#+TITLE: TODO for Fripost (internal administration use only)

* Current projects
** TODO Bacula [0/3]
*** TODO Make sure that the data is actually replicated with rsync according to the current solution
*** TODO Install the storage daemon on benjamin
** TODO Upgrade Roundcube to the version in squeeze-backports
*** TODO Install and try it on zetkin
*** TODO Install it on harvey
** DONE Fix so that new passwords are hashed with SHA1
CLOSED: [2012-06-14 Thu 19:44]
- State "DONE"       from "TODO"       [2012-06-14 Thu 19:44]
** TODO Add this module to fripost-tools
http://www.vboxadm.net/files/lib/VBoxAdm/DovecotPW.ipm
** CANCELED Install PGP module in RoundCube
CLOSED: [2012-06-14 Thu 19:44]
- CLOSING NOTE [2012-06-14 Thu 19:44] \\
  This is not good.
** TODO Convert ikiwiki to use org-mode backend
** TODO Document installation of OSSEC
- We will use the standalone rather than client-server solution
** TODO Document how to enable encrypted swap
- How does this work on a VPS?
** TODO Implement firewall rules on the systems
** TODO Register on http://www.dnswl.org/
** TODO Fix mounting of raid device on benjamin in accordance with Debian 6.0
Information on this can be found in admin log-file
** TODO Fix so that we can use better value for RC imap auth type
Currently, we have $rcmail_config['imap_auth_type'] = 'plain';
** TODO Determine how we should handle RC identities
e.g. $rcmail_config['identities_level'] = 0; is not ideal
there should be some sort of verification before emailing, such that a user e.g. cannot email from our webmail using admin@fripost.org
- Look into the details of how RoundCube handles identities
** TODO Add link from mail.fripost.org to fripost.org
** TODO Support for mailing lists
*** TODO Install mailman on zetkin

* Deferred projects
** Postponed LDAP Schema Changes 
*** Allow for domain aliases
** SMTP server
- We'll use gnu.friprogramvarusyndikatet.se for this
- Should be given priority since users have requested this
** Move the wiki to fripost.org/wiki
** Monitoring - Munin
*** TODO Give one configuration example so we could decide on what we need to activate
ljo already uses Munin, so we could look at his configuration
** User level filtering of emails
- We will use sieve, perhaps managesieve?
** Spamassassin (opt-in)
- one idea for handling the opt-in feature is: have people opt-in by creating a
  spamfolder. make it clear that if they create a spam folder, they are opting
  in automatically. check ljos text at sac.se/it
** Central log server using rsyslogd
*** Hardware is needed
** Distributed storage for backups
- Tahoe FS/LAFS.
** Implement quotas
Can probably wait until December 23, 2012.
** Write a policy for our PGP-keys
[[http://www.haven-project.org/][Haven Project]]


** Evaluate cfengine
** DONE fripost-adduser should not allow user to be added if there is an alias by that name
CLOSED: [2012-06-14 Thu 19:56]
- State "DONE"       from ""           [2012-06-14 Thu 19:56]
** Add greylisting to all receiving smarthosts

* Maybe
** Create a mail gateway to change settings

** Evaluate SSH-tunnels vs VPN
** Evaluating changing Apache to nginx
 
* Discarded ideas
** Improve logcheck rules (increase signal to noise ratio)
Reason for discarding: not very concrete
** SELinux
Reason for discarding: Not feasible at this point, too much overhead, not always obvious what causes problems etc.
** Apaches mod_security
Reason for discarding: Does only a subset of what OSSEC already does.
** fail2ban
Reason for discarding: Does only a subset of what OSSEC already does.

* Org-mode settings
#+STARTUP: indent
#+STARTUP: logdone
#+STARTUP: lognotedone