Currently client email is submitted via ssmtp (port 465). This has been
deprecated for years. The correct way to submit email is via
submission (port 587).
This patch adds port 587 as a second and the default way of submitting
email for delivery. Port 465 remains open for backwards compatibility
with existing clients.
An earlier commit started transitioning opendmarc to use postgres, but
this was incomplete. This patch reverts that change and uses mysql for
the reporting database.
Other changes:
* Do not maintain a copy of the database import schema. A copy is
included in the distribution in /usr/share/doc, so that is used
instead.
* The configuration file is replaced with the distribution's sample
configuration. A second patch will restore the actual configuration.
This will make the changes easier to see if the default configuraton
file changes in future versions of opendmarc.
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341.
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
I had a # in my mail_db_password and spent the last 2 hours trying to figure out why I couldn't connect by IMAP. A # is only allowed if the connect string is wrapped in quotes.
Fixes issue #8. Adds new variable mail_header_privacy, on by default.
Installs postfix-pcre unconditionally, and then copies the pcre file
over and adds the header check to main.cf based on the variable value.
“this header replacement works great, but it logs that the replacement
has been done, which means that you are storing this information,
unless you are anonymizing your logs”
PostgreSQL works similarly with varchar and text columns. Rather than
limiting the amount of characters a column can hold simply use text
columns.
Because this sql is now PostgreSQL specific, there's no need to maintain
what was set in the mysql settings.
Remove all configuration for MySQL and configure PostgreSQL as the main
database.
All *_mysql_* options have been changed to *_db_* options.
Postgres requires the database user to have a password in order to
connect via localhost. The db_admin_password option is used to set the
password of the admin user (usually postgres).
When you're hosting a couple of hundred aliases, you will benefit.
It seems safer to create the index and deal with the slight overhead
for just a couple of records, as opposed to not having these
indexes and deal with serious performance issues if you have
lots of aliases on the machine.