fripost-ansible - Fripost ansible scripts

	Commit message (Collapse)	Author	Age	Files
*	MX: Port to Debian 10.	Guilhem Moulin	2020-05-16	1
\| \| \| \| \| \| \| \|	For postfix, don't defer if "abused legit". (I.e., DBL return code in the 127.0.1.100+ range.) This used to work for Postfix 3.1.14 (Stretch) but for 3.4.8 (Buster) the 'defer_if_reject' also applies to $smtpd_relay_restrictions, to reject_unauth_destination & reject_unlisted_recipient in particular.
*	MX: Install OpenDMARC to add Authentication-Results headers.	Guilhem Moulin	2020-05-16	3
\| \| \| \| \| \| \| \|	On the infrastructure boundary. We don't reject/quarantine as it would affect members who forward their mail sent to <user@example.com> to <user@fripost.org>. Members can install Sieve rules to send any messages with failed Authentication-Results headers directly in their spambox.
*	MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.	Guilhem Moulin	2018-12-09	7
\| \| \| \| \| \|	Unlike what we wrote in 2014 (cf. 4fb4be4d279dd94cab33fc778cfa318b93d6926f) the postscreen(8) server can run chrooted, meaning we can also chroot the smtpd(8), tlsproxy(8), dnsblog(8) and cleanup(8) daemons.
*	Harden anti spam on the MX:es.	Guilhem Moulin	2018-06-09	1
\|
*	Use blackhole subdomain for sender addresses of verify probes.	Guilhem Moulin	2017-05-16	1
\| \| \| \| \| \| \| \| \| \| \|	These addresses need to be accepted on the MX:es, as recipients sometimes phone back during the SMTP session to check whether the sender exists. Since a time-dependent suffix is added to the local part (cf. http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's not enough to drop incoming mails to ‘double-bounce@fripost.org’, and it's impractical to do the same for /^double-bounce.*@fripost\.org$/.
*	Add a reserved domain 'discard.fripost.org' to discard messages.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
*	Upgrade the MX configuration from Wheezy to Jessie.	Guilhem Moulin	2015-06-07	7
\| \| \| \| \| \|	In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
*	typo	Guilhem Moulin	2015-06-07	1
\|
*	Split templates / files in lookup tables.	Guilhem Moulin	2015-06-07	7
\|
*	wibble	Guilhem Moulin	2015-06-07	1
\|
*	Remove o=mailHosting from the LDAP directory suffix.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \|	So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it before hand).
*	Fix a corner case in reserved-alias.pl.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	'if $l' is false when $l is 0, while 0@example.org is a perfectly valid address.
*	Fix catchall resolution.	Guilhem Moulin	2015-06-07	8
\| \| \| \| \| \| \| \|	It has to be performed last, to give a chance to be accepted as a regular mailbox. We introduce a new, dedicated, smtpd daemon whose only purpose is to resolve catch-alls.
*	Remove the 'fripostLocalAlias' attribute.	Guilhem Moulin	2015-06-07	2
\| \| \| \| \| \| \| \| \| \| \| \| \|	Instead, we pretend that lists are valid users (via a match in the mailbox_transport_maps) but choose a different transport (with the same request in transport_maps). The advantage is that we get rid of the ugly hack for list transport… A minor drawback is that we now have two LDAP lookups instead of one for non local addresses (ie, everything but reserved addresses). Hopefully the requests are cached; but even if they aren't, querying a local LDAP server is supposed to be cheap.
*	wibble	Guilhem Moulin	2015-06-07	6
\|
*	Rename the role 'mx' into 'MX'.	Guilhem Moulin	2015-06-07	9
	Other abreviations are upper case.