Jgreen has submitted this change and it was merged. Change subject: Added the bouncehandler router to catch in all bounce emails ......................................................................
Added the bouncehandler router to catch in all bounce emails The new router overwrites the 'eat' router and makes sure that all the bounce emails get POSTed to the bouncehandler API. The regex makes sure that a bounce of the format: [email protected] gets piped through. Made beta to use bouncehandler API. Splitted configuration to router and transport. Ensured that mails with the above syntax pass throug the regex with beta labs. Change-Id: I3c934af3eebe5a73ceab528a10687247a9457832 --- M manifests/mail.pp M manifests/role/mail.pp M templates/exim/exim4.conf.SMTP_IMAP_MM.erb 3 files changed, 57 insertions(+), 6 deletions(-) Approvals: Jgreen: Checked; Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/mail.pp b/manifests/mail.pp index f7ab920..33184b4 100644 --- a/manifests/mail.pp +++ b/manifests/mail.pp @@ -35,6 +35,12 @@ # IP addresses to use for sending outbound e-mail from Mailman # - $hold_domains: # List of domains to hold on the queue without processing + # - $verp_domains: + # List of domains for which VERP responses should be POST-ed to the MediaWiki 'bouncehandler' API for processing + # - $verp_post_connect_server: + # External hostname to connect while HTTP POST-ing a bounced email to the MediaWiki 'bouncehandler' API + # - $verp_bounce_post_url: + # Internal hostname of the wiki to which verp bounce emails are HTTP POST-ed and processed class roled( $enable_clamav=false, $enable_external_mail=true, @@ -51,7 +57,10 @@ $outbound_ips=[ ], $rt_relay=false, $phab_relay=false, - $smart_route_list=[] + $smart_route_list=[], + $verp_domains=[], + $verp_post_connect_server='', + $verp_bounce_post_url='', ) { include exim::smtp diff --git a/manifests/role/mail.pp b/manifests/role/mail.pp index a3ca945..d24af3f 100644 --- a/manifests/role/mail.pp +++ b/manifests/role/mail.pp @@ -24,17 +24,41 @@ trusted_networks => $network::constants::all_networks, } + # MediaWiki VERP bounce processor config - labs vs. production + case $::realm { + 'labs': { + $verp_domains = [ + 'deployment.wikimedia.beta.wmflabs.org' + ] + $verp_post_connect_server = 'deployment.wikimedia.beta.wmflabs.org' + $verp_bounce_post_url = 'http://deployment.wikimedia.beta.wmflabs.org/w/api.php' + } + 'production': { + # currently not used as bouncehandler extension is not yet installed in production + # the api urls should change once the extension gets installed + $verp_domains = [ ] + $verp_post_connect_server = 'login.wikimedia.org' + $verp_bounce_post_url = "appservers.svc.${::mw_primary}.wmnet/w/api.php" + } + default: { + fail('unknown realm, should be labs or production') + } + } + class { 'exim::roled': local_domains => [ '+system_domains', '+wikimedia_domains', '+legacy_mailman_domains', ], - enable_mail_relay => 'primary', - enable_mail_submission => false, - enable_external_mail => true, - mediawiki_relay => true, - enable_spamassassin => true, + enable_mail_relay => 'primary', + enable_mail_submission => false, + enable_external_mail => true, + mediawiki_relay => true, + enable_spamassassin => true, + verp_domains => $verp_domains, + verp_post_connect_server => $verp_post_connect_server, + verp_bounce_post_url => $verp_bounce_post_url, } Class['spamassassin'] -> Class['exim::roled'] diff --git a/templates/exim/exim4.conf.SMTP_IMAP_MM.erb b/templates/exim/exim4.conf.SMTP_IMAP_MM.erb index 9cd6b46..182a02f 100644 --- a/templates/exim/exim4.conf.SMTP_IMAP_MM.erb +++ b/templates/exim/exim4.conf.SMTP_IMAP_MM.erb @@ -32,6 +32,8 @@ <% end -%> OTRSQUERY=SELECT value0 FROM system_address WHERE value0='${quote_mysql:$local_part@$domain}' AND valid_id=1; +VERP_BOUNCE_LOCALPART_REGEXP = \N^wiki-\w+-\w+-\w+-\w+$\N + ############################### # Main configuration settings # ############################### @@ -50,6 +52,7 @@ domainlist system_domains = @ domainlist local_domains = <%= local_domains.join(" : ") %> domainlist wikimedia_domains = lsearch;CONFDIR/wikimedia_domains +domainlist verp_domains = <%= @verp_domains.join(" : ") %> <% if enable_mail_relay != false %> domainlist relay_domains = +wikimedia_domains <% end -%> @@ -342,6 +345,13 @@ ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; 10/8 ; 172.16/12 ; 192.168/16 cannot_route_message = Cannot route to remote domain $domain no_more + +# Route bounce emails +mw_verp_api: + driver = accept + domains = +verp_domains + condition = ${if match{$local_part}{VERP_BOUNCE_LOCALPART_REGEXP}{true}{false}} + transport = mwverpbounceprocessor eat: driver = redirect @@ -808,6 +818,14 @@ reply_transport: driver = autoreply <% end %> + +# POST VERP bounce emails to a MediaWiki 'bouncehandler' API +mwverpbounceprocessor: + driver = pipe + command = /usr/bin/curl -H 'Host: <%= @verp_post_connect_server %>' <%= @verp_bounce_post_url %> -d "action=bouncehandler" --data-urlencode "email@-" + user = nobody + group = nogroup + <% if enable_mail_submission == true then -%> ################## # Authenticators # -- To view, visit https://gerrit.wikimedia.org/r/155753 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3c934af3eebe5a73ceab528a10687247a9457832 Gerrit-PatchSet: 49 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: 01tonythomas <[email protected]> Gerrit-Reviewer: 01tonythomas <[email protected]> Gerrit-Reviewer: Faidon Liambotis <[email protected]> Gerrit-Reviewer: Hoo man <[email protected]> Gerrit-Reviewer: Jgreen <[email protected]> Gerrit-Reviewer: Legoktm <[email protected]> Gerrit-Reviewer: Mark Bergsma <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
