| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mails to be retrained are stored in the spooldir /home/mail/spamspool;
later a daemon catches them up and feed them to sa-learn(1p). (On busy
systems batch-process the learning should be much more efficient.)
The folder transisition matrix along with the corresponding actions can
be found there:
http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt
See also dovecot-antispam(7).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using dovecot's 'virtual' plugin, cf.
http://wiki2.dovecot.org/Plugins/Virtual
The 'virtual/' namespace is visible in the NAMESPACE command
(hidden=no), but not in LIST (list=no). This should ensure that the
namespace isn't automatically synced by offlineimap, but nevertheless
visible by roundcube, cf.
http://trac.roundcube.net/ticket/1486796
http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html
|
| |
|
|
|
|
|
|
| |
It'd certainly be nicer if we didn't have to deploy amavis' schema
everywhere, but we need the 'objectClass' in our replicates, hence they
need to be aware of the 'amavisAccount' class.
|
|
|
|
|
|
|
|
|
|
|
| |
Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new.
Each user has his/her amavis preferences, and own Bayes filter (to
maximize privacy).
One question remains, though: how to set spamassassin's trusted_networks
/ internal_networks / msa_networks? It seems not obivious to get it
write with IPSec and dynamic IPs.
(Cf. https://wiki.apache.org/spamassassin/AwlWrongWay)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
We use a "master" NTP server, which synchronizes against stratum 1
servers (hence is a stratum 2 itself); all other clients synchronize to
this master server through IPSec.
|
|
|
|
| |
Other abreviations are upper case.
|
| |
|
| |
|
| |
|
|
|
|
| |
(For now, only LMTP and IMAP processes, without replication.)
|
| |
|
|
|
|
| |
(Hence the SyncProv overlay.)
|
|
|
|
|
|
|
|
|
|
|
| |
A 'suffix=' parameter has been added to choose the database to configure
the overlay for.
The ability to delete overlays would be desirable, but sadly there is no
cleane way to remove/replace overlays, short of stopping slapd and
digging into the slapd.d directory:
http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-overlays
|
| |
|
|
|
|
| |
As of 2.9.6 (2.10), at least. See bug #730848.
|
| |
|
|
|
|
|
|
|
| |
This is because the UNIX domain socket to connect to when performing
LDAP lookups needs to be in the chroot.
Also, don't open a INET socket unless we're a Sync Provider.
|
| |
|
|
|
|
|
|
| |
And use main.cf's 'master_service_disable' setting to deactivate each
service that's useless for a given instance. (Hence solve conflict when
trying to listen twice on the same port, for instance.)
|
|
|
|
|
|
|
| |
It's unfortunate that samhain cannot use the sendmail binary, and wants
to use a inet socket instead. We use a custom port to avoid
conflicts with the usual SMTP port the MX:es need to listen on.
See also: /usr/share/doc/samhain/TODO.Debian
|
| |
|
|
|
|
|
|
| |
"username=postfix,cn=peercred,cn=external,cn=auth" is replaced by
"gidNumber=106+uidNumber=102,cn=peercred,cn=external,cn=auth" where 102
is postfix's UID and 106 its primary GID (looked up from /etc/passwd).
|
| |
|
|
|
|
| |
I.e., put 'sudo=True' in ansible.cfg.
|
|
|
|
|
|
|
| |
For non-indexed attributes, do not ask the LDAP server to modify values
in the symmetric difference of A (the entry found in the directory) and
B (the target). That is, we replace A by B only when they are disjoint;
otherwise we remove values in A-B and add those in B-A.
|
|
|
|
| |
Since indices are specified in the database LDIF.
|
|
|
|
|
|
|
| |
It's not happy with non-ASCII characters in comments, unless the
encoding is made explicit…
http://www.python.org/dev/peps/pep-0263/
|
|
|
|
|
| |
To be clearer, and to follow the recommendation of the FSF, we include
a full header rather than a single sentence.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
In order to allow strings of the form:
priv="db.table1:SELECT, UPDATE,DELETE
/db.table2:SELECT,INSERT, DELETE"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A.k.a "IDENTIFIED WITH ...". The plugin is automatically loaded on first
use.
References:
- https://dev.mysql.com/doc/refman/5.5/en/pluggable-authentication.html
- https://dev.mysql.com/doc/refman/5.5/en/socket-authentication-plugin.html
Sadly as of MySQL 5.5, the "ALTER USER" command does not allow changing
the Authentication Plugin, so we have to manually manipulate
`mysql.user` (and FLUSH PRIVILEGES) instead. See also
http://bugs.mysql.com/bug.php?id=67449
|
|
|
|
|
|
| |
From ref origin/release1.4.0, commit
2a58c2bbe33236ccfdde9fe7466d8a65956f21a5
|
|
|
|
| |
We use a dedicated instance for each role: MDA, MTA out, MX, etc.
|
|
|
|
|
| |
${distro_codename} doesn't work properly there, so we put stable and/or
oldstable instead.
|
|
|
|
|
| |
Replaced [ -n "$string" ] with [ "$string" ], and [ -z "$string" ] with
[ ! "$string" ].
|
|
|
|
|
| |
'syslog' is meant for the messages generated internally by syslogd,
whereas 'user' is for user-level messages.
|
| |
|
|
|
|
| |
We use ESP only, so other protocols shouldn't be ACCEPTed.
|
|
|
|
| |
This is pointless since the service will be restarted anyway.
|
|
|
|
|
|
|
|
|
| |
In particular, run 'apt-get update' right after configured APT, and
restart daemon right after configured them.
The advantage being that if ansible crashes in some "task", the earlier
would already be restarted if neeeded. (This may not happen in the next
run since the configuration should already be up to date.)
|
| |
|