Resolves #400.

Resolves #402.

Resolves #410.

 * fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
   not found.
 * python-mysqldb package is required. Add it to opendmarc task.

For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.

See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341.
Also explicitly disabled SSLCompression and enables OCSP stapling.

We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...

(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).

relates to pull request #372

Resolves #363.

Addresses #362.

ahbl is no longer being maintained and has been configured to return a
positive value for every host.  This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.

lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks.  This just pulls in that change.

Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable.  I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs.  In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update.  However, at least this will work fine
for new installs.

Related to #338 (though I don't know if it truly fixes it).

to mitigate POODLE vulnerability

Postfix: Disable SSLv2 and SSLv3 for 'mandatory SSL' mode connections to completely mitigate the POODLE issue.

Disable SSLv3 in Dovecot imap server to avoid POODLE vulnerability

Resolves #114

* Postfix: Trusty comes with postgresql 9.3, not 9.1
* owncloud 6.0.1 is part of the distribution, doesn't require opensuse repository
* owncloud requires libapache2-mod-php5
* uses prosody repository that matches the ansible_distribution_release (trusty, wheezy, etc)

http://ahbl.org/content/changes-ahbl

Fixes #232