# About

blackmail.srv.it-syndikat.org is the IT-Syndikat mail enpoint. It handles
inbound/outbound mail delivery for ITS- Members/Services.

A webmail interface is available at <https://webmail.it-syndikat.org>.

# Maintainers

Current Maintainers:

- @minato @tyrolyean:  Mail setup

- @tyrolyean: webmail

# Technical

The mail system received mail on ports 125 and 466 from the haproxy instance
on srv.hc.it-syndikat.org. Outbbound it only delivers mail to srv, which then
handles final delivery. This was done to avoid having different paths for
outbound and inbound mail, as well as to avoid needing to have good/sane/fine
IP-Reputation for the space local networks.

### Webmail

For web-access of your avccounts, a roundcube webmail service is available
at <https://webmail.it-syndikat.org/>, which is provisioned on
`droptek.srv.it-syndikat.org`. To update it, download a new tarball from
[their website](https://roundcube.net/download/) and extract it over
`/var/www/roundcube`. Don't forget to backup the config beforehand.

### Postfix

Inbound, postfix gets mail from the haproxy instance runnning on
`srv.srv.it-syndikat.org` (the ITS directed wireguard interface on
`srv.hc.it-syndikat.org`). Outbound, it relays mail via postfix on
`srv.srv.it-syndikat.org` which handles final delivery.
Mail is being relayed for either the servers net or after ldap auth.
Delivered mail is stored in `/var/vmail` and is owned by the given ldap user.

#### Aliases

General aliases from `/etc/aliases` (because debian) are resolved before virtual
aliases from `/etc/postfix/virtual`. Non user specific redirects (i.g. redirects
for an entire domain) need to be specified inside the virtual alias table
before performing `postmap /etc/postfix/virtual`. New general aliases can be
updated using the `newaliases` command. For examples, please take a look into
the respective files.

### Dovecot

We use dovecot to handle IMAP/POP3 mail access. POP3 was needed to allow our
discourse to receive e-mail. The `meta.it-syndikat.org` subdomain was
redirected to the `meta` user for ths purpose.