Alexander Graf
b02ceab72f
handle DEFER_ON_TLS_ERROR as bool
...
use /conf/mta-sts-daemon.yml when override is missing
3 years ago
Florent Daigniere
489520f067
forgot about alpine/lmdb
3 years ago
Florent Daigniere
a1da4daa4c
Implement the DANE-only lookup policyd
...
https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67 for
context
3 years ago
Florent Daigniere
67db72d774
Behave like documented
3 years ago
Florent Daigniere
a8142dabbe
Introduce DEFER_ON_TLS_ERROR
...
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS
It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
3 years ago
Florent Daigniere
4f96e99144
MTA-STS (use rather than publish policies)
3 years ago
Florent Daigniere
65a27b1c7f
add additional options to make DANE easier
3 years ago
Florent Daigniere
fb8d52ceb2
Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map
3 years ago
bors[bot]
b57df78dac
Merge #1916
...
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
A conflict-free version of #1360 implementing per-user sender limits
### Related issue(s)
- close #1360
- close #1031
- close #1774
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog ) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Florent Daigniere
b066a5e2ac
add a default tls_policy_map
3 years ago
Florent Daigniere
1df79f8132
give PFS a chance
3 years ago
Florent Daigniere
925105075c
this is required in fact
3 years ago
Florent Daigniere
772e5efb7d
Disable pipelining to prevent bypass
3 years ago
Florent Daigniere
2b05e72ce4
Revert "maybe fix the tests"
...
This reverts commit f971b47fb9
.
3 years ago
Florent Daigniere
f971b47fb9
maybe fix the tests
3 years ago
Florent Daigniere
4a871c0905
this causes trouble with the test
3 years ago
Florent Daigniere
55cdb1a534
be explicit about what we support
3 years ago
Florent Daigniere
ecadf46ac6
fix PFS
3 years ago
Florent Daigniere
de3620da4a
Don't send credentials in clear ever
3 years ago
Florent Daigniere
4535c42e70
This isn't required
3 years ago
Florent Daigniere
1101e401e8
Apply the restriction on the right port
3 years ago
Florent Daigniere
d6ce5d0c06
Remove a warning: limits don't apply to trusted hosts
3 years ago
Florent Daigniere
bcdc137677
Alpine has removed support for btree and hash
3 years ago
Florent Daigniere
1438253a06
Ratelimit outgoing emails per user
3 years ago
Florent Daigniere
8bc1d6c08b
Replace PUBLIC_HOSTNAME/IP in Received headers
...
This will ensure that we don't get spam points for not respecting the
RFC
3 years ago
Florent Daigniere
513d2a4c5e
Fix bug #1660 : nested headers shouldn't be touched
4 years ago
Thomas Rehn
05ab244638
Ensure that the rendered file ends with newline in order to make `postconf` work correctly
4 years ago
Michael Wyraz
e4454d776a
Allow to enforce TLS for outbound using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')
5 years ago
SunMar
ac6b8d62dd
Remove `reject_unverified_recipient` from `smtpd_client_restrictions`
...
Fix for #1292 , though I'm not sure if this is the right way to fix the issue. It was added in 175349a224
.
5 years ago
kaiyou
bd69b7a491
Add support for SRS, related to #328
5 years ago
Michael Wyraz
a907fe4cac
Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI
5 years ago
Ionut Filip
075417bf90
Merged master and fixed conflicts
5 years ago
Dario Ernst
ce0c24e076
Merge branch 'master' into HorayNarea-feat-upgrade-alpine
5 years ago
Daniel Huber
ae290482c0
Format relay credentials file with jinja
5 years ago
Daniel Huber
515e95076a
Merge branch 'master' into feat-relay-auth
5 years ago
Dario Ernst
d155b2c533
Start postfix directly with stdout logging
5 years ago
Daniel Huber
7dcb2eb006
Add authentication for email relays
6 years ago
Florian Peschka
b9fd29a52f
Add extra newline to main.cf
...
This should prevent jinja from stripping the newline, which causes overrides to be appended after the comment section
see #941
6 years ago
Ionut Filip
4c25c83419
HOST_* and *_ADDRESS variables cleanup
6 years ago
Tim Möhlmann
8172f3eab8
Move the Mailu Docker network to a fixed subnet.
...
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
6 years ago
kaiyou
1fcaef7c7e
Merge branch 'master' into fix-sender-checks
6 years ago
mergify[bot]
118ea0f3fb
Merge pull request #604 from ofthesun9/feature-swarm
...
Enabling swarm deployment on master branch
6 years ago
kaiyou
f647d1a0bc
Merge branch 'master' into fix-sender-checks
6 years ago
kaiyou
5035975c41
Remove Postfix debugging
6 years ago
kaiyou
00b5ae11db
Merge branch 'master' into feat-abstract-db
6 years ago
kaiyou
8b189ed145
Separate senderaccess and senderlogin maps
6 years ago
ofthesun9
74796201ec
Merge branch 'master' into feature-swarm
6 years ago
kaiyou
fc99eb7b34
Re-enable sender access check to prevent source spoofing
6 years ago
kaiyou
f3f0b98755
Fix relay restrictions so email gets delivered correctly
6 years ago
ofthesun9
09d77bc2de
Handle the case where the variable REJECT_UNLISTED_RECIPIENT is not set
6 years ago