[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 3 commits: jenkins/postfix: add an explicit smtpd_relay_restrictions, which is apparently needed now
Mattia Rizzolo
gitlab at salsa.debian.org
Mon Aug 12 17:55:53 BST 2019
Mattia Rizzolo pushed to branch master at Debian QA / jenkins.debian.net
Commits:
3b964081 by Mattia Rizzolo at 2019-08-12T16:53:50Z
jenkins/postfix: add an explicit smtpd_relay_restrictions, which is apparently needed now
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
8780a849 by Mattia Rizzolo at 2019-08-12T16:54:51Z
jenkins/postfix: set an option to silence a warning in the log
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
61ceaf5d by Mattia Rizzolo at 2019-08-12T16:55:18Z
jenkins/postfix: use somewhat stricter TLS parameters
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
1 changed file:
- hosts/jenkins/etc/postfix/main.cf
Changes:
=====================================
hosts/jenkins/etc/postfix/main.cf
=====================================
@@ -1,10 +1,6 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
+compatibility_level = 2
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
@@ -12,30 +8,31 @@ biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject
myhostname = jenkins.debian.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = jenkins.debian.net, reproducible.debian.net, localhost.debian.net, localhost
relayhost =
-#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mynetworks = 127.0.0.0/8
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_ask_ccert = yes
+smtp_tls_security_level = may
+smtpd_tls_security_level = may
+smtp_tls_loglevel = 1
+smtpd_tls_loglevel = 1
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+smtpd_tls_received_header = yes
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/compare/fa720775ae898fe384103014f06c0fadf280e482...61ceaf5dd6a6743014339102cef32d1c777fd612
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/compare/fa720775ae898fe384103014f06c0fadf280e482...61ceaf5dd6a6743014339102cef32d1c777fd612
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20190812/3b80eacc/attachment-0001.html>
More information about the Qa-jenkins-scm
mailing list