| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
|
| |
Unlike what we wrote in 2014 (cf. 4fb4be4d279dd94cab33fc778cfa318b93d6926f)
the postscreen(8) server can run chrooted, meaning we can also chroot
the smtpd(8), tlsproxy(8), dnsblog(8) and cleanup(8) daemons.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These addresses need to be accepted on the MX:es, as recipients
sometimes phone back during the SMTP session to check whether the sender
exists.
Since a time-dependent suffix is added to the local part (cf.
http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's
not enough to drop incoming mails to ‘double-bounce@fripost.org’, and
it's impractical to do the same for /^double-bounce.*@fripost\.org$/.
|
|
|
|
|
| |
‘noreply@’ aliases can be added by routing them to
‘@discard.fripost.org’.
|
|
|
|
|
|
| |
In particular, since Postfix is now able to perform LDAP lookups using
SASL, previous hacks with simble binds on cn=postfix,ou=services,… can
now be removed.
|
| |
|
|
|
|
|
|
|
|
| |
It has to be performed last, to give a chance to be accepted as a
regular mailbox.
We introduce a new, dedicated, smtpd daemon whose only purpose is to
resolve catch-alls.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, we pretend that lists are valid users (via a match in the
mailbox_transport_maps) but choose a different transport (with the same
request in transport_maps).
The advantage is that we get rid of the ugly hack for list transport…
A minor drawback is that we now have two LDAP lookups instead of one for
non local addresses (ie, everything but reserved addresses). Hopefully
the requests are cached; but even if they aren't, querying a local LDAP
server is supposed to be cheap.
|
| |
|
|
Other abreviations are upper case.
|