Age | Commit message (Collapse) | Author |
|
whitelisting (#3625)
Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
|
|
|
|
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8
|
|
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54
|
|
|
|
|
|
Change-Id: Ib701886ad26c5e39ccd669fadca81404b5c0426a
|
|
Valid users submitting mail to be delivered should not be blocked by
configured RBLs.
Settings in main.cf are valid and used globally, unless they are
overridden in master.cf for specific Postfix daemons. We have set in
main.cf the smtp_client_restrictions parameter to check for configured
rbls, so we need to override that and empty it in order to allow valid
clients to send mail, even when their IP is listed in an RBL.
Note: most users will typically be connecting via VPN, so their IP would
typically be replaced by the VPN gateway one, but there are cases where
this is still useful.
Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
|
|
The openpgp header added by the client is sometimes incorrect, because
the client doesn't actually know what the proper URL is for the
webapp. The server knows, however.
Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac
|
|
|
|
Set zen.spamhaus as the default rbl
Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
|
|
/ect/aliases #6829
We began to recieve spam for vmail@DOMAIN. So we want to block
inbound mail to local system users. However, users in the /etc/aliases
file are still accepted on inbound mail - see
https://leap.se/code/issues/6909 for a follow up.
Change-Id: I03d3014984c4bd27f90147125fb037b68716624d
|
|
Change-Id: I029ffabd33299a5b42e5f262e372eafb6272d094
|
|
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935
|
|
smtp_tls_security_level of 'encrypt', so it is not optional (#1902)
Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16
|
|
because the DNS lookup is either impossible (.local domain), or
incorrect (certain openstack/amazon/piston cloud configurations create
this setup when the relayhost is in the same cluster as the satellite).
Fixes #5225
Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1
|
|
the mynetworks parameter. Previously we only allowed other mx servers to
relay to each other, but this prevents system mail from non-mx nodes
from getting out.
Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343)
Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b
|
|
|
|
Helo as the domain (#4495)
Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261
|
|
Change-Id: I959fa40ff508bbeaf7baa0b6ba90c10c9e6b0ef7
|
|
Change-Id: I779ea60e6d726d042203fa0756d73b4af079d728
|
|
class for smtp vs. smtpd tls configurations
Change-Id: Ic1cc560c76924fcbbc15e245bec7b78ac2de83d3
|
|
wrapper mode on the smtps port 465 now (#4366)
enable the missing smtpd_helo_restrictions for smtps
Change-Id: Iac497369d65c5ad8fd7e93e6fcabb830b855b4f6
|
|
Change-Id: I4ffb5b9203741d1152dfd93ef9ecc45f6a6088d4
|
|
Change-Id: I547b99becb8b16fec0ac89f06fb6d833cbde3c2b
|
|
|
|
|
|
|
|
|
|
|
|
implementing RFC2142 and more (#3602)
Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa
|
|
a file of arbitrary length (#4012)
Neither Postfix nor OpenSSL actually care about the size of the prime in
"smtpd_tls_dh1024_param_file". You can make it 2048 bits
Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
|
|
Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0
|
|
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later
SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems.
Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
|
|
|
|
a file of arbitrary length (#4012)
Neither Postfix nor OpenSSL actually care about the size of the prime in
"smtpd_tls_dh1024_param_file". You can make it 2048 bits
Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
|
|
smtpd_tls_dh1024_param file, after generating it (#3953)
Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5
|
|
default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869)
Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6
|
|
|
|
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206
|
|
|
|
Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd
|
|
cipher used as well as the client and issuer CommonName into the "Received:" header
Also, clean up the parameters to standardize them
Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#3667)
|