Bug 45607 - Integration of postscreen
Integration of postscreen
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Mail
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-3-errata
Assigned To: Sönke Schwardt-Krummrich
Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-27 11:06 CEST by Sönke Schwardt-Krummrich
Modified: 2018-02-14 13:31 CET (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2017-10-27 11:06:31 CEST
We should consider postscreen for integration in the postfix config:

The Postfix postscreen(8) daemon provides additional protection against mail server overload. One postscreen(8) process handles multiple inbound SMTP connections, and decides which clients may talk to a Postfix SMTP server process. By keeping spambots away, postscreen(8) leaves more SMTP server processes available for legitimate clients, and delays the onset of server overload conditions.
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2017-10-27 14:54:51 CEST
Implemented in feature branch sschwardt/45607/422/postscreen

postscreen is not enabled by default since the benefit comes into effect on systems directly accessible from the internet.

Activate postscreen:
 ucr set mail/postfix/postscreen/enabled=yes
 systemctl restart postfix.service

Configuration is possible via UCRV mail/postfix/postscreen/.* or via additional options in /etc/postfix/main.cf.local
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2018-01-19 11:43:28 CET
univention-mail-postfix (11.0.2-1)
03d1ce928855 | Bug #45607: add changelog entry
7920916413d0 | Bug #45607: Merge branch 'sschwardt/45607/423/postscreen' into 4.2-3
d33ac39c033a | Bug #45607: make ucslint happy
6d58b8de6b93 | Bug #45607: add UCR variable descriptions
2cf13726283d | Bug #45607: add postscreen white/blacklist for IP addresses
b79d117a3455 | Bug #45607: add postscreen configuration for main.cf
d54130c6909d | Bug #45607: register postscreen in master.cf if enabled
848b87c0c41a | Bug #45607: use service names instead of service ports
c71dd7f3c4f1 | Bug #45607: update description to match debian's master.cf
80c803780d1b | Bug #45607: remove old and unused submission entry
6eb6e51408fb | Bug #45607: add missing entries from debian's master.cf
984a8d899aac | Bug #45607: reorder entries to match debian's master.cf
a210a791f1ab | Bug #45607: use unix socket as in debian's master.cf

Package: univention-mail-postfix
Version: 11.0.2-1A~4.2.0.201801191119
Branch: ucs_4.2-0
Scope: errata4.2-3

univention-mail-postfix (12.0.0-8)
e4a4002c24e9 | Bug #45607: add changelog entry
06c58d4cdf38 | Bug #45607: Merge branch 'sschwardt/45607/430/postscreen' into 4.3-0
2e696f4a812b | Bug #45607: make ucslint happy
bbfecd889b62 | Bug #45607: add UCR variable descriptions
2924632e99c1 | Bug #45607: add postscreen white/blacklist for IP addresses
7aff596c6c40 | Bug #45607: add postscreen configuration for main.cf
e6d6f22fb4fc | Bug #45607: register postscreen in master.cf if enabled
a7d4c361ff75 | Bug #45607: use service names instead of service ports
6f708f6062dc | Bug #45607: remove old and unused submission entry
315037daf834 | Bug #45607: add missing entries from debian's master.cf
bd0165cabd8a | Bug #45607: reorder entries to match debian's master.cf
1bc408fd99ad | Bug #45607: use unix socket as in debian's master.cf

Package: univention-mail-postfix
Version: 12.0.0-8A~4.3.0.201801191135
Branch: ucs_4.3-0
Scope:
Comment 3 Daniel Tröder univentionstaff 2018-01-19 12:16:10 CET
OK: UCS Postfix templates: whitespace changes 
OK: UCS Postfix templates: port number/name alias changes
OK: UCS Postfix templates: fifo/unix change
OK: UCS Postfix templates: modifications of main.cf and master.cf for postscreen
OK: UCRV descriptions

REOPEN: please add documentation for this new feature to the manual. Please mention the location of the temporary Postscreen cache (postscreen_cache_map): /var/lib/postfix/postscreen_cache.db, so that admins can delete it while testing.

REOPEN: missing advisory entry
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2018-01-19 13:11:47 CET
UCS 4.2-3:

As discussed the cache filename is not mentioned in the manual:
7a89303b0344 | Bug #45607: add section for postfix' postscreen

univention-mail-postfix.yaml
3215987c9f93 | Bug #45607: add advisory entry

UCS 4.3-0:

As discussed the cache filename is not mentioned in the manual:
c5b6d339c32d | Bug #45607: add section for postfix' postscreen
Comment 5 Daniel Tröder univentionstaff 2018-01-19 14:43:37 CET
OK: manual (http://jenkins.knut.univention.de:8080/view/Doku/job/UCS-4.2/job/UCS-4.2-3/job/HandbookUCS/lastBuild/artifact/webroot/)
OK. merge to 4.3
REOPEN: please add the required words to the dictionaries, so the error rate in the Jenkins manual job returns to its previous state.

Will be verified after fixing the dictionaries.
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2018-01-22 11:37:28 CET
(In reply to Daniel Tröder from comment #5)
> REOPEN: please add the required words to the dictionaries, so the error rate
> in the Jenkins manual job returns to its previous state.

→ Fixed
Comment 7 Daniel Tröder univentionstaff 2018-01-22 11:51:23 CET
(In reply to Sönke Schwardt-Krummrich from comment #6)
> (In reply to Daniel Tröder from comment #5)
> > REOPEN: please add the required words to the dictionaries, so the error rate
> > in the Jenkins manual job returns to its previous state.
> 
> → Fixed
ACK: all new spelling violations gone.
Rest was already verified (see comment #5).
Comment 8 Arvid Requate univentionstaff 2018-02-14 13:31:41 CET
<http://errata.software-univention.de/ucs/4.2/288.html>