summaryrefslogtreecommitdiffstats
path: root/roles/common/files
Commit message (Collapse)AuthorAgeFiles
* More logcheck-database tweaks.Guilhem Moulin2015-10-142
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-241
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-212
|
* More logcheck-database tweaks.Guilhem Moulin2015-09-151
|
* More logcheck-database tweaks.Guilhem Moulin2015-08-213
|
* Update unattended-upgrades configuration.Guilhem Moulin2015-07-191
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-221
|
* logcheck: Match only hexdigits in postfix queue ID.Guilhem Moulin2015-06-191
|
* Match IPv6 addresses in logcheck rules.Guilhem Moulin2015-06-191
|
* Use a single LDAP connection per Munin round to collect slapd statistics.Guilhem Moulin2015-06-112
| | | | Using multigraphs instead.
* More logcheck-database tweaks.Guilhem Moulin2015-06-103
|
* slapd monitoring.Guilhem Moulin2015-06-101
| | | | | We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds.
* Configure munin nodes & master.Guilhem Moulin2015-06-108
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Don't assume that Postfix queue ID are always 10-digits long.Guilhem Moulin2015-06-101
|
* Add a reserved domain 'discard.fripost.org' to discard messages.Guilhem Moulin2015-06-071
| | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-072
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-071
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* Configure Bacula File Daemon / Storage Daemon / Director.Guilhem Moulin2015-06-071
| | | | | Using client-side data signing/encryption and wrapping inter-host communication into stunnel.
* firewall: allow 127.0.0.1/8 on lo.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* genkeypair.sh: Merge privkey and pubkey for identical filekeys.Guilhem Moulin2015-06-071
| | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR.
* rkhunter: Allow hidden dir /etc/.javaGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade the MX configuration from Wheezy to Jessie.Guilhem Moulin2015-06-071
| | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
* logjam mitigation.Guilhem Moulin2015-06-072
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Upgrade samhain config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-072
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-071
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-071
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Disable rsyslog's rate-limiting.Guilhem Moulin2015-06-071
| | | | The default for rsyslog v7, but not for rsyslog v5.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* typoGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Key usage 'keyCertSign' is required for self-signed certificates.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Amavis is logging to syslog with severity 'notice'.Guilhem Moulin2015-06-071
|
* Don't merge amavis' logs into /var/log/syslog.Guilhem Moulin2015-06-071
| | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Replace Postgrey with postscreen.Guilhem Moulin2015-06-072
| | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Fix Amavis' Policy Banks.Guilhem Moulin2015-06-071
| | | | | | | | | | | It turns out that in a policy bank, a *_by_ccat doesn't replace the default but is merely merged into the default (if the keys overlap, those in the bank take precedence of course). Hence it's pointless to use CC_CATCHALL in a bank unless all the other keys have been overridden, for instance. Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING Policy Bank.