Re: Upcoming change to mail infrastructure -> SPF still broken
On Thu, 5 Jul 2018, 02:09 Reindl Harald, wrote: > > Am 04.07.2018 um 15:31 schrieb Luca Beltrame: > > Il giorno Wed, 4 Jul 2018 14:45:00 +0200 Reindl Harald > > ha scritto: > > > >> https://bugs.kde.org/show_bug.cgi?id=392685 2018-04-03 18:45:47 > >> UTC > > > > For the record, Sysadmin tickets should be filed through > > Phabricator (https://go.kde.org/systickets) rather than Bugzilla: > > this makes sure that they won't get lost. > For the record, this subthread should now be considered closed, as the issue has been located and work is underway to correct it. > and how do you imagine that for *users* like me which just reading teh > devel-list and have no access with their bugzilla credentials there? > > and even if i can register at https://identity.kde.org/ please make a > reality check how likely it is that people register here and there and > there too just to report a bug in KDE software in a way it's recognized > You are reporting an issue in our Infrastructure, which is quite different to our software (and also an internal issue) hence why it is managed on Phabricator. > > (Bugzilla is still used for KDE software - this is for > > Sysadmin-related stuff) > > that's why "bugs.kde.org" is in the product dropdown i guess - if > someone would take a look at new bugreports and be it only the > subjects this one would have been seen within 24 hours and internally > handed to the right group > That is a legacy product, dating back to before we had Phabricator (and when we had a dedicated Bugzilla maintainer...) > - > > if this contains one of my own machines i see the mistake not > configure "mynetworks" in /etc/postfix/main.cf proper within 24 hours > because i did "man grep", "man cron" and "man bash" > > 1 Jun 26 09:45:42 mail-gw postfix/smtpd[636481]: NOQUEUE: reject: > RCPT from mailnet.top[5.79.119.167]: 550 5.7.23 > : Recipient address rejected: Message > rejected due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=webmaster@mailnet. > top;ip=5.79.119.167;r=contai...@thelounge.net; > from= to= proto=ESMTP > helo= > In regards to the above, Bluemchen is our transactional mail gateway, responsible for handling all the mail from Bugzilla, Forum and Wiki notifications, Identity account registrations and the like. As such Bluemchen is responsible for its own mail delivery, for both KDE Sysadmin operated and other domains. Due to the nature of its role, it should only ever be sending as @KDE.org (and is authorised to do so in our SPF records). The fact that it isn't is due to a bug in software we use, which we are in the process of fixing. Therefore from my perspective everything is configured correctly, as Bluemchen is external as far as Postbox (and Letterbox) are concerned. Regards, Ben Cooksley KDE Sysadmin >
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 15:31 schrieb Luca Beltrame: > Il giorno Wed, 4 Jul 2018 14:45:00 +0200 Reindl Harald > ha scritto: > >> https://bugs.kde.org/show_bug.cgi?id=392685 2018-04-03 18:45:47 >> UTC > > For the record, Sysadmin tickets should be filed through > Phabricator (https://go.kde.org/systickets) rather than Bugzilla: > this makes sure that they won't get lost. and how do you imagine that for *users* like me which just reading teh devel-list and have no access with their bugzilla credentials there? and even if i can register at https://identity.kde.org/ please make a reality check how likely it is that people register here and there and there too just to report a bug in KDE software in a way it's recognized > (Bugzilla is still used for KDE software - this is for > Sysadmin-related stuff) that's why "bugs.kde.org" is in the product dropdown i guess - if someone would take a look at new bugreports and be it only the subjects this one would have been seen within 24 hours and internally handed to the right group - if this contains one of my own machines i see the mistake not configure "mynetworks" in /etc/postfix/main.cf proper within 24 hours because i did "man grep", "man cron" and "man bash" 1 Jun 26 09:45:42 mail-gw postfix/smtpd[636481]: NOQUEUE: reject: RCPT from mailnet.top[5.79.119.167]: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=webmas...@mailnet.top;ip=5.79.119.167;r=contai...@thelounge.net; from= to= proto=ESMTP helo=
Re: Upcoming change to mail infrastructure -> SPF still broken
Il giorno Wed, 4 Jul 2018 14:45:00 +0200 Reindl Harald ha scritto: > https://bugs.kde.org/show_bug.cgi?id=392685 > 2018-04-03 18:45:47 UTC For the record, Sysadmin tickets should be filed through Phabricator (https://go.kde.org/systickets) rather than Bugzilla: this makes sure that they won't get lost. (Bugzilla is still used for KDE software - this is for Sysadmin-related stuff). pgpQx5dbmHCoo.pgp Description: Firma digitale OpenPGP
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 14:45 schrieb Reindl Harald: > Am 04.07.2018 um 13:58 schrieb Ben Cooksley: I'd be curious to know when you observed that, as I can find no trace of such a message being carried by Bluemchen in recent times for that address aside from one which was successfully delivered to you on Jun 29 at 17:14:37 UTC >>> >>> NOW! >>> >>> https://bugs.kde.org/show_bug.cgi?id=392685#c1 >> >> Please refrain from further use of exclamation marks, as it isn't >> helping matters. >> >> Also, note that you've never reported this issue in the past, so from >> my perspective this is entirely new, regardless of how it may be known >> from your side (and your bug report was posted less than 24 hours ago) > > https://bugs.kde.org/show_bug.cgi?id=392685 > 2018-04-03 18:45:47 UTC > 3 months are not less than 24 hours "a bug in Bugzilla which is responsible for this issue" as mailadmin i tell you what: bug in bugzilla or not, when you enforce SPF/DKIM/DMARC between your own servers you are asking for trouble, that's what http://www.postfix.org/postconf.5.html#mynetworks is for "by postbox.kde.org (Postfix)"
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 13:58 schrieb Ben Cooksley: > On Wed, Jul 4, 2018 at 10:52 PM, Reindl Harald wrote: >> Am 04.07.2018 um 12:38 schrieb Ben Cooksley: >>> On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald >>> wrote: did you also notice and fix the long outstanding bugzilla SPF problems within your own infrastructure before make checks even sharper? https://bugs.kde.org/show_bug.cgi?id=392685 there are at leat *three* problems: * the notify mails have the envelope-sender of the reoprter * postbox.kde.org don't skip SPF checks from bluemchen.kde.org * the SPF can not match because bluemchen.kde.org is not in the reporters SPF * finally you send backscatter-bounces for each and every mail back to the reporter that the notify to the others was rejected by postbox.kde.org and so reports don't get attention * don't use reporters enevlope sender to begin with * don't SPF check inbound mail within the own infrastructure * don't backscatter to the innocent reporter : host postbox.kde.org[46.4.96.248] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 >>> >>> I'd be curious to know when you observed that, as I can find no trace >>> of such a message being carried by Bluemchen in recent times for that >>> address aside from one which was successfully delivered to you on Jun >>> 29 at 17:14:37 UTC >> >> NOW! >> >> https://bugs.kde.org/show_bug.cgi?id=392685#c1 > > Please refrain from further use of exclamation marks, as it isn't > helping matters. > > Also, note that you've never reported this issue in the past, so from > my perspective this is entirely new, regardless of how it may be known > from your side (and your bug report was posted less than 24 hours ago) https://bugs.kde.org/show_bug.cgi?id=392685 2018-04-03 18:45:47 UTC 3 months are not less than 24 hours
Re: Upcoming change to mail infrastructure -> SPF still broken
On Wed, Jul 4, 2018 at 10:52 PM, Reindl Harald wrote: > > > Am 04.07.2018 um 12:38 schrieb Ben Cooksley: >> On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald >> wrote: >>> did you also notice and fix the long outstanding bugzilla SPF problems >>> within your own infrastructure before make checks even sharper? >>> >>> https://bugs.kde.org/show_bug.cgi?id=392685 >>> >>> there are at leat *three* problems: >>> * the notify mails have the envelope-sender of the reoprter >>> * postbox.kde.org don't skip SPF checks from bluemchen.kde.org >>> * the SPF can not match because bluemchen.kde.org is not >>> in the reporters SPF >>> * finally you send backscatter-bounces for each and every >>> mail back to the reporter that the notify to the others >>> was rejected by postbox.kde.org and so reports don't get attention >>> >>> * don't use reporters enevlope sender to begin with >>> * don't SPF check inbound mail within the own infrastructure >>> * don't backscatter to the innocent reporter >>> >>> : host postbox.kde.org[46.4.96.248] said: 550 >>> 5.7.23 : Recipient address rejected: Message >>> rejected due to: SPF fail - not authorized. Please see >>> http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 >> >> I'd be curious to know when you observed