| Commit message (Collapse) | Author | Age | Files |
... | |
| |
|
| |
|
|
|
|
|
|
|
|
| |
It has to be performed last, to give a chance to be accepted as a
regular mailbox.
We introduce a new, dedicated, smtpd daemon whose only purpose is to
resolve catch-alls.
|
|
|
|
|
|
| |
To avoid low-entropy conditions, see
http://www.issihosts.com/haveged/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, we pretend that lists are valid users (via a match in the
mailbox_transport_maps) but choose a different transport (with the same
request in transport_maps).
The advantage is that we get rid of the ugly hack for list transport…
A minor drawback is that we now have two LDAP lookups instead of one for
non local addresses (ie, everything but reserved addresses). Hopefully
the requests are cached; but even if they aren't, querying a local LDAP
server is supposed to be cheap.
|
|
|
|
|
| |
Also, add the 'managesieve' RoundCube plugin to communicate with our
server.
|
|
|
|
|
|
|
|
|
|
|
|
| |
(Unless the webmail is itself a full IMAP server.) It replaces
RoundCube's own IMAP and message caches.
Dovecot's IMAPC storage backend is not very documented, but provides
smart IMAP proxying. References include:
http://dovecot.org/pipermail/dovecot/2011-January/056975.html
http://wiki2.dovecot.org/HowTo/ImapcProxy
http://wiki2.dovecot.org/Migration/Dsync
|
| |
|
|
|
|
|
|
| |
RoundCubes lists subscribed mailboxes only (determined using
LIST-EXTENDED by default); also, it seems to ignore new subscriptions to
mailboxes not listed by the LIST command.
|
| |
|
| |
|
|
|
|
| |
Also, turn off all TCP/IP listener ports.
|
| |
|
|
|
|
|
| |
By using double quoted scalars, cf.
https://groups.google.com/forum/#!topic/ansible-project/ZaB6o-eqDzw
|
|
|
|
| |
See /usr/share/doc/spamassassin/README.Debian.gz
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mails to be retrained are stored in the spooldir /home/mail/spamspool;
later a daemon catches them up and feed them to sa-learn(1p). (On busy
systems batch-process the learning should be much more efficient.)
The folder transisition matrix along with the corresponding actions can
be found there:
http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt
See also dovecot-antispam(7).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using dovecot's 'virtual' plugin, cf.
http://wiki2.dovecot.org/Plugins/Virtual
The 'virtual/' namespace is visible in the NAMESPACE command
(hidden=no), but not in LIST (list=no). This should ensure that the
namespace isn't automatically synced by offlineimap, but nevertheless
visible by roundcube, cf.
http://trac.roundcube.net/ticket/1486796
http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html
|
| |
|
|
|
|
|
|
| |
It'd certainly be nicer if we didn't have to deploy amavis' schema
everywhere, but we need the 'objectClass' in our replicates, hence they
need to be aware of the 'amavisAccount' class.
|
|
|
|
|
|
|
|
|
|
|
| |
Antispam & antivirus, using ClamAV and SpamAssassin through Amavisd-new.
Each user has his/her amavis preferences, and own Bayes filter (to
maximize privacy).
One question remains, though: how to set spamassassin's trusted_networks
/ internal_networks / msa_networks? It seems not obivious to get it
write with IPSec and dynamic IPs.
(Cf. https://wiki.apache.org/spamassassin/AwlWrongWay)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
We use a "master" NTP server, which synchronizes against stratum 1
servers (hence is a stratum 2 itself); all other clients synchronize to
this master server through IPSec.
|
|
|
|
| |
Other abreviations are upper case.
|
| |
|
| |
|
| |
|
|
|
|
| |
(For now, only LMTP and IMAP processes, without replication.)
|
| |
|
|
|
|
| |
(Hence the SyncProv overlay.)
|
|
|
|
|
|
|
|
|
|
|
| |
A 'suffix=' parameter has been added to choose the database to configure
the overlay for.
The ability to delete overlays would be desirable, but sadly there is no
cleane way to remove/replace overlays, short of stopping slapd and
digging into the slapd.d directory:
http://www.zytrax.com/books/ldap/ch6/slapd-config.html#use-overlays
|
| |
|
|
|
|
| |
As of 2.9.6 (2.10), at least. See bug #730848.
|
| |
|
|
|
|
|
|
|
| |
This is because the UNIX domain socket to connect to when performing
LDAP lookups needs to be in the chroot.
Also, don't open a INET socket unless we're a Sync Provider.
|
| |
|
|
|
|
|
|
| |
And use main.cf's 'master_service_disable' setting to deactivate each
service that's useless for a given instance. (Hence solve conflict when
trying to listen twice on the same port, for instance.)
|
|
|
|
|
|
|
| |
It's unfortunate that samhain cannot use the sendmail binary, and wants
to use a inet socket instead. We use a custom port to avoid
conflicts with the usual SMTP port the MX:es need to listen on.
See also: /usr/share/doc/samhain/TODO.Debian
|
| |
|
|
|
|
|
|
| |
"username=postfix,cn=peercred,cn=external,cn=auth" is replaced by
"gidNumber=106+uidNumber=102,cn=peercred,cn=external,cn=auth" where 102
is postfix's UID and 106 its primary GID (looked up from /etc/passwd).
|
| |
|
|
|
|
| |
I.e., put 'sudo=True' in ansible.cfg.
|
|
|
|
|
|
|
| |
For non-indexed attributes, do not ask the LDAP server to modify values
in the symmetric difference of A (the entry found in the directory) and
B (the target). That is, we replace A by B only when they are disjoint;
otherwise we remove values in A-B and add those in B-A.
|