2 files changed, 193 insertions, 49 deletions

diff --git a/todo.org b/todo.org
index 700ac56..1df7713 100644
--- a/todo.org
+++ b/todo.org
@@ -1,3 +1,4 @@
+
 #+TITLE: TODO for Fripost (internal administration use only)
 
 * Current projects
@@ -6,18 +7,26 @@
 - State "TODO"       from ""           [2012-10-08 Mon 19:00]
 :END:
 *** TODO Test that interface
-:LOGBOOK:
-- State "TODO"       from ""           [2012-10-08 Mon 19:01]
-:END:
-*** [Guilhem, 2012-11-14 01:03:03] What's that?
-*** How to implement limits? How to add domains?
+*** TODO How to implement limits? How to add domains?
 ** TODO Research further solutions (e.g. Gnutiken's) for on line calendars
 :LOGBOOK:
 - State "TODO"       from ""           [2012-10-08 Mon 18:58]
 :END:
-*** We need to choose a machine to host a DAVICal server.
-*** A simple client could be offered through a RoundCube plugin.
-*** Open a port to let advanced users connect using their favorite client.
+*** DONE We need to choose a machine to host a DAVICal server.
+CLOSED: [2012-11-19 Mon 18:54]
+:LOGBOOK:
+- State "DONE"       from ""           [2012-11-19 Mon 18:54]
+:END:
+- database: mistral
+- frontend: harvey
+*** TODO Install RoundCube plugin
+:LOGBOOK:
+- State "TODO"       from ""           [2012-11-19 Mon 18:54]
+:END:
+*** TODO Open a port to let advanced users connect using their favorite client on harvey
+:LOGBOOK:
+- State "TODO"       from ""           [2012-11-19 Mon 18:55]
+:END:
 ** TODO Set up a redundant SMTP-server, using documented configurations
 :LOGBOOK:
 - State "TODO"       from ""           [2012-10-08 Mon 18:56]
@@ -27,75 +36,105 @@
 :LOGBOOK:
 - State "TODO"       from ""           [2012-10-08 Mon 18:55]
 :END:
-** TODO Make sure our size limit for incoming email is ~50 MB to beat hotmail and gmail
+*** TODO Add Stians file to Friposts website
+** DONE Make sure our size limit on all hosts for incoming email is ~50 MB to beat Hotmail and Gmail
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:22]
+:END:
 <xxxx>: message size 46731757 exceeds size limit 35882577 of
     server gmail-smtp-in.l.google.com[173.194.71.26]
 <xxxx>: message size 46731904 exceeds size limit 36909875 of
     server mx1.hotmail.com[65.55.92.184]
 [2012-09-17 Mon 00:42]
-** TODO Bacula [0/3]
-*** TODO Make sure that the data is actually replicated with rsync according to the current solution
+** TODO Bacula [1/2]
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:22]
+:END:
+*** DONE Make sure that the data is actually replicated with rsync according to the current solution
+CLOSED: [2012-11-19 Mon 18:59]
+:LOGBOOK:
+- State "DONE"       from "TODO"       [2012-11-19 Mon 18:59]
+:END:
 *** TODO Install the storage daemon on benjamin
-** DONE Upgrade Roundcube to the version in squeeze-backports
-*** DONE Install and try it on zetkin
-*** DONE Install it on harvey
-** DONE Fix so that new passwords are hashed with SHA1
-CLOSED: [2012-06-14 Thu 19:44]
-- State "DONE"       from "TODO"       [2012-06-14 Thu 19:44]
-** TODO Add this module to fripost-tools
-http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm
-** CANCELED Install PGP module in RoundCube
-CLOSED: [2012-06-14 Thu 19:44]
-- CLOSING NOTE [2012-06-14 Thu 19:44] \\
-  This is not good.
 ** TODO Convert ikiwiki to use org-mode backend
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:22]
+:END:
 *** Once this is done, use the wiki to document the admininstrative part.
 ** TODO Document installation of OSSEC
-- We will use the standalone rather than client-server solution
-** TODO Document how to enable encrypted swap
-- How does this work on a VPS?
