Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-09-24 | allow certain aliases, like 'abuse', to be publicly forwardable. | elijah | |
2015-09-15 | Merge branch 'feature/rewrite_openpgp_header_7413' into develop | Micah Anderson | |
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8 | |||
2015-09-15 | minor linting | Micah Anderson | |
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54 | |||
2015-09-11 | switch aliases to use virtual_alias_maps | elijah | |
2015-09-08 | rewrite openpgp header to be always correct (#7413) | Micah Anderson | |
The openpgp header added by the client is sometimes incorrect, because the client doesn't actually know what the proper URL is for the webapp. The server knows, however. Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac | |||
2015-08-21 | add support for configurable mail alias maps | elijah | |
2015-07-28 | Support RBL blocking of incoming mail (#5923) | Micah Anderson | |
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158 | |||
2014-12-09 | Deploy leap ca cert for smtp tls config (Bug #6485) | varac | |
Change-Id: I029ffabd33299a5b42e5f262e372eafb6272d094 | |||
2014-04-02 | Force satellite hosts that only speak to relayhost to have a | Micah Anderson | |
smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16 | |||
2014-03-24 | fixes #5360 adds admin@ as reserved address + linting | kwadronaut | |
2013-12-19 | Fix the location of the smtp/smtpd_tls_session_cache_database (#4813) | Micah Anderson | |
Change-Id: I959fa40ff508bbeaf7baa0b6ba90c10c9e6b0ef7 | |||
2013-12-18 | add a smtp_tls class and include that on both mx servers and satellites | Micah Anderson | |
Change-Id: I779ea60e6d726d042203fa0756d73b4af079d728 | |||
2013-12-18 | rename the tls.pp to be smtpd_tls.pp, this allows us to have a separate | Micah Anderson | |
class for smtp vs. smtpd tls configurations Change-Id: Ic1cc560c76924fcbbc15e245bec7b78ac2de83d3 | |||
2013-11-27 | disable starttls over submission for client connections, we are using TLS ↵ | Micah Anderson | |
wrapper mode on the smtps port 465 now (#4366) enable the missing smtpd_helo_restrictions for smtps Change-Id: Iac497369d65c5ad8fd7e93e6fcabb830b855b4f6 | |||
2013-10-31 | certtool-postfix-gendh attempted before postfix is installed (Bug #4340) | Micah Anderson | |
Change-Id: I4ffb5b9203741d1152dfd93ef9ecc45f6a6088d4 | |||
2013-10-31 | require postfix is installed before installing postfix-pcre (#4223) | Micah Anderson | |
Change-Id: I547b99becb8b16fec0ac89f06fb6d833cbde3c2b | |||
2013-10-11 | class moved but forgot to rename | varac | |
2013-10-11 | move site_config::checks to site_config::mx::checks | varac | |
2013-10-10 | fix site_postfix::mx::reserved_aliases class name and package array | varac | |
2013-10-09 | setup email account 'blacklist' by configuring reserved aliases, effectively ↵ | Micah Anderson | |
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa | |||
2013-10-06 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3 | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-06 | only use TLSv1 or later for smtp (Feature #4011) | Micah Anderson | |
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f | |||
2013-10-03 | Merge branch 'feature/3953' into develop | Micah Anderson | |
2013-10-03 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵ | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-02 | setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵ | Micah Anderson | |
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5 | |||
2013-09-26 | Add client-side TLS configuration (#3868) | Micah Anderson | |
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206 | |||
2013-09-24 | fix client_ca cert+key for mx service (Feature #3921) | varac | |
2013-09-18 | use x509 for postfix ca and fix names for cert+key (Feature #3833) | varac | |
2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
#3667) | |||
2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 | |||
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
2013-08-29 | fix smtpd mail restrictions (Feature #3166) | varac | |
2013-08-28 | SMTP checks (Feature #2304) | varac | |
2013-08-28 | integrate manual postfix config changes in puppet (Feature #3538) | varac | |
2013-07-31 | use smtpd_tls_security_level = may in postfix config (Bug #3348) | varac | |
2013-07-26 | Merge branch 'varac/feature/mx' into feature/leap_mx | Micah Anderson | |
Conflicts: provider_base/services/mx.json puppet/manifests/site.pp puppet/modules/site_mx/manifests/init.pp puppet/modules/site_postfix/manifests/mx.pp Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419 | |||
2013-07-25 | beginning of smtp_auth config with client certs | varac | |
2013-07-25 | smtpd_checks: smtpd_delay_reject | varac | |
2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
2013-07-10 | added tls support, including smtp auth via client cert | varac | |
2013-07-09 | beginning of smtp_auth config with client certs | varac | |
2013-07-09 | smtpd_checks: smtpd_delay_reject | varac | |
2013-07-09 | smtpd_checks: smtpd_data_restrictions | varac | |