Julien Cristau [Fri, 15 Nov 2019 10:58:34 +0000 (11:58 +0100)]
autofs::bytemark: lint fixes
Julien Cristau [Fri, 15 Nov 2019 10:52:41 +0000 (11:52 +0100)]
autofs: mount debian-buildd at bytemark from milanollo instead of senfter
Julien Cristau [Wed, 13 Nov 2019 19:32:58 +0000 (20:32 +0100)]
roles::pubsub::entities: make lint happy
Julien Cristau [Wed, 13 Nov 2019 19:31:47 +0000 (20:31 +0100)]
decommission petrova (RT#7978)
Julien Cristau [Tue, 12 Nov 2019 22:37:56 +0000 (23:37 +0100)]
Disabling RA needs to happen late in if-pre-up, so that the interface actually exists
Rename our script to run later than the "vlan" one.
Julien Cristau [Mon, 11 Nov 2019 12:22:37 +0000 (13:22 +0100)]
temporarily remove lw01 from snapshot sync
Julien Cristau [Sun, 10 Nov 2019 12:13:27 +0000 (13:13 +0100)]
autofs: temporarily remove lw01
Aurelien Jarno [Fri, 8 Nov 2019 21:12:07 +0000 (22:12 +0100)]
decomission klecker rt#7582
Julien Cristau [Fri, 8 Nov 2019 09:41:51 +0000 (10:41 +0100)]
Stop serving git and bzr repos on db.d.o
Julien Cristau [Fri, 8 Nov 2019 09:41:03 +0000 (10:41 +0100)]
Import db.d.o apache vhost into puppet
Adam D. Barratt [Thu, 7 Nov 2019 10:27:15 +0000 (10:27 +0000)]
d.o: move d-i hooks rewrite to d-i.d.o rather than d-i.alioth.d.o
The latter no longer exists since the Alioth shutdown
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 4 Nov 2019 19:21:45 +0000 (19:21 +0000)]
eximconf: one more match
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 19:06:08 +0000 (19:06 +0000)]
eximconf: add a couple of text matches
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 18:13:09 +0000 (18:13 +0000)]
exim helo check: reject claims to be *.mail.protection.outlook.com
The *.mail.protection names are used for inbound mail, outbound traffic
should come from *.outbound.protection.outlook.com
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 17:55:54 +0000 (17:55 +0000)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 17:55:16 +0000 (17:55 +0000)]
eximconf: fix typo ("adress")
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 17:16:17 +0000 (17:16 +0000)]
exim helo-check: add smtp.outlook.com
Every connection using that HELO appears to be spam
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Sat, 2 Nov 2019 17:17:57 +0000 (18:17 +0100)]
autofs: add new lw11 snapshot storage
Adam D. Barratt [Fri, 1 Nov 2019 20:16:47 +0000 (20:16 +0000)]
eximconf: factor out content checks
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 1 Nov 2019 19:34:15 +0000 (19:34 +0000)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 1 Nov 2019 19:33:40 +0000 (19:33 +0000)]
eximconf: attempt to catch some "loads of money" spams
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Tue, 29 Oct 2019 15:13:52 +0000 (16:13 +0100)]
Revert "Add the posix_acl module"
This reverts commit
97927d5ad35af3af48b7a2d2f105aaf1802a8fcd.
We no longer need the posix_acl module
Peter Palfrader [Tue, 29 Oct 2019 15:13:14 +0000 (16:13 +0100)]
prosody: posix_acl is fighting with the prosody module about proper modes; remove ACLs
Peter Palfrader [Tue, 29 Oct 2019 15:01:52 +0000 (16:01 +0100)]
Remove -> in prosody profile to get rid of dependency cycle
Peter Palfrader [Tue, 29 Oct 2019 14:52:42 +0000 (15:52 +0100)]
Merge remote-tracking branch 'gfa/gfa/prosody'
* gfa/gfa/prosody:
Notify prosody when its certificates change
manage prosody using puppet
Add the posix_acl module
Add the prosody module
gustavo panizzo [Fri, 11 Oct 2019 13:32:28 +0000 (15:32 +0200)]
Notify prosody when its certificates change
gustavo panizzo [Thu, 13 Jun 2019 08:30:27 +0000 (16:30 +0800)]
manage prosody using puppet
at this stage, just replicate the current configuration using puppet
replace tabs by two spaces
fix lint warnings and errors in the rtc role
gustavo panizzo [Thu, 13 Jun 2019 07:36:05 +0000 (15:36 +0800)]
Add the posix_acl module
gustavo panizzo [Tue, 28 May 2019 15:54:55 +0000 (17:54 +0200)]
Add the prosody module
Adam D. Barratt [Sun, 27 Oct 2019 20:53:42 +0000 (20:53 +0000)]
eximconf: re-order checks to avoid unnecessary DNS lookups
If the result of the DNS lookup is not going to be used, then we may as
well not perform the lokup at all
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 20:03:01 +0000 (20:03 +0000)]
eximconf: reject messages that the sender says are spam
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 19:36:26 +0000 (19:36 +0000)]
exim helo-check: remove duplicated entry
