fripost-ansible/roles/amavis, branch master Fripost ansible scripts DKIM key generation: Adjust ownership. 2024-09-08T00:27:02+00:00 Guilhem Moulin guilhem@fripost.org 2024-09-08T00:26:58+00:00 79c0fb2b2cfaa1671ba069e0235de1c87f59cb61 As of bullseye amavis needs the private key material to be reabled by the 'amavis' user. 
As of bullseye amavis needs the private key material to be reabled by
the 'amavis' user.
Don't restart amavis on DKIM key generation. 2021-02-13T15:52:47+00:00 Guilhem Moulin guilhem@fripost.org 2021-02-13T15:41:26+00:00 5e635d39918ad7c69cd90bee6b4ac2827198cc76 We want to give people the time add the key to DNS before we update the signing policy. 
We want to give people the time add the key to DNS before we update the
signing policy.
roles/amavis: Drop packages that no longer exist. 2020-05-17T03:21:36+00:00 Guilhem Moulin guilhem@fripost.org 2020-05-17T03:13:02+00:00 e5d74c69d34522b37386291666dbae0c9a43e802 






Add own DKIM key for debian.org address.
2020-04-13T15:29:53+00:00

Guilhem Moulin
guilhem@fripost.org

2020-04-13T14:18:14+00:00

a9c79689a9150c67c3bc133463c71aa887a8ebc9

Cf. https://lists.debian.org/debian-devel-announce/2020/04/msg00004.html .  \o/

It's also fairly easy to deploy onto the Debian infrastucture:

    $ USERNAME="guilhem"
    $ SELECTOR="5d30c523ff3622ed454230a16a11ddf6.$USERNAME.user"
    $ printf "dkimPubKey: %s %s\n" "$SELECTOR" \
                "$(openssl pkey -pubin -in "./certs/dkim/$SELECTOR:debian.org.pub" -outform DER | base64 -w0)" \
        | gpg --clearsign | s-nail -r "USERNAME@debian.org" -s dkimPubKey changes@db.debian.org





Cf. https://lists.debian.org/debian-devel-announce/2020/04/msg00004.html .  \o/

It's also fairly easy to deploy onto the Debian infrastucture:

    $ USERNAME="guilhem"
    $ SELECTOR="5d30c523ff3622ed454230a16a11ddf6.$USERNAME.user"
    $ printf "dkimPubKey: %s %s\n" "$SELECTOR" \
                "$(openssl pkey -pubin -in "./certs/dkim/$SELECTOR:debian.org.pub" -outform DER | base64 -w0)" \
        | gpg --clearsign | s-nail -r "USERNAME@debian.org" -s dkimPubKey changes@db.debian.org







DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.
2018-12-05T15:24:12+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-05T14:47:34+00:00

9722d50b9b6c5ccd81892a00bdd3023399b004fb

While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.





While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.







Upgrade DKIM keys to rsa2048, and allow for multiple keys.
2018-12-04T00:14:45+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T22:13:04+00:00

c21b92d9b79a80a27607618666b56fbc5cd26ac8












Upgrade syntax to Ansible 2.7 (apt module).
2018-12-03T02:43:42+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:21:42+00:00

cfedc9e785831d54195b120300932f74f9808daf












Postfix: replace cdb & btree tables with lmdb ones.
2018-12-03T02:43:41+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:18:56+00:00

dcdb8cd6b1b525fc8eacd509586da3396c068251

Cf. lmdb_table(5).





Cf. lmdb_table(5).







Amavis: bind server to INADDR_LOOPBACK
2018-04-04T14:13:08+00:00

Guilhem Moulin
guilhem@fripost.org

2018-04-04T14:13:08+00:00

c8f9db094fed7a819da110361f57525898caeb20












Postfix: ensure common aliases are present.
2016-09-18T15:55:33+00:00

Guilhem Moulin
guilhem@fripost.org

2016-09-18T15:55:33+00:00

a4ecc629b38e9d9d4cf918d6095112347c141e55