Entries tagged [email]

Thursday September 25, 2014

Committers mail relay service

For a very long time now we have allowed committers to send email from their @apache.org email address from any host.  10 years ago this was less of an issue than it is today.  In the current world of mass spam and junk flying around, mail server providers are trying to find better ways to implement a sense of safety from this for their users.  One such method is SPF [1]. These methodologies check that incoming email actually originated via a valid mail server for the senders domain. 

For example if you send from myuserid@apache.org, but you just send that via your ISP at home, it could be construed as being junk as it never came via an apache.org mail server.  Some time ago we setup a service on people.apache.org to cater for this, but it was never enforced and it seems that the SMTP daemon running the service is not 100% RFC compliant and thus some people have been unable to use this service.

As of today, we have stood up a new service on host mail-relay.apache.org that will allow committers to send their apache.org emails via a daemon that is RFC compliant and uses your LDAP credentials. You can read here [2] what settings you will need to be able to use this service. 

On Friday October 10th, at 13:00 UTC the old service on people.apache.org will be terminated, and the updates to the DNS to enforce sending of all apache.org email to have originated via an ASF mail server will be enabled. This means that as of this time if you do not send your apache.org email via mail-relay it is very likely that the mail will not reach it's destination.  

When we say 'send your apache.org email'  - we mean that when you send *from* your userid@apache.org email.   Emails sent *to* any apache.org email address will not affected by this. 

[1] - http://en.wikipedia.org/wiki/Sender_Policy_Framework

[2] - https://reference.apache.org/committer/email#sendingemailfromyourapacheorgemailaddress

Sunday June 15, 2014

Email from apache.org committer accounts bypasses moderation!

Good news!   We've finally laid the necessary groundwork to extend the bypassing of committer emails sent from their apache.org addresses, from commit lists to now all Apache mailing lists.  This feature was activated earlier today and represents a significant benefit for cross-collaboration between Apache mailing lists for committers, relieving moderators of needless burden.

Also we'd like to remind you of the SSL-enabled SMTP submission service we offer committers listening on people.apache.org port 465.  Gmail users in particular can enjoy a convenient way of sending email, to any recipient even outside apache.org, using their apache.org committer address.  For more on that please see our website's documentation.

To complement these features we'd also like to remind committers of the ability to request an "owner file" be added to their email forwarder by filing an appropriate INFRA jira ticket.  Owner files alleviate most of the problems associated with outside organizations, who may be running strict SPF policies, attempting to reach you at your apache.org address.  Without an owner file those messages will typically bounce back to those organizations instead of successfully reaching you at your target forwarding address.  For those familiar with SRS, this is a poor-man's version of that specification's feature set.  Please direct your detailed questions about owner files to the infrastructure-dev@apache.org mailing list.

NOTE: we've extended this bypass feature to include any committer email addresses listed in their personal LDAP record with Apache.

Thursday February 24, 2011

Changes to email service for all committers

In the near future the Infrastructure team will be implementing a change to the way we handle emails for all committers.

Historically we have allowed users to choose how to handle their apache.org email. However we will be making the following changes:

  1. Making LDAP authoritative for all mail forwarding addresses.
  2. Users will no longer be allowed to store their apache.org email locally on people.apache.org (minotaur)
  3. The Infra team will take the mail address currently held in either your .qmail or .forward file (.qmail is authoritative if they both exist) and inject this into LDAP
  4. We will no longer allow users to configure mail filtering, but you can configure your SpamAssassin threshold as per our recent blog post.
  5. We will make committers ~/.forward and ~/.qmail files read-only, there will still be at least one of these files, but it will be owned by the mail daemon user.

This means that all committers will be required to forward their apache.org email to an email address outside of the foundation.

We are doing this to simplify the email infrastructure, and to help reduce the current level of complexity of maintaining people.apache.org. Also, making LDAP authoritative means we can move some of the work straight out to the MXs, and thus avoid sending it through several mail servers. In the new architecture if someone emails you directly at your apache.org mail address it will only be handled by one apache.org MX.

Of course, we wont delete any email you currently have on people.apache.org. Should you want to edit your LDAP record you should use https://id.apache.org to do this.

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation