Page MenuHomePhabricator

Remove disabled users from internal mailing lists
Open, Stalled, MediumPublic

Description

Once T160158 is implemented, we can add a script to remove all users disabled in corp LDAP from internal mailing lists running on fermium (the disabled users can no longer read their mailing lists mails, so there's no data leaked, but this still avoids pointless traffic).

Event Timeline

Relatedly: when an @wikimedia.org email account gets disabled, phabricator mail queues get backed up with attempts to deliver notifications.

Example: it appears that the email address of @Springle is disabled? There are a ton of undelivered notifications in phabricator's outgoing queue.

@mmodell : Disabled mail accounts should be a problem independant of disabled @wikimedia.org accounts, can you describe how Phabricator handles those? Does it detect bounces?
@bbogaert: If OIT offboards a staff member, does the @wikimedia.org continue to receive mail in general or what's the policy here?

@MoritzMuehlenhoff AFAIK, Phabricator doesn't handle bounces at all and it doesn't handle SMTP envelope rejections very gracefully. Essentially phabricator keeps retrying periodically until the notification has failed delivery 250 times, then it just gives up.

Also AFAIK, @wikimedia.org email accounts of former staff get disabled at which time they refuse delivery at the SMTP level.

Hi @MoritzMuehlenhoff ,

...
@bbogaert: If OIT offboards a staff member, does the @wikimedia.org continue to receive mail in general or what's the policy here?

Sometimes mail is forwarded to another address, sometimes it is shut off completely. Most of the time we suspend the account, so it still receives mail until we completely cut it off.

@JGulingan might know more.

Hope this helps!

-Byron

Once T160158 is implemented, we can add a script to remove all users disabled in corp LDAP from internal mailing lists running on fermium

The command to do this is: ` /var/lib/mailman/bin/remove_members --fromall <email address>
`
Problems are:

  • lack of notification when an email address is actually finally deleted (offboarding workflow between teams, historically a problem since a long time)
  • most lists are public and perfectly fine for a volunteer to be on, they just have to re-subscribe with another email address

Oh btw, i remember that a long long time ago there was a website on the "intranet" (.corp.wikimedia) that had a form which could be used to subscribe/unsubscribe people to/from mailing lists and OIT used that for on/offboarding. Afaik it used the Mailman API.

So it seems possible options are to:

  • revive a/that script again that talks to Mailman API, allowing OIT to unsubscribe people
  • some kind of "post-remove"-hook in LDAP/ldap client tools to trigger an automatic ticket creation in Phab when email gets disabled
  • give fermium shell access with sudo privileges for exactly the "remove_members" command above to OIT

Sometimes mail is forwarded to another address, sometimes it is shut off completely. Most of the time we suspend the account, so it still receives mail until we completely cut it off.

Thanks, if the handling of the wikimedia.org mail accounts is handled different, then it might make sense to have an additional custom attribute (as per T160158) which configures whether the mail account is shut down. This would allow us to automatically prune mailing list subscriptions when a wikimedia.org account is disabled.

Dzahn changed the task status from Open to Stalled.Oct 16 2020, 12:58 AM