Bug 11656 - adjust postfix configuration on web servers
Summary: adjust postfix configuration on web servers
Status: CLOSED FIXED
Alias: None
Product: Infrastructure
Classification: Unclassified
Component: Mail & Mailing Lists (show other bugs)
Version: unspecified
Hardware: unspecified Unspecified
: - Unknown - Minor Usability
Assignee: Michael Tremer
QA Contact: Peter Müller
URL:
Keywords:
Depends on:
Blocks: 11649
  Show dependency treegraph
 
Reported: 2018-03-01 20:44 UTC by Peter Müller
Modified: 2019-10-01 15:28 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2018-03-01 20:44:11 UTC 
Sooner or later, we have to deal with the postfix configurations running on IPFire web servers, for example (web01.ipfire.org, ...).

In my eyes, we have the following issues here:
- no TLS (it is an internal network, but we want that anyway)
- mails are cached very long (~ 5 days, I consider 3 days [normal mail] and 1 day [bounces] to be sufficient)
- nearly all mail is accepted (even those to non-existent domains, which just burn resources).
Comment 1 Michael Tremer 2018-03-01 21:26:43 UTC 
We currently use the DNS alias relay.i.ipfire.org. That domain should therefore
be in the SSL certificate that Postfix currently uses.

How do we deal with bounced emails from internal services like cron? They are
usually going back to <user>@<hostname> and the relay is never able to deliver
them.
Comment 2 Peter Müller 2019-10-01 15:28:27 UTC 
Meanwhile, this has been fixed as all of our mail infrastructure is now using TLS 1.3 and DANE. :-)