[GH-ISSUE #614] Support Postfix SMTP TLS Policy Maps #575

New issue

Open

opened 2026-02-27 11:12:27 +03:00 by kerem · 5 comments

kerem commented 2026-02-27 11:12:27 +03:00

Owner

Copy link

Originally created by @SomeGeek on GitHub (Oct 16, 2014).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/614

• This adds the ability to define per-domain mail security settings

Originally created by @SomeGeek on GitHub (Oct 16, 2014). Original GitHub issue: https://github.com/modoboa/modoboa/issues/614 - This adds the ability to define per-domain mail security settings

kerem added the

enhancement

security

labels 2026-02-27 11:12:27 +03:00

kerem commented 2026-02-27 11:12:28 +03:00

Author

Owner

Copy link

@Arvedui commented on GitHub (Oct 16, 2014):

do you really think it's a good idea, to give a public accessible process access to your server config?

<!-- gh-comment-id:59367274 --> @Arvedui commented on GitHub (Oct 16, 2014): do you really think it's a good idea, to give a public accessible process access to your server config?

kerem commented 2026-02-27 11:12:28 +03:00

Author

Owner

Copy link

@SomeGeek commented on GitHub (Oct 16, 2014):

It's not public access. You need to be authenticated. But it's a great idea to restrict the admin panel access...

Edit: We could make a command-line tool for it, instead providing panel access.

<!-- gh-comment-id:59367564 --> @SomeGeek commented on GitHub (Oct 16, 2014): It's not public access. You need to be authenticated. But it's a great idea to restrict the admin panel access... Edit: We could make a command-line tool for it, instead providing panel access.

kerem commented 2026-02-27 11:12:28 +03:00

Author

Owner

Copy link

@Arvedui commented on GitHub (Oct 16, 2014):

modoboa needs write access to important config files for this to work.
neither dovecot nor postfix are intended to be used this way, postfix does not even have in include directive.

there is now way to implement this secure, a privilege escalation or a auth bug and compromising the configuration would not longer be a paranoid imagination.

besides it isn't realy a problem, to adjust the settings through SSH …

<!-- gh-comment-id:59370404 --> @Arvedui commented on GitHub (Oct 16, 2014): modoboa needs write access to important config files for this to work. neither dovecot nor postfix are intended to be used this way, postfix does not even have in include directive. there is now way to implement this secure, a privilege escalation or a auth bug and compromising the configuration would not longer be a paranoid imagination. besides it isn't realy a problem, to adjust the settings through SSH …

kerem commented 2026-02-27 11:12:28 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Oct 16, 2014):

Indeed, this feature can become harmful. What about supporting this feature indeed:
http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps

By the way, postconf let you modify the configuration.

<!-- gh-comment-id:59370904 --> @tonioo commented on GitHub (Oct 16, 2014): Indeed, this feature can become harmful. What about supporting this feature indeed: http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps By the way, postconf let you modify the configuration.

kerem commented 2026-02-27 11:12:28 +03:00

Author

Owner

Copy link

@SomeGeek commented on GitHub (Oct 16, 2014):

Modoboa allready handles mailboxes (as in: file system operations), so when it comes to privilege escalation, evil things can allready be done. With the proposed packaging system security fixes can be deployed more rapidly allready.

@tonioo: You're right. I'll change the issue.

<!-- gh-comment-id:59371103 --> @SomeGeek commented on GitHub (Oct 16, 2014): Modoboa allready handles mailboxes (as in: file system operations), so when it comes to privilege escalation, evil things can allready be done. With the proposed packaging system security fixes can be deployed more rapidly allready. @tonioo: You're right. I'll change the issue.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#575

No description provided.