Commit Graph

230 Commits

Author SHA1 Message Date
KiekerJan 5628c1e674 merge master 2022-09-17 16:53:08 +02:00
KiekerJan 15735fc59c Merge branch 'master' into mergeupstream2204 2022-09-17 16:48:02 +02:00
KiekerJan 9ee26d3ef1 merge upstream changes proposed for 2204 2022-09-17 16:41:35 +02:00
KiekerJan a0937290b7 correct reference in fail2ban jail to nextcloud log 2022-09-16 23:29:30 +02:00
KiekerJan e3a91ece00 move nextcloud logging to syslog 2022-09-08 22:23:07 +02:00
KiekerJan a8aa3675bc add postfix aggressive jail 2022-09-04 20:57:50 +02:00
KiekerJan 0058583913 update roundcube email to 1.6, update plugins and add logrotate entry 2022-08-19 19:59:38 +02:00
github@kiekerjan.isdronken.nl 5d186fcced Merge branch 'dns_to_unbound' 2022-04-21 21:54:11 +02:00
KiekerJan 0392b07008 updates on nginx security headers 2022-04-18 21:16:21 +02:00
KiekerJan a4b6b15c14 add possibility for unbound blocklist 2022-03-22 13:05:25 +01:00
KiekerJan 0f80d071db remove elaborate dns config, simply delete resolv.conf symlink 2022-03-20 22:12:02 +01:00
KiekerJan 640751b606 initial changes to use unbound as local dns resolver instead of bind 2022-03-20 20:57:19 +01:00
KiekerJan be899f2b9e avoid a runaway /64 in jail.conf 2021-10-25 16:44:25 +02:00
github@kiekerjan.isdronken.nl 52a5100265 align recidive search time to a week 2021-09-09 22:52:30 +02:00
KiekerJan c4fa84b966 tuning fail2ban 2021-08-29 22:47:29 +02:00
KiekerJan 63255d321a tuning fail2ban 2021-08-28 13:34:37 +02:00
KiekerJan cf6eac0d0c add nginx security headers 2021-08-02 00:05:12 +02:00
KiekerJan 1f35158211 use predefined DHE field groups 2021-08-01 23:09:59 +02:00
KiekerJan 87be897d36 update DH security to 4096 2021-08-01 21:52:37 +02:00
KiekerJan 3592b6463d add ipv6 localhost to ignore ip list 2021-07-04 20:09:07 +02:00
github@kiekerjan.isdronken.nl 212b9a31df add definition of admin ipv6 address 2021-06-27 22:12:15 +02:00
github@kiekerjan.isdronken.nl ca5fb3c2e0 Merge changes from upstream v0.54 2021-06-20 23:36:54 +02:00
KiekerJan 95712e196b remove chkrootkit,too many false positives 2021-06-05 09:53:07 +02:00
KiekerJan f722eef9d7 remove not belonging data 2021-05-31 23:45:46 +02:00
github@kiekerjan.isdronken.nl 9f7ced57a6 add favicon 2021-05-31 23:38:35 +02:00
KiekerJan a24c01973f doveadm fts rescan clears the indices, we don't want that 2021-05-30 21:11:47 +02:00
KiekerJan 7ffc87c529 more to ignore for chkrootkit 2021-05-28 23:37:53 +02:00
KiekerJan b0e053bc4a update chkrootkit ignore file 2021-05-18 13:03:23 +02:00
Joshua Tauberer d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
KiekerJan 6f804ea5fe only cron errors as output 2021-05-09 09:23:58 +02:00
github@kiekerjan.isdronken.nl 6aec61e4e8 cleanup solr files 2021-05-08 23:43:39 +02:00
github@kiekerjan.isdronken.nl 23c0388bb3 base for xapian dovecot fts 2021-05-08 22:35:46 +02:00
KiekerJan 575e5144d5 add ignore file for chkrootkit 2021-05-01 23:36:51 +02:00
github@kiekerjan.isdronken.nl 7368b4caea simplify fail2ban configuration 2021-04-28 15:57:52 +02:00
github@kiekerjan.isdronken.nl 7089bd2748 solr fixes 2021-04-26 09:40:27 +02:00
github@kiekerjan.isdronken.nl b1671df028 update once every hour, not every day 2021-04-25 20:53:32 +02:00
github@kiekerjan.isdronken.nl 3bf241c3e0 add postfix spamhaus jail 2021-04-23 22:03:22 +02:00
github@kiekerjan.isdronken.nl 1292dce11e merge from 1804 version 2021-04-21 22:42:10 +02:00
github@kiekerjan.isdronken.nl e946276f15 install solr without ubuntu package 2021-04-21 22:26:49 +02:00
github@kiekerjan.isdronken.nl ef5b536f43 optimize solr cron and log 2021-04-18 21:52:17 +02:00
github@kiekerjan.isdronken.nl 4aaee13c1c Add solr full text search based on https://github.com/jvolkenant/mailinabox/tree/solr-jetty 2021-04-17 23:00:14 +02:00
github@kiekerjan.isdronken.nl c24ca5abd4 include changes from v0.53. Remove some POWER modifications to closer follow original mialinabox 2021-04-13 09:50:23 +02:00
github@kiekerjan.isdronken.nl daf5a62e83 Merge changes from kiekerjan special 2021-04-11 20:45:24 +02:00
github@kiekerjan.isdronken.nl 12d0aee27a Add own changes 2021-04-11 12:14:41 +02:00
David Duque 4829e687ff
Merge changes from master 2021-01-31 16:20:15 +00:00
David Duque a67a57913d v0.51 (November 14, 2020)
Software updates:
 
