summaryrefslogtreecommitdiffstats
path: root/roles/webmail/templates
Commit message (Collapse)AuthorAgeFiles
* Roundcube: managesieve: Disable ‘reject’ and ‘ereject’ extensions.Guilhem Moulin2022-10-111
|
* Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’.Guilhem Moulin2022-10-111
| | | | | | | This silences the following deprecation warning: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
* stunnel4: Harden and socket-activate.Guilhem Moulin2020-05-181
|
* nginx: Don't hard-code the HPKP headers.Guilhem Moulin2016-07-121
| | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out.
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-102
|
* Roundcube: route IMAP and managesieve traffic through IPSec.Guilhem Moulin2016-05-281
|
* roundube: Pin X.509 certificate for sieve.fripost.org:4190.Guilhem Moulin2016-05-171
|
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-121
|
* stunnel: disable compression.Guilhem Moulin2015-10-271
|
* stunnel: use GCM ciphers only; use SSL options rather than ciphers to ↵Guilhem Moulin2015-10-271
| | | | disable protocols.
* Make roundcube plugin configuration static files.Guilhem Moulin2015-09-293
|
* Upgrade Roundcube to 1.1.2.Guilhem Moulin2015-09-245
|
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-072
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-071
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* Upgrade the webmail configuration from Wheezy to Jessie.Guilhem Moulin2015-06-071
|
* Don't make Roundcube add a 'X-Sender' header with the sender's identity.Guilhem Moulin2015-06-071
|
* Roundcube's 'password' plugin.Guilhem Moulin2015-06-071
|
* Remove o=mailHosting from the LDAP directory suffix.Guilhem Moulin2015-06-071
| | | | | | So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it before hand).
* Tell vim the underlying filetype of templates for syntax highlighting.Guilhem Moulin2015-06-071
|
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-072
| | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
* Outgoing SMTP proxy.Guilhem Moulin2015-06-071
|
* Expose the real user ID when using the webmail.Guilhem Moulin2015-06-071
| | | | | | Sadly not doing so and keeping a table message ID -> username, like we do for SASL authenticated users, doesn't seem trivial here. We could encrypt the header, though.
* Support boken SMTP clients and LOGIN SASL mechanism.Guilhem Moulin2015-06-071
|
* Assume a DNS entry for each role.Guilhem Moulin2015-06-073
| | | | | | E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though.
* Don't pass the client information unless necessary.Guilhem Moulin2015-06-071
|
* Don't use IPSec to relay messages to localhost.Guilhem Moulin2015-06-071
|
* Excplicitely make local services run on localhost.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-071
|
* Configure Sieve and ManageSieve.Guilhem Moulin2015-06-071
| | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server.
* Configure the webmail.Guilhem Moulin2015-06-073