tickets #20794
closed
get rid of the shuttle net address on baloo
Added by tampakrap almost 7 years ago.
Updated over 5 years ago.
Description
We need to get rid of the shuttle net address on baloo (High priority). Right now it is used so that mails get forwarded from mx{1,2}.suse.de to relay.suse.de to baloo, as the realy server does the spam filtering. So steps are:
1) install spam filtering on baloo
2) adjust baloo's smtp server to listen to the public address
3) adjust baloo's firewall to accept only traffic from mx{1,2}.suse.de
4) redirect traffic from MX directly to baloo's public interface
- Private changed from Yes to No
tampakrap wrote:
We need to get rid of the shuttle net address on baloo (High priority). Right now it is
used so that mails get forwarded from mx{1,2}.suse.de to relay.suse.de to baloo, as
the realy server does the spam filtering. So steps are:
1) install spam filtering on baloo
The easiest way would be to make all lists by-subscription-only. Anything else is not a minor untertaking.
We could probably catch most with greylisting.
tampakrap wrote:
2) adjust baloo's smtp server to listen to the public address
3) adjust baloo's firewall to accept only traffic from mx{1,2}.suse.de
4) redirect traffic from MX directly to baloo's public interface
Moving baloo from being an internal to a fully public mailserver, will also require a thorough audit of the postfix setup on baloo.
I'm happy to do that, just FYI.
- Assignee changed from pjessen to tampakrap
2) adjust baloo's smtp server to listen to the public address
3) adjust baloo's firewall to accept only traffic from mx{1,2}.suse.de
For now, on baloo I have added a client restriction (reject_warning for now) to only accept:
127
149.44.160.133
149.44.160.134
195.135.220.2
195.135.220.15
I have added lists5.opensuse.org(195.135.221.153) for listening on port 25.
That should enable you to stop using the shuttle address.
Theo, when you're ready, you can try redirecting some mailing list traffict from mx{1,2} directly to lists5.opensuse.org.
- Assignee changed from tampakrap to pjessen
@Per, I am pretty sure we send traffic directly to lists5.opensuse.org now. Can you please double check? If so, then please shut down the shuttle net address as well.
Yep, looks like mails are being only delivered in by "charybdis-ext.suse.de", 195.135.221.2.
I have downed eth2, 149.44.161.55, and disabled the config.
- Status changed from New to In Progress
pjessen wrote:
Yep, looks like mails are being only delivered in by "charybdis-ext.suse.de", 195.135.221.2.
I have downed eth2, 149.44.161.55, and disabled the config.
Unfortunately I did not restart postfix, so when baloo was rebooted on 28/12, it meant postfix couldn't start, missing address.
I have updated the config and started up postfix.
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Mails are being delivered, but it will take a little while for those addreses with rate limiting (yahoo, gmx, web.de etc).
Also available in: Atom
PDF