| Age | Commit message (Collapse) | Author |
|---|
|
Numeric helo is a very strong indicator of spam. When this is blocked, a
very significant amount of spam stops.
Change-Id: Ieb340190faf37638950d1aa60b52268659e0b7f6
|
|
- ignore puppet lint error about inheriting from different namespace
|
|
|
|
Change-Id: I328aa37b393817e1764ea7e635fcefc801adbbf4
|
|
replacement wasn't being done. (#7890)
This moves that replacement into its own class, clears the old value and
sets it properly in the smtps transport.
Change-Id: I27c02730597df4943761d8bcb61014aeded9dc75
|
|
smtpd_relay_restrictions was added in postfix 2.10 (jessie
has 2.11 atm). Without this, outbound mails are rejected to
be relayed.
from http://www.postfix.org/SMTPD_ACCESS_README.html:
NOTE: Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam blocking
policies, under smtpd_recipient_restrictions. This could lead to
unexpected results. For example, a permissive spam blocking policy could
unexpectedly result in a permissive mail relay policy. An example of
this is documented under "Dangerous use of
smtpd_recipient_restrictions".
smtpd_relay_restrictions defaults to
'permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination'
and is configured here to check for a valid client cert.
see http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
- Resolves: #7856
|
|
ensuring the satellite hosts are setup properly (#7611)
Change-Id: I9dce57c305a6fd6a39596a941174fe1879af5e4f
|
|
without getting blocked by the rbl (#7819)
Change-Id: Ib7a00f810b6c49528e5f99a1d83296553a81e65e
|
|
to relay mail through us (#3634)
Change-Id: I46cf3ffbef4261839c376f4c36a50d9c44eb1374
|
|
|
|
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8
|
|
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54
|
|
|
|
The openpgp header added by the client is sometimes incorrect, because
the client doesn't actually know what the proper URL is for the
webapp. The server knows, however.
Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac
|
|
|
|
Set zen.spamhaus as the default rbl
Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
|
|
Change-Id: I029ffabd33299a5b42e5f262e372eafb6272d094
|
|
smtp_tls_security_level of 'encrypt', so it is not optional (#1902)
Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16
|
|
|
|
Change-Id: I959fa40ff508bbeaf7baa0b6ba90c10c9e6b0ef7
|
|
Change-Id: I779ea60e6d726d042203fa0756d73b4af079d728
|
|
class for smtp vs. smtpd tls configurations
Change-Id: Ic1cc560c76924fcbbc15e245bec7b78ac2de83d3
|
|
wrapper mode on the smtps port 465 now (#4366)
enable the missing smtpd_helo_restrictions for smtps
Change-Id: Iac497369d65c5ad8fd7e93e6fcabb830b855b4f6
|
|
Change-Id: I4ffb5b9203741d1152dfd93ef9ecc45f6a6088d4
|
|
Change-Id: I547b99becb8b16fec0ac89f06fb6d833cbde3c2b
|
|
|
|
|
|
|
|
implementing RFC2142 and more (#3602)
Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa
|
|
a file of arbitrary length (#4012)
Neither Postfix nor OpenSSL actually care about the size of the prime in
"smtpd_tls_dh1024_param_file". You can make it 2048 bits
Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
|
|
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later
SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems.
Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
|
|
|
|
a file of arbitrary length (#4012)
Neither Postfix nor OpenSSL actually care about the size of the prime in
"smtpd_tls_dh1024_param_file". You can make it 2048 bits
Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
|
|
smtpd_tls_dh1024_param file, after generating it (#3953)
Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5
|
|
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206
|
|
|
|
|
|
|
|
#3667)
|
|
Conflicts:
puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
Change-Id: I51555935f9d9409e45809d6df021b10e926ea520
|
|
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694)
Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
|
|
not sending a HELO (#3693)
Change-Id: I6a7338136a53e16962a070826493139fa3307df7
|
|
to the more restrictive TLS wrapper mode
Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
|
|
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port
move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions
make a note about the permit_tls_all_clientcerts being something that we don't want in the future
remove check_sender_access check which was doing an unnecessary lookup
Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc
|
|
|
|
|
|
|
|
|
|
Conflicts:
provider_base/services/mx.json
puppet/manifests/site.pp
puppet/modules/site_mx/manifests/init.pp
puppet/modules/site_postfix/manifests/mx.pp
Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419
|
|
|
