leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2016-07-19	Block ip-based helo at MTA (#8139).	Micah
	Numeric helo is a very strong indicator of spam. When this is blocked, a very significant amount of spam stops. Change-Id: Ieb340190faf37638950d1aa60b52268659e0b7f6
2016-02-02	[bug] Add smtpd_relay_restrictions to postfix conf	varac
	smtpd_relay_restrictions was added in postfix 2.10 (jessie has 2.11 atm). Without this, outbound mails are rejected to be relayed. from http://www.postfix.org/SMTPD_ACCESS_README.html: NOTE: Postfix versions before 2.10 did not have smtpd_relay_restrictions. They combined the mail relay and spam blocking policies, under smtpd_recipient_restrictions. This could lead to unexpected results. For example, a permissive spam blocking policy could unexpectedly result in a permissive mail relay policy. An example of this is documented under "Dangerous use of smtpd_recipient_restrictions". smtpd_relay_restrictions defaults to 'permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination' and is configured here to check for a valid client cert. see http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions - Resolves: #7856
2016-01-19	Make sure machines in mynetworks are able to send mail through us,	Micah
	without getting blocked by the rbl (#7819) Change-Id: Ib7a00f810b6c49528e5f99a1d83296553a81e65e
2015-12-09	Use client cert fingerprint lookup to determine if the user is allowed	Micah
	to relay mail through us (#3634) Change-Id: I46cf3ffbef4261839c376f4c36a50d9c44eb1374
2015-07-28	Support RBL blocking of incoming mail (#5923)	Micah Anderson
	Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
2013-11-27	disable starttls over submission for client connections, we are using TLS ↵	Micah Anderson
	wrapper mode on the smtps port 465 now (#4366) enable the missing smtpd_helo_restrictions for smtps Change-Id: Iac497369d65c5ad8fd7e93e6fcabb830b855b4f6
2013-09-03	use check_helo_access hash:/helo_checks also for $submission_helo_restrictions	varac

2013-09-03	Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵	varac
	#3667)
2013-09-03	Merge branch 'feature/helo_access' into develop	Micah Anderson
	Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520
2013-09-03	add /etc/postfix/checks directory and setup a check_helo_access that allows ↵	Micah Anderson
	admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
2013-09-03	Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵	Micah Anderson
	not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7
2013-08-31	postfix enable submission port using starttls, so the client can transition ↵	Micah Anderson
	to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-31	change the master.cf_tail to pull in -o ↵	Micah Anderson
	smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc
2013-08-29	fix smtpd mail restrictions (Feature #3166)	varac

2013-08-28	SMTP checks (Feature #2304)	varac

2013-07-25	smtpd_checks: smtpd_delay_reject	varac

2013-07-25	smtpd_checks: smtpd_data_restrictions	varac