[TODO]: Consider Postfix / Dovecot alternative deps #3787
Labels
area/configuration (file)
area/scripts
kind/improvement
Improve an existing feature, configuration file or the documentation
meta/help wanted
The OP requests help from others - chime in! :D
service/dovecot
service/postfix
service/security/dkim-dmarc-spf
stale-bot/ignore
Indicates that this issue / PR shall not be closed by our stale-checking CI
Subject
Something else that requires developers attention
Description
This is a tracking issue related to information shared in this comment.
Changes
Amavis:
amavisd-milter
package.content_filter
(processes mail post-queuing, unlike milters which are pre-queue). Mail arrives at smtpd (port 25), content filter directs it to thesmtpd-amavis
unix socket / transport defined in appendedmaster.cf
, which then directs to the destination (main.cf:content_filter = transport:destination
) configured aslocalhost:10024
(Amavis service), which resubmits mail tolocalhost:10025
to return it back to Postfix.content_filter
instead of milter.mynetworks
settings not being equivalent in behaviour.Dovecot:
fts-xapian
toflatcurve
.Postfix:
postsrsd
to 1.12 / 2. Although this is less important once Docker Engine + Containerd releases dropLimitNOFILE=infinity
.policyd-spf
topyspf-milter
.Relevant snippets from linked comment
Amavis:
check_policy_service
integration to Postfix,amavisd-milter
package could be used instead.Dovecot:
dovecot-fts-xapian
:libxapian30
dep>= 1.4.19
+dovecot-abi-2.3.abiv19
virtual dep (provided viadovecot-core
)dovecot-core
which could no longer satisfy the ABI virtual dependency.dovecot-fts-xapian 1.5.5
from source via introducingbuild/compile.sh
.dovecot-fts-xapian
was originally integrated into DMS in July 2021 via single package and a documented config guide.dovecot-core 2.4.0
is available, migrating to theflatcurve
plugin becomes a viable option and may instead be a better replacement for this feature.flatcurve
plugin was proposed by the contributor that added support for thexapian
plugin in DMS (which was due to the existingsolr
plugin having notable drawbacks).Postfix:
postsrsd
(1.10
)containerd
or similar service on the host configured withLimitNOFILE=infinity
wherefs.nr_open
is a value of2^30
instead of2^20
(Debian).--ulimit
to1024:524288
(systemd implicit default since v240).glibc
of2.35
, which Debian 12 provides withglibc 2.36
. Docker host kernel is required to be>= 5.9
.postfix-policyd-spf-python
(2.9.2
=>3.04
)3.x
dropped thepython3-spf
dep, which supposedly is not needed anymore to provide Postfix with an SPFcheck_policy_service
.pyspf-milter
which appears to be part ofpython3-spf-engine
too (available inspf-engine
since2.9.0
). See thespf-engine
README for advice on configuring Postfix with milter package.spf-engine
upstream source and Debian source.policyd-spf
Postfix integration advice (states version 2.0, but this seems to match thepython-policy-spf 2.0.0
mention in README source (upstream)) notes that when using thecheck_policy_service
it must come afterreject_unauth_destination
to avoid creating an open relay (DMS handles this correctly at present, but that expectation is not clearly documented inline for maintainers).pyspf-milter
docs.The text was updated successfully, but these errors were encountered: