fripost-ansible/roles/MX/templates/etc/postfix/virtual, branch master Fripost ansible scripts Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’. 2022-10-11T11:57:22+00:00 Guilhem Moulin guilhem@fripost.org 2022-10-11T11:24:54+00:00 a69c2e1c3c771db93d98a253192e131af40c9830 This silences the following deprecation warning: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. 
This silences the following deprecation warning:

  Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01.
  Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
Route all internal SMTP traffic through IPsec. 2016-07-10T03:14:29+00:00 Guilhem Moulin guilhem@fripost.org 2016-07-10T03:13:33+00:00 bf960a066466d7719ada8fe7bc3dec99d237b88a 






Add a reserved domain 'discard.fripost.org' to discard messages.
2015-06-07T00:54:27+00:00

Guilhem Moulin
guilhem@fripost.org

2015-06-05T16:25:09+00:00

f12db60f358dbf5506e373477c04488a2c269332

‘noreply@’ aliases can be added by routing them to
‘@discard.fripost.org’.





‘noreply@’ aliases can be added by routing them to
‘@discard.fripost.org’.







Configure the list manager (Sympa).
2015-06-07T00:53:27+00:00

Guilhem Moulin
guilhem@fripost.org

2015-05-14T20:00:36+00:00

166804e99e33c8ec5760e88ba1f52d4fc301334c












Split templates / files in lookup tables.
2015-06-07T00:53:07+00:00

Guilhem Moulin
guilhem@fripost.org

2014-07-13T21:24:05+00:00

9ac2057bb6f1465b8392f18552ac1df17f6d81d6












Replace Postgrey with postscreen.
2015-06-07T00:53:05+00:00

Guilhem Moulin
guilhem@fripost.org

2014-07-12T23:39:45+00:00

4fb4be4d279dd94cab33fc778cfa318b93d6926f

See http://www.postfix.org/POSTSCREEN_README.html and
    http://rob0.nodns4.us/postscreen.html

It's infortunate that smtpd(8) cannot be chrooted any longer, which
means that we have to un-chroot cleanup(8) as well.  Indeed, currently
smtpd(8) uses $virtual_alias_maps for recipient validation; later
cleanup(8) uses it again for rewriting.  So these processes need to be
both chrooted, or both not.





See http://www.postfix.org/POSTSCREEN_README.html and
    http://rob0.nodns4.us/postscreen.html

It's infortunate that smtpd(8) cannot be chrooted any longer, which
means that we have to un-chroot cleanup(8) as well.  Indeed, currently
smtpd(8) uses $virtual_alias_maps for recipient validation; later
cleanup(8) uses it again for rewriting.  So these processes need to be
both chrooted, or both not.







Use the raw 'fripostListManager' as routing internal subdomain.
2015-06-07T00:52:55+00:00

Guilhem Moulin
guilhem@fripost.org

2014-07-10T00:07:39+00:00

b972b4beb773a5567eb1190e4a44a05d88193f94












Explain why we use static transport maps and custom subdomains.
2015-06-07T00:52:54+00:00

Guilhem Moulin
guilhem@fripost.org

2014-07-09T22:53:15+00:00

ee046343f3bbb43dc48a8ad72b5cb16dc0a24ee6












Use $virtual_alias_domains not $virtual_mailbox_domains.
2015-06-07T00:52:52+00:00

Guilhem Moulin
guilhem@fripost.org

2014-07-09T21:28:21+00:00

c71f1cf51e7f6e8f43b5f7afb1d8a2012fd83259

Quoting postconf(5):

    smtpd_reject_unlisted_recipient (default: yes)
        Request that the Postfix SMTP server rejects mail for unknown recipient
        addresses, even when no explicit reject_unlisted_recipient access
        restriction is specified. This prevents the Postfix queue from filling
        up with undeliverable MAILER-DAEMON messages.

        An address is always considered "known" when it matches a virtual(5)
        alias or a canonical(5) mapping.
        […]
        * The recipient domain matches $virtual_alias_domains but the recipient
          is not listed in $virtual_alias_maps.
        * The recipient domain matches $virtual_mailbox_domains but the
          recipient is not listed in $virtual_mailbox_maps, and
          $virtual_mailbox_maps is not null.

Since we alias everything under special, "invalid", domains (mda.f.o and
mailman.f.o), our $virtual_mailbox_maps was null, which led to
reject_unlisted_recipient not being triggered for say, "noone@fripost.org".
However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits
into the second point above.





Quoting postconf(5):

    smtpd_reject_unlisted_recipient (default: yes)
        Request that the Postfix SMTP server rejects mail for unknown recipient
        addresses, even when no explicit reject_unlisted_recipient access
        restriction is specified. This prevents the Postfix queue from filling
        up with undeliverable MAILER-DAEMON messages.

        An address is always considered "known" when it matches a virtual(5)
        alias or a canonical(5) mapping.
        […]
        * The recipient domain matches $virtual_alias_domains but the recipient
          is not listed in $virtual_alias_maps.
        * The recipient domain matches $virtual_mailbox_domains but the
          recipient is not listed in $virtual_mailbox_maps, and
          $virtual_mailbox_maps is not null.

Since we alias everything under special, "invalid", domains (mda.f.o and
mailman.f.o), our $virtual_mailbox_maps was null, which led to
reject_unlisted_recipient not being triggered for say, "noone@fripost.org".
However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits
into the second point above.







Perform the alias resolution and address validation solely on the MX:es.
2015-06-07T00:52:49+00:00

Guilhem Moulin
guilhem@fripost.org

2014-07-08T23:23:01+00:00

55e9b2a0ebc87a353f9c9496a77b313e41e47bd4

We can therefore spare some lookups on the MDA, and use static:all
instead.





We can therefore spare some lookups on the MDA, and use static:all
instead.