Bug 11656

Summary: adjust postfix configuration on web servers
Product: Infrastructure Reporter: Peter Müller <peter.mueller>
Component: Mail & Mailing ListsAssignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact: Peter Müller <peter.mueller>
Severity: Minor Usability    
Priority: - Unknown - CC: morlix
Version: unspecified   
Hardware: unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 11649    

Description Peter Müller 2018-03-01 20:44:11 UTC 
Sooner or later, we have to deal with the postfix configurations running on IPFire web servers, for example (web01.ipfire.org, ...).

In my eyes, we have the following issues here:
- no TLS (it is an internal network, but we want that anyway)
- mails are cached very long (~ 5 days, I consider 3 days [normal mail] and 1 day [bounces] to be sufficient)
- nearly all mail is accepted (even those to non-existent domains, which just burn resources).
Comment 1 Michael Tremer 2018-03-01 21:26:43 UTC 
We currently use the DNS alias relay.i.ipfire.org. That domain should therefore
be in the SSL certificate that Postfix currently uses.

How do we deal with bounced emails from internal services like cron? They are
usually going back to <user>@<hostname> and the relay is never able to deliver
them.
Comment 2 Peter Müller 2019-10-01 15:28:27 UTC 
Meanwhile, this has been fixed as all of our mail infrastructure is now using TLS 1.3 and DANE. :-)