summaryrefslogtreecommitdiffstats
path: root/roles/MSA/files
Commit message (Collapse)AuthorAgeFiles
* postfix-sender-login: Better hardening.Guilhem Moulin2020-05-212
| | | | Run as a dedicated user, not ‘postfix’.
* MSA: Update role to Debian Buster.Guilhem Moulin2020-05-191
| | | | | | | | For `ssl_cipher_list` we pick the suggested value from https://ssl-config.mozilla.org/#server=postfix&version=3.4.10&config=intermediate&openssl=1.1.1d At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’ to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-091
|
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-091
| | | | And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.
* postfix-sender-login: strip extension before lookup.Guilhem Moulin2017-06-131
| | | | | | Users can add an extension (following postconf(5)'s $recipient_delimiter) to the local part of any envelope sender address already allowed.
* postfix-msa: anonymize SASL-authenticated senders using IPv6.Guilhem Moulin2017-06-061
|
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
|
* move postfix-sender-login.{service,socket} to files/.Guilhem Moulin2017-06-022
|
* postfix-sender-login: terminate the worker after 32*$nProc connections to ↵Guilhem Moulin2017-06-011
| | | | release ressources.
* postfix-sender-login: handle EINTR in read(2) and write(2) calls.Guilhem Moulin2017-06-011
|
* postfix-sender-login: pre-fork 2 servers.Guilhem Moulin2017-06-011
| | | | | On Linux perl's allow multiple children to block in a call to accept(2) so we don't need to place a lock around the call.
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
| | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed.
* MSA: reject null sender address.Guilhem Moulin2017-05-141
|
* Configure the Mail Submission Agent.Guilhem Moulin2015-06-071