Mailinglist Archive: opensuse-project (72 mails)

< Previous Next >
Re: [opensuse-project] Mail-Address sponsoring (was: Re: 2019-04-02 board meeting minutes)
Hello,

Am Sonntag, 21. April 2019, 17:56:29 CEST schrieb Lars Vogdt:
On Sun, 21 Apr 2019 12:33:21 +0200 Christian Boltz wrote:
...
To name a few things (note that this reflects my personal opinion
because we didn't discuss these details in the board or heroes yet)
- aliases will stay the default, the mailbox should be opt-in
(everything else would lead to "dead mailboxes" with
unread-forever
mails)

- Heinlein / mailbox.org should become the primary mail server for
opensuse.org (= DNS MX entry) because that would give us better
spam filtering/blocking (sorry to say that, but the spam filter on
mx*.suse.de is far from perfect)

Do you have some comparable numbers?
How much spam is detected in a better way by Heinlein than by
mx.suse.de?
Could it be that mx.suse.de is only tagging spam and not deleting it
because of legal rules?

Last time I asked (maybe a year ago), the answer was that mx.suse.de
only filters out viruses, but doesn't block spam (or maybe "tags" it,
but that's useless, especially for the @o.o aliases).

Regarding the legal rules - there is exactly one sane way: the
mailserver has to _reject_ mails at the front door (instead of accepting
and then maybe tagging them). Such a reject means the sending server can
(and has to) send a non-delivery notice to the sender. Most important:
the sending server stays responsible because mx.suse.de never accepted
the mail. (In case of a false positive, the sender can try to re-send
the mail or reach out in other ways, maybe even phone or fax if it's
about something really important.)

Once you accept a mail, you are legally "lost". The sender has a
confirmation that the mail was accepted, and of course you are not
allowed to delete it. The only remaining option is to deliver it to the
recipient. Tagging is possible, but typical users never look into their
spam folder, so tagging and moving to the spam folder is not too
different from deleting the mail. (Imagine what happens if an important
and urgent mail bitrots in the spam folder. The sender will happily show
you the mail log that says "250 accepted for delivery"...)


I never used mailbox.org myself (I have my own server), but I'm quite
sure Heinlein does reject spam mails.

...could it be that admin@o.o gets some special handling because of
some historic settings?

Some people on opensuse-de complained about spam relayed via their o.o
address recently, so I'd say it's unlikely that only admin@ lacks spam
protection.

- obviously, this also means Heinlein will need/get a list of all
@opensuse.org mail addresses and their alias target.

Why does this need to happen?

If I remember correctly, Heroes complaint about the complexity of the
openSUSE mail system already (because it is connected to the SUSE
development/testing mailsystem) - now you want to move it to another
company. How does this make things easier?

It won't change much regarding complexity, but we'd have a better mail
service (mailboxes, better spam filtering) for our members.

I would in turn recommend to start with the final separation of the
openSUSE infrastructure from SUSE:
1) setup/register your own offical DNS servers (as you have the
internal ones already, this should not be that complicated)
2) setup own MX server (you can clone the mx.suse.de ones, if you
like) 3) speak with MF-IT about the forums, blogs and authentication
stuff

=> each of these steps is independent. But with 1 & 2 the openSUSE
heroes would have the full flexibility to look at the Mailsystem or
any other new service in their timeframe and with their power.

I run a few mailservers, and know the work that needs to be done.
That also means I'm not too keen to run another one ;-)

1) probably isn't too hard, but still needs someone to do the work.
(Luckily we already have full control about what the nameservers
deliver, we "just" don't run the public nameservers ourself.)

3) is a _big_ can of worms. I'll be very happy when it is done, but also
know it won't be easy.

(In theory we could avoid giving them the alias targets, but that
would mean to a) not have their spam filter or b) to continue to

have the aliases on mx*.suse.de and relaying the mails over it or

c) setting up a mailserver in the openSUSE infrastructure that
does
the alias forwarding. I have to admit that I dislike all of these
options because they add an additional and IMHO superfluous step.)

