Project

General

Profile

Bug #16121

Migrate our Schleuder lists outside of boum.org

Added by intrigeri 7 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
12/11/2018
Due date:
% Done:

100%

Spent time:
(Total: 2.20 h)
Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:

Subtasks

Feature #16217: Migrate some of our Schleuder lists to pusciiResolved

Feature #16218: Migrate some of our Schleuder lists to lizardResolved

Bug #16253: Schleuder keys update cronjob fails for our lists on lizardResolved

Bug #16263: /etc/cron.daily/spamassassin fails on mail.lizardResolved

Bug #16270: mail.lizard lacks memoryResolved

Bug #16251: Fix tails@ configurationRejectedgroente

Bug #16252: Schleuder keys update cronjob fails for our lists at pusciiResolved

Bug #16254: Update sysadmin team doc wrt. new services: Schleuder and DNSResolved

Bug #16256: SPF issue while sending mail to lists hosted by pusciiResolvedgroente


Related issues

Related to Tails - Bug #16255: puscii fails to deliver email to boum.org Resolved 12/28/2018
Related to Tails - Bug #16767: Schleuder mailing lists non functional: MXs of Autistici/Inventati are misconfigured Needs Validation
Blocks Tails - Feature #13284: Core work: Sysadmin (Adapt our infrastructure) Confirmed 06/30/2017

Associated revisions

Revision 1304ea6b (diff)
Added by intrigeri 6 months ago

Document the new mail and Schleuder services (refs: #16121)

History

#1 Updated by intrigeri 7 months ago

  • Blocks Feature #13284: Core work: Sysadmin (Adapt our infrastructure) added

#2 Updated by intrigeri 7 months ago

Some of these lists should be self-hosted while some others will be hosted at puscii.nl. Which ones exactly is under discussion.

Regarding email routing and DNS setup, initial rough draft:

  • the MX for tails.b.o points to lizard
  • the canonical address for lists hosted at lizard becomes @tails.b.o
  • the canonical address for lists hosted at puscii becomes @puscii.nl
  • for backwards compatibility, the current @b.o addresses are redirected to the new ones; that would be set up wherever the b.o MX will point to, likely A/I; I'm not sure how best this would be implemented

#3 Updated by groente 7 months ago

  • the MX for tails.b.o points to lizar
  • the canonical address for lists hosted at lizard becomes @tails.b.o
  • the canonical address for lists hosted at puscii becomes @puscii.nl

migrating schleuder lists becomes a lot easier when you don't change their name. that way, you won't have to add identities to the PGP keys, which is probably going to be manual labour.

  • for backwards compatibility, the current @b.o addresses are redirected to the new ones; that would be set up wherever the b.o MX will point to, likely A/I; I'm not sure how best this would be implemented

instead of redirects, we can use transport maps to send the @b.o mail to the right server handling that particular list.

#4 Updated by intrigeri 7 months ago

migrating schleuder lists becomes a lot easier when you don't change their name. that way, you won't have to add identities to the PGP keys, which is probably going to be manual labour.

I'm not concerned about adding a few UIDs to a dozen keys or so.

  • for backwards compatibility, the current @b.o addresses are redirected to the new ones; that would be set up wherever the b.o MX will point to, likely A/I; I'm not sure how best this would be implemented

instead of redirects, we can use transport maps to send the @b.o mail to the right server handling that particular list.

Yeah, that was one of the options I had in mind when I wrote "redirected" :)

#5 Updated by intrigeri 7 months ago

For now, we won't change canonical addresses but will ensure the boum.org MX has aliases redirecting to the new hosting providers. Later on, if we get our own domain name or decide to postpone the topic for the foreseeable future, we might want to remove this layer of indirection in order to have one less point of failure (the boum.org MX): add UIDs to the GnuPG keys, make the new hosting location's domain the canonical addres of the lists, and after a while drop the backwards compat aliases.

#6 Updated by groente 7 months ago

intrigeri wrote:

For now, we won't change canonical addresses but will ensure the boum.org MX has aliases redirecting to the new hosting providers.

Just to be clear, we need transport maps, not aliases for hits.

The MTA where boum.org's MX points to should have transport maps set for the schleuder lists which deliver (deliver, not forward) mail to the hosting provider. The hosting provider should accept mail for boum.org. Specifically, it should accept mail for the lists it hosts and have a transport map that delivers everything else to wherever boum.org's MX points.

#7 Updated by intrigeri 7 months ago

Thanks for the clarification. I've filed 2 subtasks to track the next steps :)

#8 Updated by intrigeri 6 months ago

  • Related to Bug #16255: puscii fails to deliver email to boum.org added

#10 Updated by intrigeri 6 months ago

  • Status changed from Confirmed to In Progress

#11 Updated by anonym 5 months ago

  • Target version changed from Tails_3.12 to Tails_3.13

#12 Updated by groente 4 months ago

  • Status changed from In Progress to Resolved

#13 Updated by u 25 days ago

  • Related to Bug #16767: Schleuder mailing lists non functional: MXs of Autistici/Inventati are misconfigured added

Also available in: Atom PDF