# HG changeset patch # User Heiko Schlittermann (JUMPER) # Date 1399851136 -7200 # Node ID e5d2bd8b5c6f298e4baf7ffc1ff1ee9b6e11ac19 # Parent c9a3790c45c355c6f9868b26c70011ab86603614 [snapshot] diff -r c9a3790c45c3 -r e5d2bd8b5c6f Makefile --- a/Makefile Sun May 11 22:30:10 2014 +0200 +++ b/Makefile Mon May 12 01:32:16 2014 +0200 @@ -1,21 +1,24 @@ ALL = mk2014.pdf -DIA = $(wildcard dia/*.dia) -TT = $(wildcard *.tt) -CONF = $(wildcard conf/*.conf) +# input +CONF = $(wildcard conf/*.conf) FRAMES = $(wildcard frames/*tex) +OUT = $(wildcard out/*) +DIA = $(wildcard dia/*.dia) IMAGES = $(notdir $(DIA:.dia=.pdf)) -OUT = $(wildcard out/*) .PHONY: clean all: $(ALL) clean: - rubber -d --clean mk2014.tex + rubber --clean mk2014.tex -rm -f *.vrb $(IMAGES) -mk2014.pdf: mk2014.tex $(IMAGES) $(FRAMES) $(TT) $(CONF) $(OUT) +distclean: clean + rubber --clean -d mk2014.tex + +mk2014.pdf: mk2014.tex $(IMAGES) $(FRAMES) $(CONF) $(OUT) %.pdf: %.tex rubber -f -d $< diff -r c9a3790c45c3 -r e5d2bd8b5c6f exim_bV.tt --- a/exim_bV.tt Sun May 11 22:30:10 2014 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,14 +0,0 @@ -Exim version 4.80 #2 built 02-Jan-2013 18:59:17 -Copyright (c) University of Cambridge, 1995 - 2012 -(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012 -Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011) -Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages \B - Content_Scanning DKIM Old_Demime -Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm \B - dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite -Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa -Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect -Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp -Fixed never_users: 0 -Size of off_t: 8 -Configuration file is /etc/exim4/exim4.conf diff -r c9a3790c45c3 -r e5d2bd8b5c6f frames/exim.tex --- a/frames/exim.tex Sun May 11 22:30:10 2014 +0200 +++ b/frames/exim.tex Mon May 12 01:32:16 2014 +0200 @@ -5,21 +5,10 @@ \begin{itemize} \item \textbf{Ex}perimental \textbf{I}nternet \textbf{M}ailer \item seit 1995 Phil Hazel, seit ca. 2007 ca. 5…8 Aktive Entwickler - \item Klassisch Unix: traditionelle Konfiguration und traditionelles Prozess-Management - \item mehr als 90\% der Nachrichten werden sofort weitergeleitet bzw. ausgeliefert -\begin{scriptsize} -\begin{verbatim} -Time spent on the queue: messages with at least one remote delivery -------------------------------------------------------------------- -Under 1m 15052 99.2% 99.2% - 5m 20 0.1% 99.3% - 15m 2 0.0% 99.3% - 30m 91 0.6% 99.9% - 1h 9 0.1% 100.0% - 6h 2 0.0% 100.0% -Over 1d 1 0.0% 100.0% -\end{verbatim} -\end{scriptsize} + \item klassisch Unix: traditionelle Konfiguration und traditionelles Prozess-Management + \item aktuell stabil 4.82 von Oktober 2013 + \item Releases ca. 1x Jahr + \item 7.12.2010 - großes Sicherheitsproblem \end{itemize} \end{frame} @@ -30,9 +19,13 @@ \item Lego vs. Playmobil (P. Heinlein) \item Anpassbarkeit \begin{itemize} - \item keine Klassifizierung von Adressen - \item keine \verb=$mydestination= + \item keine Annahmen über die Art der zu lösenden Herausforderungen + (keine Klassifizierung von Adressen) + \item keine Annahmen über die Art Problemlösung + \item Bereitstellung von Werkzeugen \item Router sind Funktionsblöcke, keine Tabellen + \item Transports sind Funktionsblöcke + \item ACL Blöcke \item Intensive Expansion von Variablen zur Laufzeit \end{itemize} \item gut verstandene Prozessstruktur $\rightarrow$ Stabilität @@ -41,8 +34,6 @@ spex.txt (33k L), spec.pdf (ca. 500 Seiten)) \item sehr gutes Debugging der Konfiguration möglich \item vorbildlichster Quelltext (C, kommentiert) + \item sehr hilfreiche Community: $<$exim-users@exim.org$>$ \end{itemize} -\pause -Nachteile? Klar - das Abarbeiten der Queue ist nicht sonderlich -effizient gelöst. \end{frame} diff -r c9a3790c45c3 -r e5d2bd8b5c6f frames/konfiguration.tex --- a/frames/konfiguration.tex Sun May 11 22:30:10 2014 +0200 +++ b/frames/konfiguration.tex Mon May 12 01:32:16 2014 +0200 @@ -9,7 +9,7 @@ \item \verb=exim -bV= listet die verwendete Konfigurationsdatei und einkompilierte Features \begin{small} - \ttinput{exim_bV.tt} + \ttinput{out/exim-bV.tt} \end{small} \end{itemize} \end{frame} diff -r c9a3790c45c3 -r e5d2bd8b5c6f frames/logging.tex --- a/frames/logging.tex Sun May 11 22:30:10 2014 +0200 +++ b/frames/logging.tex Mon May 12 01:32:16 2014 +0200 @@ -24,11 +24,11 @@ \begin{frame}[fragile]{Logging}{mainlog} \scriptsize -\verbatiminput{out/mainlog.tt} +\ttinput{out/mainlog.tt} \end{frame} \begin{frame}[fragile]{Logging}{rejectlog} \scriptsize -\verbatiminput{out/rejectlog.tt} +\ttinput{out/rejectlog.tt} \end{frame} diff -r c9a3790c45c3 -r e5d2bd8b5c6f frames/routing.tex --- a/frames/routing.tex Sun May 11 22:30:10 2014 +0200 +++ b/frames/routing.tex Mon May 12 01:32:16 2014 +0200 @@ -22,8 +22,19 @@ transport = remote_smtp ignore_target_hosts = 127.0.0.0/8 \end{verbatim} - \item Treiber dnslookup, manualroute, queryprogram, redirect, accept -\end{itemize} +\end{frame} + +\begin{frame}[<+->]{Routing}{Treiber} +Treiber legt das Verhalten des Routers fest, alle Treiber +sind parametrisierbar (ca. 40 allgemeine Optionen, dnslookup ca 15 +spezifische Optionen) +\begin{description} + \item[dnslookup] Klassiker - MX, A/AAAA + \item[manualroute] Tabelle \verb= = + \item[queryprogram] Routing-Info über externes Programm + \item[redirect] neue Adressen werden generiert + \item[accept] Name ist Programm :) +\end{description} \end{frame} \subsection{Test} @@ -36,8 +47,8 @@ host example.com [2606:2800:220:6d:26bf:1447:1097:aa7] host example.com [93.184.216.119] \pause -\scriptsize{ +\begin{scriptsize} \input{out/routingremote.tt} -} +\end{scriptsize} \end{alltt} \end{frame} diff -r c9a3790c45c3 -r e5d2bd8b5c6f frames/testing.tex --- a/frames/testing.tex Sun May 11 22:30:10 2014 +0200 +++ b/frames/testing.tex Mon May 12 01:32:16 2014 +0200 @@ -1,57 +1,37 @@ -\section{Test und Betrieb} -\subsection{Konfiguration} +\section{Betrieb} -\begin{frame}[fragile]{Test und Betrieb}{Konfiguration} -Viele Möglichkeiten, die bestehende Konfiguration zu überprüfen: -\begin{alltt} - $ exim -bV -C test.conf - Configuration file is test.conf - $ exim -bP primary\_hostname - mail.example.com - $ exim -bP routers - … (ca 200 Zeilen) -\end{alltt} +\begin{frame}[<+->][fragile]{Betrieb}{Prozesse} +Natürlich Beobachtung des Logfiles, oder aber \verb=exiwhat= +und \verb=eximqsumm=, \verb=exipick= +\begin{block}{Prozesse} +\begin{scriptsize} +\ttinput{out/exiwhat.out} +\end{scriptsize} +\end{block} \end{frame} -\begin{frame}[fragile]{Test und Betrieb}{Routing, Expansion} -\begin{verbatim} - $ exim -d-all+route -bt hans@example.com - … - $ exim -d-all+expand -be '$lookup{root}lsearch{/etc/aliases}}' - search_open: lsearch "/etc/aliases" - search_find: file="/etc/aliases" - key="root" partial=-1 affix=NULL starflags=0 - LRU list: - :/etc/aliases - End - internal_search_find: file="/etc/aliases" - type=lsearch key="root" - file lookup required for root - in /etc/aliases - lookup yielded: heiko - heiko -\end{verbatim} +\begin{frame}[<+->][fragile]{Betrieb}{Queue} +\begin{block}{Queue-Zusammenfassung} +\begin{scriptsize} +\ttinput{out/exiqsumm.tt} +\end{scriptsize} +\end{block} +\begin{block}{Queue-Details} +\begin{scriptsize} +\ttinput{out/exipick.out} +\end{scriptsize} +\end{block} \end{frame} -\begin{frame}[fragile]{Test