| Commit message (Collapse) | Author | Age | Files |
| |
|
|
|
|
| |
Run as a dedicated user, not ‘postfix’.
|
|
|
|
|
|
|
|
| |
For `ssl_cipher_list` we pick the suggested value from
https://ssl-config.mozilla.org/#server=postfix&version=3.4.10&config=intermediate&openssl=1.1.1d
At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’
to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.
|
| |
|
|
|
|
| |
And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.
|
|
|
|
|
|
| |
Users can add an extension (following postconf(5)'s
$recipient_delimiter) to the local part of any envelope sender address
already allowed.
|
| |
|
| |
|
| |
|
|
|
|
| |
release ressources.
|
| |
|
|
|
|
|
| |
On Linux perl's allow multiple children to block in a call to accept(2)
so we don't need to place a lock around the call.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following policy is now implemented:
* users can use their SASL login name as sender address;
* alias and/or list owners can use the address as envelope sender;
* domain postmasters can use arbitrary sender addresses under their
domains;
* domain owners can use arbitrary sender addresses under their domains,
unless it is also an existing account name;
* for known domains without owner or postmasters, other sender addresses
are not allowed; and
* arbitrary sender addresses under unknown domains are allowed.
|
| |
|
|
|