Closed Bug 524804 Opened 15 years ago Closed 15 years ago

remove the mozilla.org/mozilla.com domains from the authorized recipients on dm-mail01/02

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
All
Other
Type:
task
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: justdave, Assigned: justdave)

Details

(Whiteboard: 11/03/2009 @ 7pm) 

We currently have dm-mail03 set up to handle mozilla.com and mozilla.org, and allow inbound mail only from postini (since postini is the MX for those domains).

dm-mail01/02 *used* to be the MX for those domains, and is still set up as such.  We still get spammers periodically ignoring the MX records and sending mail there anyway for mozilla.org/mozilla.com, which currently gets accepted (unless the spam filters nail it).

The final nail in this entry point will be to remove mozilla.org and mozilla.com from the relay_domains and transport_maps options on dm-mail01/02 so that mail for those domains will no longer be accepted on those servers.

Users who authenticate, or send mail from inside the firewall, will still have their mail accepted (but it'll probably go through postini on the way back in) :)
This will be a pretty instantaneous change, and *probably* won't really affect anything, but just in case, it ought to be announced when we're going to do it.
Flags: needs-downtime+
Just for clarification, this won't affect mail destined for tinderbox.mozilla.org (which is a separate domain)
Is it possible to whitelist stuff coming from sm-try-master.mozilla.org? The Try Server sends a ton of mail everyday, and I suspect it would get postini'ed pretty quickly, since each item of mail is formatted similarly.
Oh, we've also got a bunch of mail being sent from various masters: production-master, production-master02, talos-master at a minimum, which goes to a bunch of @mozilla.com addresses, including release@
(In reply to comment #4)
> Oh, we've also got a bunch of mail being sent from various masters:
> production-master, production-master02, talos-master at a minimum, which goes
> to a bunch of @mozilla.com addresses, including release@

cm-keymaster01.b.m.o also sends emails. 

justdave: is it possible to whitelist *.build.mozilla.org? That doesnt identify  all the former-qa machines which are not in the build network, but it might help make your whitelisting job easier?
Where do they all send *to*?  If they're using "smtp.mozilla.org" they should be fine (because that points at dm-mail03, which is what will still handle those domains)
Assignee: server-ops → justdave
(In reply to comment #6)
> Where do they all send *to*?  If they're using "smtp.mozilla.org" they should
> be fine (because that points at dm-mail03, which is what will still handle
> those domains)

They use mail.build.mozilla.org or smtp.mozilla.org - which are the same machine. Looks like we don't need to do anything special, then.
when is this scheduled for?
Whiteboard: 11/03/2009 @ 7pm
(In reply to comment #8)
> when is this scheduled for?

55 minutes ago, and was done then. :)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.