| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
|
| |
locally.
And use this to fetch all X.509 leaf certificates.
|
|
|
|
| |
release.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
(It opens the key as root, but then drops the permissions.)
|
|
|
|
|
| |
First generate all certs (-t genkey), then build the TLS policy maps (
-t tls_policy).
|
|
|
|
| |
Also, it's now possible to reuse an existing private key (with -f).
|
|
|
|
|
|
| |
(Unless a new instance is created, or the master.cf change is modified.)
Changing some variables, such as inet_protocols, require a full restart,
but most of the time it's overkill.
|
|
|
|
|
|
| |
And don't restart or reload either upon change of pcre: files that are
used by smtpd(8), cleanup(8) or local(8), following the suggestion from
http://www.postfix.org/DATABASE_README.html#detect .
|
|
|
|
|
| |
For some reason giraff doesn't like IPSec. App-level TLS sessions are
less efficient, but thanks to ansible it still scales well.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In fact we want to only rewrite the envelope sender:
:/etc/postfix/main.cf
# Overwrite local FQDN envelope sender addresses
sender_canonical_classes = envelope_sender
propagate_unmatched_extensions =
sender_canonical_maps = cdb:$config_directory/sender_canonical
:/etc/postfix/sender_canonical
@elefant.fripost.org admin@fripost.org
However, when canonical(5) processes a mail sent vias sendmail(1), it
rewrites the envelope sender which seems to *later* be use as From:
header.
|
| |
|
|
|
|
|
|
| |
And use main.cf's 'master_service_disable' setting to deactivate each
service that's useless for a given instance. (Hence solve conflict when
trying to listen twice on the same port, for instance.)
|
|
We use a dedicated instance for each role: MDA, MTA out, MX, etc.
|