summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc
Commit message (Collapse)AuthorAgeFiles
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-313
|
* MSA: reject null sender address.Guilhem Moulin2017-05-141
|
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
|
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
|
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
|
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
|
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
|
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-223
| | | | | | | | | | | | | | | We use a dedicated, non-routable, IPv4 subnet for IPSec. Furthermore the subnet is nullrouted in the absence of xfrm lookup (i.e., when there is no matching IPSec Security Association) to avoid data leaks. Each host is associated with an IP in that subnet (thus only reachble within that subnet, either by the host itself or by its IPSec peers). The peers authenticate each other using RSA public key authentication. Kernel traps are used to ensure that connections are only established when traffic is detected between the peers; after 30m of inactivity (this value needs to be less than the rekeying period) the connection is brought down and a kernel trap is installed.
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
|
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
| | | | | | | | Following Viktor Dukhovni's 2015-08-06 recommendation http://article.gmane.org/gmane.mail.postfix.user/251935 (We're using stronger ciphers and protocols in our own infrastructure.)
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-121
|
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
|
* More logcheck-database tweaks.Guilhem Moulin2016-02-171
|
* More logcheck-database tweaks.Guilhem Moulin2015-12-152
|
* More logcheck-database tweaks.Guilhem Moulin2015-12-011
|
* More logcheck-database tweaks.Guilhem Moulin2015-11-121
|
* More logcheck-database tweaks.Guilhem Moulin2015-10-142
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-241
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-212
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-151
|
* More logcheck-database tweaks.Guilhem Moulin2015-08-213
|
* Update unattended-upgrades configuration.Guilhem Moulin2015-07-191
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-221
|
* logcheck: Match only hexdigits in postfix queue ID.Guilhem Moulin2015-06-191
|
* Match IPv6 addresses in logcheck rules.Guilhem Moulin2015-06-191
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-103
|
* Configure munin nodes & master.Guilhem Moulin2015-06-101
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Don't assume that Postfix queue ID are always 10-digits long.Guilhem Moulin2015-06-101
|
* Add a reserved domain 'discard.fripost.org' to discard messages.Guilhem Moulin2015-06-071
| | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-072
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-071
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* rkhunter: Allow hidden dir /etc/.javaGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade the MX configuration from Wheezy to Jessie.Guilhem Moulin2015-06-071
| | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade samhain config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-072
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-071
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-071
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Disable rsyslog's rate-limiting.Guilhem Moulin2015-06-071
| | | | The default for rsyslog v7, but not for rsyslog v5.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* typoGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 02:03:51 +0000