Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
* | logcheck: Match only hexdigits in postfix queue ID. | Guilhem Moulin | 2015-06-19 | 1 | |
| | |||||
* | Match IPv6 addresses in logcheck rules. | Guilhem Moulin | 2015-06-19 | 1 | |
| | |||||
* | Use 'double-bounce@fripost.org' as envelope sender for verification probes. | Guilhem Moulin | 2015-06-11 | 2 | |
| | |||||
* | Don't bounce unverified recipients upon 4xx errors. | Guilhem Moulin | 2015-06-11 | 3 | |
| | | | | | | | We don't want to bounce messages for which the recipient(s)' MTA replies 451 due to some greylisting in place. We would like to accept 451 alone, but unfortunately it's not possible to bounce unverified recipients due to DNS or networking errors. | ||||
* | Set a rootdn on cn=Monitor. | Guilhem Moulin | 2015-06-11 | 1 | |
| | |||||
* | Use a single LDAP connection per Munin round to collect slapd statistics. | Guilhem Moulin | 2015-06-11 | 4 | |
| | | | | Using multigraphs instead. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-10 | 3 | |
| | |||||
* | gitweb: Explicitely install FCGI. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | slapd monitoring. | Guilhem Moulin | 2015-06-10 | 6 | |
| | | | | | We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds. | ||||
* | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 39 | |
| | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | ||||
* | Don't assume that Postfix queue ID are always 10-digits long. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | Prefer 302 over 301 redirections. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | Add references to bug reports. | Guilhem Moulin | 2015-06-10 | 2 | |
| | |||||
* | Dovecot: Collect IMAP statistics. | Guilhem Moulin | 2015-06-10 | 4 | |
| | |||||
* | Allow 'vmail' users with a UID lower than 500. | Guilhem Moulin | 2015-06-10 | 2 | |
| | | | | Fix regression introduced in f7c8011. | ||||
* | Provide Thunderbird autoconfiguration. | Guilhem Moulin | 2015-06-07 | 3 | |
| | | | | | | | References: - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo - https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat | ||||
* | Remove ‘:’ from the list of valid chars in wiki filenames. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | | | | | | Because it's interpreted weirdly by Image::Magick: $ identify 'Screenshot_from_2015-02-23_18:59:48-extract.png[0]' identify: no decode delegate for this image format `59\' @ error/constitute.c/ReadImage/501. $ mv 'Screenshot_from_2015-02-23_18:59:48-extract.png' screenshot.png $ identify 'screenshot.png[0]' screenshot.png[0]=>screenshot.png PNG 453x122 453x122+0+0 8-bit sRGB 11.2KB 0.000u 0:00.000 | ||||
* | Fix log filenames for lists.f.o. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | wiki: enable comments in the tracker. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Change slapd dump filenames. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | E.g., ‘0.ldif’ → ‘slapd-0.ldif’. | ||||
* | Fix bacula priorities. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Add a reserved domain 'discard.fripost.org' to discard messages. | Guilhem Moulin | 2015-06-07 | 4 | |
| | | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’. | ||||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 8 | |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | ||||
* | Use recipient address verification probes. | Guilhem Moulin | 2015-06-07 | 4 | |
| | | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command. | ||||
* | Rename imap.conf → roundcube.conf | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | VERP management. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Configure Bacula File Daemon / Storage Daemon / Director. | Guilhem Moulin | 2015-06-07 | 20 | |
| | | | | | Using client-side data signing/encryption and wrapping inter-host communication into stunnel. | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Restart services when updating systemd unit files. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | firewall: allow 127.0.0.1/8 on lo. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | genkeypair.sh: Merge privkey and pubkey for identical filekeys. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR. | ||||
* | rkhunter: Allow hidden dir /etc/.java | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | wibble | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | SQL: Set empty passwords for auth_socket authentication. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | stunnel.conf → imap.conf | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Add a redirection www.fripost.org → fripost.org. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Also distribute material and minutes. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | gitweb workaround encoding issues in FCGI mode. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Configure ikiwiki (website + wiki). | Guilhem Moulin | 2015-06-07 | 7 | |
| | |||||
* | Git (gitolite + git-http-backend + gitweb) configuration | Guilhem Moulin | 2015-06-07 | 9 | |
| | | | | | | | | | | | By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details. | ||||
* | Install CAcert.org root certificates. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package. | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Enforce "strong" authentication and FPS in LDAP. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | Which is now possible since all LDAP clients and servers have been upgraded to Jessie, and Postfix is now able to perform SASL binds. | ||||
* | Upgrade the webmail configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 6 | |
| | |||||
* | Upgrade the MX configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 11 | |
| | | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed. | ||||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 10 | |
| |