96 Commits (5304311e0e10d5733915dad39c0433ff8d3bba4f)

Author SHA1 Message Date
Alexander Graf 10562233ca
Add SUBNET6 to places where SUBNET is used 2 years ago
Alexander Graf 3b08b113bf
Fix ipv6 subnet for xclient_hosts 2 years ago
Florent Daigniere ee6975b109 doh 2 years ago
Florent Daigniere b263db72df Restrict XHOST to where useful 2 years ago
Florent Daigniere 4d80c95c41 Fix authentication submission
Don't talk haproxy to postfix; it's more headaches than it is currently
worth.
2 years ago
Florent Daigniere 36b3a9f4fb Will fix it in another PR 2 years ago
Florent Daigniere 7a2d06401a Tweak postfix logging 2 years ago
Florent Daigniere 55c1e55529 Same for front-smtp
This should enable postfix to have visibility on TLS usage and fix the
following: #1705
2 years ago
Shamil Nunhuck 7225cb0d3e
Drop rsyslog localhost messages with IPv6 address 2 years ago
Florent Daigniere 4e3874b0c1 Enable dynamic resolution of hostnames 2 years ago
Florent Daigniere 3e51d15b03 Remove the strict anti-spoofing rule. 2 years ago
Vincent Kling bab3f0f5a4 Remove POD_ADDRESS_RANGE 2 years ago
Florent Daigniere 7166e7d2b2 Implement #2213: slow transports 3 years ago
Dimitri Huisman 53975684b8 Using Syslog is the new standard. It is not optional anymore. 3 years ago
Dimitri Huisman d5896fb2c6 Add log rotation (if logging to file). Make rsyslog the default. 3 years ago
Dimitri Huisman 567b5ef172
Merge branch 'master' into postfix-logging 3 years ago
Till Skrodzki c48e00ee26 Do not call .split() on RELAYNETS if not specified 3 years ago
Florent Daigniere 8dad40f67c doh 3 years ago
Florent Daigniere 9d474f32a6 RELAYNETS is comma separated! 3 years ago
Florent Daigniere 502affbe66 Use the regexp engine since we have one 3 years ago
Florent Daigniere a349190e52 simplify 3 years ago
Florent Daigniere 995ce8d437 Remove OUTCLEAN_ADDRESS
I believe that this isn't relevant anymore as we don't use OpenDKIM
anymore

Background on:
https://bofhskull.wordpress.com/2014/03/25/postfix-opendkim-and-missing-from-header/
3 years ago
Alexander Graf b02ceab72f handle DEFER_ON_TLS_ERROR as bool
use /conf/mta-sts-daemon.yml when override is missing
3 years ago
Florent Daigniere 489520f067 forgot about alpine/lmdb 3 years ago
Florent Daigniere a1da4daa4c Implement the DANE-only lookup policyd
https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67 for
context
3 years ago
Florent Daigniere 67db72d774 Behave like documented 3 years ago
Florent Daigniere a8142dabbe Introduce DEFER_ON_TLS_ERROR
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS

It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
3 years ago
Florent Daigniere 4f96e99144 MTA-STS (use rather than publish policies) 3 years ago
Florent Daigniere 65a27b1c7f add additional options to make DANE easier 3 years ago
Florent Daigniere fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map 3 years ago
bors[bot] b57df78dac
Merge #1916
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

A conflict-free version of #1360 implementing per-user sender limits

### Related issue(s)
- close #1360 
- close #1031
- close #1774 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Florent Daigniere b066a5e2ac add a default tls_policy_map 3 years ago
Florent Daigniere 1df79f8132 give PFS a chance 3 years ago
Florent Daigniere 925105075c this is required in fact 3 years ago
Florent Daigniere 772e5efb7d Disable pipelining to prevent bypass 3 years ago
Florent Daigniere 2b05e72ce4 Revert "maybe fix the tests"
This reverts commit f971b47fb9.
3 years ago
Florent Daigniere f971b47fb9 maybe fix the tests 3 years ago
Florent Daigniere 4a871c0905 this causes trouble with the test 3 years ago
Florent Daigniere 55cdb1a534 be explicit about what we support 3 years ago
Florent Daigniere ecadf46ac6 fix PFS 3 years ago
Florent Daigniere de3620da4a Don't send credentials in clear ever 3 years ago
Florent Daigniere 4535c42e70 This isn't required 3 years ago
Florent Daigniere 1101e401e8 Apply the restriction on the right port 3 years ago
Florent Daigniere d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts 3 years ago
Florent Daigniere bcdc137677 Alpine has removed support for btree and hash 3 years ago
Florent Daigniere 1438253a06 Ratelimit outgoing emails per user 3 years ago
Florent Daigniere 8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
3 years ago
Florent Daigniere 513d2a4c5e Fix bug #1660: nested headers shouldn't be touched 4 years ago
Michael Wyraz ca6ea6465c make syslog optional 4 years ago
Michael Wyraz e979743226 Rsyslog logging for postfix, optional logging to file, no logging of test requests 4 years ago