Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
* | Also install non-free firmwares on civett. | Guilhem Moulin | 2017-05-30 | 4 | |
| | |||||
* | Install more sympa dependencies. | Guilhem Moulin | 2017-05-29 | 1 | |
| | |||||
* | Rotate civett's IPsec's key. | Guilhem Moulin | 2017-05-29 | 2 | |
| | |||||
* | Use blackhole subdomain for sender addresses of verify probes. | Guilhem Moulin | 2017-05-16 | 3 | |
| | | | | | | | | | | | These addresses need to be accepted on the MX:es, as recipients sometimes phone back during the SMTP session to check whether the sender exists. Since a time-dependent suffix is added to the local part (cf. http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's not enough to drop incoming mails to ‘double-bounce@fripost.org’, and it's impractical to do the same for /^double-bounce.*@fripost\.org$/. | ||||
* | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 7 | |
| | |||||
* | webmail: use Zend opcache and configure APCu. | Guilhem Moulin | 2017-05-14 | 3 | |
| | |||||
* | sympa: don't tweak /etc/logrotate.d/sympa. | Guilhem Moulin | 2017-05-14 | 1 | |
| | |||||
* | wwsympa: allow write access to /var/spool/sympa. | Guilhem Moulin | 2017-05-14 | 1 | |
| | | | | Request to post and moderate messages using the web interface. | ||||
* | MSA: reject null sender address. | Guilhem Moulin | 2017-05-14 | 4 | |
| | |||||
* | IMAP: new script list-users. | Guilhem Moulin | 2017-05-14 | 2 | |
| | |||||
* | Change civett's CNAME from civett.friprogramvarusyndikatet.se to ↵ | Guilhem Moulin | 2017-05-14 | 2 | |
| | | | | civett.fripost.org | ||||
* | Fix Ansible 2.2.0 compatibility of a Jinja2 template. | Guilhem Moulin | 2017-01-14 | 1 | |
| | |||||
* | Allow SMTP client from whitelisted IPs to bypass postscreen checks. | Guilhem Moulin | 2017-01-14 | 1 | |
| | |||||
* | nginx: set Referrer-Policy HTTP header to "no-referrer". | Guilhem Moulin | 2016-12-13 | 1 | |
| | |||||
* | nginx: add support for HTTP/2. | Guilhem Moulin | 2016-12-13 | 5 | |
| | |||||
* | dovecot: Deduplicate attachments hourly, just before automatic backup. | Guilhem Moulin | 2016-12-11 | 1 | |
| | |||||
* | dovecot: use Single-Instance Storage for mail attachments. | Guilhem Moulin | 2016-12-10 | 4 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | wiki: Add instruction for how to add the post-update hook. | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | Dovecot: Explicitly disable LDAP. | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | gitolite: allow hook.* git config keys. | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | Upgrade to lacme 0.2-1. | Guilhem Moulin | 2016-12-08 | 2 | |
| | |||||
* | Webmail: Install XCache (PHP opcode cacher). | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | Dovecot: use fallocate(2) to preallocate new mdbox files. | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | Make Ansible modules compatible with Ansible 2.2.0.0. | Guilhem Moulin | 2016-12-08 | 2 | |
| | |||||
* | Postscreen: Give temporary whitelist status to primary MX addresses only. | Guilhem Moulin | 2016-09-20 | 2 | |
| | |||||
* | systemd: Ensure sympa service is enabled. | Guilhem Moulin | 2016-09-18 | 1 | |
| | |||||
* | lacme-certs.conf: don't restart but reload dovecot after renewing IMAPS cert. | Guilhem Moulin | 2016-09-18 | 1 | |
| | | | | | | Unfortunately as of Debian 8.6 (Jessie) dovecot's service file doesn't have a “Reload” directive, so we can't use `/bin/systemctl restart dovecot` as notification. It'll be fixed in Stretch, though. | ||||
* | Postfix: ensure common aliases are present. | Guilhem Moulin | 2016-09-18 | 3 | |
| | |||||
* | FreshClam: change ownership of /etc/clamav/freshclam.conf. | Guilhem Moulin | 2016-09-18 | 1 | |
| | | | | | | | | To match the stock version shipped by clamav-freshclam 0.99.2+dfsg-0+deb8u2 ~$ stat -c '%U:%G %a' /etc/clamav/freshclam.conf clamav:adm 444 | ||||
* | Firewall: allow duplicates rules. | Guilhem Moulin | 2016-09-18 | 1 | |
| | |||||
* | HPKP: increase max-mage directive to 6 months from 1 hour. | Guilhem Moulin | 2016-09-18 | 1 | |
| | |||||
* | gencerts: improve workning: s/pubkey/SPKI/ | Guilhem Moulin | 2016-09-18 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-08-22 | 2 | |
| | |||||
* | Improve certs formatting. | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | gencerts: Print the SHA1 digests in hex not base64 format. | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | typo | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | typo | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | HSTS: use the standard capitalization of includeSubDomains. | Guilhem Moulin | 2016-07-12 | 1 | |
| | | | | Cf. RFC 6797 sec. 6.1.2. | ||||
* | postfix: Remove obsolete templates tls_policy/relay_clientcerts. | Guilhem Moulin | 2016-07-12 | 4 | |
| | |||||
* | gencerts: make the SSHFPR output match the X509 ones. | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | gencerts: Include SAN for the website and webmail. | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | gencerts: base64-encode the SHA256 digests. | Guilhem Moulin | 2016-07-12 | 1 | |
| | | | | Also, include the backup pins in the .asc. | ||||
* | postfix: commit the master.cf symlinks. | Guilhem Moulin | 2016-07-12 | 5 | |
| | |||||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 18 | |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | ||||
* | gencerts: exclude expired certs in the CRT queries. | Guilhem Moulin | 2016-07-10 | 1 | |
| | |||||
* | Postfix lists/MDA instances: only include the MX:es' IPs in $mynetworks. | Guilhem Moulin | 2016-07-10 | 2 | |
| | |||||
* | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 20 | |
| | |||||
* | Postfix MX/MSA instances: put certs in the the instance's $config_directory. | Guilhem Moulin | 2016-07-10 | 5 | |
| | |||||
* | Postfix MX/MSA instances: don't ask the remote SMTP client for a client ↵ | Guilhem Moulin | 2016-07-10 | 2 | |
| | | | | | | | certificate. See postconf(5). This avoids the “(Client did not present a certificate)” messages in the Received headers. |