Upcoming change to mail infrastructure
Hi all, We've recently completed configuration of a new mail server which will be replacing the current system which handles kde.org mail. This system will be assuming responsibility for mailing lists as well as authenticated mail sending for those who require that service. To ensure a smooth transition however some changes may be needed on your side, especially if you are using our authenticated mail sending service. As part of the new system, we have configured updated filters which will begin enforcing DMARC policies for domains which have specified these, along with improved SPF verification. As a consequence, if you are forwarding mail from another provider to your kde.org or kdemail.net address, this may cease working following the transition. We recommend you configure these services to instead forward directly to your final mail provider should this impact on you. For those users of the authenticated mail service: please change your mail client to use the server "letterbox.kde.org" instead of the current server "postbox.kde.org". Additionally, if you are currently using port 588 to send mail, this should now be changed to the standard submission port, 587. As part of this setup we have also completely reworked our SpamAssassin setup. As a consequence of this, we are now looking for spam mail to begin training the filter to ensure it is ready to begin filtering the substantial mail volumes Postbox handles. Mailing list moderators whose lists receive significant quantities of spam are therefore requested to not discard this, and instead let us know so we can use the spam from your moderation queue to train the filter. Please note that we can grab the mail directly from the queue, so forwarding it elsewhere is not required. Once the filter has been sufficiently trained, we will commence the cutover and transfer handling of kde.org mail, including mailing lists, to the new system. Should anyone have any questions regarding this process, please let us know. Regards, Ben Cooksley KDE Sysadmin
Re: Upcoming change to mail infrastructure
On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: >> Hi all, >> >> We've recently completed configuration of a new mail server which will >> be replacing the current system which handles kde.org mail. This >> system will be assuming responsibility for mailing lists as well as >> authenticated mail sending for those who require that service. >> >> To ensure a smooth transition however some changes may be needed on >> your side, especially if you are using our authenticated mail sending >> service. >> >> As part of the new system, we have configured updated filters which >> will begin enforcing DMARC policies for domains which have specified >> these, along with improved SPF verification. As a consequence, if you >> are forwarding mail from another provider to your kde.org or >> kdemail.net address, this may cease working following the transition. >> We recommend you configure these services to instead forward directly >> to your final mail provider should this impact on you. >> >> For those users of the authenticated mail service: please change your >> mail client to use the server "letterbox.kde.org" instead of the >> current server "postbox.kde.org". Additionally, if you are currently >> using port 588 to send mail, this should now be changed to the >> standard submission port, 587. >> >> As part of this setup we have also completely reworked our >> SpamAssassin setup. As a consequence of this, we are now looking for >> spam mail to begin training the filter to ensure it is ready to begin >> filtering the substantial mail volumes Postbox handles. >> >> Mailing list moderators whose lists receive significant quantities of >> spam are therefore requested to not discard this, and instead let us >> know so we can use the spam from your moderation queue to train the >> filter. Please note that we can grab the mail directly from the queue, >> so forwarding it elsewhere is not required. >> >> Once the filter has been sufficiently trained, we will commence the >> cutover and transfer handling of kde.org mail, including mailing >> lists, to the new system. >> >> Should anyone have any questions regarding this process, please let us know. >> >> Regards, >> Ben Cooksley >> KDE Sysadmin > > When do you plan to finalise the transition and flip the switch? Once the Bayes filter has been sufficiently trained, which may take a few days depending on how much spam we collect. I've no other clearer timeline than that at this stage i'm afraid. > > Cheers > > Paul Regards, Ben > -- > Promotion & Communication > > www: http://kde.org > Mastodon: https://mastodon.technology/@kde > Facebook: https://www.facebook.com/kde/ > Twitter: https://twitter.com/kdecommunity >
Re: Upcoming change to mail infrastructure
On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: > Hi all, > > We've recently completed configuration of a new mail server which will > be replacing the current system which handles kde.org mail. This > system will be assuming responsibility for mailing lists as well as > authenticated mail sending for those who require that service. > > To ensure a smooth transition however some changes may be needed on > your side, especially if you are using our authenticated mail sending > service. > > As part of the new system, we have configured updated filters which > will begin enforcing DMARC policies for domains which have specified > these, along with improved SPF verification. As a consequence, if you > are forwarding mail from another provider to your kde.org or > kdemail.net address, this may cease working following the transition. > We recommend you configure these services to instead forward directly > to your final mail provider should this impact on you. > > For those users of the authenticated mail service: please change your > mail client to use the server "letterbox.kde.org" instead of the > current server "postbox.kde.org". Additionally, if you are currently > using port 588 to send mail, this should now be changed to the > standard submission port, 587. > > As part of this setup we have also completely reworked our > SpamAssassin setup. As a consequence of this, we are now looking for > spam mail to begin training the filter to ensure it is ready to begin > filtering the substantial mail volumes Postbox handles. > > Mailing list moderators whose lists receive significant quantities of > spam are therefore requested to not discard this, and instead let us > know so we can use the spam from your moderation queue to train the > filter. Please note that we can grab the mail directly from the queue, > so forwarding it elsewhere is not required. > > Once the filter has been sufficiently trained, we will commence the > cutover and transfer handling of kde.org mail, including mailing > lists, to the new system. > > Should anyone have any questions regarding this process, please let us know. > > Regards, > Ben Cooksley > KDE Sysadmin When do you plan to finalise the transition and flip the switch? Cheers Paul -- Promotion & Communication www: http://kde.org Mastodon: https://mastodon.technology/@kde Facebook: https://www.facebook.com/kde/ Twitter: https://twitter.com/kdecommunity signature.asc Description: This is a digitally signed message part.
Re: Upcoming change to mail infrastructure
On Tue, Jul 3, 2018 at 11:11 PM, Paul Brown wrote: > On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: >> On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: >> > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: >> >> Hi all, >> >> >> >> We've recently completed configuration of a new mail server which will >> >> be replacing the current system which handles kde.org mail. This >> >> system will be assuming responsibility for mailing lists as well as >> >> authenticated mail sending for those who require that service. >> >> >> >> To ensure a smooth transition however some changes may be needed on >> >> your side, especially if you are using our authenticated mail sending >> >> service. >> >> >> >> As part of the new system, we have configured updated filters which >> >> will begin enforcing DMARC policies for domains which have specified >> >> these, along with improved SPF verification. As a consequence, if you >> >> are forwarding mail from another provider to your kde.org or >> >> kdemail.net address, this may cease working following the transition. >> >> We recommend you configure these services to instead forward directly >> >> to your final mail provider should this impact on you. >> >> >> >> For those users of the authenticated mail service: please change your >> >> mail client to use the server "letterbox.kde.org" instead of the >> >> current server "postbox.kde.org". Additionally, if you are currently >> >> using port 588 to send mail, this should now be changed to the >> >> standard submission port, 587. >> >> >> >> As part of this setup we have also completely reworked our >> >> SpamAssassin setup. As a consequence of this, we are now looking for >> >> spam mail to begin training the filter to ensure it is ready to begin >> >> filtering the substantial mail volumes Postbox handles. >> >> >> >> Mailing list moderators whose lists receive significant quantities of >> >> spam are therefore requested to not discard this, and instead let us >> >> know so we can use the spam from your moderation queue