Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Define new host "calima" serving Nextcloud. | Guilhem Moulin | 2018-12-03 | 9 |
| | ||||
* | Upgrade wiki baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 4 |
| | ||||
* | Upgrade MX baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | Upgrade webmail baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 6 |
| | ||||
* | Upgrade syntax to Ansible 2.7 (apt module). | Guilhem Moulin | 2018-12-03 | 25 |
| | ||||
* | Postfix: replace cdb & btree tables with lmdb ones. | Guilhem Moulin | 2018-12-03 | 14 |
| | | | | Cf. lmdb_table(5). | |||
* | IPsec: allow ISAKMP over IPv6. | Guilhem Moulin | 2018-12-03 | 2 |
| | ||||
* | Upgrade baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 23 |
| | ||||
* | Skip samhain installation. | Guilhem Moulin | 2018-12-03 | 4 |
| | | | | It's become too verbose (too many false-positive)… | |||
* | Harden anti spam on the MX:es. | Guilhem Moulin | 2018-06-09 | 5 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2018-04-04 | 3 |
| | ||||
* | lacme: explicitely bind to [::]:80. | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | Postfix: replace 'fifo' types with 'unix', as it's the new default. | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | sympa: wibble | Guilhem Moulin | 2018-04-04 | 2 |
| | ||||
* | Firewall: Allow DNS queries over TCP. | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | APT: use deb.debian.org as archive source. | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | Postscreen: improve DNSBL sites and scores. | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | Amavis: bind server to INADDR_LOOPBACK | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | Perform recipient address verification on the MSA itself. | Guilhem Moulin | 2018-04-04 | 4 |
| | ||||
* | LDAP: Expose part of the database to Nextcloud. | Guilhem Moulin | 2018-04-04 | 2 |
| | ||||
* | Upgrade syntax to Ansible 2.5. | Guilhem Moulin | 2018-04-04 | 3 |
| | ||||
* | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 5 |
| | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2017-09-14 | 3 |
| | ||||
* | Fix detection of KVM guests. | Guilhem Moulin | 2017-07-29 | 3 |
| | ||||
* | rkhunter: Disable remote updates to fix CVE-2017-7480. | Guilhem Moulin | 2017-07-29 | 1 |
| | ||||
* | Use MariaDB as default MySQL flavor. | Guilhem Moulin | 2017-07-29 | 5 |
| | ||||
* | Don't install debsecan anymore by default. | Guilhem Moulin | 2017-06-26 | 2 |
| | | | | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789196 | |||
* | MySQL: Use a single InnoDB file per table. | Guilhem Moulin | 2017-06-15 | 1 |
| | ||||
* | Webmail: don't allow outgoing TCP/993 connections. | Guilhem Moulin | 2017-06-15 | 1 |
| | | | | We're going through IPsec to communicate with the IMAP server. | |||
* | postfix-sender-login: strip extension before lookup. | Guilhem Moulin | 2017-06-13 | 1 |
| | | | | | | Users can add an extension (following postconf(5)'s $recipient_delimiter) to the local part of any envelope sender address already allowed. | |||
* | More logcheck-database tweaks. | Guilhem Moulin | 2017-06-07 | 1 |
| | ||||
* | postfix-msa: anonymize SASL-authenticated senders using IPv6. | Guilhem Moulin | 2017-06-06 | 1 |
| | ||||
* | dovecot-auth-proxy: Fix synopsis line. | Guilhem Moulin | 2017-06-05 | 1 |
| | ||||
* | postscreen: lower zen.spamhaus.org DNSBL score from 3 to 2 on the MX:es. | Guilhem Moulin | 2017-06-05 | 1 |
| | | | | | So being listed on that BL doesn't yield a flat reject if the IP isn't also listed to other lists. | |||
* | postfix-sender-login: wibble | Guilhem Moulin | 2017-06-05 | 2 |
| | ||||
* | dovecot: enable user iteration and add a cronjob for `doveadm purge -A` | Guilhem Moulin | 2017-06-05 | 9 |
| | ||||
* | move postfix-sender-login.{service,socket} to files/. | Guilhem Moulin | 2017-06-02 | 2 |
| | ||||
* | postfix: enable XFORWARD command from our internal relays. | Guilhem Moulin | 2017-06-02 | 1 |
| | ||||
* | postfix: don't rate-limit our IPsec subnet. | Guilhem Moulin | 2017-06-02 | 3 |
| | ||||
* | postfix-sender-login: terminate the worker after 32*$nProc connections to ↵ | Guilhem Moulin | 2017-06-01 | 1 |
| | | | | release ressources. | |||
* | postfix-sender-login: handle EINTR in read(2) and write(2) calls. | Guilhem Moulin | 2017-06-01 | 1 |
| | ||||
* | postfix-sender-login: pre-fork 2 servers. | Guilhem Moulin | 2017-06-01 | 1 |
| | | | | | On Linux perl's allow multiple children to block in a call to accept(2) so we don't need to place a lock around the call. | |||
* | Don't make Roundcube add a 'X-Sender' header with the sender's identity. | Guilhem Moulin | 2017-06-01 | 1 |
| | ||||
* | Don't let authenticated client use arbitrary sender addresses. | Guilhem Moulin | 2017-06-01 | 10 |
| | | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed. | |||
* | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 17 |
| | ||||
* | Also install non-free firmwares on civett. | Guilhem Moulin | 2017-05-30 | 2 |
| | ||||
* | Install more sympa dependencies. | Guilhem Moulin | 2017-05-29 | 1 |
| | ||||
* | Use blackhole subdomain for sender addresses of verify probes. | Guilhem Moulin | 2017-05-16 | 3 |
| | | | | | | | | | | | These addresses need to be accepted on the MX:es, as recipients sometimes phone back during the SMTP session to check whether the sender exists. Since a time-dependent suffix is added to the local part (cf. http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's not enough to drop incoming mails to ‘double-bounce@fripost.org’, and it's impractical to do the same for /^double-bounce.*@fripost\.org$/. | |||
* | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 7 |
| | ||||
* | webmail: use Zend opcache and configure APCu. | Guilhem Moulin | 2017-05-14 | 3 |
| |