--- a/Makefile Sun May 11 22:30:10 2014 +0200
+++ b/Makefile Mon May 12 01:32:16 2014 +0200
@@ -1,21 +1,24 @@
ALL = mk2014.pdf
-DIA = $(wildcard dia/*.dia)
-TT = $(wildcard *.tt)
-CONF = $(wildcard conf/*.conf)
+# input
+CONF = $(wildcard conf/*.conf)
FRAMES = $(wildcard frames/*tex)
+OUT = $(wildcard out/*)
+DIA = $(wildcard dia/*.dia)
IMAGES = $(notdir $(DIA:.dia=.pdf))
-OUT = $(wildcard out/*)
.PHONY: clean
all: $(ALL)
clean:
- rubber -d --clean mk2014.tex
+ rubber --clean mk2014.tex
-rm -f *.vrb $(IMAGES)
-mk2014.pdf: mk2014.tex $(IMAGES) $(FRAMES) $(TT) $(CONF) $(OUT)
+distclean: clean
+ rubber --clean -d mk2014.tex
+
+mk2014.pdf: mk2014.tex $(IMAGES) $(FRAMES) $(CONF) $(OUT)
%.pdf: %.tex
rubber -f -d $<
--- a/exim_bV.tt Sun May 11 22:30:10 2014 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,14 +0,0 @@
-Exim version 4.80 #2 built 02-Jan-2013 18:59:17
-Copyright (c) University of Cambridge, 1995 - 2012
-(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
-Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
-Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages \B
- Content_Scanning DKIM Old_Demime
-Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm \B
- dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
-Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
-Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
-Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
-Fixed never_users: 0
-Size of off_t: 8
-Configuration file is /etc/exim4/exim4.conf
--- a/frames/exim.tex Sun May 11 22:30:10 2014 +0200
+++ b/frames/exim.tex Mon May 12 01:32:16 2014 +0200
@@ -5,21 +5,10 @@
\begin{itemize}
\item \textbf{Ex}perimental \textbf{I}nternet \textbf{M}ailer
\item seit 1995 Phil Hazel, seit ca. 2007 ca. 5…8 Aktive Entwickler
- \item Klassisch Unix: traditionelle Konfiguration und traditionelles Prozess-Management
- \item mehr als 90\% der Nachrichten werden sofort weitergeleitet bzw. ausgeliefert
-\begin{scriptsize}
-\begin{verbatim}
-Time spent on the queue: messages with at least one remote delivery
--------------------------------------------------------------------
-Under 1m 15052 99.2% 99.2%
- 5m 20 0.1% 99.3%
- 15m 2 0.0% 99.3%
- 30m 91 0.6% 99.9%
- 1h 9 0.1% 100.0%
- 6h 2 0.0% 100.0%
-Over 1d 1 0.0% 100.0%
-\end{verbatim}
-\end{scriptsize}
+ \item klassisch Unix: traditionelle Konfiguration und traditionelles Prozess-Management
+ \item aktuell stabil 4.82 von Oktober 2013
+ \item Releases ca. 1x Jahr
+ \item 7.12.2010 - großes Sicherheitsproblem
\end{itemize}
\end{frame}
@@ -30,9 +19,13 @@
\item Lego vs. Playmobil (P. Heinlein)
\item Anpassbarkeit
\begin{itemize}
- \item keine Klassifizierung von Adressen
- \item keine \verb=$mydestination=
+ \item keine Annahmen über die Art der zu lösenden Herausforderungen
+ (keine Klassifizierung von Adressen)
+ \item keine Annahmen über die Art Problemlösung
+ \item Bereitstellung von Werkzeugen
\item Router sind Funktionsblöcke, keine Tabellen
+ \item Transports sind Funktionsblöcke
+ \item ACL Blöcke
\item Intensive Expansion von Variablen zur Laufzeit
\end{itemize}
\item gut verstandene Prozessstruktur $\rightarrow$ Stabilität
@@ -41,8 +34,6 @@
spex.txt (33k L), spec.pdf (ca. 500 Seiten))
\item sehr gutes Debugging der Konfiguration möglich
\item vorbildlichster Quelltext (C, kommentiert)
+ \item sehr hilfreiche Community: $<$exim-users@exim.org$>$
\end{itemize}
-\pause
-Nachteile? Klar - das Abarbeiten der Queue ist nicht sonderlich
-effizient gelöst.
