fripost-ansible/roles/MX, branch master Fripost ansible scripts OpenDMARC: Adjust configuration to bullseye. 2024-09-08T00:31:25+00:00 Guilhem Moulin guilhem@fripost.org 2024-09-08T00:31:13+00:00 7a36aa2b69d16b768c1e23829087d26a9e87423f 






Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’.
2022-10-11T11:57:22+00:00

Guilhem Moulin
guilhem@fripost.org

2022-10-11T11:24:54+00:00

a69c2e1c3c771db93d98a253192e131af40c9830

This silences the following deprecation warning:

  Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01.
  Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.





This silences the following deprecation warning:

  Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01.
  Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.







wibble
2020-05-18T13:53:40+00:00

Guilhem Moulin
guilhem@fripost.org

2020-05-18T13:53:40+00:00

f105bfbac726cc6cdd6b8cb2edf0188ad6070016












MX: Port to Debian 10.
2020-05-16T21:53:10+00:00

Guilhem Moulin
guilhem@fripost.org

2020-05-16T21:45:55+00:00

d82e85eea2485925481bf12b052acede9d9ae0f8

For postfix, don't defer if "abused legit".  (I.e., DBL return code in
the 127.0.1.100+ range.)  This used to work for Postfix 3.1.14 (Stretch)
but for 3.4.8 (Buster) the 'defer_if_reject' also applies to
$smtpd_relay_restrictions, to reject_unauth_destination &
reject_unlisted_recipient in particular.





For postfix, don't defer if "abused legit".  (I.e., DBL return code in
the 127.0.1.100+ range.)  This used to work for Postfix 3.1.14 (Stretch)
but for 3.4.8 (Buster) the 'defer_if_reject' also applies to
$smtpd_relay_restrictions, to reject_unauth_destination &
reject_unlisted_recipient in particular.







MX: Install OpenDMARC to add Authentication-Results headers.
2020-05-16T16:26:55+00:00

Guilhem Moulin
guilhem@fripost.org

2020-05-16T16:26:53+00:00

2f9574850b356a746ee3ff9a8a311c450784b53c

On the infrastructure boundary.  We don't reject/quarantine as it would
affect members who forward their mail sent to <user@example.com> to
<user@fripost.org>.  Members can install Sieve rules to send any
messages with failed Authentication-Results headers directly in their
spambox.





On the infrastructure boundary.  We don't reject/quarantine as it would
affect members who forward their mail sent to <user@example.com> to
<user@fripost.org>.  Members can install Sieve rules to send any
messages with failed Authentication-Results headers directly in their
spambox.







MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.
2018-12-09T19:25:39+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-06T20:06:38+00:00

09cd9f998780fb7179b7fc23c593c305a12b050a

Unlike what we wrote in 2014 (cf. 4fb4be4d279dd94cab33fc778cfa318b93d6926f)
the postscreen(8) server can run chrooted, meaning we can also chroot
the smtpd(8), tlsproxy(8), dnsblog(8) and cleanup(8) daemons.





Unlike what we wrote in 2014 (cf. 4fb4be4d279dd94cab33fc778cfa318b93d6926f)
the postscreen(8) server can run chrooted, meaning we can also chroot
the smtpd(8), tlsproxy(8), dnsblog(8) and cleanup(8) daemons.







MX: don't override 5XY reject codes to 554.
2018-12-09T19:25:39+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-06T19:16:40+00:00

37d64e4a05b32599405ed824316e73aa8d0880b2












postfix: remove explicit default 'mail_owner = postfix'.
2018-12-06T18:22:29+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-06T18:22:29+00:00

5a407e715e6efc7da24b2902913a9da58d2bd19c












Upgrade MX baseline to Debian Stretch.
2018-12-03T02:43:47+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:32:46+00:00

5d9d8aec510d894f528b21013b6d099be961faf1












Upgrade syntax to Ansible 2.7 (apt module).
2018-12-03T02:43:42+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:21:42+00:00

cfedc9e785831d54195b120300932f74f9808daf