Page MenuHomePhabricator
Create Task
Maniphest T101451

Protect outgoing emails with SMTP STARTLS
Closed, DuplicatePublic
Actions

Description

When sodium (lists) or polonium (otrs) delivers an email message (such as mailing list delivery) to a remote server, it does so in plaintext even if the remote smtp server supports STARTTLS (rfc3207).

Expected:
The local exim should be negotiating a TLS connection using STARTTLS (and preferably, verifying the certificate when sending to the Big Players).

I should point out that in addition of mailing lists publicly archived (and staff addresses), we also have password resets, emails with personal information being sent to OTRS or private mailing lists (stewards, checkusers, oversighters, otrs agents...) so, assuming they are using a that also supports TLS smtp, we could have the message protected from the point it enters Wikimedia systems.

Related Objects

Event Timeline

Platonides created this task.Jun 4 2015, 10:14 PM
Platonides raised the priority of this task from to Medium.
Platonides updated the task description. (Show Details)
Platonides added projects: WMF-General-or-Unknown, Wikimedia-Mailing-lists.
Platonides added subscribers: Platonides, csteipp.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 4 2015, 10:14 PM
Platonides mentioned this in T101452: Protect incoming emails with SMTP STARTLS.Jun 4 2015, 10:14 PM
csteipp set Security to None.Jun 5 2015, 1:17 AM
csteipp added a subscriber: MoritzMuehlenhoff.

I would really like to see us do this part.

Platonides mentioned this in T99646: lists.wikimedia.org doesn't use opportunistic encryption.Jun 9 2015, 9:51 PM
Platonides merged a task: T99646: lists.wikimedia.org doesn't use opportunistic encryption.
Platonides added subscribers: Liuxinyu970226, jimmyxu.
Krenair subscribed.Jun 9 2015, 9:57 PM
csteipp mentioned this in T12453: Encrypt emails with GnuPG (GPG).Jun 23 2015, 4:36 PM
JohnLewis moved this task from Backlog to Jessie/Upgrade (2.x) on the Wikimedia-Mailing-lists board.Jul 7 2015, 10:15 PM
Chmarkine added a project: HTTPS.Jul 11 2015, 10:17 AM
Chmarkine subscribed.
RobH added a subtask: T105756: Mailman Upgrade (Jessie & Mailman 2.x) and migration to a VM.Jul 13 2015, 10:59 PM
Dzahn removed a subtask: T105756: Mailman Upgrade (Jessie & Mailman 2.x) and migration to a VM.Aug 5 2015, 5:39 PM
Dzahn mentioned this in T82576: Enable STARTTLS (both inbound and outbound) on lists.Aug 5 2015, 5:48 PM
Dzahn subscribed.

ticket is a duplicate of T82576

Dzahn added a comment.Aug 5 2015, 6:26 PM

please continue discussion on T82576 (since that was the older ticket). i wish we could have actually merged content like in RT but that is not possible

Dzahn closed this task as Invalid.Aug 5 2015, 6:27 PM
Dzahn claimed this task.
Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptAug 5 2015, 6:27 PM
Dzahn added a comment.Aug 5 2015, 6:29 PM

added @Platonides and @Chmarkine to linked ticket. let us know if any access issues.

Krenair closed this task as a duplicate of T82576: Enable STARTTLS (both inbound and outbound) on lists.Aug 16 2015, 6:00 PM
Platonides added a comment.Aug 26 2015, 11:37 PM

I'm afraid I don't have access there, Dzahn: «You do not have permission to view this object.». It expects me to be either on WMF-NDA or a task owner.

Dzahn added a comment.Aug 26 2015, 11:47 PM
In T101451#1577741, @Platonides wrote:

I'm afraid I don't have access there, Dzahn: «You do not have permission to view this object.». It expects me to be either on WMF-NDA or a task owner.

--> T110432

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL