ahbl is no longer being maintained and has been configured to return a
positive value for every host. This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.
lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks. This just pulls in that change.
Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable. I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs. In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update. However, at least this will work fine
for new installs.
Related to #338 (though I don't know if it truly fixes it).
Add a status vhost to apache, so that monit's http monitoring will work.
It doesn't particularly matter to the monit check what this vhost does
as long as it returns 200, but I thought it would be nice to use
apache's builtin status functionality. Ideas cribbed from [1]. It
might also be possible to use monit's apache-status functionality to
alert on more sophisticated criteria, but this will do for now.
Open question: does collectd support apache-status? Might it also be
interested in this vhost?
Fixes #299.
[1] http://mmonit.com/wiki/Monit/MonitorApacheStatus
On fresh installs of Debian 7.6, the current order of steps will lock you
out of SSH. This will enable UFW after creating rules for http, https, ssh,
and DNS. Fix comes from @Debugreality in issue #303:
https://github.com/al3x/sovereign/issues/303
- Added backports to apt configuration.
- Updated roundcube task to use the roundcube backport.
- Updated roundcube's main.inc.php configuration file to use the one included
in the backport distribution. Migrated configuration parameters from the
existing configuration file except in cases where it looked like the Roundcube
team was changing defaults that were not touched by Sovereign's configuration.
I may have gotten some wrong; needs review by Sovereign maintainer.