Page MenuHomePhabricator

Protect incoming emails with SMTP STARTLS
Closed, ResolvedPublic

Description

When receiving an email, none of the three wikimedia mail servers (lead, polonium and sodium) support STARTTLS for reception.

Expected:
They should offer the STARTTLS, after which should present a valid certificate making possible to establish a TLS connection with a PFS cipher.

Like T101451, the email should also be protected when arriving to WMF servers, as well as when reentering wikimedia.org quoted in a reply.

Details

Related Gerrit Patches:
operations/puppet : productionmail: add inbound TLS support for main MXes

Event Timeline

Platonides raised the priority of this task from to Needs Triage.
Platonides updated the task description. (Show Details)
Platonides added subscribers: Platonides, csteipp.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 4 2015, 10:14 PM
csteipp set Security to None.Jun 5 2015, 1:17 AM
csteipp added a subscriber: MoritzMuehlenhoff.
Krenair added a subscriber: Krenair.Jun 9 2015, 9:56 PM
JohnLewis triaged this task as Medium priority.Aug 6 2015, 9:30 PM
JohnLewis added a subscriber: JohnLewis.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptSep 16 2015, 11:37 AM

Change 240351 had a related patch set uploaded (by Faidon Liambotis):
mail: add inbound TLS support for main MXes

https://gerrit.wikimedia.org/r/240351

Change 240351 merged by Faidon Liambotis:
mail: add inbound TLS support for main MXes

https://gerrit.wikimedia.org/r/240351

faidon closed this task as Resolved.Sep 23 2015, 1:43 PM
faidon claimed this task.
faidon removed a project: Patch-For-Review.
faidon added a subscriber: faidon.

This is now done :)