1
0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-08 23:06:49 +02:00
Commit Graph

927 Commits

Author SHA1 Message Date
04059cd618 MAIL-8818 - Postfix information leakage
To prevent announcing software or version to malicious people or scripts, it is advised to hide such information.


This information is provided as part of the Lynis community project. It is related to Lynis control MAIL-8818 and should be considered as-is and without guarantees.

https://cisofy.com/lynis/controls/MAIL-8818/
2020-05-10 16:04:53 +02:00
356fb0793e Merge pull request #1505 from youtous/test-postfix-inet
test postfix inet
2020-05-10 08:32:08 +02:00
c65ffb44a1 test postfix inet 2020-05-09 22:42:56 +02:00
5859c8b0e3 Merge pull request #1495 from youtous/update-issue-template
new issue format
2020-05-07 18:58:47 +02:00
6b071c5c26 new issue format 2020-05-07 10:19:29 +02:00
43621e744e Merge pull request #1494 from youtous/fix-comments-configs
support comments in .cf files
2020-05-07 08:32:40 +02:00
d0f7257333 support comments in .cf files 2020-05-06 22:59:55 +02:00
b6bc3bc073 Merge pull request #1491 from youtous/fix-global-sieve
Fix sieve scripts not loaded
2020-05-05 07:47:23 +02:00
32d16084ec sieve scripts using alphabetical order 2020-05-04 16:13:47 +02:00
92414b7eba sieve after/before use folder instead of individual listing
Loading sieve scripts using a directory scheme permits to handle multi scripts wtihout defining individual sieve_before/sieve_after
2020-05-04 00:27:29 +02:00
a12cd9a26d Merge pull request #1485 from youtous/feature-spam-to-junk
Feature: Spam to Junk folder
2020-05-03 12:56:02 +02:00
30262128f4 raise a warning when SPAMASSASSIN_SPAM_TO_INBOX isn't explicitly defined 2020-05-03 10:33:50 +02:00
a37049b3fe updating default env values 2020-05-03 10:33:50 +02:00
578d6c528f Update SPAMASSASSIN_SPAM_TO_INBOX doc 2020-05-03 10:33:28 +02:00
15dd63d566 add test case no move to Junk 2020-05-03 10:33:28 +02:00
d829905cf7 init spams to junk 2020-05-03 10:33:28 +02:00
7eacb4cfc0 Merge pull request #1488 from VanVan/patch-2
SPAMASSASSIN_SPAM_TO_INBOX=1 default for new user
2020-05-03 09:12:45 +02:00
df55196d69 SPAMASSASSIN_SPAM_TO_INBOX=1 default for new user
SPAMASSASSIN_SPAM_TO_INBOX=1 default for new user
2020-05-02 21:13:54 +02:00
23eb7c42ab Merge pull request #1481 from youtous/fix-sieve-folder
Prevent sieve symlink to be evaluated as a directory by dovecot
2020-05-02 08:09:09 +02:00
0537c6f046 Merge pull request #1482 from youtous/feature-quota-optional
Feature quota optional.
2020-05-02 08:07:38 +02:00
2aa857ab6d Merge pull request #1483 from youtous/sec-resource-exhaustion-attack
Reduce potential CPU exhaustion attack with `NO_RENEGOTIATION`
2020-05-02 08:03:48 +02:00
a2104d0802 update README.md / dovecot introduction 2020-05-02 00:47:32 +02:00
16cd4f9d2d Reduce opportunities for a potential CPU exhaustion attack with NO_RENEGOTIATION
See https://en.wikipedia.org/wiki/Resource_exhaustion_attack
2020-05-02 00:04:05 +02:00
0c838706d0 Option to disable dovecot quota 2020-05-01 23:42:21 +02:00
e8581be2d3 Prevent sieve symlink to be evaluated as a directory by dovecot 2020-05-01 23:20:15 +02:00
46c50f93ad Merge pull request #1479 from youtous/fix-ldap-quotas
fix 1478
2020-04-30 16:54:55 +02:00
3aeacef125 remove start-mailserver nested conditions dovecot quota 2020-04-30 16:11:45 +02:00
d45e6b1c22 #fix 1478 2020-04-30 12:47:12 +02:00
35f473ad12 Merge pull request #1474 from polarathene/chore/remove-obsolete-param-usetls
chore: Remove obsolete postfix parameter `smtpd_use_tls`
2020-04-30 08:02:11 +02:00
76594c21c4 Add note about tls_ssl_options = NO_COMPRESSION
[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options):

> Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security.

[Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html):

> The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data.
> The auditor completely failed to take the context into account.

[Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html)

> keeping compression disabled is a good idea.

If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.
2020-04-29 19:41:08 +12:00
41ea52847c Merge pull request #1473 from polarathene/chore/docs/clarify-port-descriptions
chore: Clarify exposed ports section on README
2020-04-29 08:21:03 +02:00
4a1cbd705b Merge pull request #1463 from youtous/pr-fix-dhe
Fix issue #1461- use a recommended dh group instead of a self-generated one
2020-04-29 08:00:16 +02:00
e7de9bceaf chore: Remove obsolete postfix parameter smtpd_use_tls
See: http://www.postfix.org/postconf.5.html#smtpd_tls_security_level

> this overrides the obsolete parameters `smtpd_use_tls` and `smtpd_enforce_tls`.
2020-04-27 23:24:26 +12:00
80bd3a8c85 Update test/mail_dhparams_manual_not_one_dir.bats
Co-Authored-By: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2020-04-27 10:42:47 +02:00
3e3f5d557b Update test/mail_dhparams_manual_one_dir.bats
Co-Authored-By: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2020-04-27 10:42:39 +02:00
27cbdeeb6a Update test/mail_dhparams_default.bats
Co-Authored-By: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2020-04-27 10:42:24 +02:00
e680c349b1 test wait setup for // containers 2020-04-27 10:28:24 +02:00
149a10272c improve dhe tests documentation 2020-04-27 09:57:36 +02:00
9882fc54f7 chore: Clarify exposed ports section on README 2020-04-27 18:23:32 +12:00
dff7355fa9 fix #1459 2020-04-26 23:07:34 +02:00
4d031f73e3 test dhparams ONE_DIR both cases 2020-04-26 22:25:48 +02:00
03b8f87ffc update dovecot conf comment 2020-04-26 22:23:51 +02:00
47fac2706f use ffdhe4096 for DHE params
use by default ffdhe4096 for DHE params 


use by default ffdhe4096 for DHE params
2020-04-26 22:23:51 +02:00
f60de0c66e init tests cases ffdhe4096 2020-04-26 22:23:51 +02:00
b168b73910 Merge pull request #1469 from youtous/pr-quota-feature
Feature: quota per mailbox
2020-04-26 18:03:23 +02:00
bdcf5e0cf1 fix send mail test quota
fix quota warning test: wait for postfix to be UP


increase postfix restart delay
2020-04-24 19:03:27 +02:00
2e149b74c2 fix async quota tests 2020-04-24 17:03:09 +02:00
04de46dc41 test quota reached 2020-04-24 15:53:44 +02:00
2527ebfaf2 added dovecot quota feature
add postfix service quota check


check-for-changes on quotas


setquota command


fix checkforchanges quota


addquota verify user exists


add setquota in setup.sh


merging addquota into setquota


test quota commands


add ldap tests for dovecot quota


fix smtp only quota postfix rules


test postfix conf


add quota test integration


add quota exceeded test


add wait analyze


fix tests


fix setup typo


add test fixes


fix error output


wip


update startup rules


fix setup


fix setup tests


fix output commands


remove quota on remove user


try to fix sync limit mails


check if file exists


fix path


change used quota user


fix post size


check if quota file exists


update tests


configure virtualmailbox limit for dovecot


last fix


fix quota expr


relax dovecot tests


auto create dovecot-quotas


fix dovecot apply quota test


wip quota warning


trying to fix get dovadm quota


dovecot applies fix


fix quota warning lda path


test count mail on quota


fix quota warning permissiosn


fix test
2020-04-24 14:56:15 +02:00
6cb3069c60 Merge pull request #1467 from casperklein/patch-1
rsyslog logrotate warning fixed
2020-04-23 14:16:57 +02:00