Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | postfix: don't rate-limit our IPsec subnet. | Guilhem Moulin | 2017-06-02 | 1 |
| | ||||
* | MSA: reject null sender address. | Guilhem Moulin | 2017-05-14 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-12-08 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-08-22 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-07-09 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-06-29 | 3 |
| | ||||
* | Set up IPSec tunnels between each pair of hosts. | Guilhem Moulin | 2016-05-22 | 1 |
| | | | | | | | | | | | | | | | We use a dedicated, non-routable, IPv4 subnet for IPSec. Furthermore the subnet is nullrouted in the absence of xfrm lookup (i.e., when there is no matching IPSec Security Association) to avoid data leaks. Each host is associated with an IP in that subnet (thus only reachble within that subnet, either by the host itself or by its IPSec peers). The peers authenticate each other using RSA public key authentication. Kernel traps are used to ensure that connections are only established when traffic is detected between the peers; after 30m of inactivity (this value needs to be less than the rekeying period) the connection is brought down and a kernel trap is installed. | |||
* | Use systemd unit files for stunnel4. | Guilhem Moulin | 2016-05-12 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-03-13 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-02-17 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-12-15 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-12-01 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-11-12 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-10-14 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-09-24 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-09-21 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-09-15 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-08-21 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-22 | 1 |
| | ||||
* | logcheck: Match only hexdigits in postfix queue ID. | Guilhem Moulin | 2015-06-19 | 1 |
| | ||||
* | Match IPv6 addresses in logcheck rules. | Guilhem Moulin | 2015-06-19 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-10 | 3 |
| | ||||
* | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 1 |
| | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | |||
* | Don't assume that Postfix queue ID are always 10-digits long. | Guilhem Moulin | 2015-06-10 | 1 |
| | ||||
* | Add a reserved domain 'discard.fripost.org' to discard messages. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’. | |||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | |||
* | Use recipient address verification probes. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command. | |||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | Upgrade custom logcheck-database to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade amavis config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade Postfix config to Jessie (MSA & outgoing proxy). | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Replace Postgrey with postscreen. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not. | |||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Fix Amavis' Policy Banks. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | It turns out that in a policy bank, a *_by_ccat doesn't replace the default but is merely merged into the default (if the keys overlap, those in the bank take precedence of course). Hence it's pointless to use CC_CATCHALL in a bank unless all the other keys have been overridden, for instance. Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING Policy Bank. | |||
* | Add a logcheck rule to ignore cyrus' annoying log messages. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Namely, "DIGEST-MD5 common mech free". See also bug #631932. | |||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| |