|  | Commit message (Collapse) | Author | Age | Files | 
|---|
| | |  | 
| | 
| 
| 
| 
| 
| | Instead of using the fallback key.  That way messages from our lists
have proper DMARC alignment (at least when envelope sender and From
header are under domain lists.fripost.org). | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Cf. https://lists.debian.org/debian-devel-announce/2020/04/msg00004.html .  \o/
It's also fairly easy to deploy onto the Debian infrastucture:
    $ USERNAME="guilhem"
    $ SELECTOR="5d30c523ff3622ed454230a16a11ddf6.$USERNAME.user"
    $ printf "dkimPubKey: %s %s\n" "$SELECTOR" \
                "$(openssl pkey -pubin -in "./certs/dkim/$SELECTOR:debian.org.pub" -outform DER | base64 -w0)" \
        | gpg --clearsign | s-nail -r "USERNAME@debian.org" -s dkimPubKey changes@db.debian.org | 
| | 
| 
| 
| 
| | While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The following policy is now implemented:
    * users can use their SASL login name as sender address;
    * alias and/or list owners can use the address as envelope sender;
    * domain postmasters can use arbitrary sender addresses under their
      domains;
    * domain owners can use arbitrary sender addresses under their domains,
      unless it is also an existing account name;
    * for known domains without owner or postmasters, other sender addresses
      are not allowed; and
    * arbitrary sender addresses under unknown domains are allowed. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | We use a dedicated, non-routable, IPv4 subnet for IPSec.  Furthermore
the subnet is nullrouted in the absence of xfrm lookup (i.e., when there
is no matching IPSec Security Association) to avoid data leaks.
Each host is associated with an IP in that subnet (thus only reachble
within that subnet, either by the host itself or by its IPSec peers).
The peers authenticate each other using RSA public key authentication.
Kernel traps are used to ensure that connections are only established
when traffic is detected between the peers; after 30m of inactivity
(this value needs to be less than the rekeying period) the connection is
brought down and a kernel trap is installed. | 
| | 
| 
| 
| 
| | (Hence delete the 'webmail' Postfix instance.)  This shortens the delay
caused by the recipient verification probes. | 
| | |  | 
| | 
| 
| 
| 
| 
| | E.g., ldap.fripost.org, ntp.fripost.org, etc.  (Ideally the DNS zone
would be provisioned by ansible, too.)  It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Right now the list server cannot be hosted with a MX, due to bug 51:
    http://mlmmj.org/bugs/bug.php?id=51
Web archive can be compiled with MHonArc, but the web server
configuration is not there yet. | 
| | 
| 
| 
| 
| 
| 
| 
| | It has to be performed last, to give a chance to be accepted as a
regular mailbox.
We introduce a new, dedicated, smtpd daemon whose only purpose is to
resolve catch-alls. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | (Unless the webmail is itself a full IMAP server.) It replaces
RoundCube's own IMAP and message caches.
Dovecot's IMAPC storage backend is not very documented, but provides
smart IMAP proxying. References include:
http://dovecot.org/pipermail/dovecot/2011-January/056975.html
http://wiki2.dovecot.org/HowTo/ImapcProxy
http://wiki2.dovecot.org/Migration/Dsync | 
| | |  | 
| | 
| 
| 
| 
| 
| | We use a "master" NTP server, which synchronizes against stratum 1
servers (hence is a stratum 2 itself); all other clients synchronize to
this master server through IPSec. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | And use main.cf's 'master_service_disable' setting to deactivate each
service that's useless for a given instance. (Hence solve conflict when
trying to listen twice on the same port, for instance.) | 
|  |  |