Bug 29514

Summary: Enable receiving mails over a secure TLS connection for our mailing lists
Product: Infrastructure Reporter: Marja Van Waes <marja11>
Component: OthersAssignee: Sysadmin Team <sysadmin-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: dan, sysadmin-bugs
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Marja Van Waes 2021-10-01 22:30:26 CEST 
The first mail that I sent to one of our mailing lists with my new e-mail account, bounced with:

Reporting-MTA: dns; outbound.soverin.net
X-Postfix-Queue-ID: D30316020C
X-Postfix-Sender: rfc822; marja11@xxxxxxx.nl
Arrival-Date: Fri,  1 Oct 2021 19:56:12 +0000 (UTC)

Final-Recipient: rfc822; discuss@ml.mageia.org
Original-Recipient: rfc822;discuss@ml.mageia.org
Action: failed
Status: 5.7.4
Diagnostic-Code: X-Postfix; TLS is required, but was not offered by host
    neru.mageia.org[163.172.148.228]


I already turned that requirement off for my new mail account. However, filing this enhancement request anyway, because it would be nice to have and because likely more e-mail providers will start requiring this by default.
Comment 1 Mageia Robot 2024-02-09 18:59:03 CET 
commit ef8883f73a36ead4c26a42b413baa913c008cfa6
Author: Dan Fandrich <danf@...>
Date:   Fri Feb 9 00:53:52 2024 -0800

    Create a self-signed certificate for incoming mail (mga#29514)
    
    This still needs to be enabled once it's checked.
---
 Commit Link:
   https://gitweb.mageia.org/infrastructure/puppet/commit/?id=ef8883f73a36ead4c26a42b413baa913c008cfa6
Comment 2 Mageia Robot 2024-02-09 19:41:25 CET 
commit f64014e2a3c2431211dda1f6bf9f28eaf56c4536
Author: Dan Fandrich <danf@...>
Date:   Fri Feb 9 10:36:06 2024 -0800

    Enable opportunistic TLS when receiving mail (mga#29514)
---
 Commit Link:
   https://gitweb.mageia.org/infrastructure/puppet/commit/?id=f64014e2a3c2431211dda1f6bf9f28eaf56c4536
Comment 3 Dan Fandrich 2024-02-09 20:21:58 CET 
This is now done. All mails to and from Mageia mail servers now have opportunistic TLS available. The certificate used for incoming mail is self-signed, but that doesn't seem to be an issue in the current Internet.

CC: (none) => dan
Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 Marja Van Waes 2024-02-10 22:49:57 CET 
Thanks, Dan :-)