summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFiles
...
* Don't instal smartd on KVM guests.Guilhem Moulin2015-06-071
|
* Upgrade the common package list.Guilhem Moulin2015-06-072
|
* Add a 'root' alias to root@fripost.org.Guilhem Moulin2015-06-071
|
* Upgrade samhain config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Fix tab damage.Guilhem Moulin2015-06-071
|
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-072
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-074
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-073
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-0713
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-0725
|
* Upgrade the LDAP config to Jessie.Guilhem Moulin2015-06-075
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Enable the use of git:// clients.Guilhem Moulin2015-06-071
|
* Disable rsyslog's rate-limiting.Guilhem Moulin2015-06-071
| | | | The default for rsyslog v7, but not for rsyslog v5.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Don't make Roundcube add a 'X-Sender' header with the sender's identity.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-073
|
* Roundcube's 'password' plugin.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Key usage 'keyCertSign' is required for self-signed certificates.Guilhem Moulin2015-06-072
|
* Add a keyring and alternative contact to the LDAP DIT.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* wibbleGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Remove reject_unknown_sender_domain from the MDA and outgoing SMTP.Guilhem Moulin2015-06-072
| | | | | | | | | | We already removed it from the MX:es (see 32e605d4); we need to remove it from the MDA and outgoing SMTP as well, otherwise mails could bounce or get stuck in the middle (the're rejected with 450: deferred by default). However we can keep the restriction on the entry points (MSA and webmail).
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Amavis is logging to syslog with severity 'notice'.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-071
|
* Don't install intel-microcode on Xen guests.Guilhem Moulin2015-06-073
| | | | It should be installed on the dom0 instead.
* Don't install smartd on Xen guests.Guilhem Moulin2015-06-072
| | | | S.M.A.R.T makes little sense for virtual HDDs.
* Don't merge amavis' logs into /var/log/syslog.Guilhem Moulin2015-06-071
| | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy.
* Install auditd.Guilhem Moulin2015-06-073
|
* Split templates / files in lookup tables.Guilhem Moulin2015-06-078
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* wibbleGuilhem Moulin2015-06-072
|
* Replace Postgrey with postscreen.Guilhem Moulin2015-06-0712
| | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not.
* Verify the validity of users before that of aliases.Guilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* Fix NTP configuration.Guilhem Moulin2015-06-073
| | | | We've yet to get authenticated time, though.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Add an index on the 'fripostCanAddDomain' LDAP attribute.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Remove reject_unknown_sender_domain from the MX.Guilhem Moulin2015-06-071
| | | | | There are false-positive with that, for instead due to SOA records pointing to non-existing subdomains.
* wibbleGuilhem Moulin2015-06-071
|
* Hash certs using a lookup in the template instead of add a new task.Guilhem Moulin2015-06-074
|
* Ensure have a TLS policy for each of our host we want to relay to.Guilhem Moulin2015-06-072
|
* Add extra indexes on the LDAP provider.Guilhem Moulin2015-06-071
| | | | Those will be useful for the tools.
* Use the raw 'fripostListManager' as routing internal subdomain.Guilhem Moulin2015-06-072
|
* Fix $smtpd_sender_restrictions.Guilhem Moulin2015-06-073
| | | | | | | | | | | | On the MDA the domain is our 'mda.fripost.org', there is no need to perform an extra DNS lookup. The MSA does not perform local or virtual delivery, but relays everything to the outgoing SMTP proxy. On the MX, there is no need to check for recipient validity as we are the final destination; but unsure that the RCPT TO address is a valid recipient before doing the greylisting.