Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | stunnel4: Harden and socket-activate. | Guilhem Moulin | 2020-05-18 | 1 |
| | ||||
* | Remove 'meta: flush_handlers' directives under conditionals. | Guilhem Moulin | 2020-05-17 | 1 |
| | | | | They don't appear to be supported anymore. | |||
* | Roundcube: skip 'keyboard_shortcuts' plugin. | Guilhem Moulin | 2020-05-17 | 1 |
| | | | | | It doesn't integrate too well with the new elastic theme at the moment. https://github.com/corbosman/keyboard_shortcuts | |||
* | Roundcube: Port to Debian 10. | Guilhem Moulin | 2020-05-17 | 1 |
| | | | | | We use the version from buster-backports (currently 1.4.4+dfsg.1-1~bpo10+1) for the elastic theme. | |||
* | Upgrade webmail baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 2 |
| | ||||
* | Upgrade syntax to Ansible 2.7 (apt module). | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 1 |
| | ||||
* | Don't let authenticated client use arbitrary sender addresses. | Guilhem Moulin | 2017-06-01 | 1 |
| | | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed. | |||
* | webmail: use Zend opcache and configure APCu. | Guilhem Moulin | 2017-05-14 | 1 |
| | ||||
* | Webmail: Install XCache (PHP opcode cacher). | Guilhem Moulin | 2016-12-08 | 1 |
| | ||||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 1 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | Route SMTP traffic from the webmail through IPsec. | Guilhem Moulin | 2016-07-10 | 3 |
| | ||||
* | IMAP: don't include mailbox under the virtual namespace in LIST responses. | Guilhem Moulin | 2016-07-06 | 1 |
| | | | | | | | | | Clients now have to use the NAMESPACE extension [RFC 2342] to discover mailboxes under the “virtual/” namespace. (Plus an extra LIST command, causing an overhead two roundtrips.) Of course the downside is that non namespace-aware clients lose access to the “virtual/{all,flagged,…}” mailboxes, but on second thought it's probably better this way rather than having such clients treat these mailboxes as regular mailboxes. | |||
* | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 |
| | | | | To avoid new commits upon cert renewal. | |||
* | Use stunnel to secure the connection from the webmail to ldap.fripost.org. | Guilhem Moulin | 2016-06-05 | 2 |
| | | | | | We should use IPSec instead, but doing so would force us to weaken slapd.conf's ‘security’ setting. | |||
* | Roundcube: route IMAP and managesieve traffic through IPSec. | Guilhem Moulin | 2016-05-28 | 1 |
| | ||||
* | Roundcube: add a link to our webpage as support URL. | Guilhem Moulin | 2016-05-24 | 1 |
| | ||||
* | Roundcube: add a warning regarding IMAP hostname change. | Guilhem Moulin | 2016-05-23 | 1 |
| | ||||
* | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
* | roundube: Pin X.509 certificate for sieve.fripost.org:4190. | Guilhem Moulin | 2016-05-17 | 1 |
| | ||||
* | Use systemd unit files for stunnel4. | Guilhem Moulin | 2016-05-12 | 1 |
| | ||||
* | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 2 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 1 |
| | ||||
* | Automatically fetch X.509 certificates, and add them to git. | Guilhem Moulin | 2015-12-03 | 1 |
| | ||||
* | roundcube: Raise 'imap_timeout' from 1 to 3 minutes. | Guilhem Moulin | 2015-09-30 | 1 |
| | | | | See http://wiki.fripost.org/tracker/Error_on_search_in_roundcube/ . | |||
* | roundcube: Use php5-enchant and GNU Aspell for spell-checking. | Guilhem Moulin | 2015-09-29 | 1 |
| | ||||
* | Add jqueryui configuration. | Guilhem Moulin | 2015-09-29 | 1 |
| | ||||
* | Make roundcube plugin configuration static files. | Guilhem Moulin | 2015-09-29 | 1 |
| | ||||
* | Upgrade Roundcube to 1.1.2. | Guilhem Moulin | 2015-09-24 | 1 |
| | ||||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 3 |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | |||
* | Upgrade the webmail configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Add ability to add custom OrganizationalUnits in genkeypair. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Also, it's now possible to reuse an existing private key (with -f). | |||
* | Reload Postfix upon configuration change, but don't restart it. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | (Unless a new instance is created, or the master.cf change is modified.) Changing some variables, such as inet_protocols, require a full restart, but most of the time it's overkill. | |||
* | Replace IPSec tunnels by app-level ephemeral TLS sessions. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well. | |||
* | Fix syntax error. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Generate certs for Dovecot and Nginx if they are not there. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Force Roundcube to connect the IMAP server on localhost:143. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Install Rouncube from backports. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | Recent versions have a whole bunch of bugfixes and nice new features: http://trac.roundcube.net/wiki/Changelog | |||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure Sieve and ManageSieve. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server. | |||
* | Use a local IMAP caching proxy under the webmail. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | | (Unless the webmail is itself a full IMAP server.) It replaces RoundCube's own IMAP and message caches. Dovecot's IMAPC storage backend is not very documented, but provides smart IMAP proxying. References include: http://dovecot.org/pipermail/dovecot/2011-January/056975.html http://wiki2.dovecot.org/HowTo/ImapcProxy http://wiki2.dovecot.org/Migration/Dsync | |||
* | Configure the webmail. | Guilhem Moulin | 2015-06-07 | 3 |