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:22]
+:END:
+*** We will use the standalone rather than client-server solution
+** DEFERRED Document how to enable encrypted swap                 :DEFERRED:
+CLOSED: [2012-11-19 Mon 19:06]
+:LOGBOOK:
+- State "DEFERRED"   from "TODO"       [2012-11-19 Mon 19:06] \\
+  Deferred until we have lab system installed with our configuration. /Board meeting
+:END:
+ How does this work on a VPS?
 ** DONE Implement firewall rules on the systems
-CLOSED: [2012-11-22 Thu 00:14]
-** TODO Register on http://www.dnswl.org/
-- This is done, only the reverse DNS (v6) is missing for smtp.fripost.org
-** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0
-Information on this can be found in admin log-file
-** TODO Fix so that we can use better value for RC imap auth type (GSSAPI?)
-*** Currently, we have $rcmail_config['imap_auth_type'] = 'plain';
-*** If possible, Kerberos would be preferable.
-** CANCELED Determine how we should handle RC identities
-e.g. $rcmail_config['identities_level'] = 0; is not ideal
-there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org
-- Look into the details of how RoundCube handles identities
-** DONE Add link from mail.fripost.org to https://fripost.org
-CLOSED: [2012-08-22 Wed 20:25]
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:17]
+:END:
+** DONE Register on http://www.dnswl.org
 ** TODO Support for mailing lists
-*** TODO Install mailman on gnu
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:17]
+:END:
+*** DONE Install mailman on gnu
 ** TODO LDAP Schema Changes
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:17]
+:END:
 *** Keep trac of accounting:
 **** fripostJoined: 2011-01-01
 **** fripostHasPaidYearlyFees: 2011
 fripostHasPaidYearlyFees: 2012
-** TODO SMTP server
-- We'll use gnu.friprogramvarusyndikatet.se for this
-- Should be given priority since users have requested this
-- Experiment header forging to masquerade the sender's IP.
+*** Solve how to not add overhead.
 ** TODO Publish our SSL certificates to the MonkeySphere
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:17]
+:END:
 *** http://web.monkeysphere.info/
 ** TODO Make proper certificates on the smarthosts too?
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:17]
+:END:
 *** CAcert-signed certificate would be good enough.
-** TODO lists.fripost.org, www.fripost.org and git.fripost.org should be added to the SN list for fripost.org's SSL certificate.
+** TODO lists.fripost.org should perhaps be added to the SN list for fripost.org's SSL certificate
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
 ** TODO Add A/AAAA records `ldap.fripost.org' -> `mistral.fripost.org'.
-** TODO When upgrading to Dovecot v2.x (wait for the next Debian stable - wheezy):
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
+** DEFERRED When upgrading to Dovecot v2.x (wait for the next Debian stable - wheezy):
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
 *** Replace the LDA by the new LMTP service. http://wiki2.dovecot.org/LMTP .
 *** Convert the maiboxes from maildir to Dovecot's high performance mdbox format. http://wiki2.dovecot.org/MailboxFormat/dbox
 ** TODO Do not deliver any content via HTTP (redirect everything to https://).
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
 *** Ideally, but sadly X.509 certificates are not cheap.
 ** TODO Should we log every single change made to the LDAP directory?
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
 *** http://www.openldap.org/doc/admin24/overlays.html#Audit%20Logging
 *** For 3 days only
 ** TODO Offer GSSAPI (Kerberos) authentication to our IMAP and SMTP server.
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
 ** TODO Shouldn't we obfuscate our logs (e.g., successuful IMAP/SASL authentication)?
+:LOGBOOK:
+- State "TODO"       from "TODO"       [2012-11-19 Mon 19:18]
+:END:
 * New propositions, waiting for approval
 * Deferred projects
 ** Move the wiki to fripost.org/wiki
@@ -106,14 +145,14 @@ ljo already uses Munin, so we could look at his configuration
 - We will use sieve, perhaps managesieve? Dovecot v2.x has nice
 improvements over v1.x, see http://wiki2.dovecot.org/Pigeonhole/Sieve .
 Wait for the next Debian stable (wheezy)?
