during early November the following changes will be applied to GNOME’s mail infrastructure:
SPF records will be made more strict and outgoing email for any @gnome.org e-mail will have to transit over GNOME’s mail servers
DKIM will be introduced to sign emails originating from a @gnome.org alias
@gnome.org alias owners will have to change their mail client configuration to use GNOME mail servers as their SMTP server with authentication defaulting to their GNOME account credentials
There will be another communication from our side with an exact list of modifications you will need to apply to comply with the above changes. As a friendly reminder all the mailing lists (with the exception of l10n lists which are undergoing a set of code changes on damned-lies) hosted on mail.gnome.org will be retired at the end of October 2022. Please see [1].
These changes will be applied on the 24th of November 2022. Another communication will happen with an exact list of changes that are required from a mail client perspective.
This maintenance is complete, please see Infrastructure/MailAliasPolicy - GNOME Wiki! for instructions on how to properly configure your mail client in order to send mails via your @gnome.org alias.
Evolution gives me “Error performing TLS handshake: An unexpected TLS packet was received.” Evolution 3.44.4, GNOME 42, Fedora 36. I’ve successfully sent thru stmp.gnome.org using the built-in Email app on my phone. I’ve been unsuccessful with K9 Mail on my tablet, but it gives an even less useful error than Evolution.
I gave up after attempting to follow the instructions for Geary several times. Geary doesn’t even give any error message when it fails to accept the new settings, so not much to go on.
If I really cared then I might investigate further, but the email alias is more a nice to have than an important required thing, so I’ll move on for now…
I tried configuring Geary following the instructions on the wiki, but it seems that they guide me to change the SMTP server for all email from one of my accounts, which seems undesirable. (And also, impossible for my Google account that comes from GOA.)
I also tried creating a regular account for the @gnome.org address and failed because an incoming server is required – perhaps this is where you got stuck, Michael?
My conclusion is that it is not possible to configure Geary to send mail from wjt@gnome.org via smtp.gnome.org but otherwise use my normal SMTP server.
I also tried following the Gmail steps on that same wiki page, and failed due to the configuration of Endless’s Google domain.
The relevant admin setting appears to be Admin Console → Apps → Google Workplace → Gmail → End user access → Allow per-user outbound gateways.
The Evolution instructions worked once I selected “STARTTLS after connecting” rather than “TLS on a dedicated port”, otherwise I got the same error as Shaun. Michael says above that this is insecure, so I’ve not updated the wiki, but it is the only working setting…
I also tried creating a regular account for the @gnome.org address and failed because an incoming server is required – perhaps this is where you got stuck, Michael?
Nah, I don’t mind using smtp.gnome.org for all outgoing mail. I’d need to figure out how to configure my personal domain’s SPF record to allow it, but that shouldn’t be hard. Where I get stuck is here:
STARTTLS would be insecure with smtpd_tls_security_level=may NOT with smtpd_tls_security_level=encrypt as we force the client to upgrade its connection to a secured one or postfix just refuses to accept mail delivery. Please see Postfix Configuration Parameters.
