Actions
Task #1016
closedpostgrey and policyd-weight depreciation in favor of postscreen
Status:
Rejected
Priority:
Normal
Assignee:
Category:
Mail system
Target version:
Team - Q1/2016
Start date:
Due date:
% Done:
0%
Tags:
Documentation, Salt
URL:
Description
We should replace postgrey and policyd-weight with postscreen
Done so on bilbo2 and pumbaa, already but other servers/VMs and the Salt setup are missing
Florian happy to help
Related issues
Updated by Florian Effenberger about 9 years ago
As mail is critical (and complicated) I propose to not make an easyhack out of this
Anyways, here's my docs:
main.cf:
REMOVE: check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023, smtpd_tls_received_header = yes postscreen_access_list = permit_mynetworks postscreen_blacklist_action = drop postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites = zen.spamhaus.org*1, bl.spamcop.net*1, ix.dnsbl.manitu.net*1, b.barracudacentral.org*1, bl.mailspike.net*1 postscreen_dnsbl_action = enforce postscreen_greet_banner = $smtpd_banner postscreen_greet_action = enforce postscreen_bare_newline_enable = no #postscreen_bare_newline_action = enforce postscreen_bare_newline_action = ignore postscreen_pipelining_enable = no #postscreen_pipelining_action = enforce postscreen_pipelining_action = ignore postscreen_non_smtp_command_enable = no #postscreen_non_smtp_command_action = drop postscreen_non_smtp_command_action = ignore
master.cf:
might also be doable via - untested - sed 's,^smtp .*smtpd$,#&,;/\(smtpd .*pass\|postscreen\|dnsblog\|tlsproxy\)/s/^#//' /etc/postfix/master.cf
Comment out the "smtp inet ... smtpd" service in master.cf, including any "-o parameter=value" entries that follow.
/etc/postfix/master.cf:
#smtp inet n - n - - smtpd
# -o parameter=value ...
Uncomment the new "smtpd pass ... smtpd" service in master.cf, and duplicate any "-o parameter=value" entries from the smtpd service that was commented out in the previous step.
/etc/postfix/master.cf:
smtpd pass - - n - - smtpd
-o parameter=value ...
Uncomment the new "smtp inet ... postscreen" service in master.cf.
/etc/postfix/master.cf:
smtp inet n - n - 1 postscreen
Uncomment the new "tlsproxy unix ... tlsproxy" service in master.cf. This service implements STARTTLS support for postscreen(8).
/etc/postfix/master.cf:
tlsproxy unix - - n - 0 tlsproxy
Uncomment the new "dnsblog unix ... dnsblog" service in master.cf. This service does DNSBL lookups for postscreen(8) and logs results.
/etc/postfix/master.cf:
dnsblog unix - - n - 0 dnsblog
Updated by Florian Effenberger over 8 years ago
- Tracker changed from Feature to Task
- Subject changed from replace postgrey and policyd-weight with postscreen to postgrey and policyd-weight depreciation in favor of postscreen
- Description updated (diff)
- Priority changed from Low to Normal
Updated by Florian Effenberger over 8 years ago
- Target version changed from Q4/2015 to Q1/2016
Updated by Florian Effenberger over 8 years ago
- Is duplicate of Task #1477: pumbaa reinstallation added
Updated by Florian Effenberger over 8 years ago
- Status changed from New to Rejected
Rejecting in favor of #1477
Actions