34b35ca9b7
1922: Harden postfix's configuration r=mergify[bot] a=nextgens ## What type of PR? enhancement ## What does this PR do? It hardens the default configuration: - disable AUTH commands on port 25 (nginx was not advertising the capability: normal clients wouldn't attempt it) - fix Forward Secrecy by ensuring that we don't use session tickets and don't cache on forensically carveable mediums - prevent clear-text credentials from being sent while authenticating to remote relays (this may break things if the relay doesn't support challenge-based authentication NOR STARTTLS - unlikely). - switch to default RSA keysizes (2048 bits and they get rekeyed every 3 months -modern clients will do ECC) - enable ECC certificates (much smaller than RSA keys, faster for better security margin) - configure nginx so that it doesn't send the legacy/root CA (clients that require it are unlikely to do TLS1.2 any ways) I don't think that any of those changes is impactful enough to warrant being documented. ### Related issue(s) - close #1804 ## Prerequistes Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> Co-authored-by: Jack Murray <github@c0rporation.com> |
||
|---|---|---|
| .github | ||
| core | ||
| docs | ||
| optional | ||
| setup | ||
| tests | ||
| towncrier | ||
| webmails | ||
| .gitignore | ||
| .mergify.yml | ||
| AUTHORS.md | ||
| bors.toml | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| ISSUE_TEMPLATE.md | ||
| LICENSE.md | ||
| PULL_REQUEST_TEMPLATE.md | ||
| pyproject.toml | ||
| README.md | ||
Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to suggestions and external contributions. The project aims at providing people with an easily setup, easily maintained and full-featured mail server while not shipping proprietary software nor unrelated features often found in popular groupware.
Most of the documentation is available on our Website, you can also try our demo server before setting up your own, and come talk to us on Matrix.
Features
Main features include:
- Standard email server, IMAP and IMAP+, SMTP and Submission
- Advanced email features, aliases, domain aliases, custom routing
- Web access, multiple Webmails and administration interface
- User features, aliases, auto-reply, auto-forward, fetched accounts
- Admin features, global admins, announcements, per-domain delegation, quotas
- Security, enforced TLS, Letsencrypt!, outgoing DKIM, anti-virus scanner
- Antispam, auto-learn, greylisting, DMARC and SPF
- Freedom, all FOSS components, no tracker included
Contributing
Mailu is free software, open to suggestions and contributions. All components are free software and compatible with the MIT license. All specific configuration files, Dockerfiles and code are placed under the MIT license.