7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,848 Commits 18 Branches 41 Tags
56c4353edb242ce04736d0622685a52ed8c49e8c
Commit Graph

89 Commits

Author SHA1 Message Date
andryyy
68f9ca8cb0 [Postfix] Remove broken SASL access map, moved to Dovecot LUA authentication 2021-06-08 13:13:49 +02:00
andryyy
51e3521aac [Postfix] Remove smtpd_last_auth service; replaced by SASL logging in Dovecot LUA auth process 2021-06-04 14:29:28 +02:00
andryyy
c8955284a2 [Rspamd] Create BCC plugin 2021-06-03 08:02:03 +02:00
andryyy
8a83587800 [Postfix] Finally here: MX based transport map routing; Sorry it took years, Patrik 
[Web] Small fixes
 2021-05-28 10:40:41 +02:00
andryyy
604f29e870 [Postfix] Set mynetworks_style = subnet to include all local subnets, will be overridden by mynetworks in extra.cf 2021-04-07 21:28:53 +02:00
ValdikSS
b52fa1146a Unset Postfix smtpd_tls_session_cache_database, reduce disk writes (#3981) 
Postfix may update smtpd_tls_session_cache_database quite frequently even on not busy server, which leads to unnecessary (excessive) disk writes, which is an issue for SSD.
Postfix documentation suggests not to use this parameter anymore since there's another, better TLS session resumption method available.

>As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets, which don't require server-side storage. Consequently, for Postfix ≥ 2.11 this parameter should generally be left empty.

http://www.postfix.org/postconf.5.html#smtpd_tls_session_cache_database
 2021-02-16 11:01:27 +01:00
andryyy
00723631dd [Postfix] Add parent_domain_matches_subdomains 2021-01-13 21:17:10 +01:00
andryyy
881f558e48 [Postfix] Add sasl check to deny specific users from using smtp relay 2020-09-17 19:44:52 +02:00
andryyy
1f36ae28d4 [Postfix, Web] Feature: Show last SMTP login 2020-09-15 11:02:53 +02:00
Dmitriy Alekseev
72387a4a48 Disable SMTPUTF8 in Postfix due Dovecot-LMTP isn't support it (#3680) 
SMTPUTF8 to work correctly must be done end-to-end. Leaving it enabled now when LMTP cant receive such email gives more issues then profit.
 2020-07-29 13:42:39 +02:00
andryyy
75f4b77bc2 [Postfix] Remove smtpd_tls_CAfile, fixes #3589 2020-06-04 16:23:41 +02:00
andryyy
6a95d217b4 [Postfix] Remove obsolete comment 2020-05-21 21:55:43 +02:00
Igor Scheller
16b2a2c055 [Postfix] Set smtp_address_preference to any (#3561) 
Closes https://github.com/mailcow/mailcow-dockerized/issues/3560
 2020-05-21 19:28:35 +02:00
Florian Lindner
4519f460b4 Remove obsolete setting smtpd_use_tls. (#3548) 
See http://www.postfix.org/postconf.5.html#smtpd_use_tls. It is
controlled by smtpd_tls_security_level, which is set to may.

Co-authored-by: Florian Lindner <florian.lindner@ipvs.uni-stuttgart.de>
 2020-05-18 14:22:21 +02:00
Aaron
1f00887f91 Fix inconsistent spacing in dovecot/dovecot.conf and postfix/main.cf (#3511) 
* Fix inconsistent spacing in dovecot.conf

