71718f3b05
Add ECDSA support
...
This is a squashed commit of the following:
commit db8051bc234c5fa67aa87a7a94f9e89eaf0e7dac
Merge: 2634fdf0 04020685116c7919d90d4f96642647670846013ec1034b899685b4b5becc5059b933a3097fa10cc3a9947e99b5c844d7e6bb3069ff74b8aa4e8b2bfc1d1a9a27ea4da60c573e62f1#1 from mhofer117/tls-sni-ecdsa
Change line endings in functions.inc.php back to CRLF
commit c43161507bcb48750b865a657e6fe80c02812c83
Author: Marcel Hofer <m.hofer117@gmail.com>
Date: Sun Oct 20 19:02:17 2019 +0200
remove empty docker-entrypoint.sh
commit efd6cd1847f718900be72d20fa6361fda975bf1c
Merge: a2a0821a 6a6d6c4a
Author: Marcel Hofer <m.hofer117@gmail.com>
Date: Sun Oct 20 19:00:07 2019 +0200
Merge remote-tracking branch 'OpenLarry/add-ecdsa-support' into tls-sni-ecdsa
# Conflicts:
# data/Dockerfiles/acme/docker-entrypoint.sh
# data/conf/dovecot/dovecot.conf
# data/conf/nginx/site.conf
# data/conf/postfix/main.cf
# data/web/inc/ajax/dns_diagnostics.php
# data/web/inc/functions.inc.php
# docker-compose.yml
# generate_config.sh
# update.sh
commit a2a0821a38a55cb99ba1dd32383344ed6504f451
Merge: 4a62809d 05e7c9589f66b83a048537946e82a359f21cf1347665cc2a69fb7f7ab20ff13ecd8816524aae7277
2023-03-19 14:24:46 +01:00
2c5628c0e5
[Postfix] Tempfail if Rspamd not available
...
To protect from spam when rspamd hang or not yet ready to serve requests postfix should reject incoming mail with temp error
2021-09-16 22:31:46 +03:00
68f9ca8cb0
[Postfix] Remove broken SASL access map, moved to Dovecot LUA authentication
2021-06-08 13:13:49 +02:00
51e3521aac
[Postfix] Remove smtpd_last_auth service; replaced by SASL logging in Dovecot LUA auth process
2021-06-04 14:29:28 +02:00
c8955284a2
[Rspamd] Create BCC plugin
2021-06-03 08:02:03 +02:00
8a83587800
[Postfix] Finally here: MX based transport map routing; Sorry it took years, Patrik
...
[Web] Small fixes
2021-05-28 10:40:41 +02:00
604f29e870
[Postfix] Set mynetworks_style = subnet to include all local subnets, will be overridden by mynetworks in extra.cf
2021-04-07 21:28:53 +02:00
b52fa1146a
Unset Postfix smtpd_tls_session_cache_database, reduce disk writes ( #3981 )
...
Postfix may update smtpd_tls_session_cache_database quite frequently even on not busy server, which leads to unnecessary (excessive) disk writes, which is an issue for SSD.
Postfix documentation suggests not to use this parameter anymore since there's another, better TLS session resumption method available.
>As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets, which don't require server-side storage. Consequently, for Postfix ≥ 2.11 this parameter should generally be left empty.
http://www.postfix.org/postconf.5.html#smtpd_tls_session_cache_database
2021-02-16 11:01:27 +01:00
00723631dd
[Postfix] Add parent_domain_matches_subdomains
2021-01-13 21:17:10 +01:00
881f558e48
[Postfix] Add sasl check to deny specific users from using smtp relay
2020-09-17 19:44:52 +02:00
1f36ae28d4
[Postfix, Web] Feature: Show last SMTP login
2020-09-15 11:02:53 +02:00
72387a4a48
Disable SMTPUTF8 in Postfix due Dovecot-LMTP isn't support it ( #3680 )
...
SMTPUTF8 to work correctly must be done end-to-end. Leaving it enabled now when LMTP cant receive such email gives more issues then profit.
2020-07-29 13:42:39 +02:00
75f4b77bc2
[Postfix] Remove smtpd_tls_CAfile, fixes #3589
2020-06-04 16:23:41 +02:00
6a95d217b4
[Postfix] Remove obsolete comment
2020-05-21 21:55:43 +02:00
16b2a2c055
[Postfix] Set smtp_address_preference to any ( #3561 )
...
Closes https://github.com/mailcow/mailcow-dockerized/issues/3560
2020-05-21 19:28:35 +02:00
4519f460b4
Remove obsolete setting smtpd_use_tls. ( #3548 )
...
See http://www.postfix.org/postconf.5.html#smtpd_use_tls . It is
controlled by smtpd_tls_security_level, which is set to may.
Co-authored-by: Florian Lindner <florian.lindner@ipvs.uni-stuttgart.de>
2020-05-18 14:22:21 +02:00
1f00887f91
Fix inconsistent spacing in dovecot/dovecot.conf and postfix/main.cf ( #3511 )
...
* Fix inconsistent spacing in dovecot.conf
* Fix inconsistent spacing in main.cf
2020-04-30 18:22:21 +02:00
ef0b40085b
[Postfix] Allow to relay only non-local mailboxes
2020-04-03 20:39:53 +02:00
1d0e8a9497
[Postfix] Remove default rcpt count limit
2020-03-09 13:26:52 +01:00
b5c844d704
[Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps
2020-02-12 10:36:54 +01:00
82c094c77c
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313
2020-02-06 08:28:05 +01:00
081602def9
[Postfix] Client rcpt rate limit set to 50
2020-01-18 16:32:41 +01:00
ad1f243667
[Postfix] Set CA path for smtpd
...
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
6564944f7a
[Postfix] Add bl.suomispam.net
2019-12-06 16:15:04 +01:00
5d7e365592
[Postfix] Remove test var
2019-11-24 15:23:16 +01:00
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
...
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:17:14 +01:00
c4656e00fd
[Postfix] Add hint for custom_transport.pcre
2019-11-12 20:50:21 +01:00
e1fdbba0f7
[Postfix] Add custom_transport.pcre
2019-11-12 20:44:43 +01:00
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-22 17:38:03 +02:00
b3c2f683cb
[Postfix] Adjustments for RBL
2019-09-18 07:58:54 +02:00
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons
2019-09-09 21:37:49 +02:00
1495bda2e1
[Postfix] Add info about extra.cf
2019-09-02 18:39:08 +02:00
1bdf861177
[Postfix] Add comments to config files, cleanup a bit
2019-09-02 09:31:30 +02:00
a2386434fd
[Postfix] More RBLs, lower thresholds
2019-08-16 22:17:28 +02:00
217da8c7fc
[Postfix] Reduce threshold to 4, format list
2019-08-16 07:55:17 +02:00
1b3a5d54ca
[Postfix] Reduce RBL threshold
...
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
9e0381185c
[Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple
2019-08-09 14:10:31 +02:00
3c3bcf8c82
[Postfix] Set compatibility_level to 2
2019-07-13 14:44:17 +02:00
2898aa6918
[Postfix] Remove unused alias domain catch all map
2019-07-13 08:59:32 +02:00
ffb008f72a
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-06-09 16:50:04 +02:00
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps
2019-06-09 16:49:02 +02:00
fa4c4b138e
Update main.cf
...
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time ) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days.
There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared ), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
d5eeb3e8af
Update main.cf
...
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.
RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender up; the give-up time generally needs to be at least 4-5 days. It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages.
Postfix default is also 5 days: http://www.postfix.org/postconf.5.html
https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
2757c6b5fe
[Postfix] Do not allow DSN for postscreen
2019-05-27 19:32:41 +02:00
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
...
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP
2019-03-03 12:11:39 +01:00
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2
2019-03-03 12:09:10 +01:00
cd72a4e18b
[Postfix] Split SASL passwd maps
...
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
Aaron Larisch
Dmitriy Alekseev
andryyy
ValdikSS
Dmitriy Alekseev
Igor Scheller
Florian Lindner
Aaron
Marcel Hofer
Max Uetrecht
MAGIC
dofl
dofl