[postfix] virtual machines allow list

[kayiwa]

Add the list of virtual machines that can relay messages

Initial machines that we believe need to send messages

[acozine]

This is a huge step forward. I see a couple of places where we could make it even better:

This PR updates 6 group_vars files, but we currently configure a postfix server in 7 group_vars files:
openbooks )staging and prod)
oawaiver (staging and prod)
ojs (staging and prod)
orangelight (prod only)
Do we want to change them all in this PR? Also, as mentioned below, we should document what we are using the staging ponyexpress for - my vote would be that we assign staging servers to the staging ponyexpress.

Finally, four playbooks refer in their documentation sections to the pul-the-hard-way docs on greenlisting servers for ponyexpress - it would be great to update those as well:
libwww.yml
friends_of_pul.yml
special_collections.yml
byzantine.yml

[sandbergja]

Thanks, @kayiwa! Writing down some notes from my testing, so we can look at them later.

From catalog3, when I run the following in the rails console (with thanks to @carolyncole for the example that inspired this):

form = OpenStruct.new({
  name: 'Me',
  email: 'js7389@princeton.edu',
  email_subject: 'Testing the new pony express server',
  message: 'Testing the new pony express server',
  context: 'http://example.com/new-pony',
  title: 'Example Record with new Pony!',
  routed_mail_to: 'js7389@princeton.edu'
})
mailer = ContactMailer.with(form:)
question = mailer.question
question.delivery_method.settings = {address: 'lib-ponyexpr-prod.princeton.edu'}
question.deliver_now

I get:

SSL_connect returned=1 errno=0 peeraddr=128.112.203.118:25 state=error: certificate verify failed (self-signed certificate) (OpenSSL::SSL::SSLError)

And /var/log/mail on lib-ponyexpr-prod says:

May 30 16:27:00 lib-ponyexpr-prod postfix/smtpd[3159370]: connect from catalog3.princeton.edu[128.112.200.180]
May 30 16:27:00 lib-ponyexpr-prod postfix/smtpd[3159370]: SSL_accept error from catalog3.princeton.edu[128.112.200.180]: -1
May 30 16:27:00 lib-ponyexpr-prod postfix/smtpd[3159370]: warning: TLS library problem: error:0A000418:SSL routines::tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1584:SSL alert number 48:
May 30 16:27:00 lib-ponyexpr-prod postfix/smtpd[3159370]: lost connection after STARTTLS from catalog3.princeton.edu[128.112.200.180]

[sandbergja]

Thanks, @kayiwa !

[sandbergja]

For anyone following along, @kayiwa found the issue that was causing the tls error in the above catalog test, we needed to make sure that :enable_starttls was false for now (although we may wish to start using TLS in the future).

[acozine]

I'd add a change to the ojs staging config. Once that's in, this looks great. Thanks @kayiwa.

[kayiwa]

I'd add a change to the ojs staging config. Once that's in, this looks great. Thanks @kayiwa.

Added at this commit 1445c3a