Currently client email is submitted via ssmtp (port 465).  This has been
deprecated for years.  The correct way to submit email is via
submission (port 587).

This patch adds port 587 as a second and the default way of submitting
email for delivery.  Port 465 remains open for backwards compatibility
with existing clients.

This patch restores sovereign's configuration of opendmarc.

An earlier commit started transitioning opendmarc to use postgres, but
this was incomplete.  This patch reverts that change and uses mysql for
the reporting database.

Other changes:

* Do not maintain a copy of the database import schema.  A copy is
  included in the distribution in /usr/share/doc, so that is used
  instead.
* The configuration file is replaced with the distribution's sample
  configuration.  A second patch will restore the actual configuration.
  This will make the changes easier to see if the default configuraton
  file changes in future versions of opendmarc.

Avoid using the Include directive.  Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.

Resolves #400.

Resolves #402.

See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341.
Also explicitly disabled SSLCompression and enables OCSP stapling.

We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...

to mitigate POODLE vulnerability

Postfix: Disable SSLv2 and SSLv3 for 'mandatory SSL' mode connections to completely mitigate the POODLE issue.

Resolves #114

http://ahbl.org/content/changes-ahbl

Fixes #232

This prevents timeouts when trying to sync very large mailboxes. By
default, z-push attempts to get headers for all messages in a folder.

I had a # in my mail_db_password and spent the last 2 hours trying to figure out why I couldn't connect by IMAP. A # is only allowed if the connect string is wrapped in quotes.

Fixes issue #8. Adds new variable mail_header_privacy, on by default.
Installs postfix-pcre unconditionally, and then copies the pcre file
over and adds the header check to main.cf based on the variable value.
“this header replacement works great, but it logs that the replacement
has been done, which means that you are storing this information,
unless you are anonymizing your logs”

PostgreSQL works similarly with varchar and text columns. Rather than
limiting the amount of characters a column can hold simply use text
columns.

Because this sql is now PostgreSQL specific, there's no need to maintain
what was set in the mysql settings.

Remove all configuration for MySQL and configure PostgreSQL as the main
database.

All *_mysql_* options have been changed to *_db_* options.

Postgres requires the database user to have a password in order to
connect via localhost. The db_admin_password option is used to set the
password of the admin user (usually postgres).

When you're hosting a couple of hundred aliases, you will benefit.
It seems safer to create the index and deal with the slight overhead
for just a couple of records, as opposed to not having these
indexes and deal with serious performance issues if you have
lots of aliases on the machine.

Signed-off-by: PajamaSoft <support@pajamasoft.com>

Use the changed `mail_virtual_users` structure to ensure directories and
sieve rules are created for each defined account.

These are the changes necessary to enable Roundcube's manage sieve plugin to mange server-side sieve filters.

Signed-off-by: PajamaSoft <support@pajamasoft.com>

Added friendly_networks variable to denote whitelisted networks

(such as root's cron errors)

Fix CAcert usage in postfix and dovecot

Fix Postfix configuration file to link to correct SSL certificate locations