| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-10-11 | class moved but forgot to rename | varac | |
| 2013-10-11 | move site_config::checks to site_config::mx::checks | varac | |
| 2013-10-11 | deploy postfix satellites on all nodes (Bug #1683) | varac | |
| 2013-10-10 | contacts is now a top-level hiera variable | varac | |
| 2013-10-10 | fix site_postfix::mx::reserved_aliases class name and package array | varac | |
| 2013-10-09 | setup email account 'blacklist' by configuring reserved aliases, effectively ↵ | Micah Anderson | |
| implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa | |||
| 2013-10-06 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3 | Micah Anderson | |
| a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
| 2013-10-06 | implement stripping user's home IPs from Received headers (#3866) | Micah Anderson | |
| Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0 | |||
| 2013-10-06 | only use TLSv1 or later for smtp (Feature #4011) | Micah Anderson | |
| Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f | |||
| 2013-10-03 | Merge branch 'feature/3953' into develop | Micah Anderson | |
| 2013-10-03 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵ | Micah Anderson | |
| a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
| 2013-10-02 | setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵ | Micah Anderson | |
| smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5 | |||
| 2013-09-26 | set myhostname in postfix the internet hostname of this mail system. The ↵ | Micah Anderson | |
| default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869) Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6 | |||
| 2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
| 2013-09-26 | Add client-side TLS configuration (#3868) | Micah Anderson | |
| Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206 | |||
| 2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
| 2013-09-26 | properly set the $smtps_recipient_restrictions variable in master.cf (#3935) | Micah Anderson | |
| Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd | |||
| 2013-09-25 | add smtp_tls_received_header to include information about the protocol and ↵ | Micah Anderson | |
| cipher used as well as the client and issuer CommonName into the "Received:" header Also, clean up the parameters to standardize them Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4 | |||
| 2013-09-24 | fix client_ca cert+key for mx service (Feature #3921) | varac | |
| 2013-09-24 | seperate cert and key deployment (#3918) | varac | |
| 2013-09-19 | only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) | varac | |
| 2013-09-18 | use x509 for postfix ca and fix names for cert+key (Feature #3833) | varac | |
| 2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
| 2013-09-03 | fix $master_cf_tail format | varac | |
| 2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
| #3667) | |||
| 2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
| Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
| 2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
| admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
| 2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
| not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 | |||
| 2013-09-02 | disable postfix debugging by default | varac | |
| 2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
| to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
| 2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
| smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
| 2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
| over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
| 2013-08-29 | fix smtpd mail restrictions (Feature #3166) | varac | |
| 2013-08-29 | Deploy postfix with an empty main.cf as beginning (Feature #3584) | varac | |
| 2013-08-28 | SMTP checks (Feature #2304) | varac | |
| 2013-08-28 | integrate manual postfix config changes in puppet (Feature #3538) | varac | |
| 2013-08-28 | added site_postfix::debug for debugging (#3538) | varac | |
| 2013-07-31 | use smtpd_tls_security_level = may in postfix config (Bug #3348) | varac | |
| 2013-07-26 | Merge branch 'varac/feature/mx' into feature/leap_mx | Micah Anderson | |
| Conflicts: provider_base/services/mx.json puppet/manifests/site.pp puppet/modules/site_mx/manifests/init.pp puppet/modules/site_postfix/manifests/mx.pp Change-Id: Ib2952f6cb972c40a998f20d7bbdb23bb35bef419 | |||
| 2013-07-25 | beginning of smtp_auth config with client certs | varac | |
| 2013-07-25 | smtpd_recipient_restrictions: +permit_tls_all_clientcerts | varac | |
| 2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
| 2013-07-25 | using alias resolver | varac | |
| 2013-07-25 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
| 2.7 updates update site_postfix::mx to use parameterized classes | |||
| 2013-07-25 | Configure Postfix for incoming mails (Feature #2269) | varac | |
| 2013-07-25 | smtpd_checks: smtpd_delay_reject | varac | |
| 2013-07-25 | smtpd_checks: smtpd_data_restrictions | varac | |
| 2013-07-25 | using alias resolver | varac | |
| 2013-07-25 | update postfix module to new shared version for parameterized classes, and other | Micah Anderson | |
| 2.7 updates update site_postfix::mx to use parameterized classes | |||
| 2013-07-25 | Configure Postfix for incoming mails (Feature #2269) | varac | |
 |
index : leap_platform.git | |
| [leap_platform] | git repository hosting |
| summaryrefslogtreecommitdiff |