In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.
Data loss will occur if backing up postgresql while it runs. A simple
fix is to stop it during the backup. I've moved the backup to early
morning to reduce possible downtime.
A better approach would be to use pg_dump.
The previous behaviour relied on managesieve copying over the
.dovecot.sieve file into the user's directory. I found this to be
particularly fragile. For instance, re-deploying roundcube without
dovecot could overwrite the .dovecot.sieve symlink and break
managesieve.
A better approach is to use the global sieve configuration that
roundcube provides and not mess with dovecot's files directly.
I had a # in my mail_db_password and spent the last 2 hours trying to figure out why I couldn't connect by IMAP. A # is only allowed if the connect string is wrapped in quotes.
Fixes issue #8. Adds new variable mail_header_privacy, on by default.
Installs postfix-pcre unconditionally, and then copies the pcre file
over and adds the header check to main.cf based on the variable value.
“this header replacement works great, but it logs that the replacement
has been done, which means that you are storing this information,
unless you are anonymizing your logs”
use the world-wide pool by default, but specify north-america in
user.yml. Also, documentation. This way Sovereign will still behave the
same, but the NTP servers can be changed when desired.
This works on Debian/Ubuntu only.
There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.
PostgreSQL works similarly with varchar and text columns. Rather than
limiting the amount of characters a column can hold simply use text
columns.
Because this sql is now PostgreSQL specific, there's no need to maintain
what was set in the mysql settings.
Remove all configuration for MySQL and configure PostgreSQL as the main
database.
All *_mysql_* options have been changed to *_db_* options.
Postgres requires the database user to have a password in order to
connect via localhost. The db_admin_password option is used to set the
password of the admin user (usually postgres).
When you're hosting a couple of hundred aliases, you will benefit.
It seems safer to create the index and deal with the slight overhead
for just a couple of records, as opposed to not having these
indexes and deal with serious performance issues if you have
lots of aliases on the machine.
Don't mail them individually to the destemail. The destemail setting is thus no
longer used, but let's set it anyway to be clear where it will mail if you
change the action back.