| Commit message (Collapse) | Author | Age | Files | ||
|---|---|---|---|---|---|
| ... | |||||
| * | IPsec: allow ISAKMP over IPv6. | Guilhem Moulin | 2018-12-03 | 2 | |
| | | |||||
| * | Upgrade baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 23 | |
| | | |||||
| * | Skip samhain installation. | Guilhem Moulin | 2018-12-03 | 4 | |
| | | | | | It's become too verbose (too many false-positive)… | ||||
| * | Harden anti spam on the MX:es. | Guilhem Moulin | 2018-06-09 | 5 | |
| | | |||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2018-04-04 | 3 | |
| | | |||||
| * | lacme: explicitely bind to [::]:80. | Guilhem Moulin | 2018-04-04 | 1 | |
| | | |||||
| * | Postfix: replace 'fifo' types with 'unix', as it's the new default. | Guilhem Moulin | 2018-04-04 | 1 | |
| | | |||||
| * | sympa: wibble | Guilhem Moulin | 2018-04-04 | 2 | |
| | | |||||
| * | Firewall: Allow DNS queries over TCP. | Guilhem Moulin | 2018-04-04 | 1 | |
| | | |||||
| * | APT: use deb.debian.org as archive source. | Guilhem Moulin | 2018-04-04 | 1 | |
| | | |||||
| * | Postscreen: improve DNSBL sites and scores. | Guilhem Moulin | 2018-04-04 | 1 | |
| | | |||||
| * | Amavis: bind server to INADDR_LOOPBACK | Guilhem Moulin | 2018-04-04 | 1 | |
| | | |||||
| * | Perform recipient address verification on the MSA itself. | Guilhem Moulin | 2018-04-04 | 4 | |
| | | |||||
| * | LDAP: Expose part of the database to Nextcloud. | Guilhem Moulin | 2018-04-04 | 2 | |
| | | |||||
| * | Upgrade syntax to Ansible 2.5. | Guilhem Moulin | 2018-04-04 | 3 | |
| | | |||||
| * | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 5 | |
| | | |||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2017-09-14 | 3 | |
| | | |||||
| * | Fix detection of KVM guests. | Guilhem Moulin | 2017-07-29 | 3 | |
| | | |||||
| * | rkhunter: Disable remote updates to fix CVE-2017-7480. | Guilhem Moulin | 2017-07-29 | 1 | |
| | | |||||
| * | Use MariaDB as default MySQL flavor. | Guilhem Moulin | 2017-07-29 | 5 | |
| | | |||||
| * | Don't install debsecan anymore by default. | Guilhem Moulin | 2017-06-26 | 2 | |
| | | | | | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789196 | ||||
| * | MySQL: Use a single InnoDB file per table. | Guilhem Moulin | 2017-06-15 | 1 | |
| | | |||||
| * | Webmail: don't allow outgoing TCP/993 connections. | Guilhem Moulin | 2017-06-15 | 1 | |
| | | | | | We're going through IPsec to communicate with the IMAP server. | ||||
| * | postfix-sender-login: strip extension before lookup. | Guilhem Moulin | 2017-06-13 | 1 | |
| | | | | | | | Users can add an extension (following postconf(5)'s $recipient_delimiter) to the local part of any envelope sender address already allowed. | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2017-06-07 | 1 | |
| | | |||||
| * | postfix-msa: anonymize SASL-authenticated senders using IPv6. | Guilhem Moulin | 2017-06-06 | 1 | |
| | | |||||
| * | dovecot-auth-proxy: Fix synopsis line. | Guilhem Moulin | 2017-06-05 | 1 | |
| | | |||||
| * | postscreen: lower zen.spamhaus.org DNSBL score from 3 to 2 on the MX:es. | Guilhem Moulin | 2017-06-05 | 1 | |
| | | | | | | So being listed on that BL doesn't yield a flat reject if the IP isn't also listed to other lists. | ||||
| * | postfix-sender-login: wibble | Guilhem Moulin | 2017-06-05 | 2 | |
| | | |||||
| * | dovecot: enable user iteration and add a cronjob for `doveadm purge -A` | Guilhem Moulin | 2017-06-05 | 9 | |
| | | |||||
| * | move postfix-sender-login.{service,socket} to files/. | Guilhem Moulin | 2017-06-02 | 2 | |
| | | |||||
| * | postfix: enable XFORWARD command from our internal relays. | Guilhem Moulin | 2017-06-02 | 1 | |
| | | |||||
| * | postfix: don't rate-limit our IPsec subnet. | Guilhem Moulin | 2017-06-02 | 3 | |
| | | |||||
| * | postfix-sender-login: terminate the worker after 32*$nProc connections to ↵ | Guilhem Moulin | 2017-06-01 | 1 | |
| | | | | | release ressources. | ||||
| * | postfix-sender-login: handle EINTR in read(2) and write(2) calls. | Guilhem Moulin | 2017-06-01 | 1 | |
| | | |||||
| * | postfix-sender-login: pre-fork 2 servers. | Guilhem Moulin | 2017-06-01 | 1 | |
| | | | | | | On Linux perl's allow multiple children to block in a call to accept(2) so we don't need to place a lock around the call. | ||||
| * | Don't make Roundcube add a 'X-Sender' header with the sender's identity. | Guilhem Moulin | 2017-06-01 | 1 | |
| | | |||||
| * | Don't let authenticated client use arbitrary sender addresses. | Guilhem Moulin | 2017-06-01 | 10 | |
| | | | | | | | | | | | | | | | The following policy is now implemented: * users can use their SASL login name as sender address; * alias and/or list owners can use the address as envelope sender; * domain postmasters can use arbitrary sender addresses under their domains; * domain owners can use arbitrary sender addresses under their domains, unless it is also an existing account name; * for known domains without owner or postmasters, other sender addresses are not allowed; and * arbitrary sender addresses under unknown domains are allowed. | ||||
| * | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 17 | |
| | | |||||
| * | Also install non-free firmwares on civett. | Guilhem Moulin | 2017-05-30 | 2 | |
| | | |||||
| * | Install more sympa dependencies. | Guilhem Moulin | 2017-05-29 | 1 | |
| | | |||||
| * | Use blackhole subdomain for sender addresses of verify probes. | Guilhem Moulin | 2017-05-16 | 3 | |
| | | | | | | | | | | | | These addresses need to be accepted on the MX:es, as recipients sometimes phone back during the SMTP session to check whether the sender exists. Since a time-dependent suffix is added to the local part (cf. http://www.postfix.org/postconf.5.html#address_verify_sender_ttl) it's not enough to drop incoming mails to ‘double-bounce@fripost.org’, and it's impractical to do the same for /^double-bounce.*@fripost\.org$/. | ||||
| * | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 7 | |
| | | |||||
| * | webmail: use Zend opcache and configure APCu. | Guilhem Moulin | 2017-05-14 | 3 | |
| | | |||||
| * | sympa: don't tweak /etc/logrotate.d/sympa. | Guilhem Moulin | 2017-05-14 | 1 | |
| | | |||||
| * | wwsympa: allow write access to /var/spool/sympa. | Guilhem Moulin | 2017-05-14 | 1 | |
| | | | | | Request to post and moderate messages using the web interface. | ||||
| * | MSA: reject null sender address. | Guilhem Moulin | 2017-05-14 | 4 | |
| | | |||||
| * | IMAP: new script list-users. | Guilhem Moulin | 2017-05-14 | 2 | |
| | | |||||
| * | Fix Ansible 2.2.0 compatibility of a Jinja2 template. | Guilhem Moulin | 2017-01-14 | 1 | |
| | | |||||
| * | Allow SMTP client from whitelisted IPs to bypass postscreen checks. | Guilhem Moulin | 2017-01-14 | 1 | |
| | | |||||
