| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
| |
As of bullseye amavis needs the private key material to be reabled by
the 'amavis' user.
|
|
|
|
|
| |
We want to give people the time add the key to DNS before we update the
signing policy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cf. https://lists.debian.org/debian-devel-announce/2020/04/msg00004.html . \o/
It's also fairly easy to deploy onto the Debian infrastucture:
$ USERNAME="guilhem"
$ SELECTOR="5d30c523ff3622ed454230a16a11ddf6.$USERNAME.user"
$ printf "dkimPubKey: %s %s\n" "$SELECTOR" \
"$(openssl pkey -pubin -in "./certs/dkim/$SELECTOR:debian.org.pub" -outform DER | base64 -w0)" \
| gpg --clearsign | s-nail -r "USERNAME@debian.org" -s dkimPubKey changes@db.debian.org
|
|
|
|
|
| |
While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.
|
| |
|
| |
|
|
|
|
| |
Cf. lmdb_table(5).
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Interhost communications are protected by stunnel4. The graphs are only
visible on the master itself, and content is generated by Fast CGI.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that in a policy bank, a *_by_ccat doesn't replace the
default but is merely merged into the default (if the keys overlap,
those in the bank take precedence of course). Hence it's pointless to
use CC_CATCHALL in a bank unless all the other keys have been
overridden, for instance.
Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING
Policy Bank.
|
|
|
|
|
|
| |
So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the
default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it
before hand).
|
| |
|
| |
|
| |
|
|
|
|
| |
So unfortunately we can't fit a 2048-bits RSA key.
|
| |
|
|
For DKIM signing and virus checking.
|