| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 1 |
| | | ||||
| * | dovecot-auth-proxy: Fix synopsis line. | Guilhem Moulin | 2017-06-05 | 1 |
| | | ||||
| * | dovecot: enable user iteration and add a cronjob for `doveadm purge -A` | Guilhem Moulin | 2017-06-05 | 8 |
| | | ||||
| * | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 1 |
| | | ||||
| * | IMAP: new script list-users. | Guilhem Moulin | 2017-05-14 | 2 |
| | | ||||
| * | dovecot: Deduplicate attachments hourly, just before automatic backup. | Guilhem Moulin | 2016-12-11 | 1 |
| | | ||||
| * | dovecot: use Single-Instance Storage for mail attachments. | Guilhem Moulin | 2016-12-10 | 3 |
| | | ||||
| * | Dovecot: Explicitly disable LDAP. | Guilhem Moulin | 2016-12-08 | 1 |
| | | ||||
| * | Dovecot: use fallocate(2) to preallocate new mdbox files. | Guilhem Moulin | 2016-12-08 | 1 |
| | | ||||
| * | postfix: Remove obsolete templates tls_policy/relay_clientcerts. | Guilhem Moulin | 2016-07-12 | 1 |
| | | ||||
| * | postfix: commit the master.cf symlinks. | Guilhem Moulin | 2016-07-12 | 1 |
| | | ||||
| * | Postfix lists/MDA instances: only include the MX:es' IPs in $mynetworks. | Guilhem Moulin | 2016-07-10 | 1 |
| | | ||||
| * | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 2 |
| | | ||||
| * | Postfix: avoid hardcoding the instance names. | Guilhem Moulin | 2016-07-10 | 1 |
| | | ||||
| * | Postfix: don't share the master.cf between the instances. | Guilhem Moulin | 2016-07-10 | 2 |
| | | ||||
| * | postfix: Don't explicitly set inet_interfaces=all as it's the default. | Guilhem Moulin | 2016-07-10 | 1 |
| | | ||||
| * | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 |
| | | ||||
| * | IMAP: don't include mailbox under the virtual namespace in LIST responses. | Guilhem Moulin | 2016-07-06 | 1 |
| | | | | | | | | | | Clients now have to use the NAMESPACE extension [RFC 2342] to discover mailboxes under the “virtual/” namespace. (Plus an extra LIST command, causing an overhead two roundtrips.) Of course the downside is that non namespace-aware clients lose access to the “virtual/{all,flagged,…}” mailboxes, but on second thought it's probably better this way rather than having such clients treat these mailboxes as regular mailboxes. | |||
| * | dovecot: use the MSA postfix instance for sieve redirection. | Guilhem Moulin | 2016-07-01 | 2 |
| | | | | | | We don't want to use the default instance since its SIZE limit is tighter than the ones on the MX:es. | |||
| * | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 |
| | | | | | To avoid new commits upon cert renewal. | |||
| * | dovecot: don't listen on the IP dedicated for IPSec when there is a single host. | Guilhem Moulin | 2016-05-23 | 1 |
| | | ||||
| * | dovecot: also listen on the virtual IP dedicated to IPSec. | Guilhem Moulin | 2016-05-22 | 2 |
| | | | | | | | (On port 143.) Moreover, add the whole IPSec virtual subnet to ‘login_trusted_networks’ since our IPSec tunnels provide end-to-end encryption and we therefore don't need the extra SSL/TLS protection. | |||
| * | spamassassin: list our IPSec subnet in trusted_networks. | Guilhem Moulin | 2016-05-22 | 3 |
| | | ||||
| * | postfix: Update to recommended TLS settings. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | | | Following Viktor Dukhovni's 2015-08-06 recommendation http://article.gmane.org/gmane.mail.postfix.user/251935 (We're using stronger ciphers and protocols in our own infrastructure.) | |||
| * | postfix: unset 'smtpd_tls_session_cache_database'. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | Following Viktor Dukhovni's 2015-08-06 recommendation for Postfix >= 2.11 http://article.gmane.org/gmane.mail.postfix.user/251935 | |||
| * | Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | | | | | Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out. | |||
| * | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
| * | Remove SMTP message size limit on non public MTAs. | Guilhem Moulin | 2016-03-21 | 1 |
| | | ||||
| * | Let's Encrypt | Guilhem Moulin | 2016-03-02 | 1 |
| | | ||||
| * | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 3 |
| | | ||||
| * | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 2 |
| | | ||||
| * | dovecot: remove !SSLv2 from ssl_cipher_list. | Guilhem Moulin | 2015-12-15 | 1 |
| | | ||||
| * | Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ↵ | Guilhem Moulin | 2015-12-03 | 1 |
| | | | | | cert itself. | |||
| * | Automatically fetch X.509 certificates, and add them to git. | Guilhem Moulin | 2015-12-03 | 1 |
| | | ||||
| * | dovecot-sieve: Enable the 'editheader' extension (5293). | Guilhem Moulin | 2015-11-26 | 1 |
| | | | | | | Which is disabled by default, as per http://wiki.dovecot.org/Pigeonhole/Sieve | |||
| * | Remove \Recent flags when a virtual mailbox is SELECTed. | Guilhem Moulin | 2015-09-30 | 4 |
| | | ||||
| * | IMAP: Store virtual indexes in memory. | Guilhem Moulin | 2015-09-30 | 1 |
| | | ||||
| * | dovecot: Disable SSLv3. | Guilhem Moulin | 2015-09-17 | 1 |
| | | ||||
| * | Fix address verification probes on the MSA. | Guilhem Moulin | 2015-09-16 | 1 |
| | | | | | | Put all relay restrictions under smtpd_relay_restrictions and leave smtpd_recipient_restrictions empty, since we don't do DNSBL. | |||
| * | Enable the IMAP COMPRESS extension [RFC4978]. | Guilhem Moulin | 2015-09-15 | 1 |
| | | ||||
| * | Rename 'mysql_user' plugin to 'mysql_user2' to avoid name collisions. | Guilhem Moulin | 2015-07-12 | 1 |
| | | ||||
| * | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 3 |
| | | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | |||
| * | Dovecot: Collect IMAP statistics. | Guilhem Moulin | 2015-06-10 | 4 |
| | | ||||
| * | Allow 'vmail' users with a UID lower than 500. | Guilhem Moulin | 2015-06-10 | 1 |
| | | | | | Fix regression introduced in f7c8011. | |||
| * | SQL: Set empty passwords for auth_socket authentication. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 12 |
| | | ||||
| * | Remove reject_unknown_sender_domain from the MDA and outgoing SMTP. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | We already removed it from the MX:es (see 32e605d4); we need to remove it from the MDA and outgoing SMTP as well, otherwise mails could bounce or get stuck in the middle (the're rejected with 450: deferred by default). However we can keep the restriction on the entry points (MSA and webmail). | |||
| * | Hash certs using a lookup in the template instead of add a new task. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
 |
index : fripost-ansible | |
| Fripost ansible scripts |
| summaryrefslogtreecommitdiffstats |