symlink the templates...
- cd Kernel/Output/HTML && ln -s Standard OTRS
- Set permissions on the dir, eg:
- bin/SetPermissions.pl --secure --otrs-user=otrs --web-user=apache --otrs-group=otrs --web-group=apache /opt/otrs-X.Y.Z
- change the /opt/otrs symlink to the new version
- start postfix
- send a mail to e.g. info-en and check that it shows up in OTRS
Mail setup
In the new OTRS setup, OTRS is installed on williams, and e-mail is sent and received through a special Exim instance on this server. Its configuration follows the lines of the setup described in Mail, but OTRS specific configuration is listed below.
Exim
SpamAssassin scanning
Spam filtering is done using SpamAssassin and an Exim ACL which is run at the DATA phase during the SMTP connection. Should SpamAssassin fail for some reason, mail is let through.
acl_smtp_data = acl_check_data
acl_check_data:
# Run a SpamAssassin check on any non-locally submitted messages.
# If the message is estimated to be spam, we discard it, since
# rejecting only moves the problem to mchenry.
accept hosts = :
discard message = This message scored $spam_score spam points.
spam = otrs/defer_ok
accept
SpamAssassin
williams runs its own SpamAssassin instance, so sa-learn can be used to train it from the OTRS Junk queue. The normal Ubuntu spamassassin package is used, with the following configuration modifications:
/etc/default/spamassassin
Make sure spamd is enabled:
# Change to one to enable spamd ENABLED=1
By default it runs as root, which is unnecessary. Since it's only used by OTRS, we can run it as the OTRS user. User preferences are disabled, spamd listens on the loopback interface only.
OPTIONS="--max-children 5 --nouser-config --listen-ip=127.0.0.1 -u otrs -g otrs"
Don't let spam filtering eat all resources:
# Set nice level of spamd NICE="--nicelevel 10"
Automatically update SpamAssassin rules:
# Cronjob # Set to anything but 0 to enable the cron job to automatically update # spamassassin's rules on a nightly basis CRON=1
/etc/spamassassin/local.cf
Allow SpamAssassin to trust these IP ranges:
trusted_networks 208.80.152.0/22 91.198.174.0/24 203.212.189.192/26
