summaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFiles
...
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
* HPKP: increase max-mage directive to 6 months from 1 hour.Guilhem Moulin2016-09-181
* gencerts: improve workning: s/pubkey/SPKI/Guilhem Moulin2016-09-181
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
* Improve certs formatting.Guilhem Moulin2016-07-121
* gencerts: Print the SHA1 digests in hex not base64 format.Guilhem Moulin2016-07-121
* typoGuilhem Moulin2016-07-121
* typoGuilhem Moulin2016-07-121
* HSTS: use the standard capitalization of includeSubDomains.Guilhem Moulin2016-07-121
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-124
* gencerts: make the SSHFPR output match the X509 ones.Guilhem Moulin2016-07-121
* gencerts: Include SAN for the website and webmail.Guilhem Moulin2016-07-121
* gencerts: base64-encode the SHA256 digests.Guilhem Moulin2016-07-121
* postfix: commit the master.cf symlinks.Guilhem Moulin2016-07-125
* nginx: Don't hard-code the HPKP headers.Guilhem Moulin2016-07-1218
* gencerts: exclude expired certs in the CRT queries.Guilhem Moulin2016-07-101
* Postfix lists/MDA instances: only include the MX:es' IPs in $mynetworks.Guilhem Moulin2016-07-102
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-1020
* Postfix MX/MSA instances: put certs in the the instance's $config_directory.Guilhem Moulin2016-07-105
* Postfix MX/MSA instances: don't ask the remote SMTP client for a client certi...Guilhem Moulin2016-07-102
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-102
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-1013
* postfix: Don't explicitly set inet_interfaces=all as it's the default.Guilhem Moulin2016-07-105
* Change the pubkey extension from .pem to .pub.Guilhem Moulin2016-07-1016
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-1010
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-093
* IMAP: don't include mailbox under the virtual namespace in LIST responses.Guilhem Moulin2016-07-062
* dovecot: use the MSA postfix instance for sieve redirection.Guilhem Moulin2016-07-012
* IPSec → IPsecGuilhem Moulin2016-06-296
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* Postfix MSA: don't allow unauthenticated clients from $mynetworks.Guilhem Moulin2016-06-291
* ansible: _make_tmp_path now takes an argument.Guilhem Moulin2016-06-292
* typoGuilhem Moulin2016-06-151
* crt.sh: Replace SHA1 by SHA256 as SPKI digest to list certificates.Guilhem Moulin2016-06-151
* certs/public: fetch each cert's pubkey (SPKI), not the cert itself.Guilhem Moulin2016-06-1516
* Rename letsencrypt-tiny to lacme.Guilhem Moulin2016-06-158
* wwsympa systemd service file: Set PrivateTmp=yes.Guilhem Moulin2016-06-071
* clamav: Don't set obsolete option 'AllowSupplementaryGroups'.Guilhem Moulin2016-06-051
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-055
* postfix: rotate the sender address for verify probes.Guilhem Moulin2016-06-022
* Remove the IMAP caching proxy.Guilhem Moulin2016-05-2811
* Roundcube: route IMAP and managesieve traffic through IPSec.Guilhem Moulin2016-05-283
* Renew cert for https://lists.fripost.org.Guilhem Moulin2016-05-281
* Roundcube: add a link to our webpage as support URL.Guilhem Moulin2016-05-241
* typoGuilhem Moulin2016-05-242
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-249