[IMC-Sysadmin] Re: [IMC-Tech] Re: [Listwork] new sarai. or not?

mtoups at indymedia.org mtoups at indymedia.org
Sun Oct 31 21:26:24 PST 2004 

for those of you wondering like I was, the date is actually 1 Nov
not 1 Apr.

having our lists on a server with such an unreliable network
connection would disrupt the indymedia network far more than
any government could hope to do on its own -- in my opinion
as someone who has dealt with the struggle to keep such services
reliable over the past 1.5 years.  we've seen that relatively minor
network disruptions

> It is the most valuable server we have, and has more identifying data than any
> other server on the indymedia network.

what identifying data are you referring to?  please specify.
i can think of nothing that is stored on sarai that isn't already
going in and out again in plaintext (mail contents or headers).  if
you know about something we don't, maybe we can deal with the problem.

your proposal makes me wonder if you've ever maintained a
high-availability mail server.  i appreciate the interesting
idea, and it might even be applicable to services like p2p
networks or even distributed web services; but not mail, at
least as described by rfc 821, if you want it to work well.

if you're serious about email security, please help promote the
use of proven tools like TLS, gnupg, mixmaster, and the like.

-matt

On Mon, 1 Nov 2004, kev wrote:

> Hey guys
>
> I have a strong request regarding this server
>
> It is the most valuable server we have, and has more identifying data than any
> other server on the indymedia network.
>
> I the cuurent climate, I feel the physical security of this server should be
> considered paramount.
>
> To this end I would like to propose the following:
>
> That the server be linked to a masquerading server (which does NOT log IPs)
> via 802.11b on NON DIRECTIONAL aerials, preferably over several relays, making
> the server EXTREMELY hard to find, and VERY easy to move.
>
> That the masquerading server be on a rotating IP, with updates to the domain
> DNS server being sent every time the local IP changes (this will make the
> masquerading server hard to find too, and make DOS attacks difficult).
>
> Software and hardware to achieve this are readily (and in the case of hardware
> chaply, software is GNU) available, and set up of such a network is pretty
> easy even for a non geek (the masquerading and IP rotation bit will need a
> geek). I would even suggest moving the new hardware inro the wheeled box once
> the migration is finished, making moving the server even easier.
>
> A backup of the masquerading system should be kept on the listserv, so that in
> the event the masq server is captured, we have enuf warning to move the
> listserv, and set up a new masquerading server. Total downtime should be no
> more than a few hours (depending on how far the system is moved, travel time
> could increase this somewhat), with no loss of data .
>
> Please consider this seriously
>
> |/
> ||ev
>
> On Sat, 30 Oct 2004 13:21:37 +0800, Pabs wrote
>> stefani wrote:
>>
>>> i was not very involved in setting up sarai, so i an not familiar with
>>> how postfix was modified, if we'll even need to patch it or not if the
>>> sarge version is used; same for mailman, spamassassin, or alternative
>>> spam filtering, antivirus, etc.
>>
>> afa mailman goes, there are lots of patches to transfer, including
>> ones against non-python stuff (apparently - jb, any details on
>> these?). In order to expediate this process, we could simply port
>> the patches to mailman 2.1.5 (sarge version), and split the patch up
>> at a later date when we add some more patches.
>>
>> Perhaps we can do the same with pipermail->lurker etc, focus on
>> getting stuff moved, and then all the cool new stuff (that isn't
>> quite ready yet) can happen.
>>
>>> so i guess i'm asking for help in making the move.
>>
>> I'm available from next weekend to actually do stuff, inc porting
>> patches etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.indymedia.org/pipermail/imc-sysadmin/attachments/20041101/3542974f/attachment.pgp

More information about the imc-sysadmin mailing list