sovereign

Commit graph

Autor	SHA1	Nachricht	Datum
Sebastian Kriems	fe536873b7	ufw tasks shall have the ufw tag resolves #453 Conflicts: roles/common/tasks/ufw.yml	vor 9 Jahren
Sven Neuhaus	d59c5eff05	Generate 2048 DH group and add it to Postfix	vor 9 Jahren
Mike Ashley	aa59a1a2f0	Correct special-casing of z-push Apache configuration	vor 9 Jahren
Stuart Read	e444efa2b4	Add jessie to special-casing for modern apache conf.d handling.	vor 9 Jahren
Stuart Read	22ef6be96e	Revert "Z-push apache config: Jessie also uses conf-available/conf-enabled" This reverts commit 6b53da4bdc. Using a different approach to maintain wheezy compatibility	vor 9 Jahren
Stuart Read	6b53da4bdc	Z-push apache config: Jessie also uses conf-available/conf-enabled	vor 9 Jahren
rokaz	a8a0905738	Fix dependency for Solr	vor 9 Jahren
Alex Payne	b3dc1b00e9	Correct Tomact config file name.	vor 10 Jahren
Alex Payne	69abd70297	Remove references to Debian 7	vor 10 Jahren
Alex Payne	2352d2d67e	OpenDMARC running under Postgres (?)	vor 10 Jahren
Alex Payne	7275a52ba6	Update to Tomcat 8	vor 10 Jahren
Alex Payne	34d537fcf2	Remove Dovecot installation for older distros	vor 10 Jahren
Alex Payne	2e966fe790	Don't need older Postgres anymore	vor 10 Jahren
Alex Payne	b674e0a669	Unified Solr installation across distros	vor 10 Jahren
Alex Payne	ecaa4c2330	Partially working Rspamd replacement for dspam	vor 10 Jahren
Alex Payne	58a4532fe7	Better permission handling for OpenDMARC. Resolves #400.	vor 10 Jahren
Alex Payne	417403f534	Use {{ mail_server_hostname }} over mail.servername Resolves #402.	vor 10 Jahren
Alex Payne	7bb62ca678	Explicitly require MySQL server as part of OpenDMARC isntall. Resolves #410.	vor 10 Jahren
Miloš Hadžić	d823ed0848	Use lmtp instead of lda for delivery.	vor 10 Jahren
Pavel Karoukin	a86e43d5b4	Couple issues with OpenDMARC on Debian 7: * fix mail_db_opendmarc_username/mail_db_opendmarc_password variable not found. * python-mysqldb package is required. Add it to opendmarc task.	vor 10 Jahren
Laurent Arnoud	21e0110684	Ignore copy tasks	vor 10 Jahren
Laurent Arnoud	a09e2e71c1	tar used in place of unarchive module	vor 10 Jahren
Will McCutchen	16b66cc849	Define apache SSL config in one place	vor 10 Jahren
Alex Payne	26d61c68a8	Implement OpenDMARC. Resolves #369.	vor 10 Jahren
Manfred Touron	16c93ea486	Using more verbose 'dependencies' tag (#393)	vor 10 Jahren
Manfred Touron	b49f3a6586	Tagged 'deps' aptitude tasks	vor 10 Jahren
John Rogerson	f72e1d2350	Update dovecot version from wheezy backports For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.	vor 10 Jahren
Sven Neuhaus	a088d9c456	Use "modern" SSLCipherSuite per Mozilla recommendations. See https://wiki.mozilla.org/Security/Server_Side_TLS for details. Removes RC4 cipher. Fixes issue #341. Also explicitly disabled SSLCompression and enables OCSP stapling. We should put all these settings in /etc/apache2/mods-enabled/ssl.conf to avoid duplication...	vor 10 Jahren
Sven Neuhaus	c898aa98d6	Install postgresql 9.4, 9.3 or 9.1 if available (on Debian Jessie, Ubuntu Trusty or older distributions such as Debian Wheezy and Ubuntu Precise).	vor 10 Jahren