that, as I can find no trace >> of such a message being carried by Bluemchen in recent times for that >> address aside from one which was successfully delivered to you on Jun >> 29 at 17:14:37 UTC > > NOW! > > https://bugs.kde.org/show_bug.cgi?id=392685#c1 Please refrain from further use of exclamation marks, as it isn't helping matters. Also, note that you've never reported this issue in the past, so from my perspective this is entirely new, regardless of how it may be known from your side (and your bug report was posted less than 24 hours ago) > > "such a message being carried by Bluemchen in recent times for that > address aside from one which was successfully delivered to you on Jun 29 > at 17:14:37 UTC" - yeah - when somebody *else* makes a comment i get > that notify but when i write a brugreport or comment a get that damned > backscatters below I've checked our logs and have identified a bug in Bugzilla which is responsible for this issue, and believe I now have the appropriate information now to reproduce and resolve the issue. Due to the nature of the issue it may take a few days before we can deploy a fix for this problem. This bug only affects a very limited number of users on our installation of Bugzilla. As this issue already exists, and won't be changed by the switch to Letterbox this issue will be treated separately and won't prevent us from initiating the switchover to Letterbox. Regards, Ben Cooksley KDE Sysadmin > > Weitergeleitete Nachricht > Betreff: Undelivered Mail Returned to Sender > Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) > Von: Mail Delivery System > An: li...@rhsoft.net > > This is the mail system at host bluemchen.kde.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > >The mail system > > : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 > 5.7.23 : Recipient address rejected: Message rejected > due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net > ip=2001:4830:134:8::100;r= (in reply to RCPT TO command) > > > Weitergeleitete Nachricht > Betreff: Undelivered Mail Returned to Sender > Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) > Von: Mail Delivery System > An: li...@rhsoft.net > > This is the mail system at host bluemchen.kde.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > >The mail system > > : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 > 5.7.23 : Recipient address rejected: Message rejected > due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=2001:4830:134:8::100;r= > (in reply to RCPT TO command) > > > Weitergeleitete Nachricht > Betreff: Undelivered Mail Returned to Sender > Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) > Von: Mail Delivery System > An: li...@rhsoft.net > > This is the mail system at host bluemchen.kde.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 12:38 schrieb Ben Cooksley: > On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald wrote: >> did you also notice and fix the long outstanding bugzilla SPF problems >> within your own infrastructure before make checks even sharper? >> >> https://bugs.kde.org/show_bug.cgi?id=392685 >> >> there are at leat *three* problems: >> * the notify mails have the envelope-sender of the reoprter >> * postbox.kde.org don't skip SPF checks from bluemchen.kde.org >> * the SPF can not match because bluemchen.kde.org is not >> in the reporters SPF >> * finally you send backscatter-bounces for each and every >> mail back to the reporter that the notify to the others >> was rejected by postbox.kde.org and so reports don't get attention >> >> * don't use reporters enevlope sender to begin with >> * don't SPF check inbound mail within the own infrastructure >> * don't backscatter to the innocent reporter >> >> : host postbox.kde.org[46.4.96.248] said: 550 >> 5.7.23 : Recipient address rejected: Message >> rejected due to: SPF fail - not authorized. Please see >> http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 > > I'd be curious to know when you observed that, as I can find no trace > of such a message being carried by Bluemchen in recent times for that > address aside from one which was successfully delivered to you on Jun > 29 at 17:14:37 UTC NOW! https://bugs.kde.org/show_bug.cgi?id=392685#c1 "such a message being carried by Bluemchen in recent times for that address aside from one which was successfully delivered to you on Jun 29 at 17:14:37 UTC" - yeah - when somebody *else* makes a comment i get that notify but when i write a brugreport or comment a get that damned backscatters below Weitergeleitete Nachricht Betreff: Undelivered Mail Returned to Sender Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) Von: Mail Delivery System An: li...