mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-26 02:57:04 +00:00
the opendmarc miter should run on incoming mail only
I added OpenDMARC's milter in fba4d4702e
. But this started
setting Authentication-Results headers on outbound mail with failures. Not sure why it
fails at that point, but it shouldn't be set at all. The failure might cause recipients
to junk the mail. See #358.
This commit removes the milter from the SMTP submission (port 587) listener.
This commit is contained in:
parent
4d22fb9b2a
commit
dcd971d079
@ -60,6 +60,10 @@ tools/editconf.py /etc/opendmarc.conf -s \
|
|||||||
#
|
#
|
||||||
# Be careful. If we add other milters later, this needs to be concatenated
|
# Be careful. If we add other milters later, this needs to be concatenated
|
||||||
# on the smtpd_milters line.
|
# on the smtpd_milters line.
|
||||||
|
#
|
||||||
|
# The OpenDMARC milter is skipped in the SMTP submission listener by
|
||||||
|
# configuring smtpd_milters there to only list the OpenDKIM milter
|
||||||
|
# (see mail-postfix.sh).
|
||||||
tools/editconf.py /etc/postfix/main.cf \
|
tools/editconf.py /etc/postfix/main.cf \
|
||||||
"smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
|
"smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
|
||||||
non_smtpd_milters=\$smtpd_milters \
|
non_smtpd_milters=\$smtpd_milters \
|
||||||
|
@ -62,6 +62,9 @@ tools/editconf.py /etc/postfix/main.cf \
|
|||||||
|
|
||||||
# Enable the 'submission' port 587 smtpd server and tweak its settings.
|
# Enable the 'submission' port 587 smtpd server and tweak its settings.
|
||||||
#
|
#
|
||||||
|
# * Do not add the OpenDMAC Authentication-Results header. That should only be added
|
||||||
|
# on incoming mail. Omit the OpenDMARC milter by re-setting smtpd_milters to the
|
||||||
|
# OpenDKIM milter only. See dkim.sh.
|
||||||
# * Require the best ciphers for incoming connections per http://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/.
|
# * Require the best ciphers for incoming connections per http://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/.
|
||||||
# By putting this setting here we leave opportunistic TLS on incoming mail at default cipher settings (any cipher is better than none).
|
# By putting this setting here we leave opportunistic TLS on incoming mail at default cipher settings (any cipher is better than none).
|
||||||
# * Give it a different name in syslog to distinguish it from the port 25 smtpd server.
|
# * Give it a different name in syslog to distinguish it from the port 25 smtpd server.
|
||||||
@ -71,6 +74,7 @@ tools/editconf.py /etc/postfix/main.cf \
|
|||||||
tools/editconf.py /etc/postfix/master.cf -s -w \
|
tools/editconf.py /etc/postfix/master.cf -s -w \
|
||||||
"submission=inet n - - - - smtpd
|
"submission=inet n - - - - smtpd
|
||||||
-o syslog_name=postfix/submission
|
-o syslog_name=postfix/submission
|
||||||
|
-o smtpd_milters=inet:127.0.0.1:8891
|
||||||
-o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3
|
-o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3
|
||||||
-o cleanup_service_name=authclean" \
|
-o cleanup_service_name=authclean" \
|
||||||
"authclean=unix n - - - 0 cleanup
|
"authclean=unix n - - - 0 cleanup
|
||||||
|
Loading…
Reference in New Issue
Block a user