Quack,
Many hugs for this new year!
Pilou and I are coming to FOSDEM (and some side-events), so if you're
around do not be shy and say quack.
=== Plans for the Future ===
No crazy plans for this new year yet. We're focused on replacing the
aging hardware and finishing automating our deployments to simplify our
job. There's a few ideas when we get extra power on the new hardware,
but that's for another post.
Nicecity is small and could not keep up with the load of the Monitoring
system, so Pilou kindly is upgraded her. We should transplant her
consciousness soon and restart both monitoring and backup on the new
hardware.
There is no direct user impact but be sure to backup your critical data
on your own just in case.
The work on Toushirou-NG is ongoing, this is coupled with the effort to
Ansibilize our infra which made quite a lot of progress. So we're
basically able to reinstall the host fully with Ansible modulo one or
two small glitches. Data are being synced with the current host too.
Before proceeding to the replacement we need to check that all services
work fine, this is WIP.
DNSSEC (signed DNS zones) is a very nice security feature but
unfortunately managing the keys and their replacement over time is quite
a hassle to say the least. We're currently using OpenDNSSEC and it works
but the setup is a tad complicated. the DNS server (Bind9) has made
quite some progress on this front. We're now using the Debian backports
to take advantages of some new features and we're evaluating switching
to using Bind9 tooling directly.
=== Mail ===
We did some work around the mail filtering system (SIEVE):
- activated spamtest: if you do not use the provided include script to
move SPAM into the Junk box becaue you need more customization, then you
should be interested in this extension. Instead of parsing the headers
yourself, which could break if we change the system, tune the
sensitivity… this extension provides an interface with a normalized
score directly
- activated vacation-seconds: allows more granularity for the vacation
settings
- on the webmail we replaced the unmaintained Roundcube 'sieverules'
plugin by 'managesieve'; this is prepare for the future Debian version
with an improved Roundcube and SIEVE plugin. Currently they are equally
incomplete and buggy, so it should not change anything for you.
- we recently switched from the deprecated dovecot-antispam Dovecot
extension to IMAPSIEVE, which does a similar job but cleaner and more
flexible by far. It currently implements the same exact behavior, so no
user change. In the future Debian version the old extension would not
work, so better be prepared.
The documentation was updated accordingly:
https://users.duckcorp.org/index.php/Services/Mail
We also activated the IMAP metadata extension which is used by some mail
clients to store server and folder custom information. It "might" be
useful, but it's cheap anyway so why not enable it.
=== Cleanup ===
We're continuing to reevaluate our services to focus on the important
things and to be able to gather resources for new projects.
The webstats, fetchmail and feed2imap services were unused, so they were
removed.
\\_o<
--
Marc Dequènes
