Closed
Bug 524804
Opened 15 years ago
Closed 15 years ago
remove the mozilla.org/mozilla.com domains from the authorized recipients on dm-mail01/02
Categories
(mozilla.org Graveyard :: Server Operations, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: justdave, Assigned: justdave)
Details
(Whiteboard: 11/03/2009 @ 7pm)
We currently have dm-mail03 set up to handle mozilla.com and mozilla.org, and allow inbound mail only from postini (since postini is the MX for those domains). dm-mail01/02 *used* to be the MX for those domains, and is still set up as such. We still get spammers periodically ignoring the MX records and sending mail there anyway for mozilla.org/mozilla.com, which currently gets accepted (unless the spam filters nail it). The final nail in this entry point will be to remove mozilla.org and mozilla.com from the relay_domains and transport_maps options on dm-mail01/02 so that mail for those domains will no longer be accepted on those servers. Users who authenticate, or send mail from inside the firewall, will still have their mail accepted (but it'll probably go through postini on the way back in) :)
Assignee | ||
Comment 1•15 years ago
|
||
This will be a pretty instantaneous change, and *probably* won't really affect anything, but just in case, it ought to be announced when we're going to do it.
Flags: needs-downtime+
Assignee | ||
Comment 2•15 years ago
|
||
Just for clarification, this won't affect mail destined for tinderbox.mozilla.org (which is a separate domain)
Comment 3•15 years ago
|
||
Is it possible to whitelist stuff coming from sm-try-master.mozilla.org? The Try Server sends a ton of mail everyday, and I suspect it would get postini'ed pretty quickly, since each item of mail is formatted similarly.
Comment 4•15 years ago
|
||
Oh, we've also got a bunch of mail being sent from various masters: production-master, production-master02, talos-master at a minimum, which goes to a bunch of @mozilla.com addresses, including release@
Comment 5•15 years ago
|
||
(In reply to comment #4) > Oh, we've also got a bunch of mail being sent from various masters: > production-master, production-master02, talos-master at a minimum, which goes > to a bunch of @mozilla.com addresses, including release@ cm-keymaster01.b.m.o also sends emails. justdave: is it possible to whitelist *.build.mozilla.org? That doesnt identify all the former-qa machines which are not in the build network, but it might help make your whitelisting job easier?
Assignee | ||
Comment 6•15 years ago
|
||
Where do they all send *to*? If they're using "smtp.mozilla.org" they should be fine (because that points at dm-mail03, which is what will still handle those domains)
Assignee: server-ops → justdave
Comment 7•15 years ago
|
||
(In reply to comment #6) > Where do they all send *to*? If they're using "smtp.mozilla.org" they should > be fine (because that points at dm-mail03, which is what will still handle > those domains) They use mail.build.mozilla.org or smtp.mozilla.org - which are the same machine. Looks like we don't need to do anything special, then.
Comment 8•15 years ago
|
||
when is this scheduled for?
Updated•15 years ago
|
Whiteboard: 11/03/2009 @ 7pm
Assignee | ||
Comment 9•15 years ago
|
||
(In reply to comment #8) > when is this scheduled for? 55 minutes ago, and was done then. :)
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•