Hey there,
Quick update on the Mailman3 migration. I have now migrated all lists to the new mailman01 server (including fedorahosted lists). I've also migrated the SpamAssassin configuration and database and it seems to be working fine.
I had to make a small tweak to the postfix configuration though, and even if I don't think it opens a vulnerability in any way I'm pointing you to it: I've opened the submission port (587/tcp) on the loopback address only, with a bypass of the SpamAssassin check. The reason for that is that Mailman 3 now sends emails to Postfix as an SMTP client, and with the previous configuration all outgoing emails from Mailman were scanned, which made no sense and caused a huge load on the server. I had two options:
1. Set Postfix to listen on localhost:smtp without the spam checking and on its external IP with the spam checking, but this means hardcoding the server's external IP in Postfix' master.cfg file
2. Add another port for Postfix's SMTP daemon witout the SpamAssassin content filter, but keep it on localhost only for security
I chose the latter because I felt that harcoding the IP was a worse solution, but since we're using Ansible it may not matter. If you prefer the first solution I can totally make the change.
My next step is to download the old HTML archives and make them available on mailman01 through Apache to preserve existing URLs in the wild.
Then I think we'll finally be able to take the former servers out of the loop.
Aurélien
Quick update on the Mailman3 migration. I have now migrated all lists to the new mailman01 server (including fedorahosted lists). I've also migrated the SpamAssassin configuration and database and it seems to be working fine.
I had to make a small tweak to the postfix configuration though, and even if I don't think it opens a vulnerability in any way I'm pointing you to it: I've opened the submission port (587/tcp) on the loopback address only, with a bypass of the SpamAssassin check. The reason for that is that Mailman 3 now sends emails to Postfix as an SMTP client, and with the previous configuration all outgoing emails from Mailman were scanned, which made no sense and caused a huge load on the server. I had two options:
1. Set Postfix to listen on localhost:smtp without the spam checking and on its external IP with the spam checking, but this means hardcoding the server's external IP in Postfix' master.cfg file
2. Add another port for Postfix's SMTP daemon witout the SpamAssassin content filter, but keep it on localhost only for security
I chose the latter because I felt that harcoding the IP was a worse solution, but since we're using Ansible it may not matter. If you prefer the first solution I can totally make the change.
My next step is to download the old HTML archives and make them available on mailman01 through Apache to preserve existing URLs in the wild.
Then I think we'll finally be able to take the former servers out of the loop.
Aurélien
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx