create a new list, discuss if private or public
then send maint-announce@ mail there
if the list is public the on-duty person can just go to the archive link and doesnt have to be subscribed, if private we all have to subscribe or at least subscribe when on-duty and unsubscribe when not. doing that isn't hard though, via web ui
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Dzahn | T123525 reduce amount of remaining Ubuntu 12.04 (precise) systems in production | |||
| Resolved | • Cmjohnson | T137006 decom magnesium (data center) | |||
| Resolved | Dzahn | T123713 decom magnesium (was: Reinstall magnesium with jessie) | |||
| Resolved | Dzahn | T119112 move RT off of magnesium | |||
| Resolved | Dzahn | T132968 create a mailing list for maint-announce mail |
created maint-announce@lists (for less confusion identical name but with .lists. )
https://lists.wikimedia.org/mailman/admin/maint-announce
set archives to private
added noc@ as admin, subscribed robh
hmm... what else about the settings ?
set to not announce itself on the mailing lists main page, as we wont allow anyone to subscribe to it. we should also set it to not allow anyone to post without moderation, and then we can whitelist various vendors/carriers as they hit for the first time. This should allow it to remain relatively spam free. (Granted, we've talked about the list name in public, so its not exactly a secret.)
We can do whitelisting but on the other hand we did not do that in RT either afair and did not have a (big) spam problem. Just saying, it has advantages but also means we have to maintain the list and might get bounces every once in a while when things at 3rd party change. (Edit: well, we would not set unknown senders to be rejected but just moderated, ok)
We need to fill out the "List of non-member addresses whose postings should be automatically accepted."
deep link: accept_these_nonmembers
"Add member addresses one per line; start the line with a ^ character to designate a regular expression match. A line consisting of the @ character followed by a list name specifies another Mailman list in this installation, all of whose member addresses will be accepted for this list."
^
I started out with the list from here that i once tried to use for this in phab (was reverted because we did not end up using phab for this but same purpose). That data came from looking through the RT queue.
An example for a regex is discussed on mailman-users.
^.*[@.]wikimedia\.org$ ^.*[@.]cyrusone\.com$ ^.*[@.]teliasonera\.com$ ^.*[@.]equinix\.com$ ^.*[@.]unitedlayer\.com$ ^.*[@.]evoswitch\.com$ ^.*[@.]ntt\.net$ ^.*[@.]gtt\.net$
@RobH ^
Additionally, added maint-announce@ (without the .lists.) to acceptable_aliases. " Alias names (regexps) which qualify as explicit to or cc destination names for this list." We'll need this to make the list accept mail that is sent to the original maint-announce address, the exim alias.
Finally, subscribe_policy to "requires approval" so that the list admin (noc@) has to approve before a user gets subscribed to list.
All of that seems right to me! I don't think maintaining a small list of allowed domains will be difficult, as its only our carriers and vendors. Looks good.
Tested. Sent a mail from external non-wmf address, it got moderated, not bounced or accepted (good). The list owner got the "awaiting approval" message. Since the owner is noc@ we got it at root@.
Then sent from my wmf email address, it got through https://lists.wikimedia.org/mailman/private/maint-announce/2016-April/000000.html (but i'm a subscriber)
even though we have:
^.*[@.]teliasonera\.com$
^.*[@.]equinix\.com$
mail from no-reply@equinix.com got moderated and mail from ncm@teliasonera.com passed through without manual interaction. what the heck?
it's not a blocker though because in the moderation UI we can just click "permanently add sender to be accepted" and it adds the invidivual address and then works. but why? i turned off the option that users get informed when their mail is moderated.