summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc/postfix/master.cf.j2
Commit message (Collapse)AuthorAgeFiles
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-161
|
* Postfix: disable DNS lookups on the internal SMTPds.Guilhem Moulin2020-01-231
| | | | | | Our internal IPs don't have a reverse PTR record, and skipping the resolution speeds up mail delivery. http://www.postfix.org/postconf.5.html#smtpd_peername_lookup
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-191
| | | | See RFC 8314 sec. 3.3 "Cleartext Considered Obsolete".
* submission: Prospective SPF checking.Guilhem Moulin2018-12-121
| | | | Cf. http://www.openspf.org/Best_Practices/Outbound .
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
| | | | | | And use ‘noreply.fripost.org’ as HELO name rather than $myhostname (i.e., ‘smtp.fripost.org’), so the same SPF policy can be used for ehlo and envelope sender identities.
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
| | | | | | Unlike what we wrote in 2014 (cf. 4fb4be4d279dd94cab33fc778cfa318b93d6926f) the postscreen(8) server can run chrooted, meaning we can also chroot the smtpd(8), tlsproxy(8), dnsblog(8) and cleanup(8) daemons.
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-031
|
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
|
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
|
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
|
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
| | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed.
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-101
|
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101