Hello, Am Sonntag, 21. April 2019, 17:56:29 CEST schrieb Lars Vogdt:
On Sun, 21 Apr 2019 12:33:21 +0200 Christian Boltz wrote: ...
To name a few things (note that this reflects my personal opinion because we didn't discuss these details in the board or heroes yet) - aliases will stay the default, the mailbox should be opt-in (everything else would lead to "dead mailboxes" with unread-forever mails)
- Heinlein / mailbox.org should become the primary mail server for opensuse.org (= DNS MX entry) because that would give us better spam filtering/blocking (sorry to say that, but the spam filter on mx*.suse.de is far from perfect)
Do you have some comparable numbers? How much spam is detected in a better way by Heinlein than by mx.suse.de? Could it be that mx.suse.de is only tagging spam and not deleting it because of legal rules?
Last time I asked (maybe a year ago), the answer was that mx.suse.de only filters out viruses, but doesn't block spam (or maybe "tags" it, but that's useless, especially for the @o.o aliases). Regarding the legal rules - there is exactly one sane way: the mailserver has to _reject_ mails at the front door (instead of accepting and then maybe tagging them). Such a reject means the sending server can (and has to) send a non-delivery notice to the sender. Most important: the sending server stays responsible because mx.suse.de never accepted the mail. (In case of a false positive, the sender can try to re-send the mail or reach out in other ways, maybe even phone or fax if it's about something really important.) Once you accept a mail, you are legally "lost". The sender has a confirmation that the mail was accepted, and of course you are not allowed to delete it. The only remaining option is to deliver it to the recipient. Tagging is possible, but typical users never look into their spam folder, so tagging and moving to the spam folder is not too different from deleting the mail. (Imagine what happens if an important and urgent mail bitrots in the spam folder. The sender will happily show you the mail log that says "250 accepted for delivery"...) I never used mailbox.org myself (I have my own server), but I'm quite sure Heinlein does reject spam mails.
...could it be that admin@o.o gets some special handling because of some historic settings?
Some people on opensuse-de complained about spam relayed via their o.o address recently, so I'd say it's unlikely that only admin@ lacks spam protection.
- obviously, this also means Heinlein will need/get a list of all @opensuse.org mail addresses and their alias target.
Why does this need to happen?
If I remember correctly, Heroes complaint about the complexity of the openSUSE mail system already (because it is connected to the SUSE development/testing mailsystem) - now you want to move it to another company. How does this make things easier?
It won't change much regarding complexity, but we'd have a better mail service (mailboxes, better spam filtering) for our members.
I would in turn recommend to start with the final separation of the openSUSE infrastructure from SUSE: 1) setup/register your own offical DNS servers (as you have the internal ones already, this should not be that complicated) 2) setup own MX server (you can clone the mx.suse.de ones, if you like) 3) speak with MF-IT about the forums, blogs and authentication stuff
=> each of these steps is independent. But with 1 & 2 the openSUSE heroes would have the full flexibility to look at the Mailsystem or any other new service in their timeframe and with their power.
I run a few mailservers, and know the work that needs to be done. That also means I'm not too keen to run another one ;-) 1) probably isn't too hard, but still needs someone to do the work. (Luckily we already have full control about what the nameservers deliver, we "just" don't run the public nameservers ourself.) 3) is a _big_ can of worms. I'll be very happy when it is done, but also know it won't be easy.
(In theory we could avoid giving them the alias targets, but that would mean to a) not have their spam filter or b) to continue to
have the aliases on mx*.suse.de and relaying the mails over it or
c) setting up a mailserver in the openSUSE infrastructure that does the alias forwarding. I have to admit that I dislike all of these options because they add an additional and IMHO superfluous step.)
Well, with aliases as default, mailing lists and administrative accounts (like {post,web,mail}master@o.o, admin-auto@o.o, ...) and all the different (sub-)domains (like opensuse.de for example), I'm really not sure if your solution is really the more easy one to implement.
I instead would vote for c, as my former comment already implied. And I guess I'm not alone with these "independence" ambitions, if I read the other mails in this thread.
In turn, I'm wondering how this matches: while some board members want more independence from SUSE, you try to push an important communication channel under a new umbrella - to a company that has not much to do with openSUSE at all.
Independence doesn't necessarily mean not to depend on anybody (that's probably impossible). IMHO spreading across multiple sponsors already is better than having one "big" sponsor.
I do the same. But what happens if Heinlein get's aquired by another company or Peer (yes: two 'e') steps back from his position?
In worst case, we have to find another sponsor for a mailserver, or to setup an own server.
2) How many members currently complain about "missing mailboxes" at all? (all that paperwork for just one member?)
I remember several people asked for real mailboxes and/or being able to send mails using the o.o address and/or reported problems with the alias like SPF fun. (Sorry, no exact numbers. There's clearly more than one, but I'm too lazy to go through the ticket archive to count them ;-)
So let's wait for the amount of feedback to your request and wait with further discussions until we reached a deadline (that you should still define)?
The initial mail already mentioned oSC, so I'd say that will be the deadline - but that shouldn't stop anybody from speaking up on the mailinglist ;-)
4) Who will implement the needed scripts or do the manual work to manage the members mailboxes? (and does this lucky guy already know about this?)
Another "detail" we didn't discuss yet - but if needed, I'm willing to help with it. Having better spam blocking (in my case I'm especially interested in admin@o.o) is more than worth it, and more fun than deleting ticket spam all the time ;-)
What I take from this: From your point of view, the main reason to move all member Email accounts (as this is what you told earlier with "Heinlein will manage the aliases) to Heinlein is a better spam filtering for one Email address named admin@o.o. Right?
That's the devil's advocate summary ;-) and at the same time my personal motivation, probably shared by all Heroes who have to delete several spam tickets a day. (Since I run my own server, I don't care too much about having a mailbox ;-) I also see the benefit for several members because they'll get real mailboxes and can finally send mails using their @o.o address.
Trying to summarize
Benefits when moving from SUSE to Heinlein: * better spam tagging, done by Heinlein who get all @o.o Emails
s/tagging/rejecting/, see above
* possibility to sent with an <alias>@o.o Email address * openSUSE could blame Heinlein if something is broken * Heinlein could blame the Heroes if something is broken (heya: ping pong)
;-)
Benefits when providing an own MX: * spam tagging can be done with openSUSE packages on openSUSE machines
and again - s/tagging/rejecting/
* everything else can be done with openSUSE packages on openSUSE machines (someone might even create some docu around it?) * members could be able to use their account data to sent with <alias>@o.o via the new MX after authentication * openSUSE could only blame the overloaded Heroes (or packagers) if something is broken
;-)
In any of the two options, the current setup (including connect.o.o) needs to be adjusted.
Right.
[1] I know you - and wonder if I should say "being devil's advocate" instead ;-)
I hope I did my job right with my answers above ;-))
Yes ;-) Regards, Christian Boltz -- Ich sehe schon, die meiste manpower des Projektes fließt derzeit in die Gestaltung der "--help"-Option. Ich glaube, wir greifen den Vorschlag von Christian auf und richten mehrere Hilfsseiten ein. Gleicher Inhalt, andere Formatierung. :-))) [Ratti in fontlinge-devel] -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org