| Commit message (Collapse) | Author | Age | Files |
... | |
|
|
|
|
| |
(Disable SSLv3 and extend STS' max age to 180 days.) See
https://www.ssllabs.com/ssltest/ .
|
|
|
|
|
| |
But not in the installer, as busybox's implementation of mktemp didn't
deprecate -t/-p.
|
|
|
|
| |
Most notably pipelining=True and sysctl_set=yes.
|
| |
|
| |
|
|
|
|
| |
Hence put the CSS and fonts under /usr/share/.
|
|
|
|
| |
That is, don't put a leading virtual_ or a trailing _maps in file names.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We introduce a limitation on the domain-aliases: they can't have
children (e.g., lists or users) any longer.
The whole alias resolution, including catch-alls and domain aliases, is
now done in 'virtual_alias_maps'. We stop the resolution by returning a
dummy alias A -> A for mailboxes, before trying the catch-all maps.
We're still using transport_maps for lists. If it turns out to be a
bottleneck due to the high-latency coming from LDAP maps, (and the fact
that there is a single qmgr(8) daemon), we could rewrite lists to a
dummy subdomain and use a static transport_maps instead:
virtual_alias_maps:
mylist@example.org -> mylist#example.org@mlmmj.localhost.localdomain
transport_maps:
mlmmj.localhost.localdomain mlmmj:
|
|
|
|
|
|
|
|
|
| |
Right now the list server cannot be hosted with a MX, due to bug 51:
http://mlmmj.org/bugs/bug.php?id=51
Web archive can be compiled with MHonArc, but the web server
configuration is not there yet.
|
|
|
|
|
|
| |
They were only a dirty hack for list commands à la Mailman such as
mylist-request. If we are to use another list manager such as mlmmj,
which uses a VERP delimiter instead, the problem disappears.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
It has to be performed last, to give a chance to be accepted as a
regular mailbox.
We introduce a new, dedicated, smtpd daemon whose only purpose is to
resolve catch-alls.
|
|
|
|
|
|
| |
To avoid low-entropy conditions, see
http://www.issihosts.com/haveged/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, we pretend that lists are valid users (via a match in the
mailbox_transport_maps) but choose a different transport (with the same
request in transport_maps).
The advantage is that we get rid of the ugly hack for list transport…
A minor drawback is that we now have two LDAP lookups instead of one for
non local addresses (ie, everything but reserved addresses). Hopefully
the requests are cached; but even if they aren't, querying a local LDAP
server is supposed to be cheap.
|
|
|
|
|
| |
Also, add the 'managesieve' RoundCube plugin to communicate with our
server.
|
|
|
|
|
|
|
|
|
|
|
|
| |
(Unless the webmail is itself a full IMAP server.) It replaces
RoundCube's own IMAP and message caches.
Dovecot's IMAPC storage backend is not very documented, but provides
smart IMAP proxying. References include:
http://dovecot.org/pipermail/dovecot/2011-January/056975.html
http://wiki2.dovecot.org/HowTo/ImapcProxy
http://wiki2.dovecot.org/Migration/Dsync
|
| |
|
|
|
|
|
|
| |
RoundCubes lists subscribed mailboxes only (determined using
LIST-EXTENDED by default); also, it seems to ignore new subscriptions to
mailboxes not listed by the LIST command.
|
| |
|
| |
|
|
|
|
| |
Also, turn off all TCP/IP listener ports.
|
| |
|
|
|
|
|
| |
By using double quoted scalars, cf.
https://groups.google.com/forum/#!topic/ansible-project/ZaB6o-eqDzw
|
|
|
|
| |
See /usr/share/doc/spamassassin/README.Debian.gz
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mails to be retrained are stored in the spooldir /home/mail/spamspool;
later a daemon catches them up and feed them to sa-learn(1p). (On busy
systems batch-process the learning should be much more efficient.)
The folder transisition matrix along with the corresponding actions can
be found there:
http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt
See also dovecot-antispam(7).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using dovecot's 'virtual' plugin, cf.
http://wiki2.dovecot.org/Plugins/Virtual
The 'virtual/' namespace is visible in the NAMESPACE command
(hidden=no), but not in LIST (list=no). This should ensure that the
namespace isn't automatically synced by offlineimap, but nevertheless
visible by roundcube, cf.
http://trac.roundcube.net/ticket/1486796
http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html
|
| |
|
|
|
|
|
|
| |
It'd certainly be nicer if we didn't have to deploy amavis' schema
everywhere, but we need the 'objectClass' in our replicates, hence they
need to be aware of the 'amavisAccount' class.
|
|
|
|
|
|
|
|
|
|
|
| |
Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new.
Each user has his/her amavis preferences, and own Bayes filter (to
maximize privacy).
One question remains, though: how to set spamassassin's trusted_networks
/ internal_networks / msa_networks? It seems not obivious to get it
write with IPSec and dynamic IPs.
(Cf. https://wiki.apache.org/spamassassin/AwlWrongWay)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
We use a "master" NTP server, which synchronizes against stratum 1
servers (hence is a stratum 2 itself); all other clients synchronize to
this master server through IPSec.
|
|
|
|
| |
Other abreviations are upper case.
|
| |
|
| |
|
| |
|
|
|
|
| |
(For now, only LMTP and IMAP processes, without replication.)
|
| |
|
|
|
|
| |
(Hence the SyncProv overlay.)
|