to train the >> >> filter. Please note that we can grab the mail directly from the queue, >> >> so forwarding it elsewhere is not required. >> >> >> >> Once the filter has been sufficiently trained, we will commence the >> >> cutover and transfer handling of kde.org mail, including mailing >> >> lists, to the new system. >> >> >> >> Should anyone have any questions regarding this process, please let us >> >> know. >> >> >> >> Regards, >> >> Ben Cooksley >> >> KDE Sysadmin >> > >> > When do you plan to finalise the transition and flip the switch? >> >> Once the Bayes filter has been sufficiently trained, which may take a >> few days depending on how much spam we collect. >> I've no other clearer timeline than that at this stage i'm afraid. > > Sure. I ask so that, when you do, we know and can check things are working and > we are not left sitting around oblivious and wondering why everybody has > suddenly gone awfully quiet. > > To avoid this I suppose that, when you do know the exact time and date, you > will make it public, right? Yes, there will be a notification made when the changeover is done, and Letterbox (the new system) will be monitored extensively for the first hour or so to ensure everything is working as expected. Cheers, Ben > > Cheers > > Paul > -- > Promotion & Communication > > www: http://kde.org > Mastodon: https://mastodon.technology/@kde > Facebook: https://www.facebook.com/kde/ > Twitter: https://twitter.com/kdecommunity >
Re: Upcoming change to mail infrastructure
On Tue, Jul 3, 2018 at 11:25 PM, Paul Brown wrote: > On martes, 3 de julio de 2018 13:12:56 (CEST) Ben Cooksley wrote: >> On Tue, Jul 3, 2018 at 11:11 PM, Paul Brown wrote: >> > On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: >> >> On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: >> >> > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: >> >> >> Hi all, >> >> >> >> >> >> We've recently completed configuration of a new mail server which will >> >> >> be replacing the current system which handles kde.org mail. This >> >> >> system will be assuming responsibility for mailing lists as well as >> >> >> authenticated mail sending for those who require that service. >> >> >> >> >> >> To ensure a smooth transition however some changes may be needed on >> >> >> your side, especially if you are using our authenticated mail sending >> >> >> service. >> >> >> >> >> >> As part of the new system, we have configured updated filters which >> >> >> will begin enforcing DMARC policies for domains which have specified >> >> >> these, along with improved SPF verification. As a consequence, if you >> >> >> are forwarding mail from another provider to your kde.org or >> >> >> kdemail.net address, this may cease working following the transition. >> >> >> We recommend you configure these services to instead forward directly >> >> >> to your final mail provider should this impact on you. >> >> >> >> >> >> For those users of the authenticated mail service: please change your >> >> >> mail client to use the server "letterbox.kde.org" instead of the >> >> >> current server "postbox.kde.org". Additionally, if you are currently >> >> >> using port 588 to send mail, this should now be changed to the >> >> >> standard submission port, 587. >> >> >> >> >> >> As part of this setup we have also completely reworked our >> >> >> SpamAssassin setup. As a consequence of this, we are now looking for >> >> >> spam mail to begin training the filter to ensure it is ready to begin >> >> >> filtering the substantial mail volumes Postbox handles. >> >> >> >> >> >> Mailing list moderators whose lists receive significant quantities of >> >> >> spam are therefore requested to not discard this, and instead let us >> >> >> know so we can use the spam from your moderation queue to train the >> >> >> filter. Please note that we can grab the mail directly from the queue, >> >> >> so forwarding it elsewhere is not required. >> >> >> >> >> >> Once the filter has been sufficiently trained, we will commence the >> >> >> cutover and transfer handling of kde.org mail, including mailing >> >> >> lists, to the new system. >> >> >> >> >> >> Should anyone have any questions regarding this process, please let us >> >> >> know. >> >> >> >> >> >> Regards, >> >> >> Ben Cooksley >> >> >> KDE Sysadmin >> >> > >> >> > When do you plan to finalise the transition and flip the switch? >> >> >> >> Once the Bayes filter has been sufficiently trained, which may take a >> >> few days depending on how much spam we collect. >> >> I've no other clearer timeline than that at this stage i'm afraid. >> > >> > Sure. I ask so that, when you do, we know and can check things are working >> > and we are not left sitting