domtool-public: workaround mailman plugin deficiencies

The mailman plugin only generates mailman_domains.cfg on the server
that also runs the mailman web interface, so there's no way for a
secondary mail server to know which addresses need to be relayed to
the exim server that runs mailman.

Reworking the mailman plugin would be a bit involved, and it's fairly
low priority so work around for now by setting
/var/domtool/mailman_domains.cfg immutable on the affected servers,
and ignoring if the touch during redo_exim() fails.

If/when the plugin is updated, there is a secondary issue of copying
the mailmandb to all nodes since it is generated locally on the
mailman server. Lists could be managed by domtool, or even just a new
command to trigger an rsync of the mailmandb to afs and then to all
mail nodes when lists are changed should work (IIRC, it is only
changed when lists are added or removed).

diff --git a/scripts/domtool-publish b/scripts/domtool-publish
index 31cc351..94bf9b1 100755 (executable)
--- a/scripts/domtool-publish
+++ b/scripts/domtool-publish
@@ -7,7 +7,11 @@ if [ -x "$(which aklog)" ]; then
 fi
 
 redo_exim() {
-        sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg
+        # FIXME: we're ignoring status of the touch command because we
+        # had to set mailman_domains.cfg immutable on mail relays not
+        # running mailman due to deficiencies on the domtool mailman
+        # plugin. Needs to be removed when not needed...
+        sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg || true
        /bin/echo -n "domainlist local_domains = " >/etc/exim4/conf.d/main/10_domtool-domains
        /bin/cat /var/domtool/local_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
        /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains