This is a hack to work around SPF screwing us for @fedoraproject.org
aliases. It only fixes email from @redhat.com, but due to bugzilla thats
a lot of email.
Without this:
bugzilla@redhat.com -> user@fedoraproject.org (expands) ->
user@gmail.com sent out directly to gmail and gets rejected because
we aren't in the redhat.com SPF record.
With this:
bugzilla@redhat.com -> user@fedoraproject.org (expands) ->
user@gmail.com but sent to mx2.redhat.com to deliver. Since
mx2.redhat.com definitely is in the redhat.com SPF record the email is
delivered fine and SPF checks pass.
This won't help for other domains with -all SPF records, but at least it
helps for all the redhat.com emails, of which there are a lot going to
fedoraproject.org aliases. :)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Something is broken with smtp_tls_connection_reuse = yes, so disable it
for now. Also, setup a tls_policy map file and tell it to not use tls
for mx2.redhat.com. The normal smtp connection reuse works just fine, so
this will keep mail flowing until we can one day figure out why tls
connection reuse is busted.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We fixed the config in a PR from aheath1992 for most of the machines,
but we need to fix vpn (proxies in particular) and releng boxes now.
Also, while we are here, lets drop the phx2 file since it's not used
anymore.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Without this it wasn't caching tls connections and was going over the
small limit redhat.com mx had. Hopefully this gets mail flowing again.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
So, without this tlsproxy wasn't working and no connection reuse was
happening. With it, it seems to be processing away nicely and reusing
connections.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Recently, redhat.com changed internal MX servers. The new servers are
have rate limits on incoming emails from one ip and admins there don't
want to add a bunch of exceptions, so we need to adjust our end to not
flood connections to them. Currently, connections burst up to 100 (the
smtp postfix default) which goes over their limits and causes the
internal MX to reject emails from us for a while.
So, this change:
* Adds some domains to fast_flush. This allows us to use postqueue -s
domain to flush emails to a particular domain.
* Changes the smtp limit to 40. This is under the redhat.com limit.
* Has ansible actually install the master.cf.gateway on bastion servers.
Currently they were using the stock/default one.
* Enables the tlsproxy service, which is actually needed to get that tls
reuse working.
After these changes, we keep few connections to the redhat.com mx open,
but we reuse them and send more emails over existing connections. No
'too many connection emails' have happened since the changes.
The queue slowly seems to be processing down.
Since this was causing an outage of email, I have already applied these
things to bastion01, but I'd like to make sure we match up to whats in
ansible.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now we are hitting redhat.com mx server connection limits.
This might be because we are starting too many new connections at once.
Enabling this should reduce the new connections by reusing existing
ones.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Since we no longer have any machines in phx2, I have tried to remove
them from ansible. Note that there are still some places where we need
to remove them still: nagios, dhcp, named were not touched, and in cases
where it wasn't pretty clear what a conditional was doing I left it to
be cleaned up later.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I removed all the old files, inventory, playbooks, roles and other from
services we no longer run or use. There was a bunch of cruft in there
and I hope that will make the repo cleaner and easier to look for things
we actually do run and care about.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Follow-up on:
commit a11e1da4b435928c8895259e12ea1bf895860cb4
Author: Kevin Fenzi <kevin@scrye.com>
Date: Thu Feb 20 17:09:00 2020 +0000
lists-dev: farewell
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
commit dd3bf3b50d
Author: Kevin Fenzi <kevin@scrye.com>
Date: Fri May 20 18:09:20 2016 +0000
Drop collab03 and hosted-lists01 (everything is going to mailman01 now).
Drop hosted01 (we arent going to move hosted to rhel7)
Signed-off-by: Nils Philippsen <nils@redhat.com>
