andryyy
081602def9
[Postfix] Client rcpt rate limit set to 50
2020-01-18 16:32:41 +01:00
andryyy
ad1f243667
[Postfix] Set CA path for smtpd
...
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
andryyy
57003a8215
[Postfix] Update Postscreen whitelist
2019-12-15 22:04:45 +01:00
andryyy
6564944f7a
[Postfix] Add bl.suomispam.net
2019-12-06 16:15:04 +01:00
andryyy
eeda59e048
[Postfix] Add more service labels, thanks to @christianbur
2019-11-24 15:35:56 +01:00
andryyy
5d7e365592
[Postfix] Remove test var
2019-11-24 15:23:16 +01:00
andryyy
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
...
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
andryyy
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:17:14 +01:00
andryyy
c4656e00fd
[Postfix] Add hint for custom_transport.pcre
2019-11-12 20:50:21 +01:00
andryyy
e1fdbba0f7
[Postfix] Add custom_transport.pcre
2019-11-12 20:44:43 +01:00
Marcel Hofer
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
andryyy
8f7693ccdb
[Postfix] Update postscreen_access
2019-10-04 08:43:59 +02:00
André Peters
37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
...
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
Max Uetrecht
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-22 17:38:03 +02:00
andryyy
b5d169cf90
[Postfix] Fix anonymize headers...
2019-09-19 06:48:21 +02:00
friedPotat0
ea8c002eff
update postscreen whitelist
2019-09-18 15:30:43 +02:00
andryyy
b3c2f683cb
[Postfix] Adjustments for RBL
2019-09-18 07:58:54 +02:00
friedPotat0
58cbf2c9c8
update postscreen whitelist by using postwhite
2019-09-17 21:27:17 +02:00
MAGIC
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons
2019-09-09 21:37:49 +02:00
andryyy
87e99e53d9
[Postfix] Fix anonymize headers
2019-09-08 10:29:06 +02:00
andryyy
8608ded0ed
[Postfix] Replace Postcow header, remove authed user
2019-09-06 08:02:52 +02:00
andryyy
0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard
2019-09-04 23:07:35 +02:00
andryyy
1495bda2e1
[Postfix] Add info about extra.cf
2019-09-02 18:39:08 +02:00
andryyy
1bdf861177
[Postfix] Add comments to config files, cleanup a bit
2019-09-02 09:31:30 +02:00
andryyy
abf33b75f4
[Postfix] Remove Zeyple config
2019-08-25 16:00:33 +02:00
andryyy
a2386434fd
[Postfix] More RBLs, lower thresholds
2019-08-16 22:17:28 +02:00
andryyy
217da8c7fc
[Postfix] Reduce threshold to 4, format list
2019-08-16 07:55:17 +02:00
andryyy
1b3a5d54ca
[Postfix] Reduce RBL threshold
...
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
andryyy
9e0381185c
[Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple
2019-08-09 14:10:31 +02:00
André Peters
e00a18ab95
Update anonymize_headers.pcre
2019-07-26 07:18:58 +02:00
andryyy
9de821c3b0
[Postfix] Don't remove authed header from Received
...
[Compose] New watchdog image
2019-07-26 06:53:29 +02:00
andryyy
3c3bcf8c82
[Postfix] Set compatibility_level to 2
2019-07-13 14:44:17 +02:00
andryyy
2898aa6918
[Postfix] Remove unused alias domain catch all map
2019-07-13 08:59:32 +02:00
andryyy
ffb008f72a
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-06-09 16:50:04 +02:00
andryyy
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps
2019-06-09 16:49:02 +02:00
dofl
fa4c4b138e
Update main.cf
...
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time ) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days.
There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared ), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl
d5eeb3e8af
Update main.cf
...
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.
RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender up; the give-up time generally needs to be at least 4-5 days. It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages.
Postfix default is also 5 days: http://www.postfix.org/postconf.5.html
https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
andryyy
af46a93e76
[Postfix] Remove authed user from header
2019-06-01 22:14:48 +02:00
andryyy
aaf0d521a2
[Postfix] Add UA header check, not enabled by default
2019-06-01 08:29:53 +02:00
andryyy
2757c6b5fe
[Postfix] Do not allow DSN for postscreen
2019-05-27 19:32:41 +02:00
andryyy
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
...
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
andryyy
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP
2019-03-03 12:11:39 +01:00
andryyy
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2
2019-03-03 12:09:10 +01:00
andryyy
ae512018a8
[Postfix] Remove sasl requiring policies from port 25
2019-02-26 21:37:08 +01:00
andryyy
c57a544c52
[Postfix] Disable auth on port 25
2019-02-05 10:35:32 +01:00
andryyy
bcd6e43665
[Postfix] Remove verbose flag from smtp service
2018-12-19 12:16:36 +01:00
andryyy
cd72a4e18b
[Postfix] Split SASL passwd maps
...
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
andryyy
497b6a39de
[Postfix] Add missing regexp map, fixes #2083
2018-12-11 17:16:53 +01:00
andryyy
9b1f51ae3f
[Git] Add allow_mailcow_local.regexp and dovecot-master.userdb
2018-12-10 23:26:28 +01:00
André Peters
a13c2c9359
Merge pull request #1949 from patschi/patch-1
...
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
andryyy
bf71f9b600
[Postfix] Add tls_preempt_cipherlist to SMTPS
2018-10-27 13:22:29 +02:00
Patrik Kernstock
1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
...
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
andryyy
5f02c6006c
[Postfix] Do not remove user agent
2018-10-23 23:22:43 +02:00
André
93e0206db4
[Update] Remove mailcow_anonymize_headers.pcre checks
...
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
André
66d8f33aac
[Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911
2018-10-23 21:55:55 +02:00
André
8958449e76
[Postfix] Remove headers only when mail_name matches
2018-10-16 20:11:21 +02:00
André
d99b8aaf69
[Postfix] Change mail_name to Postcow and only replace headers when mail_name matches
2018-10-16 10:26:41 +02:00
André
a844adde0f
[Postfix] Add mailcow_anonymize_headers to default config
2018-10-15 20:52:06 +02:00
André
f6b2a6aab2
[Postfix] Enable/create smtp_tls_policy_maps
2018-10-04 14:34:34 +02:00
André
b8ebdc3c58
[Postfix] Increase default message size limit to 100 MiB
2018-10-01 22:06:20 +02:00
André
fa0b351da6
[Postfix] smtpd_tls_eecdh_grade = auto
2018-07-11 22:10:32 +02:00
André Peters
bca8920679
Revert "[Postfix] Default SMTP server security grade for EECDH key exchange"
2018-06-27 23:28:54 +02:00
elcore
c386dfc11d
[Postfix] Default SMTP server security grade for EECDH key exchange
2018-06-27 03:39:54 +02:00
André
a5d40a4ab6
[Postfix] Re-enable TLS 1, 1.1 and some ciphers - real-world tests have shown this setup uses TOO MANY plain text sessions due to compatibility issues
2018-06-25 22:31:23 +02:00
André
30cea1da9a
[SOGo] Increase workers count to 20
...
[Postfix] Add extended TLS header
[Web] Increase timeout to 10 for docker API connections
[Postfix] Add perl package
2018-04-26 14:08:45 +02:00
André Peters
4405cb3e74
Merge pull request #953 from mkuron/recipient_map
...
Expose Postfix's recipient_canonical_maps through web UI
2018-01-28 11:09:22 +01:00
andre.peters
1f08e9a7b7
[Postfix] Fixes #967 (assign correct local network range for mynetworks)
2018-01-27 18:13:35 +01:00
Michael Kuron
c30448c4d8
Merge branch 'master' of https://github.com/andryyy/mailcow-dockerized into recipient_map
...
Conflicts:
data/web/inc/init_db.inc.php
2018-01-27 17:22:08 +01:00
andre.peters
c9b3044d5d
[Postfix] Allow internal IPv6 networks
2018-01-24 08:37:27 +01:00
Michael Kuron
e86565e283
Expose Postfix's recipient_canonical_maps through web UI
2018-01-23 20:02:31 +01:00
andre.peters
c8f41cdae2
[Postfix] Listener for quarantaine, remove excluded Docker gw from mynetworks
2017-12-09 09:07:06 +01:00
André
3ec3a341e4
[Postfix] Remove gw from mynetworks in case of ipv6 failures
2017-11-21 09:33:43 +01:00
André
ade4b9e7ae
[Postfix, Web] Feature: BCC maps
2017-11-19 15:13:43 +01:00
andryyy
57484e4a45
[Postfix] Log all watchdog activities to local7 facility
2017-10-11 11:21:41 +02:00
andryyy
073c6c6e73
[Postfix/Rspamd] Do not reject unauthenticated sender mismatches but rewrite their subject and assign symbol SPOOFED_SENDER with score 1.0
2017-10-04 23:16:39 +02:00
andryyy
edb2be979b
[Postfix] Changes to ignore watchdog checks
2017-09-21 19:25:43 +02:00
andryyy
719aa1a391
[Postfix] Fix protocols
2017-09-18 10:59:45 +02:00
andryyy
67056dc3d1
[Postfix] Less strict smtpd_tls_mandatory_protocols
2017-09-18 08:24:24 +02:00
andryyy
089e8776f5
[Postfix] Stricter TLS settings for mandatory connections
2017-09-14 13:34:23 +02:00
andryyy
83d485dd94
[Web, Postfix, Compose] Allow to add relayhosts per domain (+ plain and login authentication)
2017-07-22 20:39:54 +02:00
andryyy
036c51f053
Prefere ipv4 to fix problems on v4-only envs
2017-06-19 10:39:14 +02:00
andryyy
c9318ecf83
Switch to Rspamds milter interface
2017-06-06 21:59:44 +02:00
andryyy
9965ff10a7
Fix mynetworks: Add mailcow ipv6 network
2017-05-17 22:38:59 +02:00
andryyy
755da65426
Change path
2017-04-23 19:38:27 +02:00
andryyy
55f6384f2a
Change to hostname, connection is not important for container start
2017-04-23 17:43:29 +02:00
Michael Kuron
894d6234e9
Improvements to forwarding hosts in Postfix
...
- No more premature EOF and no more leaking of bash processes
- Log result
- Correctly treat non-CIDR entries
- Adapt to schema change from df71e97
- Correctly report SQL failure
2017-04-22 14:28:51 +02:00
Michael Kuron
a75d916b74
Forwarding hosts in postscreen
2017-04-17 15:51:50 +02:00
andryyy
d0d87ead49
Zeyple is not enabled by default
2017-04-10 13:16:40 +02:00
andryyy
96c1a7c225
Open 10026 for Zeyple
2017-04-05 22:21:20 +02:00
andryyy
34bc242554
Add Zeyple filter
2017-04-05 22:19:01 +02:00
andryyy
276e370989
Rspamd tag check for non-spam only (post-filter), remove sql files from repository"
2017-03-08 17:58:00 +01:00
andryyy
8175a0387f
Change wording
2017-03-02 09:12:43 +01:00
andryyy
41d771e780
Aliases do not match alias domains
2017-03-01 17:59:46 +01:00
André Peters
a6c6e34fe9
Update mysql_virtual_sender_acl.cf
2017-02-12 19:28:52 +01:00
andryyy
c73cc42a95
Handle alias domains the same way as their parents in sender_acl, thanks to @tehXor
2017-02-11 20:54:14 +01:00
andryyy
0630c882ee
When TLS is enforced for incoming mails, allow mynetworks and sasl authenticated users
2017-01-25 19:04:31 +01:00
andryyy
54de192334
Add mydestination to prevent hostname == domain situations
2017-01-23 08:23:59 +01:00
andryyy
86a8dc195e
Change ciphers
2017-01-09 20:22:44 +01:00
andryyy
b6c95e2bd6
Add local networks
2016-12-22 12:20:17 +01:00
andryyy
036d547415
Fix forwarding in sieve
2016-12-21 09:50:54 +01:00