* Fix inconsistent spacing in main.cf
 2020-04-30 18:22:21 +02:00
andryyy
ef0b40085b [Postfix] Allow to relay only non-local mailboxes 2020-04-03 20:39:53 +02:00
andryyy
1d0e8a9497 [Postfix] Remove default rcpt count limit 2020-03-09 13:26:52 +01:00
andryyy
b5c844d704 [Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps 2020-02-12 10:36:54 +01:00
andryyy
82c094c77c [Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313 2020-02-06 08:28:05 +01:00
andryyy
081602def9 [Postfix] Client rcpt rate limit set to 50 2020-01-18 16:32:41 +01:00
andryyy
ad1f243667 [Postfix] Set CA path for smtpd 
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
 2020-01-05 11:21:04 +01:00
andryyy
6564944f7a [Postfix] Add bl.suomispam.net 2019-12-06 16:15:04 +01:00
andryyy
5d7e365592 [Postfix] Remove test var 2019-11-24 15:23:16 +01:00
andryyy
4a36eb014c [Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur 
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
 2019-11-24 14:18:27 +01:00
andryyy
2e972fb03b [Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:17:14 +01:00
andryyy
c4656e00fd [Postfix] Add hint for custom_transport.pcre 2019-11-12 20:50:21 +01:00
andryyy
e1fdbba0f7 [Postfix] Add custom_transport.pcre 2019-11-12 20:44:43 +01:00
Marcel Hofer
2e35da6816 [SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx 2019-10-19 12:48:56 +02:00
Max Uetrecht
bbe396d3c2 [Postfix] Add NO_RENEGOTIATION to tls_ssl_options 2019-09-22 17:38:03 +02:00
andryyy
b3c2f683cb [Postfix] Adjustments for RBL 2019-09-18 07:58:54 +02:00
MAGIC
b272ed04a0 [Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons 2019-09-09 21:37:49 +02:00
andryyy
1495bda2e1 [Postfix] Add info about extra.cf 2019-09-02 18:39:08 +02:00
andryyy
1bdf861177 [Postfix] Add comments to config files, cleanup a bit 2019-09-02 09:31:30 +02:00
andryyy
a2386434fd [Postfix] More RBLs, lower thresholds 2019-08-16 22:17:28 +02:00
andryyy
217da8c7fc [Postfix] Reduce threshold to 4, format list 2019-08-16 07:55:17 +02:00
andryyy
1b3a5d54ca [Postfix] Reduce RBL threshold 
We should move more RBL checks to Postfix
 2019-08-16 07:46:19 +02:00
andryyy
9e0381185c [Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple 2019-08-09 14:10:31 +02:00
andryyy
3c3bcf8c82 [Postfix] Set compatibility_level to 2 2019-07-13 14:44:17 +02:00
andryyy
2898aa6918 [Postfix] Remove unused alias domain catch all map 2019-07-13 08:59:32 +02:00
andryyy
ffb008f72a Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-06-09 16:50:04 +02:00
andryyy
de3a89ac7a [Postfix] Remove duplicate proxy read maps, add resource maps 2019-06-09 16:49:02 +02:00
dofl
fa4c4b138e Update main.cf 
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days. 

There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
 2019-06-09 07:39:36 +02:00
dofl
d5eeb3e8af Update main.cf 
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.

RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender  up;  the give-up time generally needs to be at least 4-5 days.  It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages. 

Postfix default is also 5 days: http://www.postfix.org/postconf.5.html

https://tools.ietf.org/html/rfc5321#section-4.5.4
 2019-06-08 15:10:46 +02:00
andryyy
2757c6b5fe [Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy
9abbe7eb1d [Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only) 
[Postfix] Force route localhost$ over local:
 2019-03-06 15:09:28 +01:00
andryyy
0375703198 [Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP 2019-03-03 12:11:39 +01:00
andryyy
eccf3ff4da [Postfix] Mandatory encryption protocol is now min. TLS 1.2 2019-03-03 12:09:10 +01:00
andryyy
cd72a4e18b [Postfix] Split SASL passwd maps 
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
 2018-12-19 09:40:08 +01:00
Patrik Kernstock
1dc9d3fa27 [Postfix] Security: Prefer server-side ciphers 
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
 2018-10-25 23:37:25 +02:00
André
93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks 
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
 2018-10-23 22:57:38 +02:00