diff options
-rw-r--r-- | todo.org | 127 | ||||
-rw-r--r-- | todo.org_archive | 105 |
2 files changed, 193 insertions, 39 deletions
@@ -1,3 +1,4 @@ + #+TITLE: TODO for Fripost (internal administration use only) * Current projects @@ -10,14 +11,26 @@ - State "TODO" from "" [2012-10-08 Mon 19:01] :END: *** [Guilhem, 2012-11-14 01:03:03] What's that? -*** How to implement limits? How to add domains? +*** TODO How to implement limits? How to add domains? ** TODO Research further solutions (e.g. Gnutiken's) for on line calendars :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 18:58] :END: -*** We need to choose a machine to host a DAVICal server. -*** A simple client could be offered through a RoundCube plugin. -*** Open a port to let advanced users connect using their favorite client. +*** DONE We need to choose a machine to host a DAVICal server. +CLOSED: [2012-11-19 Mon 18:54] +:LOGBOOK: +- State "DONE" from "" [2012-11-19 Mon 18:54] +:END: +- database: mistral +- frontend: harvey +*** TODO Install RoundCube plugin +:LOGBOOK: +- State "TODO" from "" [2012-11-19 Mon 18:54] +:END: +*** TODO Open a port to let advanced users connect using their favorite client on harvey +:LOGBOOK: +- State "TODO" from "" [2012-11-19 Mon 18:55] +:END: ** TODO Set up a redundant SMTP-server, using documented configurations :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 18:56] @@ -27,74 +40,110 @@ :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 18:55] :END: -** TODO Make sure our size limit for incoming email is ~50 MB to beat hotmail and gmail +*** TODO Add Stians file to Friposts website +** TODO Make sure our size limit on all hosts for incoming email is ~50 MB to beat Hotmail and Gmail +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:22] +:END: <xxxx>: message size 46731757 exceeds size limit 35882577 of server gmail-smtp-in.l.google.com[173.194.71.26] <xxxx>: message size 46731904 exceeds size limit 36909875 of server mx1.hotmail.com[65.55.92.184] [2012-09-17 Mon 00:42] -** TODO Bacula [0/3] -*** TODO Make sure that the data is actually replicated with rsync according to the current solution +** TODO Bacula [1/2] +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:22] +:END: +*** DONE Make sure that the data is actually replicated with rsync according to the current solution +CLOSED: [2012-11-19 Mon 18:59] +:LOGBOOK: +- State "DONE" from "TODO" [2012-11-19 Mon 18:59] +:END: *** TODO Install the storage daemon on benjamin -** DONE Upgrade Roundcube to the version in squeeze-backports -*** DONE Install and try it on zetkin -*** DONE Install it on harvey -** DONE Fix so that new passwords are hashed with SHA1 -CLOSED: [2012-06-14 Thu 19:44] -- State "DONE" from "TODO" [2012-06-14 Thu 19:44] -** TODO Add this module to fripost-tools -http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm -** CANCELED Install PGP module in RoundCube -CLOSED: [2012-06-14 Thu 19:44] -- CLOSING NOTE [2012-06-14 Thu 19:44] \\ - This is not good. ** TODO Convert ikiwiki to use org-mode backend +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:22] +:END: *** Once this is done, use the wiki to document the admininstrative part. ** TODO Document installation of OSSEC -- We will use the standalone rather than client-server solution -** TODO Document how to enable encrypted swap -- How does this work on a VPS? +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:22] +:END: +*** We will use the standalone rather than client-server solution +** DEFERRED Document how to enable encrypted swap :DEFERRED: +CLOSED: [2012-11-19 Mon 19:06] +:LOGBOOK: +- State "DEFERRED" from "TODO" [2012-11-19 Mon 19:06] \\ + Deferred until we have lab system installed with our configuration. /Board meeting +:END: + How does this work on a VPS? ** TODO Implement firewall rules on the systems -** TODO Register on http://www.dnswl.org/ +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:17] +:END: +** DEFERRED Register on http://www.dnswl.org/ :DEFERRED: +:LOGBOOK: +- State "DEFERRED" from "TODO" [2012-11-19 Mon 19:08] \\ + Deferred until gnu is up. /Board meeting +:END: - This is done, only the reverse DNS (v6) is missing for smtp.fripost.org -** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0 -Information on this can be found in admin log-file -** TODO Fix so that we can use better value for RC imap auth type (GSSAPI?) -*** Currently, we have $rcmail_config['imap_auth_type'] = 'plain'; -*** If possible, Kerberos would be preferable. -** CANCELED Determine how we should handle RC identities -e.g. $rcmail_config['identities_level'] = 0; is not ideal -there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org -- Look into the details of how RoundCube handles identities -** DONE Add link from mail.fripost.org to https://fripost.org -CLOSED: [2012-08-22 Wed 20:25] ** TODO Support for mailing lists +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:17] +:END: *** TODO Install mailman on gnu ** TODO LDAP Schema Changes +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:17] +:END: *** Keep trac of accounting: **** fripostJoined: 2011-01-01 **** fripostHasPaidYearlyFees: 