DC-Users

Download

dc-users@lists.duckcorp.org

May 2021

1 participants
1 discussions

Teru-teru-bozu, teru bozu, Do make tomorrow a sunny day, Like the sky in a dream sometime…
by DuckCorp Admin Team 29 May '21

29 May '21

* song by Kyoson Asahara and Shinpei Nakayama (https://en.wikipedia.org/wiki/Teru_teru_b%C5%8Dzu) Quack, We hope you're safe and doing well. === Improved Mailing-Lists === We upgraded our mailing-lists to Mailman 3. It's not just about the shiny UI, the underlying mail routing daemon is better in many way. We plan to add LDAP authentication but integration requires extra work since it's not available out of the box. === New System for Users' DNS Primary Zones (aka DNS4Tenants) === Banya, our GPG Mail Command gateway, is soon going to retire. This was inspired by Debian tools and made to be very secure, but unfortunately sending a properly GPG-signed/encrypted mail with most MUAs is still not that trivial, making zone updates more painful that it should be. The script doing the mail handling and DNS update was also far too brittle and maintenance over time proved problematic. We're replacing the current system with something easier to use without compromising security: tenants can now edit their zones in a git repository of their choice and under 5 minutes a script should pick the changes, check the zone validity, send errors to the user, and publish the result if all is fine. It might not sounds like it but the new script is by far simpler and smaller. The git repository will be fetched using HTTPS and can be hosted anywhere (including DC). If you wish to keep your zone hidden then it needs to be accessible using the script's SSH key; most forges allow that. At DC this is also possible but we're working on a better solution. DC and MP zones are now managed using the new system and available in our openinfra repo. We'll contact users to handle the migration. === Web Key Directory Service === If you have an email in @dc.o or @mp.o you can now make your GPG key available using this protocol if you use them in one of your UIDs. It is an alternate way of fetching keys: the owner of the domain certifies it is a valid email address and the key association. It is supported by more and more MUAs, and after all the security problems discovered in Key Servers' implementations, it should both improve security and usability. This comes with an automated way to setup and update the association, so you start using it right away. We can also provide this service for hosted domains. And some documentation: https://users.duckcorp.org/index.php/Services/WKD === Misc news === * Matrix: * the server is working well; we still have made no decision about IRC mapping. * Documentation is now available: https://users.duckcorp.org/index.php/Services/Matrix * IRC: thanks to Mikachu's suggestion we now have a DNSBL configured and it seems to be working well against the recent SPAM; it is also used for antispam (weighted) * DNSSEC: work has been done both upstream and on our side to fix various problems. Full automation is not yet complete but making progress. * Backup: Pilou added an extra disk for the backup on Nicecity. We have a basic backup but the target system is still WIP Hugs. \\_o< -- Marc Dequènes (Duck)

1 0