Univention Bugzilla – Bug 45607
Integration of postscreen
Last modified: 2018-02-14 13:31:41 CET
We should consider postscreen for integration in the postfix config: The Postfix postscreen(8) daemon provides additional protection against mail server overload. One postscreen(8) process handles multiple inbound SMTP connections, and decides which clients may talk to a Postfix SMTP server process. By keeping spambots away, postscreen(8) leaves more SMTP server processes available for legitimate clients, and delays the onset of server overload conditions.
Implemented in feature branch sschwardt/45607/422/postscreen postscreen is not enabled by default since the benefit comes into effect on systems directly accessible from the internet. Activate postscreen: ucr set mail/postfix/postscreen/enabled=yes systemctl restart postfix.service Configuration is possible via UCRV mail/postfix/postscreen/.* or via additional options in /etc/postfix/main.cf.local
univention-mail-postfix (11.0.2-1) 03d1ce928855 | Bug #45607: add changelog entry 7920916413d0 | Bug #45607: Merge branch 'sschwardt/45607/423/postscreen' into 4.2-3 d33ac39c033a | Bug #45607: make ucslint happy 6d58b8de6b93 | Bug #45607: add UCR variable descriptions 2cf13726283d | Bug #45607: add postscreen white/blacklist for IP addresses b79d117a3455 | Bug #45607: add postscreen configuration for main.cf d54130c6909d | Bug #45607: register postscreen in master.cf if enabled 848b87c0c41a | Bug #45607: use service names instead of service ports c71dd7f3c4f1 | Bug #45607: update description to match debian's master.cf 80c803780d1b | Bug #45607: remove old and unused submission entry 6eb6e51408fb | Bug #45607: add missing entries from debian's master.cf 984a8d899aac | Bug #45607: reorder entries to match debian's master.cf a210a791f1ab | Bug #45607: use unix socket as in debian's master.cf Package: univention-mail-postfix Version: 11.0.2-1A~4.2.0.201801191119 Branch: ucs_4.2-0 Scope: errata4.2-3 univention-mail-postfix (12.0.0-8) e4a4002c24e9 | Bug #45607: add changelog entry 06c58d4cdf38 | Bug #45607: Merge branch 'sschwardt/45607/430/postscreen' into 4.3-0 2e696f4a812b | Bug #45607: make ucslint happy bbfecd889b62 | Bug #45607: add UCR variable descriptions 2924632e99c1 | Bug #45607: add postscreen white/blacklist for IP addresses 7aff596c6c40 | Bug #45607: add postscreen configuration for main.cf e6d6f22fb4fc | Bug #45607: register postscreen in master.cf if enabled a7d4c361ff75 | Bug #45607: use service names instead of service ports 6f708f6062dc | Bug #45607: remove old and unused submission entry 315037daf834 | Bug #45607: add missing entries from debian's master.cf bd0165cabd8a | Bug #45607: reorder entries to match debian's master.cf 1bc408fd99ad | Bug #45607: use unix socket as in debian's master.cf Package: univention-mail-postfix Version: 12.0.0-8A~4.3.0.201801191135 Branch: ucs_4.3-0 Scope:
OK: UCS Postfix templates: whitespace changes OK: UCS Postfix templates: port number/name alias changes OK: UCS Postfix templates: fifo/unix change OK: UCS Postfix templates: modifications of main.cf and master.cf for postscreen OK: UCRV descriptions REOPEN: please add documentation for this new feature to the manual. Please mention the location of the temporary Postscreen cache (postscreen_cache_map): /var/lib/postfix/postscreen_cache.db, so that admins can delete it while testing. REOPEN: missing advisory entry
UCS 4.2-3: As discussed the cache filename is not mentioned in the manual: 7a89303b0344 | Bug #45607: add section for postfix' postscreen univention-mail-postfix.yaml 3215987c9f93 | Bug #45607: add advisory entry UCS 4.3-0: As discussed the cache filename is not mentioned in the manual: c5b6d339c32d | Bug #45607: add section for postfix' postscreen
OK: manual (http://jenkins.knut.univention.de:8080/view/Doku/job/UCS-4.2/job/UCS-4.2-3/job/HandbookUCS/lastBuild/artifact/webroot/) OK. merge to 4.3 REOPEN: please add the required words to the dictionaries, so the error rate in the Jenkins manual job returns to its previous state. Will be verified after fixing the dictionaries.
(In reply to Daniel Tröder from comment #5) > REOPEN: please add the required words to the dictionaries, so the error rate > in the Jenkins manual job returns to its previous state. → Fixed
(In reply to Sönke Schwardt-Krummrich from comment #6) > (In reply to Daniel Tröder from comment #5) > > REOPEN: please add the required words to the dictionaries, so the error rate > > in the Jenkins manual job returns to its previous state. > > → Fixed ACK: all new spelling violations gone. Rest was already verified (see comment #5).
<http://errata.software-univention.de/ucs/4.2/288.html>