Not very critical. Reduce complexity. Re-implement later at framework level.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
They are unused. postfix-ldap is needed for LDAP based maps. In dovecot,
authentication happens using PAM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is nothing related to LDAP in the module. It actually configures postfix.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove unnecessary complex crash handler needed due to setting the service
configuration in two steps. Merge the two step into one after which crash
handler is not needed.
- Drop '_unsafe' API and verify all keys and values for sanity.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is not critically needed in FreedomBox. Implementation is complex. This may
be recreated at framework level to benefit all applications.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The module does not interact with kernel audit system or is not related to
security logging. The 'privileged' makes us pay more attension.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A fresh install of clamav-daemon takes up about 1GiB or RAM. Most of this is the
virus signature database and is used regularly for a scan. This makes ClamAV
unsuitable for FreedomBox running on many single board computers. Drop ClamAV
until we start recommending/requiring at least 2GiB of RAM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- There is no use case for keeping an alias disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The default, which is to trust local LAN IPs is good enough for FreedomBox use
case.
- This allows skipping some checks like DKIM for mails originating from local
networks which are not expected to have proper signatures.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Reduces a lot of complexity and avoids running a couple of more postfix
daemons (one on 10025 port and other on socket fbxcleanup).
- Cleaning outbound headers for privacy can be done in a simpler way. This may
be re-implemented later.
- Masquerading domains is not very important for FreedomBox use case. Users are
expected to send all mail using MUA using properly configured email addresses.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no special reason to handle them separately instead of letting DNS
resolution to them fail. No documentation on what caret addresses are or what
.fm.localhost TLD is.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A mail client should not create these special folders if they see existing
folders with the special-use flag set on them. However, if a mail clients does
create a folder and does not set special-use folder, the server will set the
flag so that all other mail clients can see the flag.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no need to match generically for flags that are possibly generated by
other spam software. Allow other rules to run after filing into Junk folder.
Allow other sieve filter to be present in the FreedomBox configuration directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- managesieve plugin is already enabled due to installation of
dovecot-managesieve.
- Using ManageSieve protocol, clients like Thunderbird (with managesieve addon)
will be able to edit mail filters on the server. The server will perform the
filtering enabling all clients to share the benefits.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Many modules in rspamd including the bayes built-in module depend on
redis-server. Install, run and configure redis-server.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no need to remove many headers explicitly after doing ProxyAddHeaders
off. If those headers are set by the client, that will merely result in an
unnecessary password dialog.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Allow STARTTLS as it is safe to do so.
- Allow POP service in the event user wants to keep the mails on the server.
- Add documentation link (this is currently unused and for documenting the code
only).
- Allow translation of display name and short name.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Existing implementation expects configuration files installed by FreedomBox to
be edited at the top and the bottom. When re-installing, it tries to keep the
edited parts while reinstalling the FreedomBox managed section in the middle to
be overwritten with (new) FreedomBox defaults.
Instead, simply ship the two files to rspamd configuration directories. These
can be easily overridden by the user if they desire due to flexible
configuration file priorities by rspamd.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
For simplicity and consistency. Eliminate '_' in the name.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
These URLs are meant for supporting the upstream development of apps rather than
for FreedomBox (which has its own page). postfix, dovecot and clamav don't seem
have a donation mechanism. So, add rspamd's donation URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This allows diagnosis of listening on all ports instead just the ports exposed
to outside.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