und Betrieb}{ACL} -Fake-SMTP-Session mit \verb=exim -bh 1.1.1.1=, aber einfacher noch mit swaks. -\scriptsize -\begin{verbatim} - $ swaks --pipe 'exim -bh 1.1.1.1' --from … --to … - === Trying pipe to exim -bh 1.1.1.1… - === Connected to exim -bh 1.1.1.1. - >>> looking up host name for 1.1.1.1 - … - <- **** SMTP testing session as if from host 1.1.1.1 - <- **** This is not for real! - … - >>> processing "deny" - >>> deny: condition test succeeded in ACL "acl_check_rcpt" - LOG: [1967] H=(jumper.schlittermann.de) [1.1.1.1] - F= rejected RCPT : relay not - permitted - <** 550 relay not permitted - -> QUIT - <- 221 jumper.schlittermann.de closing connection -\end{verbatim} -\end{frame} +%\begin{verbatim} +%Time spent on the queue: messages with at least one remote delivery +%------------------------------------------------------------------- +%Under 1m 15052 99.2% 99.2% +% 5m 20 0.1% 99.3% +% 15m 2 0.0% 99.3% +% 30m 91 0.6% 99.9% +% 1h 9 0.1% 100.0% +% 6h 2 0.0% 100.0% +%Over 1d 1 0.0% 100.0% +%\end{verbatim} +%%\end{scriptsize} diff -r c9a3790c45c3 -r e5d2bd8b5c6f frames/transport.tex --- a/frames/transport.tex Sun May 11 22:30:10 2014 +0200 +++ b/frames/transport.tex Mon May 12 01:32:16 2014 +0200 @@ -17,7 +17,7 @@ \begin{description} \item[smtp] SMTP, TLS, LMTP \item[appendfile] Mailbox, Maildir - \item[pipe] Kommando-Pipelinee (z.B. UUCP) + \item[pipe] Kommando-Pipeline (z.B. UUCP) \end{description} \end{itemize} \end{frame} diff -r c9a3790c45c3 -r e5d2bd8b5c6f mk2014.tex --- a/mk2014.tex Sun May 11 22:30:10 2014 +0200 +++ b/mk2014.tex Mon May 12 01:32:16 2014 +0200 @@ -60,26 +60,34 @@ % -- Test und Betrieb \input{frames/testing.tex} -\section{Ausblick} - -\begin{frame}[<+->]{Was fehlt} +\section{Der Rest} +\begin{frame}[<+->][fragile]{Was fehlt} Noch einige Dinge vergessen? \begin{itemize} - \item TLS - \item Header-Rewriting - \item Retry-Rules + \item TLS - geht einfach so + \item Header-Rewriting \verb=*@*.example.com $1@example.com Ff= + \item Retry-Rules \verb=*.example.com rcpt_4xx F,2h,5m;G,2d,15m= \item SMTP-Authentifizierung (Client/Server) \item Cut-Through-Routing, PRDR, DNSSEC, DANE, Enhanced Status Codes \end{itemize} \end{frame} -\begin{frame}{DANKE} -Fragen? +\begin{frame}[<+->][fragile]{DANKE} +\begin{verbatim} +2014-05-12 12:32:26 [2858] 1WjPOs-0000k4-B5 Completed +\end{verbatim} \pause -Ach so - ja, es ist ein MTA-Framework. Mit einem Minimum an Annahmen -über das zu lösende Problem und über die Art der Lösung. -\pause - +\vfill +\begin{Large} +\begin{tabular}{r|l} +http://schlittermann.de & \\ +hs@schlittermann.de & \\ + & Linux \\ + & Mail \\ + & DNS \\ + & Perl +\end{tabular} +\end{Large} \end{frame} %\begin{frame}{Möglichkeiten zur Leistungsverbesserung (Warteschlange, Parallelisierung, Blockierung, Ratelimit)} diff -r c9a3790c45c3 -r e5d2bd8b5c6f out/exim-bV.tt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/exim-bV.tt Mon May 12 01:32:16 2014 +0200 @@ -0,0 +1,14 @@ +Exim version 4.80 #2 built 02-Jan-2013 18:59:17 +Copyright (c) University of Cambridge, 1995 - 2012 +(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012 +Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011) +Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages \B + Content_Scanning DKIM Old_Demime +Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm \B + dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite +Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa +Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect +Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp +Fixed never_users: 0 +Size of off_t: 8 +Configuration file is /etc/exim4/exim4.conf diff -r c9a3790c45c3 -r e5d2bd8b5c6f out/exipick.out --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/exipick.out Mon May 12 01:32:16 2014 +0200 @@ -0,0 +1,11 @@ +$ exipick +66h 1.4M 1WibFu-0005iS-C1 <****zhu@****.com> + D ***eng@263.net + ***ian@ele.pku.edu.cn + +35h 1.6K 1Wj4sy-0000hU-Bv <> *** frozen *** + www.