| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
| 2013-09-03 | fix $master_cf_tail format | varac | |
| 2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
| #3667) | |||
| 2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
| Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
| 2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
| admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
| 2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
| not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 | |||
| 2013-09-02 | disable postfix debugging by default | varac | |
| 2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
| to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
| 2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
| smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
| 2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
| over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
| 2013-08-29 | fix smtpd mail restrictions (Feature #3166) | varac | |
| 2013-08-29 | Deploy postfix with an empty main.cf as beginning (Feature #3584) | varac | |
| 2013-08-28 | SMTP checks (Feature #2304) | varac | |
| 2013-08-28 | integrate manual postfix config changes in puppet (Feature #3538) | varac | |
| 2013-08-28 | added site_postfix::debug for debugging (#3538) | varac | |
| 2013-07-31 | use smtpd_tls_security_level = may in postfix config (Bug #3348) | varac | |
| 2013-07-26 | Merge branch 'varac/feature/mx' into feature/leap_mx | Micah Anderson | |
| Conflicts: provider_base/services/mx.json puppet/manifests/site.pp puppet/modules/site_mx/manifests/init.pp puppet/modules/site_postfix/manifests/mx.pp Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419 | |||
| 2013-07-25 | beginning of smtp_auth config with client certs | varac | |
| 2013-07-25 | smtpd_recipient_restrictions: +permit_tls_all_clientcerts | varac | |
| 2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
| 2013-07-25 | using alias resolver | varac | |
| 2013-07-25 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
| 2.7 updates update site_postfix::mx to use parameterized classes | |||
| 2013-07-25 | Configure Postfix for incoming mails (Feature #2269) | varac | |
| 2013-07-25 | smtpd_checks: smtpd_delay_reject | varac | |
| 2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
| 2013-07-25 | using alias resolver | varac | |
| 2013-07-25 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
| 2.7 updates update site_postfix::mx to use parameterized classes | |||
| 2013-07-25 | Configure Postfix for incoming mails (Feature #2269) | varac | |
| 2013-07-25 | hiera variable mx.contact -> postfix $root_mail_recipient | varac | |
| 2013-07-25 | added basic site_postfix::mx config | varac | |
| 2013-07-15 | fix smtpd_recipient_restrictions, debug connections from localhost | varac | |
| 2013-07-10 | added tls support, including smtp auth via client cert | varac | |
| 2013-07-09 | beginning of smtp_auth config with client certs | varac | |
| 2013-07-09 | smtpd_recipient_restrictions: +permit_tls_all_clientcerts | varac | |
| 2013-07-09 | smtpd_checks: smtpd_delay_reject | varac | |
| 2013-07-09 | smtpd_checks: smtpd_data_restrictions | varac | |
| 2013-07-09 | using alias resolver | varac | |
| 2013-07-09 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
| 2.7 updates update site_postfix::mx to use parameterized classes | |||
| 2013-07-09 | Configure Postfix for incoming mails (Feature #2269) | varac | |
| 2013-07-09 | hiera variable mx.contact -> postfix $root_mail_recipient | varac | |
| 2013-07-09 | added basic site_postfix::mx config | varac | |
 |
index : leap_platform.git | |
| [leap_platform] | git repository hosting |
| summaryrefslogtreecommitdiff |