Loading policy/tpa-rfc-15-email-services.md +12 −12 Original line number Diff line number Diff line Loading @@ -195,10 +195,10 @@ will start to degrade some time or before Q3 2022. * decide key rotation policy (how frequently, should we [publish private keys][]) e. enforcement of the submission service for outgoing mail, possibly d. enforcement of the submission service for outgoing mail, possibly includes setting up a dummy IMAP server f. deployment of SPF and DMARC DNS records, which will impact users e. deployment of SPF and DMARC DNS records, which will impact users not on the submission server, which includes users with plain forwards and without an LDAP account, possible solutions: Loading @@ -214,20 +214,20 @@ will start to degrade some time or before Q3 2022. problem][] which is basically the question of what service can be used for (e.g. forwards vs lists vs RT) g. inspection of incoming mail for SPF, DKIM, DMARC records, affecting f. inspection of incoming mail for SPF, DKIM, DMARC records, affecting either "reputation" (e.g. marker in mail headers) or just downright rejection (e.g. rejecting mail before queue) h. configuration of a new "mail exchanger" (MX) server with TLS g. configuration of a new "mail exchanger" (MX) server with TLS certificates signed by a public CA, most likely Let's Encrypt for incoming mail, replacing a part of `eugeni` i. configuration of a new "mail relay" server to relay mails from h. configuration of a new "mail relay" server to relay mails from servers that do not send their own email, replacing a part of `eugeni`, similar to current submission server, except with TLS authentication instead of password j. refactoring of the mail-related code in Puppet, reconfiguration of i. refactoring of the mail-related code in Puppet, reconfiguration of all servers according to the mail relay server change above, see [issue tpo/tpa/team#40626][] Loading Loading @@ -305,12 +305,12 @@ process follows the [Kaplan-Moss estimation technique](https://jacobian.org/2021 | a. e2e deliver. checks | 3 days | medium | access to other providers uncertain | 4.5 | | b. DMARC reports | 1 week | high | needs research | 10 | | c. DKIM signing | 3 days | medium | expiration policy and per-user keys uncertain | 4.5 | | e. mandatory submission | 3 days | medium | may require training | 4.5 | | f. SPF/DMARC records | 3 days | high | impact on forwards unclear, SRS | 7 | | g. incoming mail filtering | 1 week | high | needs research | 10 | | h. new MX | 1 week | high | key part of eugeni, might be hard | 10 | | i. new mail relay | 3 days | low | similar to current submission server | 3.3 | | j. Puppet refactoring | 1 week | high | | 10 | | d. mandatory submission | 3 days | medium | may require training | 4.5 | | e. SPF/DMARC records | 3 days | high | impact on forwards unclear, SRS | 7 | | f. incoming mail filtering | 1 week | high | needs research | 10 | | g. new MX | 1 week | high | key part of eugeni, might be hard | 10 | | h. new mail relay | 3 days | low | similar to current submission server | 3.3 | | i. Puppet refactoring | 1 week | high | | 10 | This amounts to a total estimate time of 63.5 days, or about 13 weeks or three months, full time. At 50EUR/hr, that's about 25,000EUR of Loading Loading
policy/tpa-rfc-15-email-services.md +12 −12 Original line number Diff line number Diff line Loading @@ -195,10 +195,10 @@ will start to degrade some time or before Q3 2022. * decide key rotation policy (how frequently, should we [publish private keys][]) e. enforcement of the submission service for outgoing mail, possibly d. enforcement of the submission service for outgoing mail, possibly includes setting up a dummy IMAP server f. deployment of SPF and DMARC DNS records, which will impact users e. deployment of SPF and DMARC DNS records, which will impact users not on the submission server, which includes users with plain forwards and without an LDAP account, possible solutions: Loading @@ -214,20 +214,20 @@ will start to degrade some time or before Q3 2022. problem][] which is basically the question of what service can be used for (e.g. forwards vs lists vs RT) g. inspection of incoming mail for SPF, DKIM, DMARC records, affecting f. inspection of incoming mail for SPF, DKIM, DMARC records, affecting either "reputation" (e.g. marker in mail headers) or just downright rejection (e.g. rejecting mail before queue) h. configuration of a new "mail exchanger" (MX) server with TLS g. configuration of a new "mail exchanger" (MX) server with TLS certificates signed by a public CA, most likely Let's Encrypt for incoming mail, replacing a part of `eugeni` i. configuration of a new "mail relay" server to relay mails from h. configuration of a new "mail relay" server to relay mails from servers that do not send their own email, replacing a part of `eugeni`, similar to current submission server, except with TLS authentication instead of password j. refactoring of the mail-related code in Puppet, reconfiguration of i. refactoring of the mail-related code in Puppet, reconfiguration of all servers according to the mail relay server change above, see [issue tpo/tpa/team#40626][] Loading Loading @@ -305,12 +305,12 @@ process follows the [Kaplan-Moss estimation technique](https://jacobian.org/2021 | a. e2e deliver. checks | 3 days | medium | access to other providers uncertain | 4.5 | | b. DMARC reports | 1 week | high | needs research | 10 | | c. DKIM signing | 3 days | medium | expiration policy and per-user keys uncertain | 4.5 | | e. mandatory submission | 3 days | medium | may require training | 4.5 | | f. SPF/DMARC records | 3 days | high | impact on forwards unclear, SRS | 7 | | g. incoming mail filtering | 1 week | high | needs research | 10 | | h. new MX | 1 week | high | key part of eugeni, might be hard | 10 | | i. new mail relay | 3 days | low | similar to current submission server | 3.3 | | j. Puppet refactoring | 1 week | high | | 10 | | d. mandatory submission | 3 days | medium | may require training | 4.5 | | e. SPF/DMARC records | 3 days | high | impact on forwards unclear, SRS | 7 | | f. incoming mail filtering | 1 week | high | needs research | 10 | | g. new MX | 1 week | high | key part of eugeni, might be hard | 10 | | h. new mail relay | 3 days | low | similar to current submission server | 3.3 | | i. Puppet refactoring | 1 week | high | | 10 | This amounts to a total estimate time of 63.5 days, or about 13 weeks or three months, full time. At 50EUR/hr, that's about 25,000EUR of Loading