********.**@********.******.de + +31h 45K 1Wj8C4-0002Ba-43 + ch.*.****@gmail.de + D ****@aol.com diff -r c9a3790c45c3 -r e5d2bd8b5c6f out/exiqsumm.tt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/exiqsumm.tt Mon May 12 01:32:16 2014 +0200 @@ -0,0 +1,13 @@ +$ mailq | exiqsumm + +Count Volume Oldest Newest Domain +----- ------ ------ ------ ------ + + 9 13MB 66h 62h ele.pku.edu.cn + 1 25KB 0m 0m email.cz + 2 90KB 31h 31h gmail.de + 1 37KB 6h 6h kbb-****.de + 1 45KB 31h 31h kpng.com + 2 3481 34h 32h ********.*****.de +--------------------------------------------------------------- + 16 13MB 66h 0m TOTAL diff -r c9a3790c45c3 -r e5d2bd8b5c6f out/exiwhat.out --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/exiwhat.out Mon May 12 01:32:16 2014 +0200 @@ -0,0 +1,20 @@ +$ exiwhat + 7489 handling incoming connection from www-2.whonagorf.org (mx.www-2.whonagorf.org) [192.255.135.183]\B + I=[84.19.194.2]:25 + 7955 handling incoming connection from (henriromano.com) [69.158.123.187] I=[84.19.194.2]:25 + 7957 handling incoming connection from [69.158.123.187] I=[84.19.194.2]:25 + 7994 handling incoming connection from (ifo.nl) [69.158.123.187] I=[84.19.194.2]:25 + 7995 handling incoming connection from (immo-centrale.be) [69.158.123.187] I=[84.19.194.2]:25 + 8165 handling TLS incoming connection from mail-ve0-f179.google.com [209.85.128.179] \B + I=[84.19.194.2]:25 + 8268 delivering 1Wjb2G-00027h-SM: waiting for a remote delivery subprocess to finish + 8270 delivering 1Wjb2G-00027h-SM to pop.net.schlittermann.de [84.19.194.3]\B + (******@************-dresden.de) + 8606 handling incoming connection from (localhost) [94.101.224.93] I=[84.19.194.2]:25 + 9207 handling incoming connection from (vipmta198.vipmarketingonline.info) [103.249.102.198] \B + I=[84.19.194.2]:25 + 9608 handling incoming connection from www-2.whonagorf.org (mx.www-2.whonagorf.org) [192.255.135.183] \B + I=[84.19.194.2]:25 + 9633 handling incoming connection from static.165.4.4.46.clients.your-server.de (server1.tof61.com) [46.4.4.165]\B + I=[84.19.194.2]:25 + 9634 handling incoming connection from pointelite.net [5.39.17.162] I=[84.19.194.2]:25 diff -r c9a3790c45c3 -r e5d2bd8b5c6f out/exiwhat.tt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/out/exiwhat.tt Mon May 12 01:32:16 2014 +0200 @@ -0,0 +1,4 @@ +Every 2.0s: exiwhat Sun May 11 23:07:31 2014 + + 9687 daemon: -q5m, listening for SMTP on port 25 (IPv4) + 6355 handling incoming connection from www-2.whonagorf.org (mx.www-2.whonagorf.org) [192.255.135.183] I=[84.19.194.2]:25 diff -r c9a3790c45c3 -r e5d2bd8b5c6f out/mainlog.tt --- a/out/mainlog.tt Sun May 11 22:30:10 2014 +0200 +++ b/out/mainlog.tt Mon May 12 01:32:16 2014 +0200 @@ -14,7 +14,8 @@ C="250 OK id=1Wi0ig-00035h-Iq" QT=7s DT=7s 14:13:05 1Wi0ie-0005e8-Q7 Completed QT=1s 14:13:07 1Wi0ia-0005dq-Ha Completed QT=7s -14:13:07 1Wi0ih-0005ew-Lw <= agent@ukrs394971.pur3.net H=mx.net.schlittermann.de [84.19.194.2] I=[84.19.194.3]:587\B +14:13:07 1Wi0ih-0005ew-Lw <= agent@ukrs394971.pur3.net H=mx.net.schlittermann.de [84.19.194.2]\B + I=[84.19.194.3]:587\B P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128\B S=17836 id=0.0.C9.E5D.1CF69EDAA039062.0@mta20135.pur3.net 14:13:13 1Wi0ih-0005ew-Lw => info@diw-bau.de F=