From 595ff03804ff68fabf6d43138eb22e7d09a195e9 Mon Sep 17 00:00:00 2001 From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Wed, 10 May 2023 11:29:51 +0200 Subject: [PATCH] Postfix: rename "smtps" to "submissions" (#3235) --- docs/content/config/advanced/kubernetes.md | 2 +- docs/content/examples/tutorials/mailserver-behind-proxy.md | 2 +- target/postfix/master.cf | 4 ++-- target/scripts/helpers/ssl.sh | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/content/config/advanced/kubernetes.md b/docs/content/config/advanced/kubernetes.md index 6d7330f4..8846c955 100644 --- a/docs/content/config/advanced/kubernetes.md +++ b/docs/content/config/advanced/kubernetes.md @@ -460,7 +460,7 @@ Then, configure both [Postfix][docs-postfix] and [Dovecot][docs-dovecot] to expe postfix-master.cf: | smtp/inet/postscreen_upstream_proxy_protocol=haproxy submission/inet/smtpd_upstream_proxy_protocol=haproxy - smtps/inet/smtpd_upstream_proxy_protocol=haproxy + submissions/inet/smtpd_upstream_proxy_protocol=haproxy dovecot.cf: | # Assuming your ingress controller is bound to 10.0.0.0/8 haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8 diff --git a/docs/content/examples/tutorials/mailserver-behind-proxy.md b/docs/content/examples/tutorials/mailserver-behind-proxy.md index f9050106..501d1209 100644 --- a/docs/content/examples/tutorials/mailserver-behind-proxy.md +++ b/docs/content/examples/tutorials/mailserver-behind-proxy.md @@ -105,7 +105,7 @@ and to `docker-data/dms/config/postfix-master.cf`: ```cf submission/inet/smtpd_upstream_proxy_protocol=haproxy -smtps/inet/smtpd_upstream_proxy_protocol=haproxy +submissions/inet/smtpd_upstream_proxy_protocol=haproxy ``` Changes for `dovecot` can be applied by adding the following content to `docker-data/dms/config/dovecot.cf`: diff --git a/target/postfix/master.cf b/target/postfix/master.cf index 3746b6f6..6f8877f6 100644 --- a/target/postfix/master.cf +++ b/target/postfix/master.cf @@ -27,8 +27,8 @@ submission inet n - n - - smtpd -o milter_macro_daemon_name=ORIGINATING -o cleanup_service_name=sender-cleanup -smtps inet n - n - - smtpd - -o syslog_name=postfix/smtps +submissions inet n - n - - smtpd + -o syslog_name=postfix/submissions -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot diff --git a/target/scripts/helpers/ssl.sh b/target/scripts/helpers/ssl.sh index f837be00..ae7aea4d 100644 --- a/target/scripts/helpers/ssl.sh +++ b/target/scripts/helpers/ssl.sh @@ -342,7 +342,7 @@ function _setup_ssl # | http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only | http://www.postfix.org/TLS_README.html#server_tls_auth # # smtp_tls_wrappermode (default: not applied, 'no') | http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode - # smtpd_tls_wrappermode (default: 'yes' for service port 'smtps') | http://www.postfix.org/postconf.5.html#smtpd_tls_wrappermode + # smtpd_tls_wrappermode (default: 'yes' for service port 'submissions') | http://www.postfix.org/postconf.5.html#smtpd_tls_wrappermode # NOTE: Enabling wrappermode requires a security_level of 'encrypt' or stronger. Port 465 presently does not meet this condition. # # Postfix main.cf (base config): @@ -353,7 +353,7 @@ function _setup_ssl # # Postfix master.cf (per connection overrides): # Disables implicit TLS on port 465 for inbound (smtpd) and outbound (smtp) traffic. Treats it as equivalent to port 25 SMTP with explicit STARTTLS. - # Inbound 465 (aka service port aliases: submissions / smtps) for Postfix to receive over implicit TLS (eg from MUA or functioning as a relay host). + # Inbound 465 (aka service port aliases: submissions) for Postfix to receive over implicit TLS (eg from MUA or functioning as a relay host). # Outbound 465 as alternative to port 587 when sending to another MTA (with authentication), such as a relay service (eg SendGrid). sedfile -i -r \ -e "/smtpd?_tls_security_level/s|=.*|=none|" \