\end{frame}
--- a/frames/konfiguration.tex Sun May 11 22:30:10 2014 +0200
+++ b/frames/konfiguration.tex Mon May 12 01:32:16 2014 +0200
@@ -9,7 +9,7 @@
\item \verb=exim -bV= listet die verwendete Konfigurationsdatei und
einkompilierte Features
\begin{small}
- \ttinput{exim_bV.tt}
+ \ttinput{out/exim-bV.tt}
\end{small}
\end{itemize}
\end{frame}
--- a/frames/logging.tex Sun May 11 22:30:10 2014 +0200
+++ b/frames/logging.tex Mon May 12 01:32:16 2014 +0200
@@ -24,11 +24,11 @@
\begin{frame}[fragile]{Logging}{mainlog}
\scriptsize
-\verbatiminput{out/mainlog.tt}
+\ttinput{out/mainlog.tt}
\end{frame}
\begin{frame}[fragile]{Logging}{rejectlog}
\scriptsize
-\verbatiminput{out/rejectlog.tt}
+\ttinput{out/rejectlog.tt}
\end{frame}
--- a/frames/routing.tex Sun May 11 22:30:10 2014 +0200
+++ b/frames/routing.tex Mon May 12 01:32:16 2014 +0200
@@ -22,8 +22,19 @@
transport = remote_smtp
ignore_target_hosts = 127.0.0.0/8
\end{verbatim}
- \item Treiber dnslookup, manualroute, queryprogram, redirect, accept
-\end{itemize}
+\end{frame}
+
+\begin{frame}[<+->]{Routing}{Treiber}
+Treiber legt das Verhalten des Routers fest, alle Treiber
+sind parametrisierbar (ca. 40 allgemeine Optionen, dnslookup ca 15
+spezifische Optionen)
+\begin{description}
+ \item[dnslookup] Klassiker - MX, A/AAAA
+ \item[manualroute] Tabelle \verb=<domain> <next hops>=
+ \item[queryprogram] Routing-Info über externes Programm
+ \item[redirect] neue Adressen werden generiert
+ \item[accept] Name ist Programm :)
+\end{description}
\end{frame}
\subsection{Test}
@@ -36,8 +47,8 @@
host example.com [2606:2800:220:6d:26bf:1447:1097:aa7]
host example.com [93.184.216.119]
\pause
-\scriptsize{
+\begin{scriptsize}
\input{out/routingremote.tt}
-}
+\end{scriptsize}
\end{alltt}
\end{frame}
--- a/frames/testing.tex Sun May 11 22:30:10 2014 +0200
+++ b/frames/testing.tex Mon May 12 01:32:16 2014 +0200
@@ -1,57 +1,37 @@
-\section{Test und Betrieb}
-\subsection{Konfiguration}
+\section{Betrieb}
-\begin{frame}[fragile]{Test und Betrieb}{Konfiguration}
-Viele Möglichkeiten, die bestehende Konfiguration zu überprüfen:
-\begin{alltt}
- $ exim -bV -C test.conf
- Configuration file is test.conf
- $ exim -bP primary\_hostname
- mail.example.com
- $ exim -bP routers
- … (ca 200 Zeilen)
-\end{alltt}
+\begin{frame}[<+->][fragile]{Betrieb}{Prozesse}
+Natürlich Beobachtung des Logfiles, oder aber \verb=exiwhat=
+und \verb=eximqsumm=, \verb=exipick=
+\begin{block}{Prozesse}
+\begin{scriptsize}
+\ttinput{out/exiwhat.out}
+\end{scriptsize}
+\end{block}
\end{frame}
-\begin{frame}[fragile]{Test und Betrieb}{Routing, Expansion}
-\begin{verbatim}
- $ exim -d-all+route -bt hans@example.com
- …
- $ exim -d-all+expand -be '$lookup{root}lsearch{/etc/aliases}}'
- search_open: lsearch "/etc/aliases"
- search_find: file="/etc/aliases"
- key="root" partial=-1 affix=NULL starflags=0
- LRU list:
- :/etc/aliases
- End
- internal_search_find: file="/etc/aliases"
- type=lsearch key="root"
- file lookup required for root
- in /etc/aliases
- lookup yielded: heiko
- heiko
-\end{verbatim}
+\begin{frame}[<+->][fragile]{Betrieb}{Queue}
+\begin{block}{Queue-Zusammenfassung}
+\begin{scriptsize}
+\ttinput{out/exiqsumm.tt}
+\end{scriptsize}
+\end{block}
+\begin{block}{Queue-Details}
+\begin{scriptsize}
+\ttinput{out/exipick.out}
+\end{scriptsize}
+\end{block}
\end{frame}
-\begin{frame}[fragile]{Test und Betrieb}{ACL}
-Fake-SMTP-Session mit \verb=exim -bh 1.1.1.1=, aber einfacher noch mit swaks.
