summaryrefslogtreecommitdiffstats
path: root/roles/amavis
Commit message (Collapse)AuthorAgeFiles
* Don't restart amavis on DKIM key generation.Guilhem Moulin2021-02-131
| | | | | We want to give people the time add the key to DNS before we update the signing policy.
* roles/amavis: Drop packages that no longer exist.Guilhem Moulin2020-05-171
|
* Add own DKIM key for debian.org address.Guilhem Moulin2020-04-131
| | | | | | | | | | | | Cf. https://lists.debian.org/debian-devel-announce/2020/04/msg00004.html . \o/ It's also fairly easy to deploy onto the Debian infrastucture: $ USERNAME="guilhem" $ SELECTOR="5d30c523ff3622ed454230a16a11ddf6.$USERNAME.user" $ printf "dkimPubKey: %s %s\n" "$SELECTOR" \ "$(openssl pkey -pubin -in "./certs/dkim/$SELECTOR:debian.org.pub" -outform DER | base64 -w0)" \ | gpg --clearsign | s-nail -r "USERNAME@debian.org" -s dkimPubKey changes@db.debian.org
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-052
| | | | | While the combination of "s=" tag (selector) & "d=" tag signing domain maps to a unique key, the selector alone doesn't necessarily.
* Upgrade DKIM keys to rsa2048, and allow for multiple keys.Guilhem Moulin2018-12-043
|
* Upgrade syntax to Ansible 2.7 (apt module).Guilhem Moulin2018-12-031
|
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-031
| | | | Cf. lmdb_table(5).
* Amavis: bind server to INADDR_LOOPBACKGuilhem Moulin2018-04-041
|
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-181
|
* clamav: Don't set obsolete option 'AllowSupplementaryGroups'.Guilhem Moulin2016-06-051
|
* Amavis: use the LMTP protocol in the policy banks.Guilhem Moulin2016-03-031
|
* Configure munin nodes & master.Guilhem Moulin2015-06-102
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-072
|
* Fix Amavis' Policy Banks.Guilhem Moulin2015-06-071
| | | | | | | | | | | It turns out that in a policy bank, a *_by_ccat doesn't replace the default but is merely merged into the default (if the keys overlap, those in the bank take precedence of course). Hence it's pointless to use CC_CATCHALL in a bank unless all the other keys have been overridden, for instance. Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING Policy Bank.
* Remove o=mailHosting from the LDAP directory suffix.Guilhem Moulin2015-06-071
| | | | | | So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it before hand).
* Generate the DKIM key on the outgoing instance only.Guilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* Tell vim the underlying filetype of templates for syntax highlighting.Guilhem Moulin2015-06-071
|
* Loopia's maximum length for TXT records is 255 chars.Guilhem Moulin2015-06-073
| | | | So unfortunately we can't fit a 2048-bits RSA key.
* typoGuilhem Moulin2015-06-072
|
* Install amavisd-new on the outgoing SMTP proxy.Guilhem Moulin2015-06-073
For DKIM signing and virus checking.