around oblivious and wondering why everybody >> > has suddenly gone awfully quiet. >> > >> > To avoid this I suppose that, when you do know the exact time and date, >> > you >> > will make it public, right? >> >> Yes, there will be a notification made when the changeover is done, > > If you send a notification via email (how else?) and people on the other side > are not receiving email because something went wrong, how are they going to > know? > > Wouldn't it be better to send a message out, say, a couple of hours *BEFORE* > you change over and then flip the switch? Then users can test sending and > receiving when the time comes. All going well, you probably won't even notice the switch over. We've done these changeovers in the past, so i'm not too concerned about problems, as we'll be able to monitor them easily. Cheers, Ben > > Paul > >> and Letterbox (the new system) will be monitored extensively for the >> first hour or so to ensure everything is working as expected. >> >> Cheers, >> Ben >> >> > Cheers >> > >> > Paul >> > -- >> > Promotion & Communication >> > >> > www: http://kde.org >> > Mastodon: https://mastodon.technology/@kde >> > Facebook: https://www.facebook.com/kde/ >> > Twitter: https://twitter.com/kdecommunity > > > -- > Promotion & Communication > > www: http://kde.org > Mastodon: https://mastodon.technology/@kde > Facebook: https://www.facebook.com/kde/ > Twitter: https://twitter.com/kdecommunity >
Re: Upcoming change to mail infrastructure
On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: > On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: > > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: > >> Hi all, > >> > >> We've recently completed configuration of a new mail server which will > >> be replacing the current system which handles kde.org mail. This > >> system will be assuming responsibility for mailing lists as well as > >> authenticated mail sending for those who require that service. > >> > >> To ensure a smooth transition however some changes may be needed on > >> your side, especially if you are using our authenticated mail sending > >> service. > >> > >> As part of the new system, we have configured updated filters which > >> will begin enforcing DMARC policies for domains which have specified > >> these, along with improved SPF verification. As a consequence, if you > >> are forwarding mail from another provider to your kde.org or > >> kdemail.net address, this may cease working following the transition. > >> We recommend you configure these services to instead forward directly > >> to your final mail provider should this impact on you. > >> > >> For those users of the authenticated mail service: please change your > >> mail client to use the server "letterbox.kde.org" instead of the > >> current server "postbox.kde.org". Additionally, if you are currently > >> using port 588 to send mail, this should now be changed to the > >> standard submission port, 587. > >> > >> As part of this setup we have also completely reworked our > >> SpamAssassin setup. As a consequence of this, we are now looking for > >> spam mail to begin training the filter to ensure it is ready to begin > >> filtering the substantial mail volumes Postbox handles. > >> > >> Mailing list moderators whose lists receive significant quantities of > >> spam are therefore requested to not discard this, and instead let us > >> know so we can use the spam from your moderation queue to train the > >> filter. Please note that we can grab the mail directly from the queue, > >> so forwarding it elsewhere is not required. > >> > >> Once the filter has been sufficiently trained, we will commence the > >> cutover and transfer handling of kde.org mail, including mailing > >> lists, to the new system. > >> > >> Should anyone have any questions regarding this process, please let us > >> know. > >> > >> Regards, > >> Ben Cooksley > >> KDE Sysadmin > > > > When do you plan to finalise the transition and flip the switch? > > Once the Bayes filter has been sufficiently trained, which may take a > few days depending on how much spam we collect. > I've no other clearer timeline than that at this stage i'm afraid. Sure. I ask so that, when you do, we know and can check things are working and we are not left sitting around oblivious and wondering why everybody has suddenly gone awfully quiet. To avoid this I suppose that, when you do know the exact time and date, you will make it public, right? Cheers Paul -- Promotion & Communication www: http://kde.org Mastodon: https://mastodon.technology/@kde Facebook: https://www.facebook.com/kde/ Twitter: https://twitter.com/kdecommunity signature.asc Description: This is a digitally signed message part.