2011 fripostHasPaidYearlyFees: 2012 -** TODO SMTP server -- We'll use gnu.friprogramvarusyndikatet.se for this -- Should be given priority since users have requested this -- Experiment header forging to masquerade the sender's IP. +*** Solve how to not add overhead. ** TODO Publish our SSL certificates to the MonkeySphere +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:17] +:END: *** http://web.monkeysphere.info/ ** TODO Make proper certificates on the smarthosts too? +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:17] +:END: *** CAcert-signed certificate would be good enough. -** TODO lists.fripost.org, www.fripost.org and git.fripost.org should be added to the SN list for fripost.org's SSL certificate. +** TODO lists.fripost.org should perhaps be added to the SN list for fripost.org's SSL certificate +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: ** TODO Add A/AAAA records `ldap.fripost.org' -> `mistral.fripost.org'. +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: ** TODO When upgrading to Dovecot v2.x (wait for the next Debian stable - wheezy): +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: *** Replace the LDA by the new LMTP service. http://wiki2.dovecot.org/LMTP . *** Convert the maiboxes from maildir to Dovecot's high performance mdbox format. http://wiki2.dovecot.org/MailboxFormat/dbox ** TODO Do not deliver any content via HTTP (redirect everything to https://). +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: *** Ideally, but sadly X.509 certificates are not cheap. ** TODO Should we log every single change made to the LDAP directory? +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: *** http://www.openldap.org/doc/admin24/overlays.html#Audit%20Logging *** For 3 days only ** TODO Offer GSSAPI (Kerberos) authentication to our IMAP and SMTP server. +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: ** TODO Shouldn't we obfuscate our logs (e.g., successuful IMAP/SASL authentication)? +:LOGBOOK: +- State "TODO" from "TODO" [2012-11-19 Mon 19:18] +:END: * New propositions, waiting for approval * Deferred projects ** Move the wiki to fripost.org/wiki diff --git a/todo.org_archive b/todo.org_archive index b725fd9..2c17e00 100644 --- a/todo.org_archive +++ b/todo.org_archive @@ -119,3 +119,108 @@ CLOSED: [2012-06-14 Thu 19:52] :ARCHIVE_CATEGORY: todo :ARCHIVE_TODO: DONE :END: + +* DONE Upgrade Roundcube to the version in squeeze-backports + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:03 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: DONE + :END: +** DONE Install and try it on zetkin +** DONE Install it on harvey + +* DONE Fix so that new passwords are hashed with SHA1 +CLOSED: [2012-06-14 Thu 19:44] +- State "DONE" from "TODO" [2012-06-14 Thu 19:44] + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:03 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: DONE + :END: + +* CANCELLED Add this module to fripost-tools :CANCELLED: +CLOSED: [2012-11-19 Mon 19:04] +:LOGBOOK: +- State "CANCELLED" from "TODO" [2012-11-19 Mon 19:04] \\ + Not needed any more +:END: + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:04 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: CANCELLED + :END: +http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm + +* CANCELLED Install PGP module in RoundCube :CANCELLED: +CLOSED: [2012-06-14 Thu 19:44] +:LOGBOOK: +- State "CANCELLED" from "CANCELLED" [2012-11-19 Mon 19:04] \\ + Very bad idea +:END: + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:04 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: CANCELLED + :END: +- CLOSING NOTE [2012-06-14 Thu 19:44] \\ + This is not good. + +* CANCELLED Determine how we should handle RC identities :CANCELLED: + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:11 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: CANCELLED + :END: +e.g. $rcmail_config['identities_level'] = 0; is not ideal +there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org +- Look into the details of how RoundCube handles identities + +* DONE Add link from mail.fripost.org to https://fripost.org +CLOSED: [2012-08-22 Wed 20:25] + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:12 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: DONE + :END: + +* DONE SMTP server +CLOSED: [2012-11-19 Mon 19:16] +:LOGBOOK: +- State "DONE" from "TODO" [2012-11-19 Mon 19:16] +:END: + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:16 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: DONE + :END: +- We'll use gnu.friprogramvarusyndikatet.se for this +- Should be given priority since users have requested this +- Experiment header forging to masquerade the sender's IP. + +* DONE Fix mounting of raid device on benjamin in accordance with Debian 6.0 +CLOSED: [2012-11-19 Mon 19:08] +:LOGBOOK: +- State "DONE" from "TODO" [2012-11-19 Mon 19:08] +:END: + :PROPERTIES: + :ARCHIVE_TIME: 2012-11-19 Mon 19:17 + :ARCHIVE_FILE: ~/git/fripost/admin/todo.org + :ARCHIVE_OLPATH: Current projects + :ARCHIVE_CATEGORY: todo + :ARCHIVE_TODO: DONE + :END: +Information on this can be found in admin log-file |