summaryrefslogtreecommitdiffstats
path: root/roles/lists/files
Commit message (Collapse)AuthorAgeFiles
* Sympa: Default to dmarc_protection_mode=dmarc_reject.Guilhem Moulin2024-09-081
|
* Sympa: Update Content-Security-Policy.Guilhem Moulin2024-09-081
|
* Sympa: Enable French support.Guilhem Moulin2024-06-121
| | | | Cf. msgid=<c368f04c-b8d1-4623-98f0-b6a3b724f90d@dubre.me>.
* Sympa: Update robot.conf to fix HTTP 421 on virtual hosts.Guilhem Moulin2023-01-132
| | | | | | See https://github.com/sympa-community/sympa/issues/879 , https://www.sympa.community/manual/upgrade/notes.html#from-version-prior-to-6256 and https://www.sympa.community/gpldoc/man/sympa_config.5.html#wwsympa_url_local .
* nginx: Add Expires: HTTP headers.Guilhem Moulin2020-05-171
|
* lists.fripost.org: Improve gzip support.Guilhem Moulin2020-05-171
|
* wwsympa.service: Use existing directory /run/sympa.Guilhem Moulin2020-05-161
| | | | | We shouldn't use RuntimeDirectory to create it anew because is belongs to the Sympa daemon and WWSympa looks up for PID files in there.
* sympa.conf: remove deprecated options.Guilhem Moulin2020-05-161
|
* antilop: Upgrade baseline to Debian 10.Guilhem Moulin2020-05-163
|
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-091
|
* Upgrade 'lists' role to Debian Stretch.Guilhem Moulin2018-12-094
|
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-091
| | | | And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-312
|
* wwsympa: allow write access to /var/spool/sympa.Guilhem Moulin2017-05-141
| | | | Request to post and moderate messages using the web interface.
* nginx: add support for HTTP/2.Guilhem Moulin2016-12-131
|
* nginx: Don't hard-code the HPKP headers.Guilhem Moulin2016-07-121
| | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out.
* wwsympa systemd service file: Set PrivateTmp=yes.Guilhem Moulin2016-06-071
| | | | The CGI wants to create a temp file during bulk subcription.
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-121
|
* Set a HPKP on the webmail, website/wiki/git and list manager.Guilhem Moulin2016-04-011
|
* Set a CSP on the webmail, website/wiki and list manager.Guilhem Moulin2016-04-011
|
* Set HTTP security headers.Guilhem Moulin2016-03-301
| | | | See https://securityheaders.io .
* Let's EncryptGuilhem Moulin2016-03-021
|
* Update all Fripost links from http:// to https://.Guilhem Moulin2015-12-281
|
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
|
* nginx: Move include.d/* to snippets/.Guilhem Moulin2015-12-201
|
* nginx: s/conf.d/include.d/Guilhem Moulin2015-12-151
|
* wibbleGuilhem Moulin2015-12-091
|
* ngnix: mv ssl/config conf.d/sslGuilhem Moulin2015-12-091
|
* nginx: adjust expiration date for static content.Guilhem Moulin2015-10-301
|
* Prefer 302 over 301 redirections.Guilhem Moulin2015-06-101
|
* Fix log filenames for lists.f.o.Guilhem Moulin2015-06-071
|
* VERP management.Guilhem Moulin2015-06-071
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-0710
|
* Use $virtual_alias_domains not $virtual_mailbox_domains.Guilhem Moulin2015-06-072
| | | | | | | | | | | | | | | | | | | | | | | | | Quoting postconf(5): smtpd_reject_unlisted_recipient (default: yes) Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. An address is always considered "known" when it matches a virtual(5) alias or a canonical(5) mapping. […] * The recipient domain matches $virtual_alias_domains but the recipient is not listed in $virtual_alias_maps. * The recipient domain matches $virtual_mailbox_domains but the recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps is not null. Since we alias everything under special, "invalid", domains (mda.f.o and mailman.f.o), our $virtual_mailbox_maps was null, which led to reject_unlisted_recipient not being triggered for say, "noone@fripost.org". However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits into the second point above.
* Remove o=mailHosting from the LDAP directory suffix.Guilhem Moulin2015-06-071
| | | | | | So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it before hand).
* Use Debian's usual location for static web content.Guilhem Moulin2015-06-071
| | | | Hence put the CSS and fonts under /usr/share/.
* Make the *_maps file names uniform.Guilhem Moulin2015-06-071
| | | | That is, don't put a leading virtual_ or a trailing _maps in file names.
* Fix the catch-all resolution again.Guilhem Moulin2015-06-071
| | | | | | | | | | | | | | | | | | | | We introduce a limitation on the domain-aliases: they can't have children (e.g., lists or users) any longer. The whole alias resolution, including catch-alls and domain aliases, is now done in 'virtual_alias_maps'. We stop the resolution by returning a dummy alias A -> A for mailboxes, before trying the catch-all maps. We're still using transport_maps for lists. If it turns out to be a bottleneck due to the high-latency coming from LDAP maps, (and the fact that there is a single qmgr(8) daemon), we could rewrite lists to a dummy subdomain and use a static transport_maps instead: virtual_alias_maps: mylist@example.org -> mylist#example.org@mlmmj.localhost.localdomain transport_maps: mlmmj.localhost.localdomain mlmmj:
* Mailing lists (using mlmmj).Guilhem Moulin2015-06-077
Right now the list server cannot be hosted with a MX, due to bug 51: http://mlmmj.org/bugs/bug.php?id=51 Web archive can be compiled with MHonArc, but the web server configuration is not there yet.