-\scriptsize
-\begin{verbatim}
- $ swaks --pipe 'exim -bh 1.1.1.1' --from … --to …
- === Trying pipe to exim -bh 1.1.1.1…
- === Connected to exim -bh 1.1.1.1.
- >>> looking up host name for 1.1.1.1
- …
- <- **** SMTP testing session as if from host 1.1.1.1
- <- **** This is not for real!
- …
- >>> processing "deny"
- >>> deny: condition test succeeded in ACL "acl_check_rcpt"
- LOG: [1967] H=(jumper.schlittermann.de) [1.1.1.1]
- F=<hs@schlittermann.de> rejected RCPT <hans@example.com>: relay not
- permitted
- <** 550 relay not permitted
- -> QUIT
- <- 221 jumper.schlittermann.de closing connection
-\end{verbatim}
-\end{frame}
+%\begin{verbatim}
+%Time spent on the queue: messages with at least one remote delivery
+%-------------------------------------------------------------------
+%Under 1m 15052 99.2% 99.2%
+% 5m 20 0.1% 99.3%
+% 15m 2 0.0% 99.3%
+% 30m 91 0.6% 99.9%
+% 1h 9 0.1% 100.0%
+% 6h 2 0.0% 100.0%
+%Over 1d 1 0.0% 100.0%
+%\end{verbatim}
+%%\end{scriptsize}
--- a/frames/transport.tex Sun May 11 22:30:10 2014 +0200
+++ b/frames/transport.tex Mon May 12 01:32:16 2014 +0200
@@ -17,7 +17,7 @@
\begin{description}
\item[smtp] SMTP, TLS, LMTP
\item[appendfile] Mailbox, Maildir
- \item[pipe] Kommando-Pipelinee (z.B. UUCP)
+ \item[pipe] Kommando-Pipeline (z.B. UUCP)
\end{description}
\end{itemize}
\end{frame}
--- a/mk2014.tex Sun May 11 22:30:10 2014 +0200
+++ b/mk2014.tex Mon May 12 01:32:16 2014 +0200
@@ -60,26 +60,34 @@
% -- Test und Betrieb
\input{frames/testing.tex}
-\section{Ausblick}
-
-\begin{frame}[<+->]{Was fehlt}
+\section{Der Rest}
+\begin{frame}[<+->][fragile]{Was fehlt}
Noch einige Dinge vergessen?
\begin{itemize}
- \item TLS
- \item Header-Rewriting
- \item Retry-Rules
+ \item TLS - geht einfach so
+ \item Header-Rewriting \verb=*@*.example.com $1@example.com Ff=
+ \item Retry-Rules \verb=*.example.com rcpt_4xx F,2h,5m;G,2d,15m=
\item SMTP-Authentifizierung (Client/Server)
\item Cut-Through-Routing, PRDR, DNSSEC, DANE, Enhanced Status Codes
\end{itemize}
\end{frame}
-\begin{frame}{DANKE}
-Fragen?
+\begin{frame}[<+->][fragile]{DANKE}
+\begin{verbatim}
+2014-05-12 12:32:26 [2858] 1WjPOs-0000k4-B5 Completed
+\end{verbatim}
\pause
-Ach so - ja, es ist ein MTA-Framework. Mit einem Minimum an Annahmen
-über das zu lösende Problem und über die Art der Lösung.
