With this configuration if the user attempts to send spam or a
virus, the message will be quarantined and the user will be
notified of the issue.
MR !9
Service amavis even though part of group vmail who has mark 770
on '/var/spool/spamassassin', can't write lockfile to do a bayes
check.
Set '/var/spool/spamassassin' mask to be `777` with owner
`debian-spamd:vmail` recursive. so that amavis bayes check works.
MR !9
Sieve extensions set to:
-vacation
Remove vaction extension as this has the potential to leak to
external users. this could be re-enabled if it could be blocked
from leaving the server and only being available within the
same domain
-enotify
Remove enotify extension as this has the potential to leak to
external users. this could be re-enabled if it could be blocked
from leaving the server and only being available within the
same domain
-editheader
editheader disabled, as the user should not be able to edit
message headers as this could remove message validity.
imap4flags
Enable imap4flags so that the user can flag messages as they
desire.
MR !9
used https://ssl-config.mozilla.org/ to generate recommended
ciphers config for dovecot and postfix.
postfix set to use medium ciphers due to possibility of smtp
servers not being updated to latest.
MR !9
Mail quota was not visible in Thunderbird. bug was havinf two
`quota =` rules. adjusted to `quota2=` for shared quota to diplay,
however, had no effect in display shared quota.
Disabled shared in the meantime.
MR !7
Check the users quota before accepting the mail for delivery.
If the user belongs to the server, the user wont send the message,
nor save it for it only to be rejected at a later stage.
Current rules and order as follows:
1. reject_non_fqdn_recipient
Require recipient to be in FQDN format so the message can
be routed.
2. reject_unknown_recipient_domain
Prevent mail from being sent to a random location that can't
be found.
3. check_policy_service,unix:private/quota
If the mail is for a local user and their mailbox is full, reject
the mail.
This allows the sender not to recieve a bounce message for
a message that wasn't actually sent.
4. permit_sasl_authenticated
A user of the mail server can send E-Mail to anyone as long as
it passes the filters above.
5. reject
Reject any further mail, as they clearly are not a user of the
mail server.
MR !7
Mail server should only relay mail for domains and users it hosts. default is to reject.
Rules and order as follows:
1. reject_non_fqdn_recipient
Require the recipient to be in FQDN format for relaying
and routing reasons including locating user.
2. permit_auth_destination
Only accept mail to be routed if authorized.
3. reject
Don't accept any further mail for relaying.
MR !7
