Once T160158 is implemented, we can add a script to remove all users disabled in corp LDAP from internal mailing lists running on fermium (the disabled users can no longer read their mailing lists mails, so there's no data leaked, but this still avoids pointless traffic).
|Open||None||T142815 Enhance account handling (meta bug)|
|Open||None||T160158 Make disabled accounts visible in the corp mirror LDAP replica|
|Open||None||T161003 Cross-check disabled accounts from corp LDAP against data.yaml|
|Stalled||None||T161004 Remove disabled users from internal mailing lists|
- Mentioned In
- T190719: Create @wikimedia.org e-mail that just discards things sent to it
T161566: add support to offboard-user to support mailman list removal
- Mentioned Here
- T100400: Phabricator needs to handle bounces/errors from non-existent email addresses
T160158: Make disabled accounts visible in the corp mirror LDAP replica
Relatedly: when an @wikimedia.org email account gets disabled, phabricator mail queues get backed up with attempts to deliver notifications.
Example: it appears that the email address of @Springle is disabled? There are a ton of undelivered notifications in phabricator's outgoing queue.
@mmodell : Disabled mail accounts should be a problem independant of disabled @wikimedia.org accounts, can you describe how Phabricator handles those? Does it detect bounces?
@bbogaert: If OIT offboards a staff member, does the @wikimedia.org continue to receive mail in general or what's the policy here?
Once T160158 is implemented, we can add a script to remove all users disabled in corp LDAP from internal mailing lists running on fermium
The command to do this is: ` /var/lib/mailman/bin/remove_members --fromall <email address>
- lack of notification when an email address is actually finally deleted (offboarding workflow between teams, historically a problem since a long time)
- most lists are public and perfectly fine for a volunteer to be on, they just have to re-subscribe with another email address
Oh btw, i remember that a long long time ago there was a website on the "intranet" (.corp.wikimedia) that had a form which could be used to subscribe/unsubscribe people to/from mailing lists and OIT used that for on/offboarding. Afaik it used the Mailman API.
So it seems possible options are to:
- revive a/that script again that talks to Mailman API, allowing OIT to unsubscribe people
- some kind of "post-remove"-hook in LDAP/ldap client tools to trigger an automatic ticket creation in Phab when email gets disabled
- give fermium shell access with sudo privileges for exactly the "remove_members" command above to OIT
Thanks, if the handling of the wikimedia.org mail accounts is handled different, then it might make sense to have an additional custom attribute (as per T160158) which configures whether the mail account is shut down. This would allow us to automatically prune mailing list subscriptions when a wikimedia.org account is disabled.