summaryrefslogtreecommitdiffstats
path: root/roles/MSA
Commit message (Expand)AuthorAgeFiles
* move postfix-sender-login.{service,socket} to files/.Guilhem Moulin2017-06-022
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* postfix-sender-login: terminate the worker after 32*$nProc connections to rel...Guilhem Moulin2017-06-011
* postfix-sender-login: handle EINTR in read(2) and write(2) calls.Guilhem Moulin2017-06-011
* postfix-sender-login: pre-fork 2 servers.Guilhem Moulin2017-06-011
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-016
* Use blackhole subdomain for sender addresses of verify probes.Guilhem Moulin2017-05-161
* MSA: reject null sender address.Guilhem Moulin2017-05-143
* postfix: commit the master.cf symlinks.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-101
* Postfix MX/MSA instances: put certs in the the instance's $config_directory.Guilhem Moulin2016-07-102
* Postfix MX/MSA instances: don't ask the remote SMTP client for a client certi...Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-102
* postfix: Don't explicitly set inet_interfaces=all as it's the default.Guilhem Moulin2016-07-101
* Change the pubkey extension from .pem to .pub.Guilhem Moulin2016-07-101
* Postfix MSA: don't allow unauthenticated clients from $mynetworks.Guilhem Moulin2016-06-291
* certs/public: fetch each cert's pubkey (SPKI), not the cert itself.Guilhem Moulin2016-06-151
* postfix: rotate the sender address for verify probes.Guilhem Moulin2016-06-021
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
* postfix: unset 'smtpd_tls_session_cache_database'.Guilhem Moulin2016-05-181
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-181
* Let's EncryptGuilhem Moulin2016-03-021
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-121
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
* Automatically fetch X.509 certificates, and add them to git.Guilhem Moulin2015-12-031
* Fix address verification probes on the MSA.Guilhem Moulin2015-09-161
* Use 'double-bounce@fripost.org' as envelope sender for verification probes.Guilhem Moulin2015-06-111
* Don't bounce unverified recipients upon 4xx errors.Guilhem Moulin2015-06-111
* Configure munin nodes & master.Guilhem Moulin2015-06-102
* Use recipient address verification probes.Guilhem Moulin2015-06-071
* logjam mitigation.Guilhem Moulin2015-06-071
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-071
* Fix $smtpd_sender_restrictions.Guilhem Moulin2015-06-071
* Tell vim the underlying filetype of templates for syntax highlighting.Guilhem Moulin2015-06-071
* Reload Postfix upon configuration change, but don't restart it.Guilhem Moulin2015-06-072
* Don't restart/reload Postifx upon change of a file based database.Guilhem Moulin2015-06-071
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-071
* Outgoing SMTP proxy.Guilhem Moulin2015-06-071
* Support boken SMTP clients and LOGIN SASL mechanism.Guilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Assume a DNS entry for each role.Guilhem Moulin2015-06-071
* Don't pass the client information unless necessary.Guilhem Moulin2015-06-071
* Don't use IPSec to relay messages to localhost.Guilhem Moulin2015-06-071
* typoGuilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Configure the Mail Submission Agent.Guilhem Moulin2015-06-074