Add new area doc for chunks of more or less structured knowledge related to the scripts and configfiles.

2 files changed, 99 insertions, 0 deletions

diff --git a/doc/Certificates.txt b/doc/Certificates.txt
new file mode 100644
index 0000000..8c7acf7
--- /dev/null
+++ b/doc/Certificates.txt
@@ -0,0 +1,27 @@
+Certificate Authority
+---------------------
+CA Certificate is placed in /etc/ssl/certs/ and name closely to CN of
+organisation ( s/ /_/g ) appended "_CA.crt".
+
+CA Key is located in /etc/ssl/private/ named similarly appended
+"_CA.key".
+
+Certificate is symlinked to "/etc/ssl/certs/cacert.pem" for easy
+locating by scripts.
+
+Hosts
+-----
+Host certificates are placed in /etc/ssl/certs/ either named by the
+service they provide appended ".pem", or symlinked with that name from
+hostname.key or whatever makes best sense in the situation, either with
+the key embedded or the key at the same place.
+
+The script /usr/share/local/localmksslcerts can be used to make
+self-signed certificates with embedded keys.
+
+Users
+-----
+Have a look at this web page:
+http://www.cise.ufl.edu/help/secure-access/ssl-mail-setup.shtml
+
+The script is at /usr/share/local/mycert - adapted to Debian GNU/Linux.
diff --git a/doc/Email.txt b/doc/Email.txt
new file mode 100644
index 0000000..5adfca6
--- /dev/null
+++ b/doc/Email.txt
@@ -0,0 +1,72 @@
+Mail Transport Agents (MTA)
+---------------------------
+Postfix is generally used currently.
+
+A pool of Mail eXchange servers are registered in the file
+/etc/local-COMMON/postfix/permit_mx_backup_networks
+(/etc/local-COMMON/postfix/mx_networks is deprecated!).
+
+The script /etc/local-COMMON/postfix/anti-uce.sh started as an antispam
+autoconfig script, but is evolving into a catch-all script for StartTLS,
+MX backup pool, (maybe) pop-before-smtp and other tweaks.
+
+Postfix 2.0.1 has just come out, with improved responses when emails are
+blocked by RBLs: http://www.rfc-ignorant.org/how_to_domain.php
+
+Read this about generally encrypting emails between MTAs whenever
+possible: http://www.homeport.org/~adam/starttls.html
+
+Mail Delivery Agents (MDA)
+--------------------------
+Here's a thread on optimally building a flexible auto-responder using
+procmail (the post chosen gives the best result, but lacks explanation):
+http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/1999-09/msg00254.html
+
+The script /usr/local/sbin/userforward adds (or optionally overwrites)
+a .forward and forwards email cruft lying in the incoming spool.
+
+The script is deliberately kept free from interactive dialogs to support
+remote triggering from an email, sms or similar.
+
+POP/IMAP daemons
+----------------
+UW IMAP and POP3 daemons are currently the best/easiest to integrate
+with a heterogenous environment.
+
+dovecot just arrived as Debian package is a promising alternative once
+mature - it is ekstremely streamlined and delivers to ~/home by default.
+
+Recent Debian packages are compiled with cleartext passwords turned off
+by default. We are not quite ready yet for this move, so here's what
+needs to be done to circumvent it: Create the file /etc/c-client.cf and
+add the following lines:
+
+I accept the risk for IMAP toolkit 4.1.
+set disable-plaintext nil
+
+(Remember the final dot in the first line! - even though I think they
+have relaxed on that now and don't even need the correct version now).
+
+hile you are at it, consider adding this one as well (but then make
+sure that the ~/mail directory then always exists!):
+
+set mail-subdirectory mail
+
+The script /usr/local/sbin/user-init checks (among alot of other stuff)
+for the existense of that directory - when enabled in the hint file
+/etc/local/users.conf
+
+Mail User Agents (MUA)
+----------------------
+/usr/local/bin/spine and /usr/local/bin/xmutt fires up your favourite
+low-tech MUA even in a hi-tech environment :-)
+
+If debugging StartTLS and SASL avoid using Evolution: It leaves a small
+daemon running and not releaing SASL from memory (which might be causing
+some of the frustrations about getting SASL to work). Run the command
+`lsof | grep sasl` to make sure.
+
+------------
+Have a look here for an overview of interaction between the above agents
+and daemons:
+http://lists.samba.org/pipermail/linux/1999-September/003605.html