Sven Neuhaus	a849a49f37	Fix: Files shouldn't be owned or writeable by httpd unless necessary.	vor 10 Jahren
Sven Neuhaus	8b5ed21e38	use wheezy-backports for dspam and solr packages on wheezy relates to pull request #372	vor 10 Jahren
Alex Payne	34448d5d34	install Dovecot from wheezy-backports on wheezy, specifying default_release	vor 10 Jahren
Alex Payne	5222776e34	install Dovecot from wheezy-backports on wheezy, specifying default_release	vor 10 Jahren
Alex Payne	c3afbc3b46	install Dovecot from wheezy-backports on wheezy. resolves #372	vor 10 Jahren
Yannik	7c5d1c2261	remove duplicate options which are already specified in main.cf	vor 10 Jahren
Sven Neuhaus	37aa7e2cb5	Dovecot: Fix for logjam attack	vor 10 Jahren
Alex Payne	1a96a87374	Ubuntu Trusty gets postgresql-9.3. Resolves #363.	vor 10 Jahren
Alex Payne	177ac9222b	Affix Postgres to version 9.1. Addresses #362.	vor 10 Jahren
Philip Potter	41243fa3ec	Bump checkrbl version to stop using ahbl ahbl is no longer being maintained and has been configured to return a positive value for every host. This means I get a cron warning every day reporting that my mailserver is in ircbl.ahbl.org and dnsbl.ahbl.org. lukecyca/check-rbl#1 has removed ahbl from the blacklists that it checks. This just pulls in that change. Unfortunately, ansible's get_url won't update files which have been downloaded already unless you set force=yes, which will cause ansible to pull down the file from github on every single run, which isn't really acceptable. I have filed ansible/ansible-modules-core#625 to ask that get_url redownload if and only if the sha256sum differs. In the meantime, you have to manually delete /opt/check-rbl.pl before rerunning ansible to pull in the update. However, at least this will work fine for new installs. Related to #338 (though I don't know if it truly fixes it).	vor 10 Jahren
Sven Neuhaus	ac59435d6e	exclude SSLv3 for all TLS to mitigate POODLE vulnerability	vor 10 Jahren
Sven Neuhaus	f338b1e15d	Postfix: Disable SSLv2 and SSLv3 for mandatory TLS connections Postfix: Disable SSLv2 and SSLv3 for 'mandatory SSL' mode connections to completely mitigate the POODLE issue.	vor 10 Jahren
Sven Neuhaus	f4177313d7	Disable SSLv3 in Dovecot imap server Disable SSLv3 in Dovecot imap server to avoid POODLE vulnerability	vor 10 Jahren
Mike Ashley	cf5d98c505	Correct SMTP port number	vor 10 Jahren
Patrick O'Doherty	6f6fc6a90f	Disable SSLv3 in all Apache vhosts	vor 11 Jahren
Luke Cyca	befde9f660	Update check-rbl to omit uribl. Fixes #279	vor 11 Jahren
Lorenzo Villani	8959f1c183	Add support for Thunderbird automatic configuration Resolves #114	vor 11 Jahren
Lorenzo Villani	661ed29a3e	Use /usr/sbin/nologin as login shells for vmail and znc users	vor 11 Jahren
Lorenzo Villani	d5ecf673d3	Calm OCD by sorting almost every with_items block in alphabetical order	vor 11 Jahren
Lorenzo Villani	e7703d0d9c	Add support for Apache 2.4 on Ubuntu 14.04	vor 11 Jahren
Michael West	aa2e1a0e74	Increase security of postfix smtp tls ciphers, that is sending email to other smtp servers using encryption	vor 11 Jahren

Erste Vorherige 1 2 3 Nächste Letzte

116 Commits (2b7256040a1e1b6ef320209839fff7590a7f760f)