summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/logcheck
Commit message (Collapse)AuthorAgeFiles
* sympa: wibbleGuilhem Moulin2018-04-041
|
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-041
|
* More logcheck-database tweaks.Guilhem Moulin2017-09-143
|
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-291
|
* More logcheck-database tweaks.Guilhem Moulin2017-06-071
|
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
|
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
|
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
|
* MSA: reject null sender address.Guilhem Moulin2017-05-141
|
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
|
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
|
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
|
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
|
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-221
| | | | | | | | | | | | | | | We use a dedicated, non-routable, IPv4 subnet for IPSec. Furthermore the subnet is nullrouted in the absence of xfrm lookup (i.e., when there is no matching IPSec Security Association) to avoid data leaks. Each host is associated with an IP in that subnet (thus only reachble within that subnet, either by the host itself or by its IPSec peers). The peers authenticate each other using RSA public key authentication. Kernel traps are used to ensure that connections are only established when traffic is detected between the peers; after 30m of inactivity (this value needs to be less than the rekeying period) the connection is brought down and a kernel trap is installed.
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-121
|
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
|
* More logcheck-database tweaks.Guilhem Moulin2016-02-171
|
* More logcheck-database tweaks.Guilhem Moulin2015-12-152
|
* More logcheck-database tweaks.Guilhem Moulin2015-12-011
|
* More logcheck-database tweaks.Guilhem Moulin2015-11-121
|
* More logcheck-database tweaks.Guilhem Moulin2015-10-142
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-241
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-212
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-151
|
* More logcheck-database tweaks.Guilhem Moulin2015-08-213
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-221
|
* logcheck: Match only hexdigits in postfix queue ID.Guilhem Moulin2015-06-191
|
* Match IPv6 addresses in logcheck rules.Guilhem Moulin2015-06-191
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-103
|
* Configure munin nodes & master.Guilhem Moulin2015-06-101
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Don't assume that Postfix queue ID are always 10-digits long.Guilhem Moulin2015-06-101
|
* Add a reserved domain 'discard.fripost.org' to discard messages.Guilhem Moulin2015-06-071
| | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-071
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-071
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-071
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-071
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-072
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Replace Postgrey with postscreen.Guilhem Moulin2015-06-071
| | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not.