Re: Upcoming change to mail infrastructure
On martes, 3 de julio de 2018 13:12:56 (CEST) Ben Cooksley wrote: > On Tue, Jul 3, 2018 at 11:11 PM, Paul Brown wrote: > > On martes, 3 de julio de 2018 12:59:49 (CEST) Ben Cooksley wrote: > >> On Tue, Jul 3, 2018 at 10:44 PM, Paul Brown wrote: > >> > On martes, 3 de julio de 2018 12:29:41 (CEST) Ben Cooksley wrote: > >> >> Hi all, > >> >> > >> >> We've recently completed configuration of a new mail server which will > >> >> be replacing the current system which handles kde.org mail. This > >> >> system will be assuming responsibility for mailing lists as well as > >> >> authenticated mail sending for those who require that service. > >> >> > >> >> To ensure a smooth transition however some changes may be needed on > >> >> your side, especially if you are using our authenticated mail sending > >> >> service. > >> >> > >> >> As part of the new system, we have configured updated filters which > >> >> will begin enforcing DMARC policies for domains which have specified > >> >> these, along with improved SPF verification. As a consequence, if you > >> >> are forwarding mail from another provider to your kde.org or > >> >> kdemail.net address, this may cease working following the transition. > >> >> We recommend you configure these services to instead forward directly > >> >> to your final mail provider should this impact on you. > >> >> > >> >> For those users of the authenticated mail service: please change your > >> >> mail client to use the server "letterbox.kde.org" instead of the > >> >> current server "postbox.kde.org". Additionally, if you are currently > >> >> using port 588 to send mail, this should now be changed to the > >> >> standard submission port, 587. > >> >> > >> >> As part of this setup we have also completely reworked our > >> >> SpamAssassin setup. As a consequence of this, we are now looking for > >> >> spam mail to begin training the filter to ensure it is ready to begin > >> >> filtering the substantial mail volumes Postbox handles. > >> >> > >> >> Mailing list moderators whose lists receive significant quantities of > >> >> spam are therefore requested to not discard this, and instead let us > >> >> know so we can use the spam from your moderation queue to train the > >> >> filter. Please note that we can grab the mail directly from the queue, > >> >> so forwarding it elsewhere is not required. > >> >> > >> >> Once the filter has been sufficiently trained, we will commence the > >> >> cutover and transfer handling of kde.org mail, including mailing > >> >> lists, to the new system. > >> >> > >> >> Should anyone have any questions regarding this process, please let us > >> >> know. > >> >> > >> >> Regards, > >> >> Ben Cooksley > >> >> KDE Sysadmin > >> > > >> > When do you plan to finalise the transition and flip the switch? > >> > >> Once the Bayes filter has been sufficiently trained, which may take a > >> few days depending on how much spam we collect. > >> I've no other clearer timeline than that at this stage i'm afraid. > > > > Sure. I ask so that, when you do, we know and can check things are working > > and we are not left sitting around oblivious and wondering why everybody > > has suddenly gone awfully quiet. > > > > To avoid this I suppose that, when you do know the exact time and date, > > you > > will make it public, right? > > Yes, there will be a notification made when the changeover is done, If you send a notification via email (how else?) and people on the other side are not receiving email because something went wrong, how are they going to know? Wouldn't it be better to send a message out, say, a couple of hours *BEFORE* you change over and then flip the switch? Then users can test sending and receiving when the time comes. Paul > and Letterbox (the new system) will be monitored extensively for the > first hour or so to ensure everything is working as expected. > > Cheers, > Ben > > > Cheers > > > > Paul > > -- > > Promotion & Communication > > > > www: http://kde.org > > Mastodon: https://mastodon.technology/@kde > > Facebook: https://www.facebook.com/kde/ > > Twitter: https://twitter.com/kdecommunity -- Promotion & Communication www: http://kde.org Mastodon: https://mastodon.technology/@kde Facebook: https://www.facebook.com/kde/ Twitter: https://twitter.com/kdecommunity signature.asc Description: This is a digitally signed message part.
Re: Upcoming change to mail infrastructure
Am 03.07.2018 um 12:29 schrieb Ben Cooksley: > We've recently completed configuration of a new mail server which will > be replacing the current system which handles kde.org mail. This > system will be assuming responsibility for mailing lists as well as > authenticated mail sending for those who require that service. did you also notice and fix the long outstanding bugzilla SPF problems within your own infrastructure before make checks even sharper? https://bugs.kde.org/show_bug.cgi?id=392685 there are at leat *three* problems: * the notify mails have the envelope-sender of the reoprter * postbox.kde.org don't skip SPF checks from bluemchen.kde.org * the SPF can not match because bluemchen.kde.org is not in the reporters SPF * finally you send backscatter-bounces for each and every mail back to the reporter that the notify to the others was rejected by postbox.kde.org and so reports don't get attention * don't use reporters enevlope sender to begin with * don't SPF check inbound mail within the own infrastructure * don't backscatter to the innocent reporter : host postbox.kde.org[46.4.96.248] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41
