| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Configure NTP. | Guilhem Moulin | 2015-06-07 | 2 | 
| | | | | | | | We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec. | |||
| * | Configure the Mail Submission Agent. | Guilhem Moulin | 2015-06-07 | 2 | 
| | | ||||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Configure the IMAP server. | Guilhem Moulin | 2015-06-07 | 2 | 
| | | | | | (For now, only LMTP and IMAP processes, without replication.) | |||
| * | Configure the MX:es. | Guilhem Moulin | 2015-06-07 | 3 | 
| | | ||||
| * | Share master.cf accross all Postfix instances. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | | And use main.cf's 'master_service_disable' setting to deactivate each service that's useless for a given instance. (Hence solve conflict when trying to listen twice on the same port, for instance.) | |||
| * | Use a dedicated SMTP port for samhain. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | | | It's unfortunate that samhain cannot use the sendmail binary, and wants to use a inet socket instead. We use a custom port to avoid conflicts with the usual SMTP port the MX:es need to listen on. See also: /usr/share/doc/samhain/TODO.Debian | |||
| * | Reorganization. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Reformulate the headers showing the license. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | To be clearer, and to follow the recommendation of the FSF, we include a full header rather than a single sentence. | |||
| * | Configure debsecan. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Common LDAP (slapd) configuration. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Postfix master (nullmailer) configuration | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | We use a dedicated instance for each role: MDA, MTA out, MX, etc. | |||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Prefer maching on policy rather than marks. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | Also, use ESP tunnel mode instead of transport mode. | |||
| * | Use a dedicated 'fail2ban' chain for fail2ban. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | So it doesn't mess with the high-priority rules regarding IPSec. | |||
| * | Configure IPSec. | Guilhem Moulin | 2015-06-07 | 2 | 
| | | ||||
| * | Configure fail2ban. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Configure v4 and v6 iptable rulesets. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Configure APT. | Guilhem Moulin | 2015-06-07 | 2 | 
| | | ||||
| * | Configure /etc/{hosts,hostname,mailname}. | Guilhem Moulin | 2015-06-07 | 2 | 
