-
-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate away from ImprovMX for mailing lists #485
Comments
I'm going to be working on <NixOS#485>. This will give me the power to do most of the work there, except for deploying the relevant DNS changes with Terraform.
I'm going to be working on <NixOS#485>. This will give me the power to do most of the work there, except for deploying the relevant DNS changes with Terraform.
I just want to make awareness that you probably need to write a mail to t-online and outlook (none 356) to whitelist your IP otherwise mails cannot be delivered. |
After the leak of the existing email mappings I would be interested in discussing the privacy aspect of the email mappings. What other organization publishes those? The current set of addresses were not given to us by its recipients with the intent to make them public. |
I hear you on this. I've never run a mailserver before, and honestly have no idea what our deliverability is going to be like. I believe the current set of emails is quite tiny, and may not even include any t-online or outlook. My personal opinion on this is that we should make sure we've solved the monitoring story: if we get notified for email stuck in queues, then we can tackle these allowlists as necessary, or we can give up and pay someone to handle this for us.
Sorry about that. I asked one person about this, but should have talked to more people before posting. Ideas:
|
For T-Online at least this is just one email after setting up reverse DNS and everything up correctly. Overall I also don't expect the NixOS foundation to have to handle large volume of email. The vote was the first time, we had to do this actually. |
@zimbatm started to ask existing users of email addresses about that. |
Some DMARC and reading the mail logs in case there are delivery problems. I didn't had any big issues with emails for the NixOS wiki and that looks more like bulk messages compared to what I expect to be sent from nixos.org. |
@jfly Is it possible to move the email addresses into sops-encoded secrets, or is this part only configurable with plain Nix code? |
And you need to have a proper imprint on the TLD of the rDNS entry and contact means via I think telephone and e-mail that is not going over the mail server. I have recently done it and it took me a few back and forths but it is doable. |
It currently requires plain Nix code:
Adding support for encrypted emails seems like it might actually not be too hard:
tl;dr:
|
We currently use ImprovMX to handle mail sent to
@nixos.org
(see relevant dns entries).infra@
,marketing@
, etc). Today, nobody sends mail from@nixos.org
, and nobody has any inboxes.The plan
A few weeks ago, @Mic92 asked me to look into self hosting this instead. He recommended Simple NixOS Mailserver (SNM). I've played with it a bit, and it does seem like a good fit here.
mailserver.loginAccounts
empty, and disable pop/imap.mailserver.forwards
listsWithSecretFiles
is up to dateumbriel.nixos.org
.Open questions/TBD:
pluto
. Dumping some links from our discussion:probe_ssl_earliest_cert_expiry
Alternatives considered
The text was updated successfully, but these errors were encountered: