Issue Details (XML | Word | Printable)

Key: MBH-172
Type: Task Task
Status: Open Open
Priority: Normal Normal
Assignee: Unassigned
Reporter: Robert Kaye
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
MusicBrainz Hosting

Allow mb2freedb gateway to send mail using mb mail servers

Created: 01/Oct/11 05:30 AM   Updated: 30/Dec/12 11:27 PM
Component/s: Server management
Affects Version/s: None
Fix Version/s: None


 Description  « Hide

The mb2freedb gateway is going to be hosted at 140.211.15.122 (musicbrainzvm2.osuosl.org). Please allow this machine to send mail via the MB mail servers.

Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Dave Evans added a comment - 27/Mar/12 08:11 PM - edited

Logically this should use the 'smarthost' personality of the mail server, but that's only available on a private IP.

So:

  • don't use smarthost?
  • expose smarthost on public ip?
    • and then validate either using client IP, or client cert, or client password auth
  • use vpn to enable connection to private ip?

[ Permalink | « Hide ]
Dave Evans added a comment - 27/Mar/12 08:15 PM

The right way to fix this would be:

  • set up PKI and issue certs to the mail server and mail clients
  • expose smarthost service on public ip
  • require STARTTLS with a client cert validated using the PKI

Can also be used by machines with dynamic IPs of course.
Atlassian JIRA (v4.0.1#471) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for MetaBrainz Foundation. Try JIRA - bug tracking software for your team.