Well, with aliases as default, mailing lists and administrative
accounts (like {post,web,mail}master@o.o, admin-auto@o.o, ...) and all
the different (sub-)domains (like opensuse.de for example), I'm
really not sure if your solution is really the more easy one to
implement.

I instead would vote for c, as my former comment already implied. And
I guess I'm not alone with these "independence" ambitions, if I read
the other mails in this thread.

In turn, I'm wondering how this matches: while some board members want
more independence from SUSE, you try to push an important
communication channel under a new umbrella - to a company that has
not much to do with openSUSE at all.

Independence doesn't necessarily mean not to depend on anybody (that's
probably impossible). IMHO spreading across multiple sponsors already is
better than having one "big" sponsor.

I do the same. But what happens if Heinlein get's aquired by another
company or Peer (yes: two 'e') steps back from his position?

In worst case, we have to find another sponsor for a mailserver, or to
setup an own server.

2) How many members currently complain about "missing mailboxes"
at all? (all that paperwork for just one member?)

I remember several people asked for real mailboxes and/or being able
to send mails using the o.o address and/or reported problems with
the
alias like SPF fun. (Sorry, no exact numbers. There's clearly more
than one, but I'm too lazy to go through the ticket archive to count
them ;-)

So let's wait for the amount of feedback to your request and wait with
further discussions until we reached a deadline (that you should
still define)?

The initial mail already mentioned oSC, so I'd say that will be the
deadline - but that shouldn't stop anybody from speaking up on the
mailinglist ;-)

4) Who will implement the needed scripts or do the manual work to
manage the members mailboxes?
(and does this lucky guy already know about this?)

Another "detail" we didn't discuss yet - but if needed, I'm willing
to help with it. Having better spam blocking (in my case I'm
especially interested in admin@o.o) is more than worth it, and more
fun than deleting ticket spam all the time ;-)

What I take from this: From your point of view, the main reason to
move all member Email accounts (as this is what you told earlier with
"Heinlein will manage the aliases) to Heinlein is a better spam
filtering for one Email address named admin@o.o. Right?

That's the devil's advocate summary ;-) and at the same time my personal
motivation, probably shared by all Heroes who have to delete several
spam tickets a day. (Since I run my own server, I don't care too much
about having a mailbox ;-)

I also see the benefit for several members because they'll get real
mailboxes and can finally send mails using their @o.o address.

Trying to summarize

Benefits when moving from SUSE to Heinlein:
* better spam tagging, done by Heinlein who get all @o.o Emails

s/tagging/rejecting/, see above

* possibility to sent with an <alias>@o.o Email address
* openSUSE could blame Heinlein if something is broken
* Heinlein could blame the Heroes if something is broken (heya: ping
pong)

;-)

Benefits when providing an own MX:
* spam tagging can be done with openSUSE packages on openSUSE machines

and again - s/tagging/rejecting/

* everything else can be done with openSUSE packages on openSUSE
machines (someone might even create some docu around it?)
* members could be able to use their account data to sent with
<alias>@o.o via the new MX after authentication
* openSUSE could only blame the overloaded Heroes (or packagers) if
something is broken

;-)

In any of the two options, the current setup (including connect.o.o)
needs to be adjusted.

Right.

[1] I know you - and wonder if I should say "being devil's advocate"
instead ;-)

I hope I did my job right with my answers above ;-))

Yes ;-)


Regards,

Christian Boltz
--
Ich sehe schon, die meiste manpower des Projektes fließt derzeit in die
Gestaltung der "--help"-Option. Ich glaube, wir greifen den Vorschlag
von Christian auf und richten mehrere Hilfsseiten ein. Gleicher Inhalt,
andere Formatierung. :-))) [Ratti in fontlinge-devel]



--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups