Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
7,372 Commits 2 Branches 0 Tags 47 MiB
45666d2c4e
Commit Graph

179 Commits

Author SHA1 Message Date
andryyy
1bad74101f
[Postfix] Add listener for BCC sender used by meta_exporter in Rspamd 2021-05-30 16:08:19 +02:00
andryyy
8a83587800
[Postfix] Finally here: MX based transport map routing; Sorry it took years, Patrik 
[Web] Small fixes
 2021-05-28 10:40:41 +02:00
andryyy
604f29e870
[Postfix] Set mynetworks_style = subnet to include all local subnets, will be overridden by mynetworks in extra.cf 2021-04-07 21:28:53 +02:00
ValdikSS
b52fa1146a
Unset Postfix smtpd_tls_session_cache_database, reduce disk writes (#3981) 
Postfix may update smtpd_tls_session_cache_database quite frequently even on not busy server, which leads to unnecessary (excessive) disk writes, which is an issue for SSD.
Postfix documentation suggests not to use this parameter anymore since there's another, better TLS session resumption method available.

>As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets, which don't require server-side storage. Consequently, for Postfix ≥ 2.11 this parameter should generally be left empty.

http://www.postfix.org/postconf.5.html#smtpd_tls_session_cache_database
 2021-02-16 11:01:27 +01:00
andryyy
00723631dd
[Postfix] Add parent_domain_matches_subdomains 2021-01-13 21:17:10 +01:00
Dmitriy Alekseev
9ba1d4626d
[Postfix] Anonymize sender IP for mail sent locally (#3811) 
This commit resolve #3723
 2020-10-17 09:06:38 +02:00
andryyy
881f558e48
[Postfix] Add sasl check to deny specific users from using smtp relay 2020-09-17 19:44:52 +02:00
andryyy
1f36ae28d4
[Postfix, Web] Feature: Show last SMTP login 2020-09-15 11:02:53 +02:00
Dmitriy Alekseev
72387a4a48
Disable SMTPUTF8 in Postfix due Dovecot-LMTP isn't support it (#3680) 
SMTPUTF8 to work correctly must be done end-to-end. Leaving it enabled now when LMTP cant receive such email gives more issues then profit.
 2020-07-29 13:42:39 +02:00
andryyy
0cfdd763f8
[Feature] Add HAProxy listeners and an example override file 2020-07-04 19:30:40 +02:00
andryyy
75f4b77bc2
[Postfix] Remove smtpd_tls_CAfile, fixes #3589 2020-06-04 16:23:41 +02:00
andryyy
6a95d217b4
[Postfix] Remove obsolete comment 2020-05-21 21:55:43 +02:00
Dmitriy Alekseev
d5ed0c0368
Update anonymize_headers.pcre (#3563) 
Added anonymization for Sieve and changed regex for Rspamd to look same as new Sieve regex
 2020-05-21 20:04:03 +02:00
Igor Scheller
16b2a2c055
[Postfix] Set smtp_address_preference to any (#3561) 
Closes https://github.com/mailcow/mailcow-dockerized/issues/3560
 2020-05-21 19:28:35 +02:00
Dmitriy Alekseev
4b22bd1dea
Update anonymize_headers.pcre (#3553) 
* Update anonymize_headers.pcre

Change Received by for Rspamd with Dmarc Reporting module enabled.

* Update anonymize_headers.pcre

Co-authored-by: André Peters <andre.peters@debinux.de>
 2020-05-20 11:51:00 +02:00
Florian Lindner
4519f460b4
Remove obsolete setting smtpd_use_tls. (#3548) 
See http://www.postfix.org/postconf.5.html#smtpd_use_tls. It is
controlled by smtpd_tls_security_level, which is set to may.

Co-authored-by: Florian Lindner <florian.lindner@ipvs.uni-stuttgart.de>
 2020-05-18 14:22:21 +02:00
Aaron
1f00887f91
Fix inconsistent spacing in dovecot/dovecot.conf and postfix/main.cf (#3511) 
* Fix inconsistent spacing in dovecot.conf

* Fix inconsistent spacing in main.cf
 2020-04-30 18:22:21 +02:00
andryyy
ef0b40085b
[Postfix] Allow to relay only non-local mailboxes 2020-04-03 20:39:53 +02:00
andryyy
1d0e8a9497
[Postfix] Remove default rcpt count limit 2020-03-09 13:26:52 +01:00
andryyy
b9d7519ec2
[Postfix] Set empty HELO restrictions for quarantine smtpd 2020-02-21 08:53:23 +01:00
andryyy
b5c844d704
[Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps 2020-02-12 10:36:54 +01:00
andryyy
82c094c77c
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313 2020-02-06 08:28:05 +01:00
andryyy
081602def9
[Postfix] Client rcpt rate limit set to 50 2020-01-18 16:32:41 +01:00
andryyy
ad1f243667
[Postfix] Set CA path for smtpd 
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
 2020-01-05 11:21:04 +01:00
andryyy
57003a8215 [Postfix] Update Postscreen whitelist 2019-12-15 22:04:45 +01:00
andryyy
6564944f7a
[Postfix] Add bl.suomispam.net 2019-12-06 16:15:04 +01:00
andryyy
eeda59e048
[Postfix] Add more service labels, thanks to @christianbur 2019-11-24 15:35:56 +01:00
andryyy
5d7e365592
[Postfix] Remove test var 2019-11-24 15:23:16 +01:00
andryyy
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur 
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
 2019-11-24 14:18:27 +01:00
andryyy
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:17:14 +01:00
andryyy
c4656e00fd
[Postfix] Add hint for custom_transport.pcre 2019-11-12 20:50:21 +01:00
andryyy
e1fdbba0f7
[Postfix] Add custom_transport.pcre 2019-11-12 20:44:43 +01:00
Marcel Hofer
2e35da6816 [SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx 2019-10-19 12:48:56 +02:00
andryyy
8f7693ccdb
[Postfix] Update postscreen_access 2019-10-04 08:43:59 +02:00
André Peters
37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite 
update postscreen whitelist by using postwhite
 2019-10-04 08:41:29 +02:00
Max Uetrecht
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options 2019-09-22 17:38:03 +02:00
andryyy
b5d169cf90
[Postfix] Fix anonymize headers... 2019-09-19 06:48:21 +02:00
friedPotat0
ea8c002eff update postscreen whitelist 2019-09-18 15:30:43 +02:00
andryyy
b3c2f683cb
[Postfix] Adjustments for RBL 2019-09-18 07:58:54 +02:00
friedPotat0
58cbf2c9c8 update postscreen whitelist by using postwhite 2019-09-17 21:27:17 +02:00
MAGIC
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons 2019-09-09 21:37:49 +02:00
andryyy
87e99e53d9
[Postfix] Fix anonymize headers 2019-09-08 10:29:06 +02:00
andryyy
8608ded0ed
[Postfix] Replace Postcow header, remove authed user 2019-09-06 08:02:52 +02:00
andryyy
0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard 2019-09-04 23:07:35 +02:00
andryyy
1495bda2e1
[Postfix] Add info about extra.cf 2019-09-02 18:39:08 +02:00
andryyy
1bdf861177 [Postfix] Add comments to config files, cleanup a bit 2019-09-02 09:31:30 +02:00
andryyy
abf33b75f4
[Postfix] Remove Zeyple config 2019-08-25 16:00:33 +02:00
andryyy
a2386434fd
[Postfix] More RBLs, lower thresholds 2019-08-16 22:17:28 +02:00
andryyy
217da8c7fc
[Postfix] Reduce threshold to 4, format list 2019-08-16 07:55:17 +02:00
andryyy
1b3a5d54ca [Postfix] Reduce RBL threshold 
We should move more RBL checks to Postfix
 2019-08-16 07:46:19 +02:00
andryyy
9e0381185c [Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple 2019-08-09 14:10:31 +02:00
André Peters
e00a18ab95
Update anonymize_headers.pcre 2019-07-26 07:18:58 +02:00
andryyy
9de821c3b0
[Postfix] Don't remove authed header from Received 
[Compose] New watchdog image
 2019-07-26 06:53:29 +02:00
andryyy
3c3bcf8c82
[Postfix] Set compatibility_level to 2 2019-07-13 14:44:17 +02:00
andryyy
2898aa6918
[Postfix] Remove unused alias domain catch all map 2019-07-13 08:59:32 +02:00
andryyy
ffb008f72a Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-06-09 16:50:04 +02:00
andryyy
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps 2019-06-09 16:49:02 +02:00
dofl
fa4c4b138e
Update main.cf 
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days. 

There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
 2019-06-09 07:39:36 +02:00
dofl
d5eeb3e8af
Update main.cf 
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.

RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender  up;  the give-up time generally needs to be at least 4-5 days.  It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages. 

Postfix default is also 5 days: http://www.postfix.org/postconf.5.html

https://tools.ietf.org/html/rfc5321#section-4.5.4
 2019-06-08 15:10:46 +02:00
andryyy
af46a93e76
[Postfix] Remove authed user from header 2019-06-01 22:14:48 +02:00
andryyy
aaf0d521a2
[Postfix] Add UA header check, not enabled by default 2019-06-01 08:29:53 +02:00
andryyy
2757c6b5fe
[Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only) 
[Postfix] Force route localhost$ over local:
 2019-03-06 15:09:28 +01:00
andryyy
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP 2019-03-03 12:11:39 +01:00
andryyy
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2 2019-03-03 12:09:10 +01:00
andryyy
ae512018a8
[Postfix] Remove sasl requiring policies from port 25 2019-02-26 21:37:08 +01:00
andryyy
c57a544c52
[Postfix] Disable auth on port 25 2019-02-05 10:35:32 +01:00
andryyy
bcd6e43665 [Postfix] Remove verbose flag from smtp service 2018-12-19 12:16:36 +01:00
andryyy
cd72a4e18b [Postfix] Split SASL passwd maps 
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
 2018-12-19 09:40:08 +01:00
andryyy
497b6a39de [Postfix] Add missing regexp map, fixes #2083 2018-12-11 17:16:53 +01:00
andryyy
9b1f51ae3f [Git] Add allow_mailcow_local.regexp and dovecot-master.userdb 2018-12-10 23:26:28 +01:00
André Peters
a13c2c9359
Merge pull request #1949 from patschi/patch-1 
[Postfix] Security: Prefer server-side ciphers
 2018-11-22 12:59:06 +01:00
andryyy
bf71f9b600 [Postfix] Add tls_preempt_cipherlist to SMTPS 2018-10-27 13:22:29 +02:00
Patrik Kernstock
1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers 
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
 2018-10-25 23:37:25 +02:00
andryyy
5f02c6006c [Postfix] Do not remove user agent 2018-10-23 23:22:43 +02:00
André
93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks 
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
 2018-10-23 22:57:38 +02:00
André
66d8f33aac [Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911 2018-10-23 21:55:55 +02:00
André
8958449e76 [Postfix] Remove headers only when mail_name matches 2018-10-16 20:11:21 +02:00
André
d99b8aaf69 [Postfix] Change mail_name to Postcow and only replace headers when mail_name matches 2018-10-16 10:26:41 +02:00
André
a844adde0f [Postfix] Add mailcow_anonymize_headers to default config 2018-10-15 20:52:06 +02:00
André
f6b2a6aab2 [Postfix] Enable/create smtp_tls_policy_maps 2018-10-04 14:34:34 +02:00
André
b8ebdc3c58 [Postfix] Increase default message size limit to 100 MiB 2018-10-01 22:06:20 +02:00
André
fa0b351da6 [Postfix] smtpd_tls_eecdh_grade = auto 2018-07-11 22:10:32 +02:00
André Peters
bca8920679
Revert "[Postfix] Default SMTP server security grade for EECDH key exchange" 2018-06-27 23:28:54 +02:00
elcore
c386dfc11d
[Postfix] Default SMTP server security grade for EECDH key exchange 2018-06-27 03:39:54 +02:00
André
a5d40a4ab6 [Postfix] Re-enable TLS 1, 1.1 and some ciphers - real-world tests have shown this setup uses TOO MANY plain text sessions due to compatibility issues 2018-06-25 22:31:23 +02:00
André
30cea1da9a [SOGo] Increase workers count to 20 
[Postfix] Add extended TLS header
[Web] Increase timeout to 10 for docker API connections
[Postfix] Add perl package
 2018-04-26 14:08:45 +02:00
André Peters
4405cb3e74
Merge pull request #953 from mkuron/recipient_map 
Expose Postfix's recipient_canonical_maps through web UI
 2018-01-28 11:09:22 +01:00
andre.peters
1f08e9a7b7 [Postfix] Fixes #967 (assign correct local network range for mynetworks) 2018-01-27 18:13:35 +01:00
Michael Kuron
c30448c4d8 Merge branch 'master' of https://github.com/andryyy/mailcow-dockerized into recipient_map 
Conflicts:
	data/web/inc/init_db.inc.php
 2018-01-27 17:22:08 +01:00
andre.peters
c9b3044d5d [Postfix] Allow internal IPv6 networks 2018-01-24 08:37:27 +01:00
Michael Kuron
e86565e283 Expose Postfix's recipient_canonical_maps through web UI 2018-01-23 20:02:31 +01:00
andre.peters
c8f41cdae2 [Postfix] Listener for quarantaine, remove excluded Docker gw from mynetworks 2017-12-09 09:07:06 +01:00
André
3ec3a341e4 [Postfix] Remove gw from mynetworks in case of ipv6 failures 2017-11-21 09:33:43 +01:00
André
ade4b9e7ae [Postfix, Web] Feature: BCC maps 2017-11-19 15:13:43 +01:00
andryyy
57484e4a45 [Postfix] Log all watchdog activities to local7 facility 2017-10-11 11:21:41 +02:00
andryyy
073c6c6e73 [Postfix/Rspamd] Do not reject unauthenticated sender mismatches but rewrite their subject and assign symbol SPOOFED_SENDER with score 1.0 2017-10-04 23:16:39 +02:00
andryyy
edb2be979b [Postfix] Changes to ignore watchdog checks 2017-09-21 19:25:43 +02:00
andryyy
719aa1a391 [Postfix] Fix protocols 2017-09-18 10:59:45 +02:00
andryyy
67056dc3d1 [Postfix] Less strict smtpd_tls_mandatory_protocols 2017-09-18 08:24:24 +02:00