tickets #20794
closedget rid of the shuttle net address on baloo
100%
Description
We need to get rid of the shuttle net address on baloo (High priority). Right now it is used so that mails get forwarded from mx{1,2}.suse.de to relay.suse.de to baloo, as the realy server does the spam filtering. So steps are:
1) install spam filtering on baloo
2) adjust baloo's smtp server to listen to the public address
3) adjust baloo's firewall to accept only traffic from mx{1,2}.suse.de
4) redirect traffic from MX directly to baloo's public interface
Updated by pjessen over 6 years ago
- Private changed from Yes to No
tampakrap wrote:
We need to get rid of the shuttle net address on baloo (High priority). Right now it is
used so that mails get forwarded from mx{1,2}.suse.de to relay.suse.de to baloo, as
the realy server does the spam filtering. So steps are:1) install spam filtering on baloo
The easiest way would be to make all lists by-subscription-only. Anything else is not a minor untertaking.
We could probably catch most with greylisting.
Updated by pjessen over 6 years ago
tampakrap wrote:
2) adjust baloo's smtp server to listen to the public address
3) adjust baloo's firewall to accept only traffic from mx{1,2}.suse.de
4) redirect traffic from MX directly to baloo's public interface
Moving baloo from being an internal to a fully public mailserver, will also require a thorough audit of the postfix setup on baloo.
I'm happy to do that, just FYI.
Updated by pjessen over 6 years ago
- Assignee changed from pjessen to tampakrap
2) adjust baloo's smtp server to listen to the public address
3) adjust baloo's firewall to accept only traffic from mx{1,2}.suse.de
For now, on baloo I have added a client restriction (reject_warning for now) to only accept:
127
149.44.160.133
149.44.160.134
195.135.220.2
195.135.220.15
I have added lists5.opensuse.org(195.135.221.153) for listening on port 25.
That should enable you to stop using the shuttle address.
Updated by pjessen over 6 years ago
Theo, when you're ready, you can try redirecting some mailing list traffict from mx{1,2} directly to lists5.opensuse.org.
Updated by tampakrap over 5 years ago
- Assignee changed from tampakrap to pjessen
@Per, I am pretty sure we send traffic directly to lists5.opensuse.org now. Can you please double check? If so, then please shut down the shuttle net address as well.
Updated by pjessen over 5 years ago
Yep, looks like mails are being only delivered in by "charybdis-ext.suse.de", 195.135.221.2.
I have downed eth2, 149.44.161.55, and disabled the config.
Updated by pjessen over 5 years ago
- Status changed from New to In Progress
pjessen wrote:
Yep, looks like mails are being only delivered in by "charybdis-ext.suse.de", 195.135.221.2.
I have downed eth2, 149.44.161.55, and disabled the config.
Unfortunately I did not restart postfix, so when baloo was rebooted on 28/12, it meant postfix couldn't start, missing address.
I have updated the config and started up postfix.
Updated by pjessen over 5 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Mails are being delivered, but it will take a little while for those addreses with rate limiting (yahoo, gmx, web.de etc).