Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Install CAcert.org root certificates. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package. | |||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade the MX configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed. | |||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Allow outgoing HKP and WHOIS traffic on the LDAP provider. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Allow outgoing SSH traffic. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Add wildcard Pin version in apt preferences. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't instal smartd on KVM guests. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade the common package list. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Add a 'root' alias to root@fripost.org. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade samhain config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade custom logcheck-database to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade rkhunter config to Jessie. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Upgrade amavis config to Jessie. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Upgrade Postfix config to Jessie (MSA & outgoing proxy). | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 5 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Enable the use of git:// clients. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Disable rsyslog's rate-limiting. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | The default for rsyslog v7, but not for rsyslog v5. | |||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Key usage 'keyCertSign' is required for self-signed certificates. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Amavis is logging to syslog with severity 'notice'. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't install intel-microcode on Xen guests. | Guilhem Moulin | 2015-06-07 | 3 |
| | | | | It should be installed on the dom0 instead. | |||
* | Don't install smartd on Xen guests. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | S.M.A.R.T makes little sense for virtual HDDs. | |||
* | Don't merge amavis' logs into /var/log/syslog. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy. | |||
* | Install auditd. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Replace Postgrey with postscreen. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not. | |||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Fix NTP configuration. | Guilhem Moulin | 2015-06-07 | 3 |
| | | | | We've yet to get authenticated time, though. | |||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | Ensure have a TLS policy for each of our host we want to relay to. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Fix Dovecot's mail location. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Perform the alias resolution and address validation solely on the MX:es. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | We can therefore spare some lookups on the MDA, and use static:all instead. | |||
* | Fix Amavis' Policy Banks. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | It turns out that in a policy bank, a *_by_ccat doesn't replace the default but is merely merged into the default (if the keys overlap, those in the bank take precedence of course). Hence it's pointless to use CC_CATCHALL in a bank unless all the other keys have been overridden, for instance. Also, treat unchecked (eg, encrypted) mails as clean in the OUTGOING Policy Bank. | |||
* | Add a logcheck rule to ignore cyrus' annoying log messages. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Namely, "DIGEST-MD5 common mech free". See also bug #631932. |