I'm setting up some jobs that will require Jenkins and/or the slaves to send email to various places. Jenkins and the slaves seem to currently run Postfix in a default configuration that makes them attempt to deliver email directly to its destination. This causes sent email to get delayed.
We typically don't notice this because our SPF setting for ovirt.org are quite lax (We allow anyone to say he is from @ovirt.org, but delay messages that are not from "lists.phx.ovirt.org, "mail.phx.ovirt.org", or "gerrit.ovirt.org") abd because our ML server where we typically send to, only imposes a 60second delay.
We need to have a better setup. I suggest we configure Jenkins and the slaves to use some other server as a smart host (maybe "mail.phx.ovirt.org"?). To make the configuration as generic as possible I suggest we make the slaves deliver via Jenkins and only make Jenkins deliver to the smart host.
I think smart host configuration on Postfix is simple enough that we can make our usual job-embedded slave setup scrips set it up insead of having to resort to Puppet or Ansible.
There is no code in global_setup.sh to set this up ATM, we're kinda luckey it even works and we're not getting blacklisted...
I just gave some info but no decision seem to have been made so I did not start any work on this yet.
what is the status of this BR?
Any update on this? I just wonder why do we need something that has been working so far, isn’t the jenkins master been sending emails all this years already?
It only works now because we're sending to @ovirt.org addresses, if we send to more secured addresses like @redhat.com ones, the messages will get blocked because they are not coming from an authorized server.
As I commented above we've kinda been lucky so far, because we're generating SMTP traffic from random IP addresses at PHX. If we're not careful we can easily get the whole PHX IP range blacklisted by sending traffic to the wrong places.
Its a mess we should sort out.
It’s possible to use the ML server as a relay but I think a local one with a specific IP in the SPF headers would be better. With the move out of PHX I’m not sure how we can organize that now.