On Fri, 13 May 2016 12:41:36 +0200 Aurelien Bompard <abompard@xxxxxxxxxxxxxxxxx> wrote: > Hey there, > > Quick update on the Mailman3 migration. I have now migrated all lists > to the new mailman01 server (including fedorahosted lists). I've also > migrated the SpamAssassin configuration and database and it seems to > be working fine. Great. ;) > I had to make a small tweak to the postfix configuration though, and > even if I don't think it opens a vulnerability in any way I'm > pointing you to it: I've opened the submission port (587/tcp) on the > loopback address only, with a bypass of the SpamAssassin check. The > reason for that is that Mailman 3 now sends emails to Postfix as an > SMTP client, and with the previous configuration all outgoing emails > from Mailman were scanned, which made no sense and caused a huge load > on the server. I had two options: 1. Set Postfix to listen on > localhost:smtp without the spam checking and on its external IP with > the spam checking, but this means hardcoding the server's external IP > in Postfix' master.cfg file 2. Add another port for Postfix's SMTP > daemon witout the SpamAssassin content filter, but keep it on > localhost only for security > > I chose the latter because I felt that harcoding the IP was a worse > solution, but since we're using Ansible it may not matter. If you > prefer the first solution I can totally make the change. I think thats fine. For some reason this change is pending on all machines tho, need to sort out why it's not mailman/smtp-mm only. > My next step is to download the old HTML archives and make them > available on mailman01 through Apache to preserve existing URLs in > the wild. Do we have enough space for that? > Then I think we'll finally be able to take the former servers out of > the loop. Excellent! kevin
Attachment:
pgpS5cuISVeiN.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
