Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Upgrade syntax to Ansible 2.7 (apt module). | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | dovecot: enable user iteration and add a cronjob for `doveadm purge -A` | Guilhem Moulin | 2017-06-05 | 1 |
| | ||||
* | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 1 |
| | ||||
* | IMAP: new script list-users. | Guilhem Moulin | 2017-05-14 | 1 |
| | ||||
* | dovecot: use Single-Instance Storage for mail attachments. | Guilhem Moulin | 2016-12-10 | 1 |
| | ||||
* | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | dovecot: use the MSA postfix instance for sieve redirection. | Guilhem Moulin | 2016-07-01 | 1 |
| | | | | | We don't want to use the default instance since its SIZE limit is tighter than the ones on the MX:es. | |||
* | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 |
| | | | | To avoid new commits upon cert renewal. | |||
* | dovecot: also listen on the virtual IP dedicated to IPSec. | Guilhem Moulin | 2016-05-22 | 1 |
| | | | | | | (On port 143.) Moreover, add the whole IPSec virtual subnet to ‘login_trusted_networks’ since our IPSec tunnels provide end-to-end encryption and we therefore don't need the extra SSL/TLS protection. | |||
* | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
* | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 1 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 1 |
| | ||||
* | Automatically fetch X.509 certificates, and add them to git. | Guilhem Moulin | 2015-12-03 | 1 |
| | ||||
* | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 1 |
| | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | |||
* | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Fix Dovecot's mail location. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Add ability to add custom OrganizationalUnits in genkeypair. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Also, it's now possible to reuse an existing private key (with -f). | |||
* | Tell Dovecot we have a remote IMAP proxy. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't auto-create home directories when adding system users. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Unlike adduser(8), ansible's 'user' module copies skeletal configuration files even for system users (unless called with createhome=no). | |||
* | Use stunnel to secure the connection from the IMAP proxy to the IMAP server. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | The reason is that we don't want to rely on CAs to verify the certificate of our server. Dovecot currently doesn't offer a way to match said cert against a local copy or known fingerprint. stunnel does. | |||
* | Replace IPSec tunnels by app-level ephemeral TLS sessions. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well. | |||
* | Fix syntax error. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Generate certs for Dovecot and Nginx if they are not there. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Create a nightly cron job to purge expunged messages. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | This is required for dbox, see http://wiki2.dovecot.org/MailboxFormat/dbox#Multi-dbox | |||
* | Fix YAML syntax error. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | chown root:root /home/mail && chmod 0755 /home/mail | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | This ensures that Dovecot won't deliver messages if the disk hasn't been mounted, for instance. | |||
* | Ansible automatically creates parent directories. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure Sieve and ManageSieve. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server. | |||
* | Configure dovecot's antispam filter. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | | | Mails to be retrained are stored in the spooldir /home/mail/spamspool; later a daemon catches them up and feed them to sa-learn(1p). (On busy systems batch-process the learning should be much more efficient.) The folder transisition matrix along with the corresponding actions can be found there: http://hg.dovecot.org/dovecot-antispam-plugin/raw-file/5ebc6aae4d7c/doc/dovecot-antispam.7.txt See also dovecot-antispam(7). | |||
* | Enable IMAP virtual mailboxes. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | | | | Using dovecot's 'virtual' plugin, cf. http://wiki2.dovecot.org/Plugins/Virtual The 'virtual/' namespace is visible in the NAMESPACE command (hidden=no), but not in LIST (list=no). This should ensure that the namespace isn't automatically synced by offlineimap, but nevertheless visible by roundcube, cf. http://trac.roundcube.net/ticket/1486796 http://mailman2.u.washington.edu/pipermail/imap-protocol/2010-May/001076.html | |||
* | Configure the IMAP server. | Guilhem Moulin | 2015-06-07 | 1 |
(For now, only LMTP and IMAP processes, without replication.) |