Page MenuHomePhabricator

Move most (all?) exim personal aliases to OIT
Open, NormalPublic

Description

For historical reasons, production has quite a few exim aliases that map user-preferred aliases to staff Google accounts (random example: luis: lvilla).

These are a pain to maintain, especially since this crosses administrative domains (those aliases are controlled by ops, but the right-hand side Google accounts are controlled by OIT).
Corp LDAP already has a field that is been used for email aliases (initials) and is used for most accounts nowadays (like e.g. mine).

We've previously agreed with OIT (@JKrauska in particular) to move the remaining exim aliases of ours to LDAP but this hasn't happened yet. I'm filing this to reboot this work and track it so we don't forget again. @Dzahn, is this perhaps something you could help with?

Related Objects

StatusAssignedTask
OpenDzahn
Resolved JKrauska
ResolvedDzahn
ResolvedDzahn
Resolved JKrauska
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
Resolved JKrauska
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedArielGlenn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedNone
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
ResolvedDzahn
Resolvedhashar
ResolvedDzahn
ResolvedDzahn

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

@JKrauska to clean up the file i have removed these sections that were already commented:

-# Trademarks
-# trademark has been migrated to google but the alias must remain here.  2012-04-05 -ben
-# whoops, reverted.
-# multiple changes per RT-3537, RT-3895, RT-4564, RT-4641, RT-5246, RT-5945, RT-6285, RT-7640 et al
-# deactivated per cajoel on T83665 - 20150824
-#trademarks:	trademark
-#trademark:	kwadhwa, mpaulson, slaporte, ywelinder, hwalls, kmaher, rstallman, mbrar, jrogers, kfrancis
-
-#Emergency alias
-#emergency:	:blackhole: 
-#emergency:	cmoellenberndt, pbeaudette, mhernandez, jalexander, mdennis
-#emergency:	zexley, cmoellenberndt, communications, pbeaudette, mhernandez, jalexander, ..., mdennis, ywelinder

(removed some phone numbers where it says ...)

Dzahn added a comment.Feb 19 2016, 5:59 PM

for now, all subtasks are resolved. i would consider it a "resolved phase 1" and a really nice step, but there is more to do. most subtasks were from Joel but he is no longer here now. creating some more tasks for phase 2 now.

Dzahn removed Dzahn as the assignee of this task.Feb 19 2016, 9:28 PM

T101939 for recommender-feedback@

Elitre added a subscriber: Elitre.May 9 2016, 12:50 PM
Dzahn added a comment.Apr 24 2018, 1:29 AM

all subtasks are resolved now. yay!

all remaining things are either "ops" internal or technical (like techcom@ , packagist-admin@, analytics-alerts@ ) (maybe one remaining question on T100860?)

or they are individual aliases (out of scope of this ticket)

closing as resolved

Dzahn closed this task as Resolved.Apr 24 2018, 1:29 AM
Dzahn claimed this task.
faidon reopened this task as Open.Mar 4 2019, 12:00 PM

or they are individual aliases (out of scope of this ticket)

Individual/personal aliases were actually the original scope of this task -- what am I missing?

(I also see still a bunch of role aliases, but things seem considerably better since I last looked, that's awesome :)

I have sent email to 26 different people, former board members, former staff etc, asking them if they still use their aliases and are aware of them and at the same time checking if the recipient addresses are bouncing. Things that are not used anymore don't have to move to OIT.

Dzahn added a comment.May 28 2019, 8:40 PM

I have removed a bunch of aliases where people responded they were not aware of having them or that they don't need them anymore.

After that initial cleanup i opened a couple OIT tickets to move some more low-hanging fruit over (legal aliases, duplicate alias of existing employee etc).

After that i started to ask about the remaining personal aliases for former board members and affiliates that are being sent to external addresses.

I got this response so far:

1) We are not currently able to set up external email aliases for internal addresses (ie a gmail alias for a wiki user, Google does not allow for this)
2) Email forwarding is restricted for 'out of domain' accounts. I'm not sure if there have been exceptions in the past, or for people like board members, but that is something I will have to reach out to Eliza about when she returns next week

I replied that we probably don't need 1) but we do need 2) and that WMF as a whole / legal should be aware that these exceptions have existed in practice for many years.. it would just be a difference where in the technology stack we make them.

Dzahn added a comment.Wed, Jul 31, 2:18 AM

Currently there is an attempt to get "mail only" licenses from Google. OIT will let us know about the progress.