-\pause
-
+\vfill
+\begin{Large}
+\begin{tabular}{r|l}
+http://schlittermann.de & \\
+hs@schlittermann.de & \\
+ & Linux \\
+ & Mail \\
+ & DNS \\
+ & Perl
+\end{tabular}
+\end{Large}
\end{frame}
%\begin{frame}{Möglichkeiten zur Leistungsverbesserung (Warteschlange, Parallelisierung, Blockierung, Ratelimit)}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/out/exim-bV.tt Mon May 12 01:32:16 2014 +0200
@@ -0,0 +1,14 @@
+Exim version 4.80 #2 built 02-Jan-2013 18:59:17
+Copyright (c) University of Cambridge, 1995 - 2012
+(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
+Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
+Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages \B
+ Content_Scanning DKIM Old_Demime
+Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm \B
+ dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
+Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
+Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
+Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
+Fixed never_users: 0
+Size of off_t: 8
+Configuration file is /etc/exim4/exim4.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/out/exipick.out Mon May 12 01:32:16 2014 +0200
@@ -0,0 +1,11 @@
+$ exipick
+66h 1.4M 1WibFu-0005iS-C1 <****zhu@****.com>
+ D ***eng@263.net
+ ***ian@ele.pku.edu.cn
+
+35h 1.6K 1Wj4sy-0000hU-Bv <> *** frozen ***
+ www.********.**@********.******.de
+
+31h 45K 1Wj8C4-0002Ba-43 <l*******@********-schuhe.de>
+ ch.*.****@gmail.de
+ D ****@aol.com
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/out/exiqsumm.tt Mon May 12 01:32:16 2014 +0200
@@ -0,0 +1,13 @@
+$ mailq | exiqsumm
+
+Count Volume Oldest Newest Domain
+----- ------ ------ ------ ------
+
+ 9 13MB 66h 62h ele.pku.edu.cn
+ 1 25KB 0m 0m email.cz
+ 2 90KB 31h 31h gmail.de
+ 1 37KB 6h 6h kbb-****.de
+ 1 45KB 31h 31h kpng.com
+ 2 3481 34h 32h ********.*****.de
+---------------------------------------------------------------
+ 16 13MB 66h 0m TOTAL
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/out/exiwhat.out Mon May 12 01:32:16 2014 +0200
@@ -0,0 +1,20 @@
+$ exiwhat
+ 7489 handling incoming connection from www-2.whonagorf.org (mx.www-2.whonagorf.org) [192.255.135.183]\B
+ I=[84.19.194.2]:25
+ 7955 handling incoming connection from (henriromano.com) [69.158.123.187] I=[84.19.194.2]:25
+ 7957 handling incoming connection from [69.158.123.187] I=[84.19.194.2]:25
+ 7994 handling incoming connection from (ifo.nl) [69.158.123.187] I=[84.19.194.2]:25
+ 7995 handling incoming connection from (immo-centrale.be) [69.158.123.187] I=[84.19.194.2]:25
+ 8165 handling TLS incoming connection from mail-ve0-f179.google.com [209.85.128.179] \B
+ I=[84.19.194.2]:25
+ 8268 delivering 1Wjb2G-00027h-SM: waiting for a remote delivery subprocess to finish
+ 8270 delivering 1Wjb2G-00027h-SM to pop.net.schlittermann.de [84.19.194.3]\B
+ (******@************-dresden.de)
+ 8606 handling incoming connection from (localhost) [94.101.224.93] I=[84.19.194.2]:25
+ 9207 handling incoming connection from (vipmta198.vipmarketingonline.info) [103.249.102.198] \B
+ I=[84.19.194.2]:25
+ 9608 handling incoming connection from www-2.whonagorf.org (mx.www-2.whonagorf.org) [192.255.135.183] \B
+ I=[84.19.194.2]:25
+ 9633 handling incoming connection from static.165.4.4.46.clients.your-server.de (server1.tof61.com) [46.4.4.165]\B
+ I=[84.19.194.2]:25
+ 9634 handling incoming connection from pointelite.net [5.39.17.162] I=[84.19.194.2]:25
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/out/exiwhat.tt Mon May 12 01:32:16 2014 +0200
@@ -0,0 +1,4 @@
+Every 2.0s: exiwhat Sun May 11 23:07:31 2014
+
+ 9687 daemon: -q5m, listening for SMTP on port 25 (IPv4)
+ 6355 handling incoming connection from www-2.whonagorf.org (mx.www-2.whonagorf.org) [192.255.135.183] I=[84.19.194.2]:25
--- a/out/mainlog.tt Sun May 11 22:30:10 2014 +0200
+++ b/out/mainlog.tt Mon May 12 01:32:16 2014 +0200
@@ -14,7 +14,8 @@
C="250 OK id=1Wi0ig-00035h-Iq" QT=7s DT=7s
14:13:05 1Wi0ie-0005e8-Q7 Completed QT=1s
14:13:07 1Wi0ia-0005dq-Ha Completed QT=7s
-14:13:07 1Wi0ih-0005ew-Lw <= agent@ukrs394971.pur3.net H=mx.net.schlittermann.de [84.19.194.2] I=[84.19.194.3]:587\B
+14:13:07 1Wi0ih-0005ew-Lw <= agent@ukrs394971.pur3.net H=mx.net.schlittermann.de [84.19.194.2]\B
+ I=[84.19.194.3]:587\B
P=esmtps X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128\B
S=17836 id=0.0.C9.E5D.1CF69EDAA039062.0@mta20135.pur3.net
14:13:13 1Wi0ih-0005ew-Lw => info@diw-bau.de F=<agent@ukrs394971.pur3.net>