A few improvements we need to do on this machine.
This vm is used to relay (authenticated) emails out to people from various places (copr cron outputs, flock / conference stuff, packager reports).
It would be nice to adjust postfix config to not leak the headers/ips from the orig systems, ie something like https://serverfault.com/a/998993 or the like
The ssl cert on this machine is a self signed one, but it's also expired. Would be nice to generate a new one and make sure to keep it up to date.
Metadata Update from @james: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, medium-trouble
The cert has been fixed.
The config change hasn't been done yet.
I imported the new self-signed cert into my local trust store and tried to run the orphans email script without disabling tls verification. It now fails with Error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead. Would it be possible to fix this or to use a letsencrypt cert? If the server can have port 80 opened, one could be gotten with the HTTP-01 challenge and auto-renewed with certbot or similar.
Error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
Log in to comment on this ticket.