Merge #2611

2611: Fix authenticated submission r=mergify[bot] a=nextgens ## What type of PR? bug-fix ## What does this PR do? Don't talk haproxy to postfix; it's more headaches than it is currently worth. ### Related issue(s) - #2603 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago · e166550bd7
parent bba6c5bb88 4d80c95c41
commit e166550bd7
3 changed files with 13 additions and 5 deletions
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -292,9 +292,6 @@ mail {
    pop3_capabilities TOP UIDL RESP-CODES PIPELINING AUTH-RESP-CODE USER;
    imap_capabilities IMAP4 IMAP4rev1 UIDPLUS SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+;

-    # ensure we talk HAPROXY protocol to the backends
-    proxy_protocol on;
-
    # Default SMTP server for the webmail (no encryption, but authentication)
    server {
      listen 10025;
@ -309,6 +306,8 @@ mail {
      protocol imap;
      smtp_auth plain;
      auth_http_header Auth-Port 10143;
+      # ensure we talk HAPROXY protocol to the backends
+      proxy_protocol on;
    }

    # SMTP is always enabled, to avoid losing emails when TLS is failing
@ -343,6 +342,8 @@ mail {
      protocol imap;
      imap_auth plain;
      auth_http_header Auth-Port 143;
+      # ensure we talk HAPROXY protocol to the backends
+      proxy_protocol on;
    }

    server {
@ -354,6 +355,8 @@ mail {
      protocol pop3;
      pop3_auth plain;
      auth_http_header Auth-Port 110;
+      # ensure we talk HAPROXY protocol to the backends
+      proxy_protocol on;
    }

    server {
@ -382,6 +385,8 @@ mail {
      protocol imap;
      imap_auth plain;
      auth_http_header Auth-Port 993;
+      # ensure we talk HAPROXY protocol to the backends
+      proxy_protocol on;
    }

    server {
@ -390,6 +395,8 @@ mail {
      protocol pop3;
      pop3_auth plain;
      auth_http_header Auth-Port 995;
+      # ensure we talk HAPROXY protocol to the backends
+      proxy_protocol on;
    }
    {% endif %}
    {% endif %}
--- a/core/postfix/conf/master.cf
+++ b/core/postfix/conf/master.cf
@ -2,10 +2,10 @@
 #               (yes)   (yes)   (yes)   (never) (100)

 # Exposed SMTP service
-smtp      inet  n       -       n       -       1       postscreen
+smtp      inet  n       -       n       -       1       smtpd

 # Internal SMTP service
-10025     inet  n       -       n       -       1       postscreen
+10025     inet  n       -       n       -       1       smtpd
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_discard_ehlo_keywords=pipelining
  -o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit
--- a/towncrier/newsfragments/2608.fix
+++ b/towncrier/newsfragments/2608.fix
@ -0,0 +1 @@
+Don't talk haproxy to postfix yet.