Commit Graph

90 Commits (04db5718819f9c257d7438650505d114dc2a4ddf)

Author SHA1 Message Date
Dmitriy Alekseev 2c5628c0e5
[Postfix] Tempfail if Rspamd not available
To protect from spam when rspamd hang or not yet ready to serve requests postfix should reject incoming mail with temp error
2021-09-16 22:31:46 +03:00
andryyy 68f9ca8cb0
[Postfix] Remove broken SASL access map, moved to Dovecot LUA authentication 2021-06-08 13:13:49 +02:00
andryyy 51e3521aac
[Postfix] Remove smtpd_last_auth service; replaced by SASL logging in Dovecot LUA auth process 2021-06-04 14:29:28 +02:00
andryyy c8955284a2
[Rspamd] Create BCC plugin 2021-06-03 08:02:03 +02:00
andryyy 8a83587800
[Postfix] Finally here: MX based transport map routing; Sorry it took years, Patrik
[Web] Small fixes
2021-05-28 10:40:41 +02:00
andryyy 604f29e870
[Postfix] Set mynetworks_style = subnet to include all local subnets, will be overridden by mynetworks in extra.cf 2021-04-07 21:28:53 +02:00
ValdikSS b52fa1146a
Unset Postfix smtpd_tls_session_cache_database, reduce disk writes (#3981)
Postfix may update smtpd_tls_session_cache_database quite frequently even on not busy server, which leads to unnecessary (excessive) disk writes, which is an issue for SSD.
Postfix documentation suggests not to use this parameter anymore since there's another, better TLS session resumption method available.

>As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets, which don't require server-side storage. Consequently, for Postfix ≥ 2.11 this parameter should generally be left empty.

http://www.postfix.org/postconf.5.html#smtpd_tls_session_cache_database
2021-02-16 11:01:27 +01:00
andryyy 00723631dd
[Postfix] Add parent_domain_matches_subdomains 2021-01-13 21:17:10 +01:00
andryyy 881f558e48
[Postfix] Add sasl check to deny specific users from using smtp relay 2020-09-17 19:44:52 +02:00
andryyy 1f36ae28d4
[Postfix, Web] Feature: Show last SMTP login 2020-09-15 11:02:53 +02:00
Dmitriy Alekseev 72387a4a48
Disable SMTPUTF8 in Postfix due Dovecot-LMTP isn't support it (#3680)
SMTPUTF8 to work correctly must be done end-to-end. Leaving it enabled now when LMTP cant receive such email gives more issues then profit.
2020-07-29 13:42:39 +02:00
andryyy 75f4b77bc2
[Postfix] Remove smtpd_tls_CAfile, fixes #3589 2020-06-04 16:23:41 +02:00
andryyy 6a95d217b4
[Postfix] Remove obsolete comment 2020-05-21 21:55:43 +02:00
Igor Scheller 16b2a2c055
[Postfix] Set smtp_address_preference to any (#3561)
Closes https://github.com/mailcow/mailcow-dockerized/issues/3560
2020-05-21 19:28:35 +02:00
Florian Lindner 4519f460b4
Remove obsolete setting smtpd_use_tls. (#3548)
See http://www.postfix.org/postconf.5.html#smtpd_use_tls. It is
controlled by smtpd_tls_security_level, which is set to may.

Co-authored-by: Florian Lindner <florian.lindner@ipvs.uni-stuttgart.de>
2020-05-18 14:22:21 +02:00
Aaron 1f00887f91
Fix inconsistent spacing in dovecot/dovecot.conf and postfix/main.cf (#3511)
* Fix inconsistent spacing in dovecot.conf

* Fix inconsistent spacing in main.cf
2020-04-30 18:22:21 +02:00
andryyy ef0b40085b
[Postfix] Allow to relay only non-local mailboxes 2020-04-03 20:39:53 +02:00
andryyy 1d0e8a9497
[Postfix] Remove default rcpt count limit 2020-03-09 13:26:52 +01:00
andryyy b5c844d704
[Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps 2020-02-12 10:36:54 +01:00
andryyy 82c094c77c
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313 2020-02-06 08:28:05 +01:00
andryyy 081602def9
[Postfix] Client rcpt rate limit set to 50 2020-01-18 16:32:41 +01:00
andryyy ad1f243667
[Postfix] Set CA path for smtpd
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
andryyy 6564944f7a
[Postfix] Add bl.suomispam.net 2019-12-06 16:15:04 +01:00
andryyy 5d7e365592
[Postfix] Remove test var 2019-11-24 15:23:16 +01:00
andryyy 4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
andryyy 2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:17:14 +01:00
andryyy c4656e00fd
[Postfix] Add hint for custom_transport.pcre 2019-11-12 20:50:21 +01:00
andryyy e1fdbba0f7
[Postfix] Add custom_transport.pcre 2019-11-12 20:44:43 +01:00
Marcel Hofer 2e35da6816 [SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx 2019-10-19 12:48:56 +02:00
Max Uetrecht bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options 2019-09-22 17:38:03 +02:00
andryyy b3c2f683cb
[Postfix] Adjustments for RBL 2019-09-18 07:58:54 +02:00
MAGIC b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons 2019-09-09 21:37:49 +02:00
andryyy 1495bda2e1
[Postfix] Add info about extra.cf 2019-09-02 18:39:08 +02:00
andryyy 1bdf861177 [Postfix] Add comments to config files, cleanup a bit 2019-09-02 09:31:30 +02:00
andryyy a2386434fd
[Postfix] More RBLs, lower thresholds 2019-08-16 22:17:28 +02:00
andryyy 217da8c7fc
[Postfix] Reduce threshold to 4, format list 2019-08-16 07:55:17 +02:00
andryyy 1b3a5d54ca [Postfix] Reduce RBL threshold
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
andryyy 9e0381185c [Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple 2019-08-09 14:10:31 +02:00
andryyy 3c3bcf8c82
[Postfix] Set compatibility_level to 2 2019-07-13 14:44:17 +02:00
andryyy 2898aa6918
[Postfix] Remove unused alias domain catch all map 2019-07-13 08:59:32 +02:00
andryyy ffb008f72a Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-06-09 16:50:04 +02:00
andryyy de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps 2019-06-09 16:49:02 +02:00
dofl fa4c4b138e
Update main.cf
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days. 

There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl d5eeb3e8af
Update main.cf
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.

RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender  up;  the give-up time generally needs to be at least 4-5 days.  It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages. 

Postfix default is also 5 days: http://www.postfix.org/postconf.5.html

https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
andryyy 2757c6b5fe
[Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy 9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
andryyy 0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP 2019-03-03 12:11:39 +01:00
andryyy eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2 2019-03-03 12:09:10 +01:00
andryyy cd72a4e18b [Postfix] Split SASL passwd maps
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
Patrik Kernstock 1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00