@rhsoft.net This is the mail system at host bluemchen.kde.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net ip=2001:4830:134:8::100;r= (in reply to RCPT TO command) Weitergeleitete Nachricht Betreff: Undelivered Mail Returned to Sender Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) Von: Mail Delivery System An: li...@rhsoft.net This is the mail system at host bluemchen.kde.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=2001:4830:134:8::100;r= (in reply to RCPT TO command) Weitergeleitete Nachricht Betreff: Undelivered Mail Returned to Sender Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) Von: Mail Delivery System An: li...@rhsoft.net This is the mail system at host bluemchen.kde.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=2001:4830:134:8::100;r= (in reply to RCPT TO command)
Re: Upcoming change to mail infrastructure
On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald wrote: > > > Am 03.07.2018 um 12:29 schrieb Ben Cooksley: >> We've recently completed configuration of a new mail server which will >> be replacing the current system which handles kde.org mail. This >> system will be assuming responsibility for mailing lists as well as >> authenticated mail sending for those who require that service. > > did you also notice and fix the long outstanding bugzilla SPF problems > within your own infrastructure before make checks even sharper? > > https://bugs.kde.org/show_bug.cgi?id=392685 > > there are at leat *three* problems: > * the notify mails have the envelope-sender of the reoprter > * postbox.kde.org don't skip SPF checks from bluemchen.kde.org > * the SPF can not match because bluemchen.kde.org is not > in the reporters SPF > * finally you send backscatter-bounces for each and every > mail back to the reporter that the notify to the others > was rejected by postbox.kde.org and so reports don't get attention > > * don't use reporters enevlope sender to begin with > * don't SPF check inbound mail within the own infrastructure > * don't backscatter to the innocent reporter > > : host postbox.kde.org[46.4.96.248] said: 550 > 5.7.23 : Recipient address rejected: Message > rejected due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 I'd be curious to know when you observed that, as I can find no trace of such a message being carried by Bluemchen in recent times for that address aside from one which was successfully delivered to you on Jun 29 at 17:14:37 UTC. The behaviour you are describing was at one point provided by a custom patch we had to support legacy behaviour. I'm not sure when it was removed (my mail archives indicate it was sometime in late 2015), but I know it did generate quite a few complaints when we did remove it. In regards to the above points, Bugzilla has been configured to use it's own envelope sender, bugzilla_nore...@kde.org, as evidenced by the following log entry: Jun 29 17:14:23 bluemchen postfix/qmgr[452]: 4EEF2100B8B: from=, size=2457, nrcpt=1 (queue active) and also confirmed by the following lines from mail headers on a Bugzilla mail I received directly on June 28: Received: from www-data by bugs.kde.org with local (Exim 4.82) (envelope-from ) id 1fYKZ8-00035U-0m for bcooks...@kde.org; Thu, 28 Jun 2018 00:13:38 + From: bugzilla_nore...@kde.org To: bcooks...@kde.org Therefore all 3 points you've mentioned are all resolved, and have been for some time. Regards, Ben Cooksley KDE Sysadmin
Re: Upcoming change to mail infrastructure
Am 03.07.2018 um 12:29 schrieb Ben Cooksley: > We've recently completed configuration of a new mail server which will > be replacing the current system which handles kde.org mail. This > system will be assuming responsibility for mailing lists as well as > authenticated mail sending for those who require that service. did you also notice and fix the long outstanding bugzilla SPF problems within your own infrastructure before make checks even sharper? https://bugs.kde.org/show_bug.cgi?id=392685 there are at leat *three* problems: * the notify mails have the envelope-sender of the reoprter * postbox.kde.org don't skip SPF checks from bluemchen.kde.org * the SPF can not match because bluemchen.kde.org is not in the reporters SPF * finally you send backscatter-bounces for each and every mail back to the reporter that the notify to the others was rejected by postbox.kde.org and so reports don't get attention * don't use reporters enevlope sender to begin with * don't SPF check inbound mail within the own infrastructure * don't backscatter to the innocent reporter : host postbox.kde.org[46.4.96.248] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41
