sovereign

Author	SHA1	Message	Date
Mike Ashley	166c57f045	Use submission port for client outgoing email Currently client email is submitted via ssmtp (port 465). This has been deprecated for years. The correct way to submit email is via submission (port 587). This patch adds port 587 as a second and the default way of submitting email for delivery. Port 465 remains open for backwards compatibility with existing clients.	8 years ago
Allen Riddell	ca6eb2d85b	Add mailserver default vars to role	8 years ago
Mike Ashley	3d68705341	Add leading 0 to octal file permissions This is done to suppress warnings from ansible-lint.	8 years ago
Carl Meyer	619eac6534	Adjust comment for clarity.	8 years ago
Carl Meyer	d46a9c47ef	Idempotency/changed-reporting fixes for OpenDMARC tasks.	8 years ago
Carl Meyer	7e817bfae6	Encrypt Postgres passwords, and fix change-reporting.	8 years ago
Carl Meyer	e8796ecd28	Idempotent and independent post-certificate-renewal tasks.	8 years ago
Laurent Arnoud	d56f0bd7ef	Use https for rpsamd key and repository	8 years ago
Carl Meyer	1a3d01f311	Complete rmilter/rspamd setup.	8 years ago
Carl Meyer	d46fb1521b	Make OpenDMARC cron job email root only on error.	8 years ago
Carl Meyer	57982401a9	Pass {auth_type} to milters, fixing OpenDKIM signing of authenticated SMTP messages.	8 years ago
Mike Ashley	8f1b6a9ed8	Arrange for services to restart on cert renewal	8 years ago
Mike Ashley	beaceafbd1	Update mailserver role to use LE certificate	9 years ago
Mike Ashley	4c830e1b07	Override opendmarc defaults This patch restores sovereign's configuration of opendmarc.	8 years ago
Mike Ashley	1bc60827ef	Revert opendmarc to use mysql An earlier commit started transitioning opendmarc to use postgres, but this was incomplete. This patch reverts that change and uses mysql for the reporting database. Other changes: * Do not maintain a copy of the database import schema. A copy is included in the distribution in /usr/share/doc, so that is used instead. * The configuration file is replaced with the distribution's sample configuration. A second patch will restore the actual configuration. This will make the changes easier to see if the default configuraton file changes in future versions of opendmarc.	8 years ago
Mike Ashley	195d8811fc	Remove references to Trusty and Wheezy Make a clean distinction between Debian 7 and Debian 8. Anticipate the next Ubuntu LTS release (Xenial) that is planned for support.	8 years ago
Mike Ashley	b8f030eb48	Merge tomcat changes to default configuration Take changes to the tomcat6 default configuration and apply to tomcat7 configuration. This was done by review of the diff between sovereign's tomcat6 configuration and the default tomcat7 configuration.	8 years ago
Mike Ashley	ae6d97a4b6	Match tomcat version to solr The package solr installs and uses tomcat7. Installing tomcat8 appears to be a mistake for Debian Jessie.	8 years ago
Mike Ashley	d3abc02f84	Clean up Apache SSL configuration Avoid using the Include directive. Move most of the SSL configuration to the global configuration and leave enabling the SSL engine to each virtual host that wants to use it.	8 years ago
Carl Meyer	3265e77865	Update rspamd repository to the official one.	8 years ago
Sebastian Kriems	fe536873b7	ufw tasks shall have the ufw tag resolves #453 Conflicts: roles/common/tasks/ufw.yml	9 years ago
Sven Neuhaus	d59c5eff05	Generate 2048 DH group and add it to Postfix	9 years ago
Mike Ashley	aa59a1a2f0	Correct special-casing of z-push Apache configuration	8 years ago
Stuart Read	e444efa2b4	Add jessie to special-casing for modern apache conf.d handling.	8 years ago
Stuart Read	22ef6be96e	Revert "Z-push apache config: Jessie also uses conf-available/conf-enabled" This reverts commit 6b53da4bdc. Using a different approach to maintain wheezy compatibility	8 years ago
Sebastian Kriems	968abba197	ufw tasks shall have the ufw tag resolves #453	9 years ago
Sven Neuhaus	20bd80c599	Generate 2048 DH group and add it to Postfix	9 years ago
Stuart Read	6b53da4bdc	Z-push apache config: Jessie also uses conf-available/conf-enabled	9 years ago
rokaz	a8a0905738	Fix dependency for Solr	9 years ago
Alex Payne	b3dc1b00e9	Correct Tomact config file name.	9 years ago
Alex Payne	69abd70297	Remove references to Debian 7	9 years ago
Alex Payne	2352d2d67e	OpenDMARC running under Postgres (?)	9 years ago
Alex Payne	7275a52ba6	Update to Tomcat 8	9 years ago
Alex Payne	34d537fcf2	Remove Dovecot installation for older distros	9 years ago
Alex Payne	2e966fe790	Don't need older Postgres anymore	9 years ago
Alex Payne	b674e0a669	Unified Solr installation across distros	9 years ago
Alex Payne	ecaa4c2330	Partially working Rspamd replacement for dspam	9 years ago
Alex Payne	58a4532fe7	Better permission handling for OpenDMARC. Resolves #400.	9 years ago
Alex Payne	417403f534	Use {{ mail_server_hostname }} over mail.servername Resolves #402.	9 years ago
Alex Payne	7bb62ca678	Explicitly require MySQL server as part of OpenDMARC isntall. Resolves #410.	9 years ago
Miloš Hadžić	d823ed0848	Use lmtp instead of lda for delivery.	9 years ago
Pavel Karoukin	a86e43d5b4	Couple issues with OpenDMARC on Debian 7: * fix mail_db_opendmarc_username/mail_db_opendmarc_password variable not found. * python-mysqldb package is required. Add it to opendmarc task.	9 years ago
Laurent Arnoud	21e0110684	Ignore copy tasks	9 years ago
Laurent Arnoud	a09e2e71c1	tar used in place of unarchive module	9 years ago
Will McCutchen	16b66cc849	Define apache SSL config in one place	9 years ago
Alex Payne	26d61c68a8	Implement OpenDMARC. Resolves #369.	9 years ago
Manfred Touron	16c93ea486	Using more verbose 'dependencies' tag (#393)	9 years ago
Manfred Touron	b49f3a6586	Tagged 'deps' aptitude tasks	9 years ago
John Rogerson	f72e1d2350	Update dovecot version from wheezy backports For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.	9 years ago
Sven Neuhaus	a088d9c456	Use "modern" SSLCipherSuite per Mozilla recommendations. See https://wiki.mozilla.org/Security/Server_Side_TLS for details. Removes RC4 cipher. Fixes issue #341. Also explicitly disabled SSLCompression and enables OCSP stapling. We should put all these settings in /etc/apache2/mods-enabled/ssl.conf to avoid duplication...	9 years ago

First Previous 1 2 3 4 5 Next Last

201 Commits (0ecd31c1594ea54f1f58e94af5486a2b24d37867)