Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-09-15 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-08-21 | 3 | |
| | |||||
* | Update unattended-upgrades configuration. | Guilhem Moulin | 2015-07-19 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-22 | 1 | |
| | |||||
* | logcheck: Match only hexdigits in postfix queue ID. | Guilhem Moulin | 2015-06-19 | 1 | |
| | |||||
* | Match IPv6 addresses in logcheck rules. | Guilhem Moulin | 2015-06-19 | 1 | |
| | |||||
* | Use a single LDAP connection per Munin round to collect slapd statistics. | Guilhem Moulin | 2015-06-11 | 2 | |
| | | | | Using multigraphs instead. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-10 | 3 | |
| | |||||
* | slapd monitoring. | Guilhem Moulin | 2015-06-10 | 1 | |
| | | | | | We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds. | ||||
* | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 8 | |
| | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | ||||
* | Don't assume that Postfix queue ID are always 10-digits long. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | Add a reserved domain 'discard.fripost.org' to discard messages. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’. | ||||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 2 | |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | ||||
* | Use recipient address verification probes. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command. | ||||
* | Configure Bacula File Daemon / Storage Daemon / Director. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | Using client-side data signing/encryption and wrapping inter-host communication into stunnel. | ||||
* | firewall: allow 127.0.0.1/8 on lo. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | genkeypair.sh: Merge privkey and pubkey for identical filekeys. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR. | ||||
* | rkhunter: Allow hidden dir /etc/.java | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Upgrade the MX configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed. | ||||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Upgrade samhain config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade custom logcheck-database to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade rkhunter config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade amavis config to Jessie. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Upgrade Postfix config to Jessie (MSA & outgoing proxy). | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Disable rsyslog's rate-limiting. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | The default for rsyslog v7, but not for rsyslog v5. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Key usage 'keyCertSign' is required for self-signed certificates. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Amavis is logging to syslog with severity 'notice'. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Don't merge amavis' logs into /var/log/syslog. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Replace Postgrey with postscreen. | Guilhem Moulin | 2015-06-07 | 2 | |
| | | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Fix Amavis' Policy Banks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | | | | | | | It turns out that in a policy bank, a *_by_ccat doesn't replace the default but is merely merged into the default (if the keys overlap, those in the bank take precedence of course). Hence it's pointless to use CC_CATCHALL in a bank unless all the other keys have been overridden, for instance. Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING Policy Bank. | ||||
* | Add a logcheck rule to ignore cyrus' annoying log messages. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | Namely, "DIGEST-MD5 common mech free". See also bug #631932. | ||||
* | 'default_days' in openssl.cnf doesn't work, use -days instead. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 | |
| |