#+TITLE: TODO for Fripost (internal administration use only) * Current projects ** TODO Create an administration interface :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 19:00] :END: *** TODO Test that interface :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 19:01] :END: ** TODO Research further solutions (e.g. Gnutiken's) for on line calendars :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 18:58] :END: ** TODO Set up a redundant SMTP-server, using documented configurations :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 18:56] :END: ** TODO Get Fripost's email configuration data into Thunderbird's database :LOGBOOK: - State "TODO" from "" [2012-10-08 Mon 18:55] :END: ** TODO Make sure our size limit for incoming email is ~50 MB to beat hotmail and gmail : message size 46731757 exceeds size limit 35882577 of server gmail-smtp-in.l.google.com[173.194.71.26] : message size 46731904 exceeds size limit 36909875 of server mx1.hotmail.com[65.55.92.184] [2012-09-17 Mon 00:42] ** TODO Bacula [0/3] *** TODO Make sure that the data is actually replicated with rsync according to the current solution *** TODO Install the storage daemon on benjamin ** TODO Upgrade Roundcube to the version in squeeze-backports *** TODO Install and try it on zetkin *** TODO Install it on harvey ** DONE Fix so that new passwords are hashed with SHA1 CLOSED: [2012-06-14 Thu 19:44] - State "DONE" from "TODO" [2012-06-14 Thu 19:44] ** TODO Add this module to fripost-tools http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm ** CANCELED Install PGP module in RoundCube CLOSED: [2012-06-14 Thu 19:44] - CLOSING NOTE [2012-06-14 Thu 19:44] \\ This is not good. ** TODO Convert ikiwiki to use org-mode backend ** TODO Document installation of OSSEC - We will use the standalone rather than client-server solution ** TODO Document how to enable encrypted swap - How does this work on a VPS? ** TODO Implement firewall rules on the systems ** TODO Register on http://www.dnswl.org/ - This is done, only the reverse DNS (v6) is missing for smtp.fripost.org ** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0 Information on this can be found in admin log-file ** TODO Fix so that we can use better value for RC imap auth type (GSSAPI?) Currently, we have $rcmail_config['imap_auth_type'] = 'plain'; ** CANCELED Determine how we should handle RC identities e.g. $rcmail_config['identities_level'] = 0; is not ideal there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org - Look into the details of how RoundCube handles identities ** DONE Add link from mail.fripost.org to https://fripost.org CLOSED: [2012-08-22 Wed 20:25] ** TODO Support for mailing lists *** TODO Install mailman on zetkin ** TODO LDAP Schema Changes *** DONE Allow for domain aliases CLOSED: [2012-08-20 Mon 01:25] ** TODO SMTP server - We'll use gnu.friprogramvarusyndikatet.se for this - Should be given priority since users have requested this - Experiment header forging to masquerade the sender's IP. ** TODO How to publish our SSL certificates? MonkeySphere? http://web.monkeysphere.info/ ** TODO Make proper certificates on the smarthosts too? ** TODO lists.fripost.org, www.fripost.org and git.fripost.org should be added to the SN list for fripost.org's SSL certificate. ** DONE Add a CNAME `ldap.fripost.org' -> `mistral.fripost.org'. ** TODO When upgrading to Dovecot v2.x (wait for the next Debian stable - wheezy): replace the LDA by the new LMTP service. http://wiki2.dovecot.org/LMTP . ** TODO When upgrading to Dovecot v2.x (wait for the next Debian stable - wheezy): convert the maiboxes from maildir to Dovecot's high performance mdbox format http://wiki2.dovecot.org/MailboxFormat/dbox . ** TODO Do not deliver any content via HTTP (redirect everything to https://). ** TODO Should we log every single change made to the LDAP directory? http://www.openldap.org/doc/admin24/overlays.html#Audit%20Logging for 3 days ** Offer GSSAPI (Kerberos) authentication to our IMAP and SMTP server. * New propositions, waiting for approval ** Shouldn't we obfuscate our logs (e.g., successuful IMAP/SASL authentication)? * Deferred projects ** Move the wiki to fripost.org/wiki ** Monitoring - Munin *** TODO Give one configuration example so we could decide on what we need to activate ljo already uses Munin, so we could look at his configuration ** User level filtering of emails - We will use sieve, perhaps managesieve? Dovecot v2.x has nice improvements over v1.x, see http://wiki2.dovecot.org/Pigeonhole/Sieve . Wait for the next Debian stable (wheezy)? ** Spamassassin (opt-in) - one idea for handling the opt-in feature is: have people opt-in by creating a spamfolder. make it clear that if they create a spam folder, they are opting in automatically. check ljos text at sac.se/it ** Central log server using rsyslogd *** Hardware is needed ** Distributed storage for backups - Tahoe FS/LAFS. ** DONE Implement quotas Can probably wait until December 23, 2012. ** Write a policy for our PGP-keys [[http://www.haven-project.org/][Haven Project]] ** Evaluate cfengine vs. chef vs. puppet ** DONE fripost-adduser should not allow user to be added if there is an alias by that name CLOSED: [2012-06-14 Thu 19:56] - State "DONE" from "" [2012-06-14 Thu 19:56] ** Add greylisting to all receiving smarthosts * Maybe ** Create a mail gateway to change settings ** Set up an Asterisk server (VoIP) ** Evaluate SSH-tunnels vs VPN ** Evaluating changing Apache to nginx * Discarded ideas ** Improve logcheck rules (increase signal to noise ratio) Reason for discarding: not very concrete ** SELinux Reason for discarding: Not feasible at this point, too much overhead, not always obvious what causes problems etc. ** Apaches mod_security Reason for discarding: Does only a subset of what OSSEC already does. ** fail2ban Reason for discarding: Does only a subset of what OSSEC already does. * Org-mode settings #+STARTUP: indent #+STARTUP: logdone #+STARTUP: lognotedone