Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-08-21 | add support for configurable mail alias maps | elijah | |
2015-07-28 | Support RBL blocking of incoming mail (#5923) | Micah Anderson | |
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158 | |||
2015-04-28 | Reject inbound mail to local system users that don't appear in | varac | |
/ect/aliases #6829 We began to recieve spam for vmail@DOMAIN. So we want to block inbound mail to local system users. However, users in the /etc/aliases file are still accepted on inbound mail - see https://leap.se/code/issues/6909 for a follow up. Change-Id: I03d3014984c4bd27f90147125fb037b68716624d | |||
2014-12-02 | minor linting | Micah Anderson | |
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935 | |||
2014-04-02 | Force satellite hosts that only speak to relayhost to have a | Micah Anderson | |
smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16 | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2013-12-19 | Set mynetworks to include any mx server in the provider to allow them to0.5.0rc1 | Micah Anderson | |
Helo as the domain (#4495) Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261 | |||
2013-12-18 | add a smtp_tls class and include that on both mx servers and satellites | Micah Anderson | |
Change-Id: I779ea60e6d726d042203fa0756d73b4af079d728 | |||
2013-11-27 | disable starttls over submission for client connections, we are using TLS ↵ | Micah Anderson | |
wrapper mode on the smtps port 465 now (#4366) enable the missing smtpd_helo_restrictions for smtps Change-Id: Iac497369d65c5ad8fd7e93e6fcabb830b855b4f6 | |||
2013-10-11 | move site_config::checks to site_config::mx::checks | varac | |
2013-10-10 | contacts is now a top-level hiera variable | varac | |
2013-10-09 | setup email account 'blacklist' by configuring reserved aliases, effectively ↵ | Micah Anderson | |
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa | |||
2013-09-26 | set myhostname in postfix the internet hostname of this mail system. The ↵ | Micah Anderson | |
default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869) Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6 | |||
2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
2013-09-26 | properly set the $smtps_recipient_restrictions variable in master.cf (#3935) | Micah Anderson | |
Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd | |||
2013-09-25 | add smtp_tls_received_header to include information about the protocol and ↵ | Micah Anderson | |
cipher used as well as the client and issuer CommonName into the "Received:" header Also, clean up the parameters to standardize them Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4 | |||
2013-09-24 | fix client_ca cert+key for mx service (Feature #3921) | varac | |
2013-09-24 | seperate cert and key deployment (#3918) | varac | |
2013-09-19 | only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) | varac | |
2013-09-18 | use x509 for postfix ca and fix names for cert+key (Feature #3833) | varac | |
2013-09-03 | fix $master_cf_tail format | varac | |
2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
#3667) | |||
2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
2013-09-02 | disable postfix debugging by default | varac | |
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
2013-08-29 | Deploy postfix with an empty main.cf as beginning (Feature #3584) | varac | |
2013-08-28 | SMTP checks (Feature #2304) | varac | |
2013-08-28 | integrate manual postfix config changes in puppet (Feature #3538) | varac | |
2013-08-28 | added site_postfix::debug for debugging (#3538) | varac | |
2013-07-26 | Merge branch 'varac/feature/mx' into feature/leap_mx | Micah Anderson | |
Conflicts: provider_base/services/mx.json puppet/manifests/site.pp puppet/modules/site_mx/manifests/init.pp puppet/modules/site_postfix/manifests/mx.pp Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419 | |||
2013-07-25 | smtpd_recipient_restrictions: +permit_tls_all_clientcerts | varac | |
2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
2013-07-25 | using alias resolver | varac | |
2013-07-25 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
2.7 updates update site_postfix::mx to use parameterized classes | |||
2013-07-25 | Configure Postfix for incoming mails (Feature #2269) | varac | |
2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
2013-07-25 | using alias resolver | varac | |
2013-07-25 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
2.7 updates update site_postfix::mx to use parameterized classes | |||
2013-07-25 | Configure Postfix for incoming mails (Feature #2269) | varac | |
2013-07-25 | hiera variable mx.contact -> postfix $root_mail_recipient | varac | |
2013-07-25 | added basic site_postfix::mx config | varac | |
2013-07-15 | fix smtpd_recipient_restrictions, debug connections from localhost | varac | |
2013-07-10 | added tls support, including smtp auth via client cert | varac | |
2013-07-09 | smtpd_recipient_restrictions: +permit_tls_all_clientcerts | varac | |
2013-07-09 | smtpd_checks: smtpd_data_restrictions | varac | |
2013-07-09 | using alias resolver | varac | |
2013-07-09 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
2.7 updates update site_postfix::mx to use parameterized classes | |||
2013-07-09 | Configure Postfix for incoming mails (Feature #2269) | varac | |