lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Merge #2611

Browse Source 
2611: Fix authenticated submission r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't talk haproxy to postfix; it's more headaches than it is currently worth.

### Related issue(s)
- #2603

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
main
bors[bot] 2 years ago committed by GitHub
parent bba6c5bb88 4d80c95c41
commit e166550bd7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File

13
core/nginx/conf/nginx.conf
Unescape Escape View File

@ -292,9 +292,6 @@ mail {
pop3_capabilities TOP UIDL RESP-CODES PIPELINING AUTH-RESP-CODE USER; pop3_capabilities TOP UIDL RESP-CODES PIPELINING AUTH-RESP-CODE USER;
imap_capabilities IMAP4 IMAP4rev1 UIDPLUS SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+; imap_capabilities IMAP4 IMAP4rev1 UIDPLUS SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+;
# ensure we talk HAPROXY protocol to the backends
proxy_protocol on;
# Default SMTP server for the webmail (no encryption, but authentication) # Default SMTP server for the webmail (no encryption, but authentication)
server { server {
listen 10025; listen 10025;
@ -309,6 +306,8 @@ mail {
protocol imap; protocol imap;
smtp_auth plain; smtp_auth plain;
auth_http_header Auth-Port 10143; auth_http_header Auth-Port 10143;
# ensure we talk HAPROXY protocol to the backends
proxy_protocol on;
} }
# SMTP is always enabled, to avoid losing emails when TLS is failing # SMTP is always enabled, to avoid losing emails when TLS is failing
@ -343,6 +342,8 @@ mail {
protocol imap; protocol imap;
imap_auth plain; imap_auth plain;
auth_http_header Auth-Port 143; auth_http_header Auth-Port 143;
# ensure we talk HAPROXY protocol to the backends
proxy_protocol on;
} }
server { server {
@ -354,6 +355,8 @@ mail {
protocol pop3; protocol pop3;
pop3_auth plain; pop3_auth plain;
auth_http_header Auth-Port 110; auth_http_header Auth-Port 110;
# ensure we talk HAPROXY protocol to the backends
proxy_protocol on;
} }
server { server {
@ -382,6 +385,8 @@ mail {
protocol imap; protocol imap;
imap_auth plain; imap_auth plain;
auth_http_header Auth-Port 993; auth_http_header Auth-Port 993;
# ensure we talk HAPROXY protocol to the backends
proxy_protocol on;
} }
server { server {
@ -390,6 +395,8 @@ mail {
protocol pop3; protocol pop3;
pop3_auth plain; pop3_auth plain;
auth_http_header Auth-Port 995; auth_http_header Auth-Port 995;
# ensure we talk HAPROXY protocol to the backends
proxy_protocol on;
} }
{% endif %} {% endif %}
{% endif %} {% endif %}

4
core/postfix/conf/master.cf
Unescape Escape View File

@ -2,10 +2,10 @@
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# Exposed SMTP service # Exposed SMTP service
smtp inet n - n - 1 postscreen smtp inet n - n - 1 smtpd
# Internal SMTP service # Internal SMTP service
10025 inet n - n - 1 postscreen 10025 inet n - n - 1 smtpd
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_discard_ehlo_keywords=pipelining -o smtpd_discard_ehlo_keywords=pipelining
-o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit -o smtpd_client_restrictions=$check_ratelimit,reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit

1
towncrier/newsfragments/2608.fix
Unescape Escape View File

@ -0,0 +1 @@
Don't talk haproxy to postfix yet.
Write Preview
Loading…
Cancel
Save