diff --git a/roles/base/files/postfix/main.cf/main.cf.gateway b/roles/base/files/postfix/main.cf/main.cf.gateway index 90f6a3a17a..90e102543e 100644 --- a/roles/base/files/postfix/main.cf/main.cf.gateway +++ b/roles/base/files/postfix/main.cf/main.cf.gateway @@ -778,3 +778,8 @@ smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination # This avoids us sending them and causing SPF failures. # It depends on them allowing us to relay email out. sender_dependent_relayhost_maps = hash:/etc/postfix/bysender + +# RHEL postfix disables RFC3030 CHUNKING by default for security reasons +# http://www.postfix.org/BDAT_README.html +# but does so in a way which is noisy with logs. Turn it off without logging. +smtpd_discard_ehlo_keywords = chunking, silent-discard diff --git a/roles/base/files/postfix/main.cf/main.cf.smtp-mm b/roles/base/files/postfix/main.cf/main.cf.smtp-mm index 65122121c4..752b2730b6 100644 --- a/roles/base/files/postfix/main.cf/main.cf.smtp-mm +++ b/roles/base/files/postfix/main.cf/main.cf.smtp-mm @@ -741,3 +741,8 @@ smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtpd_sender_restrictions = regexp:/etc/postfix/sender_access smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination compatibility_level = 2 + +# RHEL postfix disables RFC3030 CHUNKING by default for security reasons +# http://www.postfix.org/BDAT_README.html +# but does so in a way which is noisy with logs. Turn it off without logging. +smtpd_discard_ehlo_keywords = chunking, silent-discard diff --git a/roles/base/files/postfix/main.cf/main.cf.vpn.pagure b/roles/base/files/postfix/main.cf/main.cf.vpn.pagure index 5420e1f76e..c8b7c289ae 100644 --- a/roles/base/files/postfix/main.cf/main.cf.vpn.pagure +++ b/roles/base/files/postfix/main.cf/main.cf.vpn.pagure @@ -730,3 +730,8 @@ tls_eecdh_ultra_curve = secp384r1 # as outlined http://www.postfix.org/SMTPD_ACCESS_README.html # At least one is required to receive email smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination + +# RHEL postfix disables RFC3030 CHUNKING by default for security reasons +# http://www.postfix.org/BDAT_README.html +# but does so in a way which is noisy with logs. Turn it off without logging. +smtpd_discard_ehlo_keywords = chunking, silent-discard diff --git a/roles/base/files/postfix/main.cf/main.cf.vpn.pagure-stg b/roles/base/files/postfix/main.cf/main.cf.vpn.pagure-stg index 889f071ea8..254c801ebe 100644 --- a/roles/base/files/postfix/main.cf/main.cf.vpn.pagure-stg +++ b/roles/base/files/postfix/main.cf/main.cf.vpn.pagure-stg @@ -730,3 +730,8 @@ tls_eecdh_ultra_curve = secp384r1 # as outlined http://www.postfix.org/SMTPD_ACCESS_README.html # At least one is required to receive email smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination + +# RHEL postfix disables RFC3030 CHUNKING by default for security reasons +# http://www.postfix.org/BDAT_README.html +# but does so in a way which is noisy with logs. Turn it off without logging. +smtpd_discard_ehlo_keywords = chunking, silent-discard