[7767] in Release_7.7_team
Re: Changing How MIT's VPN & Dial-Up Servers Handle Unauthenticated Email
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Fri May 18 14:07:24 2012
In-Reply-To: <alpine.DEB.2.00.1205181047080.23408@dr-wily.mit.edu>
Mime-Version: 1.0 (1.0)
Content-Type: text/plain;
charset=us-ascii
Message-Id: <196578BF-4002-4ED3-BFCA-4CEE2940EEEF@mit.edu>
Cc: Andrew Munchbach <amunch@MIT.EDU>, "itss@mit.edu" <itss@MIT.EDU>,
"release-team@mit.edu" <release-team@MIT.EDU>
From: Jonathan Reed <jdreed@MIT.EDU>
Date: Fri, 18 May 2012 13:07:16 -0500
To: Geoffrey Thomas <geofft@MIT.EDU>
Content-Transfer-Encoding: 8bit
(dropping linerva, CC release-team)
Do we know the details of how mail will be rejected? e.g. Will connections get rejected explicitly at the network level, or will they simply hang forever until they timeout, or will sendmail respond with a 5xx error? (the latter seems unlikely)
We should ensure debathena-msmtp behaves nicely in general if on a VPN, though presumably Ops has considered this and will include it in their dialup customizations.
-Jon
Sent from my mobile device
On May 18, 2012, at 12:48 PM, Geoffrey Thomas <geofft@MIT.EDU> wrote:
> Okay, cool. Linerva is on a different network, so I'd assume not (and approximately everything else on 18.181 needs to send unauthenticated mail). Thanks for checking.
>
> --
> Geoffrey Thomas
> SIPB Linerva team
> linerva@mit.edu
>
> On Fri, 18 May 2012, Andrew Munchbach wrote:
>
>> Hi Geoffrey,
>>
>> The dial-up servers are losing access to outgoing-legacy.mit.edu
>> (mint-square, scrubbing-bubbles, etc.). I (perhaps incorrectly) assumed
>> linux.mit.edu was included in this mix. I'll double-check with Server Ops
>> on what impact this will (or will not) have on Linerva and get back to you.
>>
>> Best,
>> Andrew
>>
>> On 5/18/12 1:16 PM, "Geoffrey Thomas" <geofft@MIT.EDU> wrote:
>>
>>> On Fri, 18 May 2012, Andrew Munchbach wrote:
>>>
>>>> * Users on the dial-up servers (ssh linux.mit.edu) that try to send
>>>> unauthenticated email using the server outgoing-legacy.mit.edu.
>>>
>>> Hi Andrew,
>>>
>>> Given your mention of linux.mit.edu, I wanted to confirm whether Linerva
>>> is included or not in this change. I guess it's not unreasonable to count
>>> Linerva and athena.dialup as equivalent for these purposes, but we do
>>> have
>>> some changes we'll need to make so that e.g. cronjobs from root send
>>> authenticated mail, and we may have different user assumptions than
>>> athena.dialup has (notably, we allow logging in without delegating
>>> credentials, and athena.dialup doesn't).
>>>
>>> While there's discussion of switching linux.mit.edu to point to
>>> athena.dialup, I'm pretty sure that's not going to happen by the time of
>>> this change. Then again, if this is just a typo, that would make things
>>> easier for us. :)
>>>
>>> --
>>> Geoffrey Thomas
>>> SIPB Linerva team
>>> linerva@mit.edu
>>
>>