Re: Upcoming change to mail infrastructure
On martes, 3 de julio de 2018 13:12:56 (CEST) Ben Cooksley wrote: > On Tue, Jul 3, 2018 at 11:11 PM, Paul Brown wrote: > > On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: > >> On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: > >> > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: > >> >> Hi all, > >> >> > >> >> We've recently completed configuration of a new mail server which will > >> >> be replacing the current system which handles kde.org mail. This > >> >> system will be assuming responsibility for mailing lists as well as > >> >> authenticated mail sending for those who require that service. > >> >> > >> >> To ensure a smooth transition however some changes may be needed on > >> >> your side, especially if you are using our authenticated mail sending > >> >> service. > >> >> > >> >> As part of the new system, we have configured updated filters which > >> >> will begin enforcing DMARC policies for domains which have specified > >> >> these, along with improved SPF verification. As a consequence, if you > >> >> are forwarding mail from another provider to your kde.org or > >> >> kdemail.net address, this may cease working following the transition. > >> >> We recommend you configure these services to instead forward directly > >> >> to your final mail provider should this impact on you. > >> >> > >> >> For those users of the authenticated mail service: please change your > >> >> mail client to use the server "letterbox.kde.org" instead of the > >> >> current server "postbox.kde.org". Additionally, if you are currently > >> >> using port 588 to send mail, this should now be changed to the > >> >> standard submission port, 587. > >> >> > >> >> As part of this setup we have also completely reworked our > >> >> SpamAssassin setup. As a consequence of this, we are now looking for > >> >> spam mail to begin training the filter to ensure it is ready to begin > >> >> filtering the substantial mail volumes Postbox handles. > >> >> > >> >> Mailing list moderators whose lists receive significant quantities of > >> >> spam are therefore requested to not discard this, and instead let us > >> >> know so we can use the spam from your moderation queue to train the > >> >> filter. Please note that we can grab the mail directly from the queue, > >> >> so forwarding it elsewhere is not required. > >> >> > >> >> Once the filter has been sufficiently trained, we will commence the > >> >> cutover and transfer handling of kde.org mail, including mailing > >> >> lists, to the new system. > >> >> > >> >> Should anyone have any questions regarding this process, please let us > >> >> know. > >> >> > >> >> Regards, > >> >> Ben Cooksley > >> >> KDE Sysadmin > >> > > >> > When do you plan to finalise the transition and flip the switch? > >> > >> Once the Bayes filter has been sufficiently trained, which may take a > >> few days depending on how much spam we collect. > >> I've no other clearer timeline than that at this stage i'm afraid. > > > > Sure. I ask so that, when you do, we know and can check things are working > > and we are not left sitting around oblivious and wondering why everybody > > has suddenly gone awfully quiet. > > > > To avoid this I suppose that, when you do know the exact time and date, > > you > > will make it public, right? > > Yes, there will be a notification made when the changeover is done, If you send a notification via email (how else?) and people on the other side are not receiving email because something went wrong, how are they going to know? Wouldn't it be better to send a message out, say, a couple of hours *BEFORE* you change over and then flip the switch? Then users can test sending and receiving when the time comes. Paul > and Letterbox (the new system) will be monitored extensively for the > first hour or so to ensure everything is working as expected. > > Cheers, > Ben > > > Cheers > > > > Paul > > -- > > Promotion & Communication > > > > www: http://kde.org > > Mastodon: https://mastodon.technology/@kde > > Facebook: https://www.facebook.com/kde/ > > Twitter: https://twitter.com/kdecommunity -- Promotion & Communication www: http://kde.org Mastodon: https://mastodon.technology/@kde Facebook: https://www.facebook.com/kde/ Twitter: https://twitter.com/kdecommunity signature.asc Description: This is a digitally signed message part.
Re: Upcoming change to mail infrastructure
On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: > On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: > > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: > >> Hi all, > >> > >> We've recently completed configuration of a new mail server which will > >> be replacing the current system which handles kde.org mail. This > >> system will be assuming responsibility for mailing lists as well as > >> authenticated mail sending for those who require that service. > >> > >> To ensure a smooth transition however some changes may be needed on > >> your side, especially if you are using our authenticated mail sending > >> service. > >> > >> As part of the new system, we have configured updated filters which > >> will begin enforcing DMARC policies for domains which have specified > >> these, along with improved SPF verification. As a consequence, if you > >> are forwarding mail from another provider to your kde.org or > >> kdemail.net address, this may cease working following the transition. > >> We recommend you configure these services to instead forward directly > >> to your final mail provider should this impact on you. > >> > >> For those users of the authenticated mail service: please change your > >> mail client to use the server "letterbox.kde.org" instead of the > >> current server "postbox.kde.org". Additionally, if you are currently > >> using port 588 to send mail, this should now be changed to the > >> standard submission port, 587. > >> > >> As part of this setup we have also completely reworked our > >> SpamAssassin setup. As a consequence of this, we are now looking for > >> spam mail to begin training the filter to ensure it is ready to begin > >> filtering the substantial mail volumes Postbox handles. > >> > >> Mailing list moderators whose lists receive significant quantities of > >> spam are therefore requested to not discard this, and instead let us > >> know so we can use the spam from your moderation queue to train the > >> filter. Please note that we can grab the mail directly from the queue, > >> so forwarding it elsewhere is not required. > >> > >> Once the filter has been sufficiently trained, we will commence the > >> cutover and transfer handling of kde.org mail, including mailing > >> lists, to the new system. > >> > >> Should anyone have any questions regarding this process, please let us > >> know. > >> > >> Regards, > >> Ben Cooksley > >> KDE Sysadmin > > > > When do you plan to finalise the transition and flip the switch? > > Once the Bayes filter has been sufficiently trained, which may take a > few days depending on how much spam we collect. > I've no other clearer timeline than that at this stage i'm afraid. Sure. I ask so that, when you do, we know and can check things are working and we are not left sitting around oblivious and wondering why everybody has suddenly gone awfully quiet. To avoid this I suppose that, when you do know the exact time and date, you will make it public, right? Cheers Paul -- Promotion & Communication www: http://kde.org Mastodon: https://mastodon.technology/@kde Facebook: https://www.facebook.com/kde/ Twitter: https://twitter.com/kdecommunity signature.asc Description: This is a digitally signed message part.
Re: Upcoming change to mail infrastructure
On Tue, Jul 3, 2018 at 11:25 PM, Paul Brown wrote: > On martes, 3 de julio de 2018 13:12:56 (CEST) Ben Cooksley wrote: >> On Tue, Jul 3, 2018 at 11:11 PM, Paul Brown wrote: >> > On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: >> >> On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: >> >> > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: >> >> >> Hi all, >> >> >> >> >> >> We've recently completed configuration of a new mail server which will >> >> >> be replacing the current system which handles kde.org mail. This >> >> >> system will be assuming responsibility for mailing lists as well as >> >> >> authenticated mail sending for those who require that service. >> >> >> >> >> >> To ensure a smooth transition however some changes may be needed on >> >> >> your side, especially if you are using our authenticated mail sending >> >> >> service. >> >> >> >> >> >> As part of the new system, we have configured updated filters which >> >> >> will begin enforcing DMARC policies for domains which have specified >> >> >> these, along with improved SPF verification. As a consequence, if you >> >> >> are forwarding mail from another provider to your kde.org or >> >> >> kdemail.net address, this may cease working following the transition. >> >> >> We recommend you configure these services to instead forward directly >> >> >> to your final mail provider should this impact on you. >> >> >> >> >> >> For those users of the authenticated mail service: please change your >> >> >> mail client to use the server "letterbox.kde.org" instead of the >> >> >> current server "postbox.kde.org". Additionally, if you are currently >> >> >> using port 588 to send mail, this should now be changed to the >> >> >> standard submission port, 587. >> >> >> >> >> >> As part of this setup we have also completely reworked our >> >> >> SpamAssassin setup. As a consequence of this, we are now looking for >> >> >> spam mail to begin training the filter to ensure it is ready to begin >> >> >> filtering the substantial mail volumes Postbox handles. >> >> >> >> >> >> Mailing list moderators whose lists receive significant quantities of >> >> >> spam are therefore requested to not discard this, and instead let us >> >> >> know so we can use the spam from your moderation