Florent Daigniere
9d474f32a6
RELAYNETS is comma separated!
3 years ago
Alexander Graf
9bc685c30b
removed some more whitespace
3 years ago
Florent Daigniere
502affbe66
Use the regexp engine since we have one
3 years ago
Florent Daigniere
a349190e52
simplify
3 years ago
Florent Daigniere
995ce8d437
Remove OUTCLEAN_ADDRESS
...
I believe that this isn't relevant anymore as we don't use OpenDKIM
anymore
Background on:
https://bofhskull.wordpress.com/2014/03/25/postfix-opendkim-and-missing-from-header/
3 years ago
Alexander Graf
05c79b0e3c
copy (and not parse) mta sts override config
3 years ago
Alexander Graf
b02ceab72f
handle DEFER_ON_TLS_ERROR as bool
...
use /conf/mta-sts-daemon.yml when override is missing
3 years ago
bors[bot]
d464187477
Merge #1964
...
1964: Alpine3.14.2 r=mergify[bot] a=nextgens
Upgrade to alpine 3.14.2, retry upgrading unbound & switch back to libressl
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere
7aa403573d
no with here
3 years ago
Florent Daigniere
9888efe55d
Document as suggested on #mailu-dev
3 years ago
Florent Daigniere
d7c2b510c7
Give alpine 3.14.2 a shot
3 years ago
Florent Daigniere
4abf49edf4
indent
3 years ago
Florent Daigniere
489520f067
forgot about alpine/lmdb
3 years ago
Florent Daigniere
a1da4daa4c
Implement the DANE-only lookup policyd
...
https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67 for
context
3 years ago
Florent Daigniere
67db72d774
Behave like documented
3 years ago
Florent Daigniere
05b57c972e
remove the static policy as it will override MTA-STS and DANE
3 years ago
Florent Daigniere
a8142dabbe
Introduce DEFER_ON_TLS_ERROR
...
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS
It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
3 years ago
Florent Daigniere
52d3a33875
Remove the domains that have a valid MTA-STS policy
...
gmail.com
comcast.net
mail.ru
googlemail.com
wp.pl
3 years ago
Florent Daigniere
4f96e99144
MTA-STS (use rather than publish policies)
3 years ago
Florent Daigniere
65a27b1c7f
add additional options to make DANE easier
3 years ago
Florent Daigniere
fb8d52ceb2
Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map
3 years ago
bors[bot]
b57df78dac
Merge #1916
...
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
A conflict-free version of #1360 implementing per-user sender limits
### Related issue(s)
- close #1360
- close #1031
- close #1774
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog ) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Florent Daigniere
0b16291153
doh
3 years ago
Florent Daigniere
1db08018da
Ensure that we get certificate validation on top90
...
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
3 years ago
Florent Daigniere
b066a5e2ac
add a default tls_policy_map
3 years ago
Florent Daigniere
1df79f8132
give PFS a chance
3 years ago
Florent Daigniere
925105075c
this is required in fact
3 years ago
Florent Daigniere
772e5efb7d
Disable pipelining to prevent bypass
3 years ago
Florent Daigniere
2b05e72ce4
Revert "maybe fix the tests"
...
This reverts commit f971b47fb9
.
3 years ago
Florent Daigniere
f971b47fb9
maybe fix the tests
3 years ago
Florent Daigniere
4a871c0905
this causes trouble with the test
3 years ago
Florent Daigniere
55cdb1a534
be explicit about what we support
3 years ago
Florent Daigniere
ecadf46ac6
fix PFS
3 years ago
Florent Daigniere
de3620da4a
Don't send credentials in clear ever
3 years ago
Florent Daigniere
4535c42e70
This isn't required
3 years ago
Florent Daigniere
1101e401e8
Apply the restriction on the right port
3 years ago
Florent Daigniere
d6ce5d0c06
Remove a warning: limits don't apply to trusted hosts
3 years ago
Florent Daigniere
bcdc137677
Alpine has removed support for btree and hash
3 years ago
Florent Daigniere
1438253a06
Ratelimit outgoing emails per user
3 years ago
Florent Daigniere
d44608ed04
Merge remote-tracking branch 'upstream/master' into upgrade-alpine
3 years ago
bors[bot]
bf65a1248f
Merge #1885
...
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens
## What type of PR?
bugfix
## What does this PR do?
Fix bug #1884 . Ensure that we avoid the musl resolver bug by always looking up a FQDN
### Related issue(s)
- closes #1884
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere
fa915d7862
Fix 1294 ensure podop's socket is owned by postfix
3 years ago
Florent Daigniere
9d2629a04e
fix 1884: always lookup a FQDN
3 years ago
Florent Daigniere
1d65529c94
The lookup could fail; ensure we set something
3 years ago
Florent Daigniere
8bc1d6c08b
Replace PUBLIC_HOSTNAME/IP in Received headers
...
This will ensure that we don't get spam points for not respecting the
RFC
3 years ago
Florent Daigniere
72735ab320
remove cyrus-sasl-plain
3 years ago
Florent Daigniere
420afa53f8
Upgrade to alpine 3.14
3 years ago
Florent Daigniere
513d2a4c5e
Fix bug #1660 : nested headers shouldn't be touched
4 years ago
Thomas Rehn
05ab244638
Ensure that the rendered file ends with newline in order to make `postconf` work correctly
4 years ago
Dimitri Huisman
d9e7b8249b
Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts.
4 years ago