Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-11 | class moved but forgot to rename | varac | |
2013-10-11 | move site_config::checks to site_config::mx::checks | varac | |
2013-10-10 | fix site_postfix::mx::reserved_aliases class name and package array | varac | |
2013-10-09 | setup email account 'blacklist' by configuring reserved aliases, effectively ↵ | Micah Anderson | |
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa | |||
2013-10-06 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3 | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-06 | only use TLSv1 or later for smtp (Feature #4011) | Micah Anderson | |
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f | |||
2013-10-03 | Merge branch 'feature/3953' into develop | Micah Anderson | |
2013-10-03 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵ | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-02 | setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵ | Micah Anderson | |
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5 | |||
2013-09-26 | Add client-side TLS configuration (#3868) | Micah Anderson | |
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206 | |||
2013-09-24 | fix client_ca cert+key for mx service (Feature #3921) | varac | |
2013-09-18 | use x509 for postfix ca and fix names for cert+key (Feature #3833) | varac | |
2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
#3667) | |||
2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 | |||
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
2013-08-29 | fix smtpd mail restrictions (Feature #3166) | varac | |
2013-08-28 | SMTP checks (Feature #2304) | varac | |
2013-08-28 | integrate manual postfix config changes in puppet (Feature #3538) | varac | |
2013-07-31 | use smtpd_tls_security_level = may in postfix config (Bug #3348) | varac | |
2013-07-26 | Merge branch 'varac/feature/mx' into feature/leap_mx | Micah Anderson | |
Conflicts: provider_base/services/mx.json puppet/manifests/site.pp puppet/modules/site_mx/manifests/init.pp puppet/modules/site_postfix/manifests/mx.pp Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419 | |||
2013-07-25 | beginning of smtp_auth config with client certs | varac | |
2013-07-25 | smtpd_checks: smtpd_delay_reject | varac | |
2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
2013-07-10 | added tls support, including smtp auth via client cert | varac | |
2013-07-09 | beginning of smtp_auth config with client certs | varac | |
2013-07-09 | smtpd_checks: smtpd_delay_reject | varac | |
2013-07-09 | smtpd_checks: smtpd_data_restrictions | varac | |