 * Upgraded Nextcloud from 17.0.6 to 20.0.1 (with Contacts from 3.3.0 to 3.4.1 and Calendar from 2.0.3 to 2.1.2)
 * Upgraded Roundcube to version 1.4.9.
 
 Mail:
 
 * The MTA-STA max_age value was increased to the normal one week.
 
 Control Panel:
 
 * Two-factor authentication can now be enabled for logins to the control panel. However, keep in mind that many online services (including domain name registrars, cloud server providers, and TLS certificate providers) may allow an attacker to take over your account or issue a fraudulent TLS certificate with only access to your email address, and this new two-factor authentication does not protect access to your inbox. It therefore remains very important that user accounts with administrative email addresses have strong passwords.
 * TLS certificate expiry dates are now shown in ISO8601 format for clarity.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl+v8k4PHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BMYUIAJTD1iKzY1SoDNSp8JMPn2sWusOnJNrnvYEV
 vsrBM4AzwJv3DIZKSkYCitbTQW2FsTcjF6Jl5PCavEmAGe55AIKAPM/52Uq6jqDE
 aR8EZvI9ca1i7yR7DOHEI043QSPmp/iCFD48vvmKgN/LZy67TaHaOlGJbc3nfpk0
 y7ejMpF/6RP6ik4snnRQoWTFShaOpB9WcEVnUO7CHZdWcpSCZ55c9yi6A6ExGk7e
 97R5+JN1MgOdZ6rzWZuMWiz7EZ/Ew4jYLZpOwg8qJm0HNbYJ6+/xxsQBwaQzyBw3
 TsTl4GmunNPfoNrmKdJeLy0sBwiVBv/rysjWjim5v8jAYBoKoUQ=
 =2oRU
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl+xc7sACgkQLzJ3OKPA
 rjo6Zw//eYyTBlfQfFHIsLYKxJbwh6fDrIG6/Za6898cPhkJ/ugBeJlNEyT/EjpU
 MvtIgEU9xbG/tjsnQXsgAXJ6s7ZWm1QB5D+wqUIEeAFUn5IkCnXo0wPZJhSTNZhD
 4InnWsicYZj/ByuSH179xHyTAx2uYDBbPT4HjUlzIsaopvWOKLvAfzY3r42AiNvZ
 e79MhKbtOs9kDkrB2LULRzz6WzJDKb11fJccf7UaBerwFvOarMr8hSpOysK0ocHk
 H0wbrGxjb8iBjczVP4OFh36satQ5l4B1W+QVIxZG9ufVAOe3dhv8HngaHqAVyUgF
 gWjDYTnL/anoMMew+kbn2sjeKH6m2ZA+u9g+mDyMGSECVVYhkpOpcbPjZlmlNAQN
 C5BHmHltIg90uicrhzEEPFDBR1JF7JrYO42EwnOWMwjhzRkH2cepVw86lDr+pbrH
 s3hvoWiFFt7cs5ShCpgZDL20ey1e+9wL6b72Qlo7ls7MK3vfZvLPxJLpTi+bnymD
 CNt82Mjpu3BrhjCIGp+px9E2JU/7wUwqyUbgWFtyqxCdJOZXA4ZXVtDs5pQFzhug
 G+Z1HxFmhxck17SD0uHhXJKRD8IRttnO5sBESJaLNB4Ws/KspHVPePNskB/1XSfr
 pFOqikZsoKOICZnpd/eTnUlciqFygqvB0WuFsJNttQN2dBpJViA=
 =ZMFZ
 -----END PGP SIGNATURE-----

Merge upstream v0.51
2020-11-15 18:30:19 +00:00
gumida 7ce41e3865
Changed mta-sts.txt end of line from LF to CRLF per RFC 8461 (#1863) 2020-11-15 07:54:34 -05:00
Felix Spöttel 7d6c7b6610
Increase mta-sts max_age to one week (#1829)
This aligns the policy with the example policy found in the  spec
see https://tools.ietf.org/html/rfc8461#section-3.2
2020-10-02 21:27:21 -04:00
0pis 7f0f28f8e3
Use tabs instead of spaces in nginx conf (#1827)
* conf/nginx-primaryonly.conf: Use tabs instead of spaces
* management/web_update.py: Includes the tabs so they display with the correct indentation when added to the local.conf

Co-authored-by: 0pis <0pis>
2020-09-27 07:13:33 -04:00
David Duque 2bfa65329a
Keep root in actual local.conf file 2020-09-27 02:17:49 +01:00