I followed the instruction from
https://pagure.io/fedora-infrastructure/issue/8455#comment-913675, but this is
my first time I actually doing anything in postfix configuration, so I'm not
sure if everything I did is correct.
The SMTP port on the machine seems to be open according to group_vars for the
mailman_stg.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
I'm pushing this during freeze as it's required to avoid an outage of
our logs. For some reason we hit a large backlog and log01 rsyslog
stopped logging. Bumping this up seems to have fixed it.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This map wasn't there, causing bastion02 to basically reject emails.
So, instead just comment it out because we aren't using it anyhow.
We are luckly bastion01's postfix hasn't been restarted and breaking it
there.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
RHEL turned off chunking in postfix for various reasons. This causes a
lot of logs from spam and other servers. Turning off logging this as
it is not supported.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
This host needs to have it's own self signed certs and needs some more
config to allow the auth and allow authenticated users to relay.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We need this to try and relay in emails.
It turns out to be bordering on impossible to do this sanely with our
current setup, so make a fedora vm that lets us use saslauthdb to have a
specific (small) list of users that can authenticate and relay emails
via bastion and out. We can't do this on rhel, because they don't build
the saslauthdb backend. We can't use any of the other backends because
they either don't work or would allow any fedora user to relay, which we
do not want.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is a hack to work around SPF screwing us for @fedoraproject.org
aliases. It only fixes email from @redhat.com, but due to bugzilla thats
a lot of email.
Without this:
bugzilla@redhat.com -> user@fedoraproject.org (expands) ->
user@gmail.com sent out directly to gmail and gets rejected because
we aren't in the redhat.com SPF record.
With this:
bugzilla@redhat.com -> user@fedoraproject.org (expands) ->
user@gmail.com but sent to mx2.redhat.com to deliver. Since
mx2.redhat.com definitely is in the redhat.com SPF record the email is
delivered fine and SPF checks pass.
This won't help for other domains with -all SPF records, but at least it
helps for all the redhat.com emails, of which there are a lot going to
fedoraproject.org aliases. :)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Something is broken with smtp_tls_connection_reuse = yes, so disable it
for now. Also, setup a tls_policy map file and tell it to not use tls
for mx2.redhat.com. The normal smtp connection reuse works just fine, so
this will keep mail flowing until we can one day figure out why tls
connection reuse is busted.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We fixed the config in a PR from aheath1992 for most of the machines,
but we need to fix vpn (proxies in particular) and releng boxes now.
Also, while we are here, lets drop the phx2 file since it's not used
anymore.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Without this it wasn't caching tls connections and was going over the
small limit redhat.com mx had. Hopefully this gets mail flowing again.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
