Mail quota was not visible in Thunderbird. bug was havinf two
`quota =` rules. adjusted to `quota2=` for shared quota to diplay,
however, had no effect in display shared quota.
Disabled shared in the meantime.
MR !7
Check the users quota before accepting the mail for delivery.
If the user belongs to the server, the user wont send the message,
nor save it for it only to be rejected at a later stage.
Current rules and order as follows:
1. reject_non_fqdn_recipient
Require recipient to be in FQDN format so the message can
be routed.
2. reject_unknown_recipient_domain
Prevent mail from being sent to a random location that can't
be found.
3. check_policy_service,unix:private/quota
If the mail is for a local user and their mailbox is full, reject
the mail.
This allows the sender not to recieve a bounce message for
a message that wasn't actually sent.
4. permit_sasl_authenticated
A user of the mail server can send E-Mail to anyone as long as
it passes the filters above.
5. reject
Reject any further mail, as they clearly are not a user of the
mail server.
MR !7
Mail server should only relay mail for domains and users it hosts. default is to reject.
Rules and order as follows:
1. reject_non_fqdn_recipient
Require the recipient to be in FQDN format for relaying
and routing reasons including locating user.
2. permit_auth_destination
Only accept mail to be routed if authorized.
3. reject
Don't accept any further mail for relaying.
MR !7
Filter mail based on recipient restrictions. default is to filter then
reject the remaining.
This is a default rule and submission requires it's own rule specified.
rules and order as follows:
1. permit_mynetworks
Allow local mail host to send to whomever.
2. reject_non_fqdn_recipient
must use a FQDN so that the recipient can be identified.
3. reject_unknown_recipient_domain
Only accept mail for the domains we host.
4. reject_unauth_destination
reject mail for domains we don't host and before any policy
checks are done. This prevents additional processes from
spawning that would otherwise be unused.
5. check_policy_service,unix:private/policyd-spf
bounce the mail that fails spf check. likely to be a non-smtp
server.
6. check_policy_service unix:private/quota
Check the recipients quota before delivery. if fails, bounce
the mail.
7. permit_auth_destination
Only accept mail for domains we host. This rule placed after
the bounces, so that filtering can be done first.
8. reject
Hard reject as the recipient doesn't belong to this host.
MR !7
Default is to accept all mail from sender after filtering.
smtpd_sender_restrictions rules and order are as follows:
1. permit_mynetworks
permit my network (localhost). Placed first as sometimes the
sender will not be a FQDN sender. (i.e. cron)
2. reject_non_fqdn_sender
bounce mail where sender not in format of FQDN.
3. reject
Reject all remaining senders
MR !7
Default is permit.
Rule order as follows:
1. permit_mynetworks
My network (localhost) is exempt from restriction
2. reject_invalid_helo_hostname
Don't allow a connection from an invalid host.
3. permit
Allow the remaining hosts not booted.
MR !7
Default is reject.
order of rules as follows:
1. reject_unauth_destination
if postfix doesn't own the destination, bounce
2. reject_unauth_pipelining
not punch through commands.
3. permit_mynetworks,
set as rule 3 after the above rejects, so that if a rouge
process on the server attempts to send, it is blocked.
4. permit_auth_destination,
Only accept a connection if the mailserver is the destination.
5. reject
Reject all remaining mail as it's clearly not for this host.
MR !7
There is no requirement to open an additional port so that postfix can
can check the dovecot quota.
The socket is created in postfix's service directory with dovecot as the
owner and vmail as the group. setting it this way enables ls command to
display who the owner is for debugging purposes.
Postfix is a member of group vmail.
MR !7
fix the merge request dockerhub build.
var CI_COMMIT_BRANCH is not available in a merge request pipleine.
adjusted the pipline to run if development branch with a commit message
starting with Merge branch.
this enables usage of variable CI_COMMIT_BRANCH.
MR !4
When a git tag occurs, the image will also be tagged 'latest' and be
pushed to docker hub.
When a merge request occurs on the development branch, the image
will also be tagged 'dev' and be pushed to dockerhub.
MR !2
Default config is for domain example.org, which
is the testing domain.
User will be required to customise '90-dkim' with thier
own domain configuration, including generating dkim signing certificates.
MR !2
