Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 1 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | Route SMTP traffic from the webmail through IPsec. | Guilhem Moulin | 2016-07-10 | 2 |
| | ||||
* | Roundcube: route IMAP and managesieve traffic through IPSec. | Guilhem Moulin | 2016-05-28 | 1 |
| | ||||
* | roundube: Pin X.509 certificate for sieve.fripost.org:4190. | Guilhem Moulin | 2016-05-17 | 1 |
| | ||||
* | Use systemd unit files for stunnel4. | Guilhem Moulin | 2016-05-12 | 1 |
| | ||||
* | stunnel: disable compression. | Guilhem Moulin | 2015-10-27 | 1 |
| | ||||
* | stunnel: use GCM ciphers only; use SSL options rather than ciphers to ↵ | Guilhem Moulin | 2015-10-27 | 1 |
| | | | | disable protocols. | |||
* | Make roundcube plugin configuration static files. | Guilhem Moulin | 2015-09-29 | 3 |
| | ||||
* | Upgrade Roundcube to 1.1.2. | Guilhem Moulin | 2015-09-24 | 5 |
| | ||||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | |||
* | Use recipient address verification probes. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command. | |||
* | Upgrade the webmail configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't make Roundcube add a 'X-Sender' header with the sender's identity. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Roundcube's 'password' plugin. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Remove o=mailHosting from the LDAP directory suffix. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it before hand). | |||
* | Tell vim the underlying filetype of templates for syntax highlighting. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Replace IPSec tunnels by app-level ephemeral TLS sessions. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well. | |||
* | Outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Expose the real user ID when using the webmail. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | Sadly not doing so and keeping a table message ID -> username, like we do for SASL authenticated users, doesn't seem trivial here. We could encrypt the header, though. | |||
* | Support boken SMTP clients and LOGIN SASL mechanism. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Assume a DNS entry for each role. | Guilhem Moulin | 2015-06-07 | 3 |
| | | | | | | E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though. | |||
* | Don't pass the client information unless necessary. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't use IPSec to relay messages to localhost. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Excplicitely make local services run on localhost. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure Sieve and ManageSieve. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server. | |||
* | Configure the webmail. | Guilhem Moulin | 2015-06-07 | 3 |