summaryrefslogtreecommitdiffstats
path: root/roles/MSA
Commit message (Expand)AuthorAgeFiles
* Postfix: pin key material to our MX:es for fripost.org and its subdomains.Guilhem Moulin2021-01-262
* Postfix: Install -lmdb in all roles using db=lmdb.Guilhem Moulin2020-05-211
* postfix-sender-login: Better hardening.Guilhem Moulin2020-05-213
* MSA: Update role to Debian Buster.Guilhem Moulin2020-05-192
* submission: Prospective SPF checking.Guilhem Moulin2018-12-123
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-091
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-091
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* Upgrade syntax to Ansible 2.7 (apt module).Guilhem Moulin2018-12-031
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-032
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-041
* postfix-sender-login: strip extension before lookup.Guilhem Moulin2017-06-131
* postfix-msa: anonymize SASL-authenticated senders using IPv6.Guilhem Moulin2017-06-061
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
* move postfix-sender-login.{service,socket} to files/.Guilhem Moulin2017-06-022
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* postfix-sender-login: terminate the worker after 32*$nProc connections to rel...Guilhem Moulin2017-06-011
* postfix-sender-login: handle EINTR in read(2) and write(2) calls.Guilhem Moulin2017-06-011
* postfix-sender-login: pre-fork 2 servers.Guilhem Moulin2017-06-011
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-016
* Use blackhole subdomain for sender addresses of verify probes.Guilhem Moulin2017-05-161
* MSA: reject null sender address.Guilhem Moulin2017-05-143
* postfix: commit the master.cf symlinks.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-101
* Postfix MX/MSA instances: put certs in the the instance's $config_directory.Guilhem Moulin2016-07-102
* Postfix MX/MSA instances: don't ask the remote SMTP client for a client certi...Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-102
* postfix: Don't explicitly set inet_interfaces=all as it's the default.Guilhem Moulin2016-07-101
* Change the pubkey extension from .pem to .pub.Guilhem Moulin2016-07-101
* Postfix MSA: don't allow unauthenticated clients from $mynetworks.Guilhem Moulin2016-06-291
* certs/public: fetch each cert's pubkey (SPKI), not the cert itself.Guilhem Moulin2016-06-151
* postfix: rotate the sender address for verify probes.Guilhem Moulin2016-06-021
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
* postfix: unset 'smtpd_tls_session_cache_database'.Guilhem Moulin2016-05-181
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-181
* Let's EncryptGuilhem Moulin2016-03-021
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-121
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
* Automatically fetch X.509 certificates, and add them to git.Guilhem Moulin2015-12-031
* Fix address verification probes on the MSA.Guilhem Moulin2015-09-161
* Use 'double-bounce@fripost.org' as envelope sender for verification probes.Guilhem Moulin2015-06-111
* Don't bounce unverified recipients upon 4xx errors.Guilhem Moulin2015-06-111
* Configure munin nodes & master.Guilhem Moulin2015-06-102
* Use recipient address verification probes.Guilhem Moulin2015-06-071
* logjam mitigation.Guilhem Moulin2015-06-071
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-071