summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFiles
* Allow outgoing HKP and WHOIS traffic on the LDAP provider.Guilhem Moulin2015-06-071
|
* Allow outgoing SSH traffic.Guilhem Moulin2015-06-071
|
* Add wildcard Pin version in apt preferences.Guilhem Moulin2015-06-071
|
* Don't instal smartd on KVM guests.Guilhem Moulin2015-06-071
|
* Upgrade the common package list.Guilhem Moulin2015-06-072
|
* Add a 'root' alias to root@fripost.org.Guilhem Moulin2015-06-071
|
* Upgrade samhain config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Fix tab damage.Guilhem Moulin2015-06-071
|
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-072
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-074
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-073
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-0713
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-0725
|
* Upgrade the LDAP config to Jessie.Guilhem Moulin2015-06-075
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Enable the use of git:// clients.Guilhem Moulin2015-06-071
|
* Disable rsyslog's rate-limiting.Guilhem Moulin2015-06-071
| | | | The default for rsyslog v7, but not for rsyslog v5.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Don't make Roundcube add a 'X-Sender' header with the sender's identity.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-073
|
* Roundcube's 'password' plugin.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Key usage 'keyCertSign' is required for self-signed certificates.Guilhem Moulin2015-06-072
|
* Add a keyring and alternative contact to the LDAP DIT.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* wibbleGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Remove reject_unknown_sender_domain from the MDA and outgoing SMTP.Guilhem Moulin2015-06-072
| | | | | | | | | | We already removed it from the MX:es (see 32e605d4); we need to remove it from the MDA and outgoing SMTP as well, otherwise mails could bounce or get stuck in the middle (the're rejected with 450: deferred by default). However we can keep the restriction on the entry points (MSA and webmail).
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Amavis is logging to syslog with severity 'notice'.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-071
|
* Don't install intel-microcode on Xen guests.Guilhem Moulin2015-06-073
| | | | It should be installed on the dom0 instead.
* Don't install smartd on Xen guests.Guilhem Moulin2015-06-072
| | | | S.M.A.R.T makes little sense for virtual HDDs.
* Don't merge amavis' logs into /var/log/syslog.Guilhem Moulin2015-06-071
| | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy.
* Install auditd.Guilhem Moulin2015-06-073
|
* Split templates / files in lookup tables.Guilhem Moulin2015-06-078
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* wibbleGuilhem Moulin2015-06-072
|
* Replace Postgrey with postscreen.Guilhem Moulin2015-06-0712
| | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not.
* Verify the validity of users before that of aliases.Guilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* Fix NTP configuration.Guilhem Moulin2015-06-073
| | | | We've yet to get authenticated time, though.
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Add an index on the 'fripostCanAddDomain' LDAP attribute.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Remove reject_unknown_sender_domain from the MX.Guilhem Moulin2015-06-071
| | | | | There are false-positive with that, for instead due to SOA records pointing to non-existing subdomains.
* wibbleGuilhem Moulin2015-06-071
|
* Hash certs using a lookup in the template instead of add a new task.Guilhem Moulin2015-06-074
|
* Ensure have a TLS policy for each of our host we want to relay to.Guilhem Moulin2015-06-072
|