-** Spamassassin (opt-in)
+** DONE Spamassassin (opt-in)
 *** Install amavisd-new (backport version) on mistral (we need to know who the final recipient is to have per-user filtering)
 *** Create a MySQL database to store the (per-recipient) bayes tokens and white list
 *** Add an auxiliary ObjectClass to user entries in the LDAP directory, using http://www.ijs.si/software/amavisd/LDAP.schema
 *** Offer full SpamAssassin configuration through the web-panel
 *** Every e-mail, just before being handed over to Dovecot by Postfix, goes through amavisd-new, which runs Spamassassin (or not) based on the user configuration
 *** Bayes correction (false positives and false negatives) can be made possible with two new attributes in the LDAP entry and an automatic script. (Global SPAM/HAM folder may make sa-learn too busy.)
-** DKIM
+** DONE DKIM
 *** Should be done on the outgoing SMTP side, but then it's hard to know who is the sender.
 *** Solution, sign every single outgoing e-mail? Does it make sense to sign it with a key outside fripost.org? (We need the private key anyway.)
 ** SPF
diff --git a/todo.org_archive b/todo.org_archive
index b725fd9..2c17e00 100644
--- a/todo.org_archive
+++ b/todo.org_archive
@@ -119,3 +119,108 @@ CLOSED: [2012-06-14 Thu 19:52]
   :ARCHIVE_CATEGORY: todo
   :ARCHIVE_TODO: DONE
   :END:
+
+* DONE Upgrade Roundcube to the version in squeeze-backports
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:03
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: DONE
+  :END:
+** DONE Install and try it on zetkin
+** DONE Install it on harvey
+
+* DONE Fix so that new passwords are hashed with SHA1
+CLOSED: [2012-06-14 Thu 19:44]
+- State "DONE"       from "TODO"       [2012-06-14 Thu 19:44]
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:03
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: DONE
+  :END:
+
+* CANCELLED Add this module to fripost-tools                      :CANCELLED:
+CLOSED: [2012-11-19 Mon 19:04]
+:LOGBOOK:
+- State "CANCELLED"  from "TODO"       [2012-11-19 Mon 19:04] \\
+  Not needed any more
+:END:
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:04
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: CANCELLED
+  :END:
+http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm
+
+* CANCELLED Install PGP module in RoundCube                       :CANCELLED:
+CLOSED: [2012-06-14 Thu 19:44]
+:LOGBOOK:
+- State "CANCELLED"  from "CANCELLED"  [2012-11-19 Mon 19:04] \\
+  Very bad idea
+:END:
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:04
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: CANCELLED
+  :END:
+- CLOSING NOTE [2012-06-14 Thu 19:44] \\
+  This is not good.
+
+* CANCELLED Determine how we should handle RC identities          :CANCELLED:
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:11
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: CANCELLED
+  :END:
+e.g. $rcmail_config['identities_level'] = 0; is not ideal
+there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org
+- Look into the details of how RoundCube handles identities
+
+* DONE Add link from mail.fripost.org to https://fripost.org
+CLOSED: [2012-08-22 Wed 20:25]
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:12
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: DONE
+  :END:
+
+* DONE SMTP server
+CLOSED: [2012-11-19 Mon 19:16]
+:LOGBOOK:
+- State "DONE"       from "TODO"       [2012-11-19 Mon 19:16]
+:END:
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:16
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: DONE
+  :END:
+- We'll use gnu.friprogramvarusyndikatet.se for this
+- Should be given priority since users have requested this
+- Experiment header forging to masquerade the sender's IP.
+
+* DONE Fix mounting of raid device on benjamin in accordance with Debian 6.0
+CLOSED: [2012-11-19 Mon 19:08]
+:LOGBOOK:
+- State "DONE"       from "TODO"       [2012-11-19 Mon 19:08]
+:END:
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2012-11-19 Mon 19:17
+  :ARCHIVE_FILE: ~/git/fripost/admin/todo.org
+  :ARCHIVE_OLPATH: Current projects
+  :ARCHIVE_CATEGORY: todo
+  :ARCHIVE_TODO: DONE
+  :END:
+Information on this can be found in admin log-file