summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc
Commit message (Collapse)AuthorAgeFiles
* logcheck: Match only hexdigits in postfix queue ID.Guilhem Moulin2015-06-191
|
* Match IPv6 addresses in logcheck rules.Guilhem Moulin2015-06-191
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-103
|
* Configure munin nodes & master.Guilhem Moulin2015-06-101
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Don't assume that Postfix queue ID are always 10-digits long.Guilhem Moulin2015-06-101
|
* Add a reserved domain 'discard.fripost.org' to discard messages.Guilhem Moulin2015-06-071
| | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-072
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-071
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* rkhunter: Allow hidden dir /etc/.javaGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade the MX configuration from Wheezy to Jessie.Guilhem Moulin2015-06-071
| | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade samhain config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-072
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-071
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-071
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Disable rsyslog's rate-limiting.Guilhem Moulin2015-06-071
| | | | The default for rsyslog v7, but not for rsyslog v5.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* typoGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Amavis is logging to syslog with severity 'notice'.Guilhem Moulin2015-06-071
|
* Don't merge amavis' logs into /var/log/syslog.Guilhem Moulin2015-06-071
| | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Replace Postgrey with postscreen.Guilhem Moulin2015-06-072
| | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Fix Amavis' Policy Banks.Guilhem Moulin2015-06-071
| | | | | | | | | | | It turns out that in a policy bank, a *_by_ccat doesn't replace the default but is merely merged into the default (if the keys overlap, those in the bank take precedence of course). Hence it's pointless to use CC_CATCHALL in a bank unless all the other keys have been overridden, for instance. Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING Policy Bank.
* Add a logcheck rule to ignore cyrus' annoying log messages.Guilhem Moulin2015-06-071
| | | | Namely, "DIGEST-MD5 common mech free". See also bug #631932.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Increase the timeout in the smtpd waiting for the reinjection from amavis.Guilhem Moulin2015-06-071
| | | | | | | | SMTP client connection caching was introduced in 2.6.0: the SMTP session is held for the next task (in adaptative mode, only when there was a delay of only 5s between the two previous mails), but Postfix will terminate it if the next mail doesn't come soon enough, or if amavis does't terminate it itself (usually after 15s).
* Install amavisd-new on the outgoing SMTP proxy.Guilhem Moulin2015-06-072
| | | | For DKIM signing and virus checking.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Remove IPSec related files.Guilhem Moulin2015-06-071
|
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-071
| | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
* Outgoing SMTP proxy.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Log SASL usernames for longer, but don't include mail.log into syslog.Guilhem Moulin2015-06-072
|
* Don't install 'unhide.rb'.Guilhem Moulin2015-06-071
|
* Don't use generic maps.Guilhem Moulin2015-06-071
| | | | | | | | | | | | | | | | | In fact we want to only rewrite the envelope sender: :/etc/postfix/main.cf # Overwrite local FQDN envelope sender addresses sender_canonical_classes = envelope_sender propagate_unmatched_extensions = sender_canonical_maps = cdb:$config_directory/sender_canonical :/etc/postfix/sender_canonical @elefant.fripost.org admin@fripost.org However, when canonical(5) processes a mail sent vias sendmail(1), it rewrites the envelope sender which seems to *later* be use as From: header.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|