Feature #85501

streamline outgoing mail flow

Added by Andri Steiner 11 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Should have
Target version:
-
Start date:
2018-07-06
Due date:
2018-07-20
% Done:

100%


Description

  • [INFO] from time to time, we run into some problems related to the fact that the outgoing mailsystems name does not match the reverse dns record
  • [INFO] in a perfect world, all mails sent with a @typo3.org address should leave our infrastructure through our central mailserver, where we ensure that everything is in order, and, for example, add DKIM records to each mail
  • [TODO] reconfigure our outgoing mailrelay servers to use our mailserver as relay
  • [TODO] reconfigure important applications to use our mailrelay or mailserver directly

History

#1 Updated by Andri Steiner 11 months ago

node['postfix']['main']['smtp_sasl_auth_enable'] = yes
node['postfix']['main']['relayhost'] = [mail.typo3.org] (from data bag)
node['postfix']['sasl']['smtp_sasl_user_name'] = xxx@typo3.org (from data bag)
node['postfix']['sasl']['smtp_sasl_passwd'] = xxx (from data bag)

#2 Updated by Steffen Gebert 11 months ago

wouldn't it make sense to point internal hosts to the mail relays so that we don't have to deal with passwords everywhere?

#3 Updated by Steffen Gebert 11 months ago

ah.. now after reading the first post.. :)

#5 Updated by Steffen Gebert 10 months ago

I'm done with IMHO 90% of this.

The mailrelays now forward mails via mail.typo3.org.

The last bit is to really use the mailrelay on all our servers. This change is up for review here: https://github.com/TYPO3-cookbooks/t3-base/pull/9

#6 Updated by Michael Stucki 9 months ago

  • Status changed from In Progress to Resolved
  • % Done changed from 10 to 100

This change has been rolled out today!

Remaining services (that don't use the local MTA) need to be configured in the same way. However, that is no longer a reason to keep this ticket open...

Also available in: Atom PDF