Opened 12 months ago

Last modified 5 months ago

#3033 new task

lists.osgeo.org does not support port 587 starttls and mail.osgeo.org does not work with SSL

Reported by: robe Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2024-III (strk)
Component: SysAdmin/Postfix Keywords:
Cc:

Description

I ran into this issue recently when experimenting with setting up discourse and also ran into it setting up video.osgeo.org.

Most apps these days default to port 587 / starttls.

As far as I can tell port 587 on osgeo6 is not reachable from our other hosts (or not at all) though I thought it was at some point in time. Or maybe postfix is no longer using that port?

At anyrate port 25 (with or without SSl works), port 465 with or without SSL works.

I should also note that when ssl is enabled, mail.osgeo.org often fails cause I guess we have no cert for mail.osgeo.org.

If we ever detangle lists.osgeo.org from the mail server, then this will become an issue.

I'm almost tempted to start a new mail.osgeo.org perhaps running in a container, but not sure if that will cause issues.

Change History (4)

comment:1 by strk, 12 months ago

I think for now it's ok to not support port 587 (submission, optionally with STARTSSL) and use port 465 (submissions, using SSL).

Port 25 is for MTA (mail transport agent) which receives email from a MSA (mail submission agent) which receives it from a MUA (mail user agent)

See:

The SSL certificate used for mail.osgeo.org belongs to name lists.osgeo.org so for now use that name. When/if we change that certificate name we will need to update instructions for the submissions service on the wiki (no link handy at the moment). For MTA/25/STARTTLS I guess it would be useful for the MX record host ame to match the certificate name, I didn't check how it looks at the moment

comment:2 by strk, 11 months ago

Milestone: UnplannedSysadmin Contract 2024-III

comment:3 by gdt, 11 months ago

I get the tangling problem, but

  • mailing list hosts need not implement submission as they do not serve MUAs
  • one can have alternative names in certs so they are valid for two names

comment:4 by strk, 5 months ago

Milestone: Sysadmin Contract 2024-IIISysadmin Contract 2024-III (strk)

Milestone renamed

Note: See TracTickets for help on using tickets.