Mike Ashley
b8f030eb48
Merge tomcat changes to default configuration
Take changes to the tomcat6 default configuration and apply to tomcat7
configuration. This was done by review of the diff between sovereign's
tomcat6 configuration and the default tomcat7 configuration.
před 8 roky
Mike Ashley
ae6d97a4b6
Match tomcat version to solr
The package solr installs and uses tomcat7. Installing tomcat8 appears
to be a mistake for Debian Jessie.
před 8 roky
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
před 9 roky
Carl Meyer
3265e77865
Update rspamd repository to the official one.
před 8 roky
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
před 9 roky
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
před 9 roky
Mike Ashley
aa59a1a2f0
Correct special-casing of z-push Apache configuration
před 9 roky
Stuart Read
e444efa2b4
Add jessie to special-casing for modern apache conf.d handling.
před 9 roky
Stuart Read
22ef6be96e
Revert "Z-push apache config: Jessie also uses conf-available/conf-enabled"
This reverts commit 6b53da4bdc .
Using a different approach to maintain wheezy compatibility
před 9 roky
Stuart Read
6b53da4bdc
Z-push apache config: Jessie also uses conf-available/conf-enabled
před 9 roky
rokaz
a8a0905738
Fix dependency for Solr
před 9 roky
Alex Payne
b3dc1b00e9
Correct Tomact config file name.
před 9 roky
Alex Payne
69abd70297
Remove references to Debian 7
před 9 roky
Alex Payne
2352d2d67e
OpenDMARC running under Postgres (?)
před 9 roky
Alex Payne
7275a52ba6
Update to Tomcat 8
před 9 roky
Alex Payne
34d537fcf2
Remove Dovecot installation for older distros
před 9 roky
Alex Payne
2e966fe790
Don't need older Postgres anymore
před 9 roky
Alex Payne
b674e0a669
Unified Solr installation across distros
před 9 roky
Alex Payne
ecaa4c2330
Partially working Rspamd replacement for dspam
před 9 roky
Alex Payne
58a4532fe7
Better permission handling for OpenDMARC.
Resolves #400 .
před 9 roky
Alex Payne
417403f534
Use {{ mail_server_hostname }} over mail.servername
Resolves #402 .
před 9 roky
Alex Payne
7bb62ca678
Explicitly require MySQL server as part of OpenDMARC isntall.
Resolves #410 .
před 9 roky
Miloš Hadžić
d823ed0848
Use lmtp instead of lda for delivery.
před 9 roky
Pavel Karoukin
a86e43d5b4
Couple issues with OpenDMARC on Debian 7:
* fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
not found.
* python-mysqldb package is required. Add it to opendmarc task.
před 9 roky
Laurent Arnoud
21e0110684
Ignore copy tasks
před 9 roky
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
před 9 roky
Will McCutchen
16b66cc849
Define apache SSL config in one place
před 9 roky
Alex Payne
26d61c68a8
Implement OpenDMARC. Resolves #369 .
před 9 roky
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
před 9 roky
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
před 9 roky
John Rogerson
f72e1d2350
Update dovecot version from wheezy backports
For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372 ), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.
před 9 roky
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
před 9 roky
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
před 9 roky
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
před 9 roky
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
před 9 roky
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
před 9 roky
Alex Payne
5222776e34
install Dovecot from wheezy-backports on wheezy, specifying default_release
před 9 roky
Alex Payne
c3afbc3b46
install Dovecot from wheezy-backports on wheezy. resolves #372
před 9 roky
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
před 9 roky
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
před 9 roky
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
před 9 roky
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
před 9 roky
Philip Potter
41243fa3ec
Bump checkrbl version to stop using ahbl
ahbl is no longer being maintained and has been configured to return a
positive value for every host. This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.
lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks. This just pulls in that change.
Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable. I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs. In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update. However, at least this will work fine
for new installs.
Related to #338 (though I don't know if it truly fixes it).
před 10 roky
Sven Neuhaus
ac59435d6e
exclude SSLv3 for all TLS
to mitigate POODLE vulnerability
před 10 roky
Sven Neuhaus
f338b1e15d
Postfix: Disable SSLv2 and SSLv3 for mandatory TLS connections
Postfix: Disable SSLv2 and SSLv3 for 'mandatory SSL' mode connections to completely mitigate the POODLE issue.
před 10 roky
Sven Neuhaus
f4177313d7
Disable SSLv3 in Dovecot imap server
Disable SSLv3 in Dovecot imap server to avoid POODLE vulnerability
před 10 roky
Mike Ashley
cf5d98c505
Correct SMTP port number
před 10 roky
Patrick O'Doherty
6f6fc6a90f
Disable SSLv3 in all Apache vhosts
před 10 roky
Luke Cyca
befde9f660
Update check-rbl to omit uribl. Fixes #279
před 10 roky
Lorenzo Villani
8959f1c183
Add support for Thunderbird automatic configuration
Resolves #114
před 10 roky