Skip to content, sitemap or skip to search.

Personal tools
Join now
You are here: Home Blogs Sysadmin Help the FSF tech team maintain email services in freedom

Help the FSF tech team maintain email services in freedom

by Ian Kelling Contributions Published on Nov 30, 2021 11:08 AM

The Free Software Foundation's (FSF) tech team is a small but dedicated team of three staff. With your support, and with the help of volunteers and interns, we run hundreds of services on a few dozen physical machines in four data centers.

We are very excited about some of the initiatives we are working on, like deploying our upcoming forge site and other new systems, expanding our physical server deployments, and a further refresh of fsf.org. In parallel, the tech team is always working to better maintain, understand, and document our existing systems. Mastering those keeps vital systems running smoothly and lays the groundwork for future improvements.

Email is a key service we provide. Besides it being one of the FSF campaigns and licensing teams' most important ways of communicating, we also support thousands of mailing lists for other free software projects, which send millions of emails per year. Free software is extremely capable in all aspects of email, and there continue to be innovative advancements in free software email programs that we are excited to explore and adopt.

Email in freedom

Email is designed to be federated by domain. If you use someone else's domain for email, you have to use their server. Whoever controls a domain's email server can see everything that's in any email sent through it. You can take measures to defend yourself by keeping your email private by encrypting it. We maintain the Email Self-Defense Guide to show you how to do that.

As a communication service, an email server does not take away your freedom like Service as a Software Substitute (SaaSS) does. However, a service could come with a condition that makes you run nonfree software. This is why we, together with volunteers, maintain a page about Webmail Systems that can be used in freedom. In the end, running your own email server for your own domain gives you the maximum amount of freedom and control over your email. The next best thing is to use an email server run using free software by an organization or group of friends you trust.

At the heart of the FSF's email servers is a mail transfer agent called Exim. One of Exim's key functions is to send email to and receive email from other email servers on the Internet. Exim is licensed under the GNU GPL version 2 or any later version. Over many years, the Exim project has done a wonderful job of advancing its capabilities and maintaining superb documentation. The email domains the FSF tech team spends the most time administering are fsf.org, gnu.org, nongnu.org, and libreplanet.org.

We recently finished auditing and updating all of our Exim configurations. The previous configurations had grown out of fifteen years of small changes into an unwieldy behemoth! By refactoring and integrating with the Debian Exim configuration, we were able to reduce the complexity by thousands of lines and organize it into a much more manageable system. We use the Debian Exim configuration as distributed through Trisquel, an FSF-endorsed operating system.

The road your email travels

Whenever you send email to an address ending in @gnu.org, the email server you are sending through looks up the Mail Exchange (MX) DNS record for gnu.org and finds eggs.gnu.org. You can test this on a GNU system by running host -t mx gnu.org on the command line. That is the beginning of the journey of an email to @gnu.org. I've diagrammed the flow of email in our systems from that point:

Incoming email to @gnu.org Incoming email to @gnu.org cluster_eggs eggs.gnu.org cluster_linux Linux cluster_fencepost fencepost.gnu.org cluster_lists lists.gnu.org cluster_rt rt.gnu.org cluster_debbugs debbugs.gnu.org eggsp0f p0f eximeggs exim eximeggs->eggsp0f spamassassin SpamAssassin eximeggs->spamassassin clamav ClamAV eximeggs->clamav eximlogs exim log file eximeggs->eximlogs eximfp exim eximeggs->eximfp eximlists exim eximeggs->eximlists eximrt exim eximeggs->eximrt fail2ban Fail2ban iptables iptables fail2ban->iptables fail2ban->eximlogs mod_iptables ip_tables module iptables->mod_iptables mod_iptables->eximeggs eximfp->eximfp user defined forwards localfp user inbox files eximfp->localfp userprocfp user defined processes eximfp->userprocfp mailmanlists GNU Mailman eximlists->mailmanlists eximdebbugs exim eximlists->eximdebbugs debbugs debbugs rtspam spam inbox files eximrt->rtspam rt Request Tracker eximrt->rt internet smtp rcpt to: *@gnu.org internet->mod_iptables eximdebbugs->debbugs

The email is first evaluated to ensure it is valid and not obviously spam, then is distributed to destinations like the fencepost server, Mailman lists, debbuggs, or RT (also underlined in the graphs as hyperlinks). Two hosts that may need some explaining are rt.gnu.org and fencepost.gnu.org. RT runs Request Tracker, a ticket-tracking system that we host and run for FSF staff, GNU webmasters, and translators to receive email and manage tasks. Fencepost is a general shell and email server primarily for GNU maintainers and contributors.

This is not the end of the road your email travels. For example, an incoming email that goes to GNU Mailman often becomes many outgoing emails to the list subscribers.

Outgoing email to or from @gnu.org Outgoing email to or from @gnu.org cluster_fencepost fencepost.gnu.org cluster_eggs eggs.gnu.org cluster_lists lists.gnu.org cluster_rt rt.gnu.org cluster_debbugs debbugs.gnu.org eximfp exim eximfp->eximfp user defined forwards eximeggs exim eximfp->eximeggs userprocfp user processes userprocfp->eximfp usersubmission user authenticated smtp usersubmission->eximfp internetmx internet email servers eximeggs->internetmx eximlists exim public_archive_mbox_lists public mbox archive eximlists->public_archive_mbox_lists eximlists->internetmx mailmanlists GNU Mailman mailmanlists->eximlists private_archive_html_lists private html archive mailmanlists->private_archive_html_lists mharc mharc cronjob public_archive_mbox_lists->mharc public_archive_html_lists public html archive mharc->public_archive_html_lists eximrt exim eximrt->internetmx rt Request Tracker rt->eximrt eximdebbugs exim eximdebbugs->eximeggs debbugs debbugs debbugs->eximdebbugs

For the sake of simplicity, there are a few details missing from the diagrams. For example, they don't show when an email goes from fencepost to lists.gnu.org. Also, almost all Mailman mailing lists are configured so that when a message arrives from an address the list hasn't seen before, it is held for review by listhelper system, which scans it with SpamAssassin, bogofilter and CRM114 and is often manually reviewed by a few dedicated volunteers.

Help the FSF tech team's continued development of our free software systems

We hope that our free software—driven approach to email can serve as an example for individuals and organizations to run their own email servers for their own domains.

In the next year, we plan to improve the email services we provide to free software projects by evaluating and hopefully deploying some new programs such as GNU Mailman 3, public-inbox, and Sourcehut.

Can you join this effort as an FSF associate member? You can start for as little as $10 per month ($5 for students), or $120 per year. Besides enabling important work at a time the world desperately needs it, your membership enables the FSF tech team to continue making technological improvements that benefit the FSF and the entire free software movement. No other organization stands for free software like the FSF does.

The more members we can count, the better we can defend everyone's freedoms against the largest companies and governments on the planet, and this starts with achieving our fall goal of 500 new members before December 31. Plus, associate members can select a special gift during this fundraiser, and enjoy all the member benefits, which include merchandise discounts, a 16GB bootable membership card, and use of our videoconferencing server.

In my fifth year as part of the FSF tech team, I'm amazed at the foundation of knowledge our team has gained and I'm extremely excited to put it to use making more improvements, deploying new systems, and retiring old ones. For all this work, we depend on the continuous commitment of volunteers and donors. Please lend a hand and join us in spreading freedom.

Graphs by Ian Kelling. Copyright © 2021, Free Software Foundation, Inc. Licensed under Creative Commons Attribution 4.0 International license.

The graphs were generated using dot from graphviz. We've made the source files available for the graphs on incoming email and outgoing email.

Document Actions

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.

fsf.org is powered by:

 

Send your feedback on our translations and new translations of pages to campaigns@fsf.org.