| Commit message (Collapse) | Author | Age | Files |
|
|
|
| |
To avoid new commits upon cert renewal.
|
|
|
|
|
|
| |
(On port 143.) Moreover, add the whole IPSec virtual subnet to
‘login_trusted_networks’ since our IPSec tunnels provide end-to-end
encryption and we therefore don't need the extra SSL/TLS protection.
|
|
|
|
|
|
| |
locally.
And use this to fetch all X.509 leaf certificates.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Interhost communications are protected by stunnel4. The graphs are only
visible on the master itself, and content is generated by Fast CGI.
|
| |
|
| |
|
| |
|
|
|
|
| |
Also, it's now possible to reuse an existing private key (with -f).
|
| |
|
|
|
|
|
| |
Unlike adduser(8), ansible's 'user' module copies skeletal configuration
files even for system users (unless called with createhome=no).
|
|
|
|
|
|
|
| |
The reason is that we don't want to rely on CAs to verify the
certificate of our server. Dovecot currently doesn't offer a way to
match said cert against a local copy or known fingerprint. stunnel
does.
|
|
|
|
|
| |
For some reason giraff doesn't like IPSec. App-level TLS sessions are
less efficient, but thanks to ansible it still scales well.
|
| |
|
| |
|
|
|
|
|
| |
This is required for dbox, see
http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox
|
| |
|
|
|
|
|
| |
This ensures that Dovecot won't deliver messages if the disk hasn't been
mounted, for instance.
|
| |
|
| |
|
|
|
|
|
| |
Also, add the 'managesieve' RoundCube plugin to communicate with our
server.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mails to be retrained are stored in the spooldir /home/mail/spamspool;
later a daemon catches them up and feed them to sa-learn(1p). (On busy
systems batch-process the learning should be much more efficient.)
The folder transisition matrix along with the corresponding actions can
be found there:
http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt
See also dovecot-antispam(7).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using dovecot's 'virtual' plugin, cf.
http://wiki2.dovecot.org/Plugins/Virtual
The 'virtual/' namespace is visible in the NAMESPACE command
(hidden=no), but not in LIST (list=no). This should ensure that the
namespace isn't automatically synced by offlineimap, but nevertheless
visible by roundcube, cf.
http://trac.roundcube.net/ticket/1486796
http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html
|
|
(For now, only LMTP and IMAP processes, without replication.)
|