Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
* | IPsec: allow ISAKMP over IPv6. | Guilhem Moulin | 2018-12-03 | 2 | |
| | |||||
* | Upgrade baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 15 | |
| | |||||
* | Skip samhain installation. | Guilhem Moulin | 2018-12-03 | 4 | |
| | | | | It's become too verbose (too many false-positive)… | ||||
* | Harden anti spam on the MX:es. | Guilhem Moulin | 2018-06-09 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2018-04-04 | 3 | |
| | |||||
* | Postfix: replace 'fifo' types with 'unix', as it's the new default. | Guilhem Moulin | 2018-04-04 | 1 | |
| | |||||
* | sympa: wibble | Guilhem Moulin | 2018-04-04 | 1 | |
| | |||||
* | Firewall: Allow DNS queries over TCP. | Guilhem Moulin | 2018-04-04 | 1 | |
| | |||||
* | APT: use deb.debian.org as archive source. | Guilhem Moulin | 2018-04-04 | 1 | |
| | |||||
* | Perform recipient address verification on the MSA itself. | Guilhem Moulin | 2018-04-04 | 2 | |
| | |||||
* | Upgrade syntax to Ansible 2.5. | Guilhem Moulin | 2018-04-04 | 3 | |
| | |||||
* | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2017-09-14 | 3 | |
| | |||||
* | Fix detection of KVM guests. | Guilhem Moulin | 2017-07-29 | 3 | |
| | |||||
* | rkhunter: Disable remote updates to fix CVE-2017-7480. | Guilhem Moulin | 2017-07-29 | 1 | |
| | |||||
* | Use MariaDB as default MySQL flavor. | Guilhem Moulin | 2017-07-29 | 1 | |
| | |||||
* | Don't install debsecan anymore by default. | Guilhem Moulin | 2017-06-26 | 2 | |
| | | | | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789196 | ||||
* | Webmail: don't allow outgoing TCP/993 connections. | Guilhem Moulin | 2017-06-15 | 1 | |
| | | | | We're going through IPsec to communicate with the IMAP server. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2017-06-07 | 1 | |
| | |||||
* | postfix-sender-login: wibble | Guilhem Moulin | 2017-06-05 | 1 | |
| | |||||
* | dovecot: enable user iteration and add a cronjob for `doveadm purge -A` | Guilhem Moulin | 2017-06-05 | 1 | |
| | |||||
* | postfix: enable XFORWARD command from our internal relays. | Guilhem Moulin | 2017-06-02 | 1 | |
| | |||||
* | postfix: don't rate-limit our IPsec subnet. | Guilhem Moulin | 2017-06-02 | 2 | |
| | |||||
* | Don't let authenticated client use arbitrary sender addresses. | Guilhem Moulin | 2017-06-01 | 1 | |
| | | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed. | ||||
* | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 5 | |
| | |||||
* | Also install non-free firmwares on civett. | Guilhem Moulin | 2017-05-30 | 2 | |
| | |||||
* | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 2 | |
| | |||||
* | MSA: reject null sender address. | Guilhem Moulin | 2017-05-14 | 1 | |
| | |||||
* | Fix Ansible 2.2.0 compatibility of a Jinja2 template. | Guilhem Moulin | 2017-01-14 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-12-08 | 1 | |
| | |||||
* | Postfix: ensure common aliases are present. | Guilhem Moulin | 2016-09-18 | 2 | |
| | |||||
* | FreshClam: change ownership of /etc/clamav/freshclam.conf. | Guilhem Moulin | 2016-09-18 | 1 | |
| | | | | | | | | To match the stock version shipped by clamav-freshclam 0.99.2+dfsg-0+deb8u2 ~$ stat -c '%U:%G %a' /etc/clamav/freshclam.conf clamav:adm 444 | ||||
* | Firewall: allow duplicates rules. | Guilhem Moulin | 2016-09-18 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-08-22 | 2 | |
| | |||||
* | postfix: Remove obsolete templates tls_policy/relay_clientcerts. | Guilhem Moulin | 2016-07-12 | 1 | |
| | |||||
* | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 4 | |
| | |||||
* | Postfix: avoid hardcoding the instance names. | Guilhem Moulin | 2016-07-10 | 1 | |
| | |||||
* | Postfix: don't share the master.cf between the instances. | Guilhem Moulin | 2016-07-10 | 2 | |
| | |||||
* | Route SMTP traffic from the webmail through IPsec. | Guilhem Moulin | 2016-07-10 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-07-09 | 2 | |
| | |||||
* | Localize the NTP pool hostnames. | Guilhem Moulin | 2016-07-09 | 1 | |
| | |||||
* | Localize the debian archive hostnames. | Guilhem Moulin | 2016-07-09 | 1 | |
| | |||||
* | ClamAV (FreshClam): use a localized Database Mirror. | Guilhem Moulin | 2016-07-09 | 2 | |
| | | | | | | As db.local.clamav.net is not always properly localized. Furthermore, our previous Ansiblee script did not ensure ordering of the DatabaseMirror lines. | ||||
* | IPSec → IPsec | Guilhem Moulin | 2016-06-29 | 5 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2016-06-29 | 3 | |
| | |||||
* | update-firewall.sh: COMMIT empty iptables rule files. | Guilhem Moulin | 2016-06-29 | 1 | |
| | |||||
* | Use stunnel to secure the connection from the webmail to ldap.fripost.org. | Guilhem Moulin | 2016-06-05 | 1 | |
| | | | | | We should use IPSec instead, but doing so would force us to weaken slapd.conf's ‘security’ setting. | ||||
* | typo | Guilhem Moulin | 2016-05-24 | 1 | |
| | |||||
* | IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication. | Guilhem Moulin | 2016-05-24 | 3 | |
| | | | | There is no need to bother with X.509 cruft here. | ||||
* | genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH ↵ | Guilhem Moulin | 2016-05-22 | 2 | |
| | | | | parameters. |