queue to train the >> >> >> filter. Please note that we can grab the mail directly from the queue, >> >> >> so forwarding it elsewhere is not required. >> >> >> >> >> >> Once the filter has been sufficiently trained, we will commence the >> >> >> cutover and transfer handling of kde.org mail, including mailing >> >> >> lists, to the new system. >> >> >> >> >> >> Should anyone have any questions regarding this process, please let us >> >> >> know. >> >> >> >> >> >> Regards, >> >> >> Ben Cooksley >> >> >> KDE Sysadmin >> >> > >> >> > When do you plan to finalise the transition and flip the switch? >> >> >> >> Once the Bayes filter has been sufficiently trained, which may take a >> >> few days depending on how much spam we collect. >> >> I've no other clearer timeline than that at this stage i'm afraid. >> > >> > Sure. I ask so that, when you do, we know and can check things are working >> > and we are not left sitting around oblivious and wondering why everybody >> > has suddenly gone awfully quiet. >> > >> > To avoid this I suppose that, when you do know the exact time and date, >> > you >> > will make it public, right? >> >> Yes, there will be a notification made when the changeover is done, > > If you send a notification via email (how else?) and people on the other side > are not receiving email because something went wrong, how are they going to > know? > > Wouldn't it be better to send a message out, say, a couple of hours *BEFORE* > you change over and then flip the switch? Then users can test sending and > receiving when the time comes. All going well, you probably won't even notice the switch over. We've done these changeovers in the past, so i'm not too concerned about problems, as we'll be able to monitor them easily. Cheers, Ben > > Paul > >> and Letterbox (the new system) will be monitored extensively for the >> first hour or so to ensure everything is working as expected. >> >> Cheers, >> Ben >> >> > Cheers >> > >> > Paul >> > -- >> > Promotion & Communication >> > >> > www: http://kde.org >> > Mastodon: https://mastodon.technology/@kde >> > Facebook: https://www.facebook.com/kde/ >> > Twitter: https://twitter.com/kdecommunity > > > -- > Promotion & Communication > > www: http://kde.org > Mastodon: https://mastodon.technology/@kde > Facebook: https://www.facebook.com/kde/ > Twitter: https://twitter.com/kdecommunity >
Re: Upcoming change to mail infrastructure
On Tue, Jul 3, 2018 at 11:11 PM, Paul Brown wrote: > On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: >> On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: >> > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: >> >> Hi all, >> >> >> >> We've recently completed configuration of a new mail server which will >> >> be replacing the current system which handles kde.org mail. This >> >> system will be assuming responsibility for mailing lists as well as >> >> authenticated mail sending for those who require that service. >> >> >> >> To ensure a smooth transition however some changes may be needed on >> >> your side, especially if you are using our authenticated mail sending >> >> service. >> >> >> >> As part of the new system, we have configured updated filters which >> >> will begin enforcing DMARC policies for domains which have specified >> >> these, along with improved SPF verification. As a consequence, if you >> >> are forwarding mail from another provider to your kde.org or >> >> kdemail.net address, this may cease working following the transition. >> >> We recommend you configure these services to instead forward directly >> >> to your final mail provider should this impact on you. >> >> >> >> For those users of the authenticated mail service: please change your >> >> mail client to use the server "letterbox.kde.org" instead of the >> >> current server "postbox.kde.org". Additionally, if you are currently >> >> using port 588 to send mail, this should now be changed to the >> >> standard submission port, 587. >> >> >> >> As part of this setup we have also completely reworked our >> >> SpamAssassin setup. As a consequence of this, we are now looking for >> >> spam mail to begin training the filter to ensure it is ready to begin >> >> filtering the substantial mail volumes Postbox handles. >> >> >> >> Mailing list moderators whose lists receive significant quantities of >> >> spam are therefore requested to not discard this, and instead let us >> >> know so we can use the spam from your moderation queue to train the >> >> filter. Please note that we can grab the mail directly from the queue, >> >> so forwarding it elsewhere is not required. >> >> >> >> Once the filter has been sufficiently trained, we will commence the >> >> cutover and transfer handling of kde.org mail, including mailing >> >> lists, to the new system. >> >> >> >> Should anyone have any questions regarding this process, please let us >> >> know. >> >> >> >> Regards, >> >> Ben Cooksley >> >> KDE Sysadmin >> > >> > When do you plan to finalise the transition and flip the switch? >> >> Once the Bayes filter has been sufficiently trained, which may take a >> few days depending on how much spam we collect. >> I've no other clearer timeline than that at this stage i'm afraid. > > Sure. I ask so that, when you do, we know and can check things are working and > we are not left sitting around oblivious and wondering why everybody has > suddenly gone awfully quiet. > > To avoid this I suppose that, when you do know the exact time and date, you > will make it public, right? Yes, there will be a notification made when the changeover is done, and Letterbox (the new system) will be monitored extensively for the first hour or so to ensure everything is working as expected. Cheers, Ben > > Cheers > > Paul > -- > Promotion & Communication > > www: http://kde.org > Mastodon: https://mastodon.technology/@kde > Facebook: https://www.facebook.com/kde/ > Twitter: https://twitter.com/kdecommunity >
Re: Upcoming change to mail infrastructure
On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: > Hi all, > > We've recently completed configuration of a new mail server which will > be replacing the current system which handles kde.org mail. This > system will be assuming responsibility for mailing lists as well as > authenticated mail sending for those who require that service. > > To ensure a smooth transition however some changes may be needed on > your side, especially if you are using our authenticated mail sending > service. > > As part of the new system, we have configured updated filters which > will begin enforcing DMARC policies for domains which have specified > these, along with improved SPF verification. As a consequence, if you > are forwarding mail from another provider to your kde.org or > kdemail.net address, this may cease working following the transition. > We recommend you configure these services to instead forward directly > to your final mail provider should this impact on you. > > For those users of the authenticated mail service: please change your > mail client to use the server "letterbox.kde.org" instead of the > current server "postbox.kde.org". Additionally, if you are currently > using port 588 to send mail, this should now be changed to the > standard submission port, 587. > > As part of this setup we have also completely reworked our > SpamAssassin setup. As a consequence of this, we are now looking for > spam mail to begin training the filter to ensure it is ready to begin > filtering the substantial mail volumes Postbox handles. > > Mailing list moderators whose lists receive significant quantities of > spam are therefore requested to not discard this, and instead let us > know so we can use the spam from your moderation queue to train the > filter. Please note that we can grab the mail directly from the queue, > so forwarding it elsewhere is not required. > > Once the filter has been sufficiently trained, we will commence the > cutover and transfer handling of kde.org mail, including mailing > lists, to the new system. > > Should anyone have any questions regarding this process, please let us know. > > Regards, > Ben Cooksley > KDE Sysadmin When do you plan to finalise the transition and flip the switch? Cheers Paul -- Promotion & Communication www: http://kde.org Mastodon: https://mastodon.technology/@kde Facebook: https://www.facebook.com/kde/ Twitter: https://twitter.com/kdecommunity signature.asc Description: This is a digitally signed message part.
Re: Upcoming change to mail infrastructure
On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: >> Hi all, >> >> We've recently completed configuration of a new mail server which will >> be replacing the current system which handles kde.org mail. This >> system will be assuming responsibility for mailing lists as well as >> authenticated mail sending for those who require that service. >> >> To ensure a smooth transition however some changes may be needed on >> your side, especially if you are using our authenticated mail sending >> service. >> >> As part of the new system, we have configured updated filters which >> will begin enforcing DMARC policies for domains which have specified >> these, along with improved SPF verification. As a consequence, if you >> are forwarding mail from another provider to your kde.org or >> kdemail.net address, this may cease working following the transition. >> We recommend you configure these services to instead forward directly >> to your final mail provider should this impact on you. >> >> For those users of the authenticated mail service: please change your >> mail client to use the server "letterbox.kde.org" instead of the >> current server "postbox.kde.org". Additionally, if you are currently >> using port 588 to send mail, this should now be changed to the >> standard submission port, 587. >> >> As part of this setup we have also completely reworked our >> SpamAssassin setup. As a consequence of this, we are now looking for >> spam mail to begin training the filter to ensure it is ready to begin >> filtering the substantial mail volumes Postbox handles. >> >> Mailing list moderators whose lists receive significant quantities of >> spam are therefore requested to not discard this, and instead let us >> know so we can use the spam from your moderation queue to train the >> filter. Please note that we can grab the mail directly from the queue, >> so forwarding it elsewhere is not required. >> >> Once the filter has been sufficiently trained, we will commence the >> cutover and transfer handling of kde.org mail, including mailing >> lists, to the new system. >> >> Should anyone have any questions regarding this process, please let us know. >> >> Regards, >> Ben Cooksley >> KDE Sysadmin > > When do you plan to finalise the transition and flip the switch? Once the Bayes filter has been sufficiently trained, which may take a few days depending on how much spam we collect. I've no other clearer timeline than that at this stage i'm afraid. > > Cheers > > Paul Regards, Ben > -- > Promotion & Communication > > www: http://kde.org > Mastodon: https://mastodon.technology/@kde > Facebook: https://www.facebook.com/kde/ > Twitter: https://twitter.com/kdecommunity >