Page MenuHomePhabricator
Create Task
Maniphest T249237

Fix Cloud VPS and Toolforge mail servers to work with the modern internet
Closed, ResolvedPublic
Actions

Description

The Cloud Services environment provides two separate SMTP related services: outbound mail sending for all Cloud VPS hosts via the mx-out0{1,2}.wmflabs.org hosts, and inbound/outbound mail for Toolforge via the mail.tools.wmflabs.org service.

Both sets of mail servers have had a long list of historic issues related to modern internet practices of validating message origins/senders to combat spam. Historically these issues have been addressed (or not) on an ad hoc basis as active issues arise. As is often the case with this approach to maintenance of shared systems, once the active event is resolved (or the reporter gives up) the follow up tasks linger and rot in the global backlog. It feels like it is time to actually bundle these tasks together along with a bit of purposeful design to try and dig us out of this tech debt.

See also

Details

SubjectRepoBranchLines +/-
P:toolforge: mail: DKIM sign outgoing mailoperations/puppetproduction+10 -0
Add fake WMCS DKIM keyslabs/privatemaster+0 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Apr 2 2020, 4:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 2 2020, 4:36 PM
bd808 added a subtask: T249114: E-mails from noreply@pypi.org to tools.pywikibot@tools.wmflabs.org are not forwarded to certain recipients due to SPF.Apr 2 2020, 7:53 PM
bd808 added a subtask: T120210: tools-mail: check SPF of sender before forwarding email.
bd808 added a subtask: T120225: Toolforge: correctly envelope forwarded email.
bd808 added a subtask: T235401: Emails from discourse-mediawiki.wmflabs.org softfail SPF.
bd808 added a subtask: T208281: Set up SPF, DKIM, etc. for new cloud MX servers.
Dvorapa subscribed.Apr 2 2020, 9:02 PM
DSquirrelGM subscribed.Apr 8 2020, 3:21 PM
bd808 assigned this task to aborrero.Apr 15 2020, 10:57 PM
bd808 triaged this task as Medium priority.
bd808 added a project: Goal.
bd808 moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.
JHedden added a subtask: T175964: Set up mail rate limiting for tools-mail .Apr 21 2020, 4:47 PM
Krenair subscribed.Apr 21 2020, 8:21 PM
aborrero closed subtask T175964: Set up mail rate limiting for tools-mail as Resolved.Jun 23 2020, 8:53 AM
Bstorm reopened subtask T175964: Set up mail rate limiting for tools-mail as Open.Jun 23 2020, 3:18 PM
aborrero closed subtask T175964: Set up mail rate limiting for tools-mail as Resolved.Jun 24 2020, 12:06 PM
aborrero closed subtask T120225: Toolforge: correctly envelope forwarded email as Resolved.Jun 25 2020, 1:10 PM
Naypta added a subtask: T256806: Mailserver TLS is broken, root certificates are not present for sent intermediate certificates.Jun 30 2020, 8:14 PM
aborrero closed subtask T256806: Mailserver TLS is broken, root certificates are not present for sent intermediate certificates as Resolved.Jul 1 2020, 9:26 AM
aborrero closed subtask T256737: Toolforge email: proper prometheus integration as Resolved.Jul 1 2020, 11:17 AM
aborrero removed aborrero as the assignee of this task.Jul 2 2020, 11:51 AM
aborrero moved this task from Soon! to Epics on the cloud-services-team (Kanban) board.
aborrero closed subtask T249114: E-mails from noreply@pypi.org to tools.pywikibot@tools.wmflabs.org are not forwarded to certain recipients due to SPF as Resolved.
aborrero closed subtask T120210: tools-mail: check SPF of sender before forwarding email as Resolved.
aborrero subscribed.
Nintendofan885 subscribed.Jul 24 2020, 8:46 AM
Aklapper closed subtask T235401: Emails from discourse-mediawiki.wmflabs.org softfail SPF as Declined.Sep 8 2020, 1:17 PM
AntiCompositeNumber subscribed.Oct 6 2021, 3:45 PM
Stang subscribed.Jul 19 2022, 8:03 PM
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:45 PM
fnegri moved this task from Kanban to Epics on the cloud-services-team board.
gerritbot added a comment.Jul 4 2023, 8:47 AM

Change 935380 had a related patch set uploaded (by Majavah; author: Majavah):

[labs/private@master] Add fake WMCS DKIM keys

https://gerrit.wikimedia.org/r/935380

gerritbot added a project: Patch-For-Review.Jul 4 2023, 8:47 AM
gerritbot added a comment.Jul 4 2023, 9:35 AM

Change 935385 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge: mail: DKIM sign outgoing mail

https://gerrit.wikimedia.org/r/935385

gerritbot added a comment.Jul 4 2023, 9:38 AM

Change 935380 merged by Arturo Borrero Gonzalez:

[labs/private@master] Add fake WMCS DKIM keys

https://gerrit.wikimedia.org/r/935380

gerritbot added a comment.Jul 4 2023, 9:40 AM

Change 935385 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] P:toolforge: mail: DKIM sign outgoing mail

https://gerrit.wikimedia.org/r/935385

taavi mentioned this in rLPRI6d7747367910: Add fake WMCS DKIM keys.Jul 4 2023, 10:09 AM
Maintenance_bot removed a project: Patch-For-Review.Jul 4 2023, 10:10 AM
taavi closed subtask T208281: Set up SPF, DKIM, etc. for new cloud MX servers as Resolved.Jul 4 2023, 1:19 PM
taavi closed this task as Resolved.Jul 4 2023, 1:30 PM
taavi claimed this task.
taavi subscribed.

Boldly closing. Please create separate tasks in Cloud-VPS or Toolforge for new issues.

Stang unsubscribed.Jul 7 2023, 10:33 PM
bd808 mentioned this in T347512: Some emails from The Wikipedia Library aren't being received as expected.Dec 6 2023, 6:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits