Commit Graph

122 Commits (567064ed509db373e52d67f944677984030a2389)

Author SHA1 Message Date
dofl fa4c4b138e
Update main.cf
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days. 

There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl d5eeb3e8af
Update main.cf
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.

RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender  up;  the give-up time generally needs to be at least 4-5 days.  It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages. 

Postfix default is also 5 days: http://www.postfix.org/postconf.5.html

https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
andryyy af46a93e76
[Postfix] Remove authed user from header 2019-06-01 22:14:48 +02:00
andryyy aaf0d521a2
[Postfix] Add UA header check, not enabled by default 2019-06-01 08:29:53 +02:00
andryyy 2757c6b5fe
[Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy 9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
andryyy 0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP 2019-03-03 12:11:39 +01:00
andryyy eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2 2019-03-03 12:09:10 +01:00
andryyy ae512018a8
[Postfix] Remove sasl requiring policies from port 25 2019-02-26 21:37:08 +01:00
andryyy c57a544c52
[Postfix] Disable auth on port 25 2019-02-05 10:35:32 +01:00
andryyy bcd6e43665 [Postfix] Remove verbose flag from smtp service 2018-12-19 12:16:36 +01:00
andryyy cd72a4e18b [Postfix] Split SASL passwd maps
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
andryyy 497b6a39de [Postfix] Add missing regexp map, fixes #2083 2018-12-11 17:16:53 +01:00
andryyy 9b1f51ae3f [Git] Add allow_mailcow_local.regexp and dovecot-master.userdb 2018-12-10 23:26:28 +01:00
André Peters a13c2c9359
Merge pull request #1949 from patschi/patch-1
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
andryyy bf71f9b600 [Postfix] Add tls_preempt_cipherlist to SMTPS 2018-10-27 13:22:29 +02:00
Patrik Kernstock 1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
andryyy 5f02c6006c [Postfix] Do not remove user agent 2018-10-23 23:22:43 +02:00
André 93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
André 66d8f33aac [Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911 2018-10-23 21:55:55 +02:00
André 8958449e76 [Postfix] Remove headers only when mail_name matches 2018-10-16 20:11:21 +02:00
André d99b8aaf69 [Postfix] Change mail_name to Postcow and only replace headers when mail_name matches 2018-10-16 10:26:41 +02:00
André a844adde0f [Postfix] Add mailcow_anonymize_headers to default config 2018-10-15 20:52:06 +02:00
André f6b2a6aab2 [Postfix] Enable/create smtp_tls_policy_maps 2018-10-04 14:34:34 +02:00
André b8ebdc3c58 [Postfix] Increase default message size limit to 100 MiB 2018-10-01 22:06:20 +02:00
André fa0b351da6 [Postfix] smtpd_tls_eecdh_grade = auto 2018-07-11 22:10:32 +02:00
André Peters bca8920679
Revert "[Postfix] Default SMTP server security grade for EECDH key exchange" 2018-06-27 23:28:54 +02:00
elcore c386dfc11d
[Postfix] Default SMTP server security grade for EECDH key exchange 2018-06-27 03:39:54 +02:00
André a5d40a4ab6 [Postfix] Re-enable TLS 1, 1.1 and some ciphers - real-world tests have shown this setup uses TOO MANY plain text sessions due to compatibility issues 2018-06-25 22:31:23 +02:00
André 30cea1da9a [SOGo] Increase workers count to 20
[Postfix] Add extended TLS header
[Web] Increase timeout to 10 for docker API connections
[Postfix] Add perl package
2018-04-26 14:08:45 +02:00
André Peters 4405cb3e74
Merge pull request #953 from mkuron/recipient_map
Expose Postfix's recipient_canonical_maps through web UI
2018-01-28 11:09:22 +01:00
andre.peters 1f08e9a7b7 [Postfix] Fixes #967 (assign correct local network range for mynetworks) 2018-01-27 18:13:35 +01:00
Michael Kuron c30448c4d8 Merge branch 'master' of https://github.com/andryyy/mailcow-dockerized into recipient_map
Conflicts:
	data/web/inc/init_db.inc.php
2018-01-27 17:22:08 +01:00
andre.peters c9b3044d5d [Postfix] Allow internal IPv6 networks 2018-01-24 08:37:27 +01:00
Michael Kuron e86565e283 Expose Postfix's recipient_canonical_maps through web UI 2018-01-23 20:02:31 +01:00
andre.peters c8f41cdae2 [Postfix] Listener for quarantaine, remove excluded Docker gw from mynetworks 2017-12-09 09:07:06 +01:00
André 3ec3a341e4 [Postfix] Remove gw from mynetworks in case of ipv6 failures 2017-11-21 09:33:43 +01:00
André ade4b9e7ae [Postfix, Web] Feature: BCC maps 2017-11-19 15:13:43 +01:00
andryyy 57484e4a45 [Postfix] Log all watchdog activities to local7 facility 2017-10-11 11:21:41 +02:00
andryyy 073c6c6e73 [Postfix/Rspamd] Do not reject unauthenticated sender mismatches but rewrite their subject and assign symbol SPOOFED_SENDER with score 1.0 2017-10-04 23:16:39 +02:00
andryyy edb2be979b [Postfix] Changes to ignore watchdog checks 2017-09-21 19:25:43 +02:00
andryyy 719aa1a391 [Postfix] Fix protocols 2017-09-18 10:59:45 +02:00
andryyy 67056dc3d1 [Postfix] Less strict smtpd_tls_mandatory_protocols 2017-09-18 08:24:24 +02:00
andryyy 089e8776f5 [Postfix] Stricter TLS settings for mandatory connections 2017-09-14 13:34:23 +02:00
andryyy 83d485dd94 [Web, Postfix, Compose] Allow to add relayhosts per domain (+ plain and login authentication) 2017-07-22 20:39:54 +02:00
andryyy 036c51f053 Prefere ipv4 to fix problems on v4-only envs 2017-06-19 10:39:14 +02:00
andryyy c9318ecf83 Switch to Rspamds milter interface 2017-06-06 21:59:44 +02:00
andryyy 9965ff10a7 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:59 +02:00
andryyy 755da65426 Change path 2017-04-23 19:38:27 +02:00
andryyy 55f6384f2a Change to hostname, connection is not important for container start 2017-04-23 17:43:29 +02:00
Michael Kuron 894d6234e9 Improvements to forwarding hosts in Postfix
- No more premature EOF and no more leaking of bash processes
- Log result
- Correctly treat non-CIDR entries
- Adapt to schema change from df71e97
- Correctly report SQL failure
2017-04-22 14:28:51 +02:00
Michael Kuron a75d916b74 Forwarding hosts in postscreen 2017-04-17 15:51:50 +02:00
andryyy d0d87ead49 Zeyple is not enabled by default 2017-04-10 13:16:40 +02:00
andryyy 96c1a7c225 Open 10026 for Zeyple 2017-04-05 22:21:20 +02:00
andryyy 34bc242554 Add Zeyple filter 2017-04-05 22:19:01 +02:00
andryyy 276e370989 Rspamd tag check for non-spam only (post-filter), remove sql files from repository" 2017-03-08 17:58:00 +01:00
andryyy 8175a0387f Change wording 2017-03-02 09:12:43 +01:00
andryyy 41d771e780 Aliases do not match alias domains 2017-03-01 17:59:46 +01:00
André Peters a6c6e34fe9 Update mysql_virtual_sender_acl.cf 2017-02-12 19:28:52 +01:00
andryyy c73cc42a95 Handle alias domains the same way as their parents in sender_acl, thanks to @tehXor 2017-02-11 20:54:14 +01:00
andryyy 0630c882ee When TLS is enforced for incoming mails, allow mynetworks and sasl authenticated users 2017-01-25 19:04:31 +01:00
andryyy 54de192334 Add mydestination to prevent hostname == domain situations 2017-01-23 08:23:59 +01:00
andryyy 86a8dc195e Change ciphers 2017-01-09 20:22:44 +01:00
andryyy b6c95e2bd6 Add local networks 2016-12-22 12:20:17 +01:00
andryyy 036d547415 Fix forwarding in sieve 2016-12-21 09:50:54 +01:00
andryyy 31911c7ed8 Remove unused table, rename table 2016-12-18 22:25:02 +01:00
andryyy 7b18f7881a Remove unused table, rename table 2016-12-18 22:24:48 +01:00
andryyy a47625a34a Remove unused table, rename table 2016-12-18 22:24:22 +01:00
andryyy 5e883b6f51 Some last changes 2016-12-12 21:53:58 +01:00
andryyy bbd17a7e91 Remove vars from main.cf 2016-12-12 09:25:37 +01:00
andryyy 47a5166383 Add pdns resolver, changed some other files 2016-12-11 18:58:29 +01:00
andryyy 5f04dc0b04 mailcow dockerized 2016-12-09 20:39:02 +01:00