Thomas Buck
ee0f739b1d
Lots of updates, first test of VPN.
5 лет назад
Thomas Buck
781a660162
dont send DMARC reports to ourselves
5 лет назад
Thomas Buck
14c4c800ba
Minimal config with only mail and web and git hosting. So disable z-push backend CalDav and CardDav integration for now.
5 лет назад
Thomas Buck
50ca2d19b2
Remove indices from mailserver SQL schema and added send-only users.
5 лет назад
Thomas Buck
f17f41b536
use mail as dkim selector. explicitely give keysize. add localhost to sasl exceptions.
5 лет назад
Thomas Buck
2d359819a2
Similar log settings for all apache virtual hosts
5 лет назад
Thomas Buck
f7094f17dd
Generate mail autoconfig for all domains and put them in well-known too
5 лет назад
Thomas Buck
7b8f15528d
Fix a bunch of broken http->https redirects and make them always temporary
5 лет назад
Thomas Buck
db6a0571a6
Newer Dovecot won't start with SSLv2 in config
5 лет назад
Thomas Buck
5a900bb33a
Use Z-Push from official upstream repos. Configure imap, caldav, carddav backends properly for nextcloud. Using Z-Push Autodiscover.
5 лет назад
Thomas Buck
9411373c5b
Cleanup postfix task. Move password hashing into top level config file.
5 лет назад
Thomas Buck
7096fec015
don't keep extra var for organization thats not really needed.
5 лет назад
Thomas Buck
e452e31e42
Rename mail_virtual_domains to only virtual_domains, will later also use for web.
5 лет назад
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
5 лет назад
John Giannelos
351addffd7
Force https on mail autoconfig apache vhost.
8 лет назад
Mike Ashley
486c3f1414
Replace OpenDKIM with Rspamd's dkim_signing module
- remove configuration of OpenDKIM
- remove OpenDKIM milter from postfix's configuration
- add configuration files for rpsamd's dkim module
- update the rspamd task
- update services in README
7 лет назад
Mike Ashley
14615ae223
Switch to Rspamd for DMARC handling
- Remove OpenDMARC
- Configure Rspamd for DMARC handling
- Update services and how to set up DNS records in README
7 лет назад
Mike Ashley
5e2c8c8a2d
Remove redundant greylisting
7 лет назад
Mike Ashley
c9bb6dba92
Remove rmilter from mailserver configuration
Rmilter [is no longer
needed](https://rspamd.com/doc/quickstart.html#rmilter -setup) as of
Rspamd 1.6.
7 лет назад
Arjen Verstoep
46b234929a
Correct configuration of imap plugins
7 лет назад
Aaron D Borden
2bde2afb53
Use postmaster@ for DMARC reports
7 лет назад
Aleksandr Bogdanov
f5a38fec63
Implementing password hashing for ircbouncer and mailserver inside password_hash filter plugin
7 лет назад
Mike Ashley
166c57f045
Use submission port for client outgoing email
Currently client email is submitted via ssmtp (port 465). This has been
deprecated for years. The correct way to submit email is via
submission (port 587).
This patch adds port 587 as a second and the default way of submitting
email for delivery. Port 465 remains open for backwards compatibility
with existing clients.
8 лет назад
Carl Meyer
1a3d01f311
Complete rmilter/rspamd setup.
8 лет назад
Carl Meyer
d46fb1521b
Make OpenDMARC cron job email root only on error.
8 лет назад
Carl Meyer
57982401a9
Pass {auth_type} to milters, fixing OpenDKIM signing of authenticated SMTP messages.
8 лет назад
Mike Ashley
beaceafbd1
Update mailserver role to use LE certificate
9 лет назад
Mike Ashley
4c830e1b07
Override opendmarc defaults
This patch restores sovereign's configuration of opendmarc.
8 лет назад
Mike Ashley
1bc60827ef
Revert opendmarc to use mysql
An earlier commit started transitioning opendmarc to use postgres, but
this was incomplete. This patch reverts that change and uses mysql for
the reporting database.
Other changes:
* Do not maintain a copy of the database import schema. A copy is
included in the distribution in /usr/share/doc, so that is used
instead.
* The configuration file is replaced with the distribution's sample
configuration. A second patch will restore the actual configuration.
This will make the changes easier to see if the default configuraton
file changes in future versions of opendmarc.
8 лет назад
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 лет назад
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 лет назад
Sven Neuhaus
20bd80c599
Generate 2048 DH group and add it to Postfix
9 лет назад
Alex Payne
ecaa4c2330
Partially working Rspamd replacement for dspam
9 лет назад
Alex Payne
58a4532fe7
Better permission handling for OpenDMARC.
Resolves #400 .
9 лет назад
Alex Payne
417403f534
Use {{ mail_server_hostname }} over mail.servername
Resolves #402 .
9 лет назад
Miloš Hadžić
d823ed0848
Use lmtp instead of lda for delivery.
9 лет назад
Will McCutchen
16b66cc849
Define apache SSL config in one place
9 лет назад
Alex Payne
26d61c68a8
Implement OpenDMARC. Resolves #369 .
9 лет назад
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
9 лет назад
Sven Neuhaus
ac59435d6e
exclude SSLv3 for all TLS
to mitigate POODLE vulnerability
10 лет назад
Sven Neuhaus
f338b1e15d
Postfix: Disable SSLv2 and SSLv3 for mandatory TLS connections
Postfix: Disable SSLv2 and SSLv3 for 'mandatory SSL' mode connections to completely mitigate the POODLE issue.
10 лет назад
Mike Ashley
cf5d98c505
Correct SMTP port number
10 лет назад
Patrick O'Doherty
6f6fc6a90f
Disable SSLv3 in all Apache vhosts
10 лет назад
Lorenzo Villani
8959f1c183
Add support for Thunderbird automatic configuration
Resolves #114
10 лет назад
Michael West
aa2e1a0e74
Increase security of postfix smtp tls ciphers, that is sending email to other smtp servers using encryption
10 лет назад
Alex Payne
e6bd0a08c2
Set `smtpd_relay_restrictions` to backwards compatible mode. Resolves #231 .
10 лет назад
Thom Wiggers
6312286b64
Remove ahbl as it's being winded down
http://ahbl.org/content/changes-ahbl
Fixes #232
10 лет назад
James Ravn
46eabbedd7
Limits z-push sync to 3 months
This prevents timeouts when trying to sync very large mailboxes. By
default, z-push attempts to get headers for all messages in a folder.
10 лет назад
Allen Riddell
9a6cbcd925
Quote password substitution (may contain spaces)
10 лет назад
Cameron Rudnick
0493e9b57e
Allow # in mail_db_password
I had a # in my mail_db_password and spent the last 2 hours trying to figure out why I couldn't connect by IMAP. A # is only allowed if the connect string is wrapped in quotes.
10 лет назад