summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
* postfix-msa: anonymize SASL-authenticated senders using IPv6.Guilhem Moulin2017-06-061
|
* dovecot-auth-proxy: Fix synopsis line.Guilhem Moulin2017-06-051
|
* postscreen: lower zen.spamhaus.org DNSBL score from 3 to 2 on the MX:es.Guilhem Moulin2017-06-051
| | | | | So being listed on that BL doesn't yield a flat reject if the IP isn't also listed to other lists.
* postfix-sender-login: wibbleGuilhem Moulin2017-06-052
|
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-059
|
* move postfix-sender-login.{service,socket} to files/.Guilhem Moulin2017-06-022
|
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
|
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-023
|
* postfix-sender-login: terminate the worker after 32*$nProc connections to ↵Guilhem Moulin2017-06-011
| | | | release ressources.
* postfix-sender-login: handle EINTR in read(2) and write(2) calls.Guilhem Moulin2017-06-011
|
* postfix-sender-login: pre-fork 2 servers.Guilhem Moulin2017-06-011
| | | | | On Linux perl's allow multiple children to block in a call to accept(2) so we don't need to place a lock around the call.
* Don't make Roundcube add a 'X-Sender' header with the sender's identity.Guilhem Moulin2017-06-011
|
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-0111
| | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed.
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-3117
|
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-304
|
* Install more sympa dependencies.Guilhem Moulin2017-05-291
|
* Rotate civett's IPsec's key.Guilhem Moulin2017-05-292
|
* Use blackhole subdomain for sender addresses of verify probes.Guilhem Moulin2017-05-163
| | | | | | | | | | | These addresses need to be accepted on the MX:es, as recipients sometimes phone back during the SMTP session to check whether the sender exists. Since a time-dependent suffix is added to the local part (cf. http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's not enough to drop incoming mails to ‘double-bounce@fripost.org’, and it's impractical to do the same for /^double-bounce.*@fripost\.org$/.
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-147
|
* webmail: use Zend opcache and configure APCu.Guilhem Moulin2017-05-143
|
* sympa: don't tweak /etc/logrotate.d/sympa.Guilhem Moulin2017-05-141
|
* wwsympa: allow write access to /var/spool/sympa.Guilhem Moulin2017-05-141
| | | | Request to post and moderate messages using the web interface.
* MSA: reject null sender address.Guilhem Moulin2017-05-144
|
* IMAP: new script list-users.Guilhem Moulin2017-05-142
|
* Change civett's CNAME from civett.friprogramvarusyndikatet.se to ↵Guilhem Moulin2017-05-142
| | | | civett.fripost.org
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
|
* Allow SMTP client from whitelisted IPs to bypass postscreen checks.Guilhem Moulin2017-01-141
|
* nginx: set Referrer-Policy HTTP header to "no-referrer".Guilhem Moulin2016-12-131
|
* nginx: add support for HTTP/2.Guilhem Moulin2016-12-135
|
* dovecot: Deduplicate attachments hourly, just before automatic backup.Guilhem Moulin2016-12-111
|
* dovecot: use Single-Instance Storage for mail attachments.Guilhem Moulin2016-12-104
|
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
|
* wiki: Add instruction for how to add the post-update hook.Guilhem Moulin2016-12-081
|
* Dovecot: Explicitly disable LDAP.Guilhem Moulin2016-12-081
|
* gitolite: allow hook.* git config keys.Guilhem Moulin2016-12-081
|
* Upgrade to lacme 0.2-1.Guilhem Moulin2016-12-082
|
* Webmail: Install XCache (PHP opcode cacher).Guilhem Moulin2016-12-081
|
* Dovecot: use fallocate(2) to preallocate new mdbox files.Guilhem Moulin2016-12-081
|
* Make Ansible modules compatible with Ansible 2.2.0.0.Guilhem Moulin2016-12-082
|
* Postscreen: Give temporary whitelist status to primary MX addresses only.Guilhem Moulin2016-09-202
|
* systemd: Ensure sympa service is enabled.Guilhem Moulin2016-09-181
|
* lacme-certs.conf: don't restart but reload dovecot after renewing IMAPS cert.Guilhem Moulin2016-09-181
| | | | | | Unfortunately as of Debian 8.6 (Jessie) dovecot's service file doesn't have a “Reload” directive, so we can't use `/bin/systemctl restart dovecot` as notification. It'll be fixed in Stretch, though.
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-183
|
* FreshClam: change ownership of /etc/clamav/freshclam.conf.Guilhem Moulin2016-09-181
| | | | | | | | To match the stock version shipped by clamav-freshclam 0.99.2+dfsg-0+deb8u2 ~$ stat -c '%U:%G %a' /etc/clamav/freshclam.conf clamav:adm 444
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
|
* HPKP: increase max-mage directive to 6 months from 1 hour.Guilhem Moulin2016-09-181
|
* gencerts: improve workning: s/pubkey/SPKI/Guilhem Moulin2016-09-181
|
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
|
* Improve certs formatting.Guilhem Moulin2016-07-121
|
* gencerts: Print the SHA1 digests in hex not base64 format.Guilhem Moulin2016-07-121
|