Commit Graph

100 Commits

Author SHA1 Message Date
Jim Hague c17c33dfa2 Allow SMTPS and IMAPS connections from Mythic proxies. 2023-11-21 15:15:40 +00:00
Jim Hague 0faf81bd95 Go back to removing previous spam headers if we think it's spam. 2023-09-07 11:27:10 +01:00
Jim Hague 45816eb74a We're receiving via Mythic mailservers, and they've already done RBL. 2023-09-06 14:27:00 +01:00
Jim Hague 32ce2b1a08 We're receiving via Mythic mailservers, so no point greylisting. 2023-09-06 14:26:29 +01:00
Jim Hague 6466609192 Mythic are already using rspamd, so keep their result if present. 2023-09-06 14:25:24 +01:00
Jim Hague 496226815d rspamd requires Redis server. 2023-09-06 14:24:35 +01:00
Jim Hague 46549c6863 Ensure new certificates are readably by ssl-cert group members. 2023-09-06 14:22:51 +01:00
Jim Hague f6185d6443 Small certificate hook updates
1. Preserve mode, owndership, timestamps when copying certificates.
   Ownership is updated after copying.
2. Reload dovecot on mail.lunch.org.uk.
2023-08-06 11:07:16 +01:00
Jim Hague 3a790075ff Deploy dephydrated certs into /var/local/certificates.
This way we can ensure we get the ownership and permissions right.
Also explicitly restart exim on mail cert updates.
2023-07-10 17:54:59 +01:00
Jim Hague 17550da505 Add DKIM to sending via smarthost.
No idea why Debian doesn't have this enabled.
2023-07-05 11:59:36 +01:00
Jim Hague 5be41d4b0b Fix typos in Exim4 SRS router. 2023-05-31 15:20:12 +01:00
Jim Hague 2f349b74fe Add mailman3. 2023-05-24 15:30:46 +01:00
Jim Hague f1669325a2 Roundcube should use submissions (465) for sending. 2023-05-24 15:30:46 +01:00
Jim Hague f61543ea0f Fix Exim SRS configuration - smarthost delivery now works. 2023-05-24 15:30:46 +01:00
Jim Hague 0b936b4703 Create initial mailboxes (users) and add domain alias files. 2023-05-24 15:30:46 +01:00
Jim Hague dcdb7d1687 Allow exim access to dovecot auth-client. 2023-05-24 15:30:46 +01:00
Jim Hague 25420a4eb9 Final email tweaks to delivery without errors.
1. Get Exim from backports because SRS.
2. Get rspamd from rspamd repo, because that works with Exim.
3. Fix permissions issue on delivery via Dovecot.
2023-05-24 15:30:46 +01:00
Jim Hague 0c199cbb96 Update Jenkins repository key. 2023-05-24 15:30:46 +01:00
Jim Hague 7b94baa6cd Add email - Dovecot, rspamd, exim4.
And appropriate configuration for various email domains.
2023-05-24 15:30:46 +01:00
Jim Hague ff199e101f Correct 'owner' to 'user'. 2023-05-24 15:30:46 +01:00
Jim Hague ffa92ca891 Set certificate ownership and add www-data to ssl-cert group.
ssl-cert has permissions to read certificates. No other regular user
does.
2023-05-24 15:30:46 +01:00
Jim Hague d5aa257de5 havoc_website: add SSL redirect for cryhavoc.org.uk to www.cryhavoc.org.uk. 2023-05-24 15:30:46 +01:00
Jim Hague e44a12557a Add cowboy_website to hedwig. 2023-05-24 15:30:46 +01:00
Jim Hague 59d8ebe3ad Add havoc_website to hedwig. 2023-05-24 15:30:46 +01:00
Jim Hague 2e40466040 Add mariadb install to hedwig. 2023-05-24 15:30:46 +01:00
Jim Hague 53c53b17e7 Copy specific files in dehydrated to avoid copying the subrepo .git. 2023-05-24 15:30:46 +01:00
Jim Hague 612c0355be We definitely need cron installed. 2023-05-24 15:30:46 +01:00
Jim Hague 285d7a7f83 Add .gitignore 2023-05-24 15:30:46 +01:00
Jim Hague bba4cc40c2 Replace dehydrated-mythic-dns01 with git submodule. 2023-05-24 15:30:46 +01:00
Jim Hague 1ba422580c Add backup operations and remote access configs. 2023-05-24 15:30:46 +01:00
Jim Hague 4d13ad1145 Add firewall definitions. 2023-05-24 15:30:46 +01:00
Jim Hague de539d163f Correct proxy comment. 2023-05-24 15:30:46 +01:00
Jim Hague 9f414d0180 Change webmail cert path to client path and add symlink on server.
So webmail can be moved between servers if necessary.
2023-05-24 15:30:46 +01:00
Jim Hague cd8649729f Activate webmail on scabbers and lunch website on hedwig. 2023-05-24 15:30:46 +01:00
Jim Hague 1e961062cc Add dottes website details. 2023-05-24 15:30:46 +01:00
Jim Hague b59eb641bd Add lunch website. 2023-05-24 15:30:46 +01:00
Jim Hague f18932407f Add Roundcube webmail. 2023-05-24 15:30:38 +01:00
Jim Hague 021d064552 Add mechanism for copying certificates to other servers. 2023-03-07 15:09:25 +00:00
Jim Hague 42d811b01f ImageMAgick no longer required for dottes build now PNG replaced by SVG. 2023-03-05 22:19:48 +00:00
Jim Hague 888801ddd5 Add include Apache module (required for dottes) and dottes to scabbers. 2023-03-05 22:19:12 +00:00
Jim Hague 1b7b8e7c4b pdfcrop is not longer required, so neither is texlive-extra-utils. 2023-02-28 17:46:47 +00:00
Jim Hague e7c3209a8a Add Gitea to scabbers. 2023-02-27 18:02:28 +00:00
Jim Hague fd0714e00d Add fail2ban and firewalld to scabbers. 2023-02-27 14:49:09 +00:00
Jim Hague 8c2405c7b7 Add fail2ban and firewalld and test out with hedwig. 2023-02-27 14:44:50 +00:00
Jim Hague 9b90676d1f Use a better action name. 2023-02-27 14:32:37 +00:00
Jim Hague d33ae10f29 Add Jenkins, and requisites for building The Booke Of Dottes. 2023-02-26 00:37:35 +00:00
Jim Hague 6f23b71595 Add Mercurial repos and web interface. 2023-02-24 11:51:59 +00:00
Jim Hague e51246b17a Add .hgignore. 2023-02-20 15:50:49 +00:00
Jim Hague 061cf5bc6c Add certificate management via Mythic Beasts DNSAPI. 2023-02-20 15:50:20 +00:00
Jim Hague 0ee6d4a45b Basic config for all Debian servers. 2023-02-16 18:30:03 +00:00