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 19:35:18 +0000 (19:35 +0000)]
exim helo-check: stop people claiming to be e.g. "mail.example.com"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 17:12:51 +0000 (17:12 +0000)]
eximconf: only append RBL text information when provided
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Laura Arjona Reina [Sun, 6 Oct 2019 08:57:38 +0000 (10:57 +0200)]
Developers Reference migrated to Sphinx and changed back to old names, update the redirects (see bug #931548)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sun, 27 Oct 2019 06:42:51 +0000 (07:42 +0100)]
make quantz use the ubc dak replica
Julien Cristau [Sun, 27 Oct 2019 06:39:38 +0000 (07:39 +0100)]
autofs: quantz at ubc
Julien Cristau [Sat, 26 Oct 2019 22:53:38 +0000 (00:53 +0200)]
autofs: make the linter happy
Julien Cristau [Sat, 26 Oct 2019 22:50:56 +0000 (00:50 +0200)]
no more autofs on dillon
Julien Cristau [Sat, 26 Oct 2019 20:07:01 +0000 (22:07 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Sat, 26 Oct 2019 18:05:44 +0000 (20:05 +0200)]
Add volumes for quantz at ubc
Julien Cristau [Sat, 26 Oct 2019 13:25:03 +0000 (15:25 +0200)]
Move static master duties from dillon to static-master-manda-01
Adam D. Barratt [Fri, 25 Oct 2019 20:31:46 +0000 (21:31 +0100)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 25 Oct 2019 20:30:38 +0000 (22:30 +0200)]
schroot: fix comment
Julien Cristau [Fri, 25 Oct 2019 20:26:59 +0000 (22:26 +0200)]
99builddsourceslist: temporarily add stretch-proposed-updates to stretch-security chroots
Temporarily add stretch-proposed-updates for stretch-security chroots as requested
by the security team to handle Thunderbird and Firefox ESR 68.x releases. This should
be removed with the release of the 9.12 point release.
Julien Cristau [Fri, 25 Oct 2019 20:13:37 +0000 (22:13 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Fri, 25 Oct 2019 20:07:28 +0000 (22:07 +0200)]
add static-master-manda-01
Adam D. Barratt [Fri, 25 Oct 2019 17:10:25 +0000 (18:10 +0100)]
eximconf: whitespace fixup
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 17:08:27 +0000 (18:08 +0100)]
eximconf: use acl_m_defopt instead of re-evaluating HAS_DEFAULT_OPTIONS
This makes no difference to the result, but makes reading debug output
much simpler.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 16:49:10 +0000 (17:49 +0100)]
eximconf: use "add_header" when the intent is to add headers
The "message" modifier for the "warn" verb can still be used to add
headers, but it's more obvious to use add_header explicitly
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 16:43:02 +0000 (17:43 +0100)]
eximconf: whitespace fix
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 24 Oct 2019 21:06:36 +0000 (22:06 +0100)]
eximconf: tag/reject mail matching specific suspicious content
This initial string matches an unsubscribe link using the text "if you...
were unknowingly or unintentionally added to the mailing list"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 21:42:51 +0000 (22:42 +0100)]
eximconf: remove reference to non-existent "relayhosts" file
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 21:32:41 +0000 (22:32 +0100)]
exim blacklist: more recent spammers
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 20:06:34 +0000 (21:06 +0100)]
exim blacklist: expire some very old entries
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 20:04:04 +0000 (21:04 +0100)]
exim blacklist: add more recent offenders
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 19:32:42 +0000 (20:32 +0100)]
eximconf: ensure all recipients have the same default options setting
This allows us to perform tests at DATA time that are dependent on the
default options flag
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 16:49:04 +0000 (17:49 +0100)]
eximconf: add an explanatory comment for default options
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 21:45:14 +0000 (22:45 +0100)]
eximconf: only treat @d.o addresses as eligible for default options
Service domains have no way of opting out of the settings, so don't
forcibly opt them in
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 25 Oct 2019 15:09:02 +0000 (17:09 +0200)]
Add /dev/sdc PV at manda
Julien Cristau [Mon, 21 Oct 2019 13:15:10 +0000 (15:15 +0200)]
snapshot-web: remove AWS block
Let's try and see if the rate-limiting makes things bearable.
Julien Cristau [Mon, 21 Oct 2019 12:19:42 +0000 (14:19 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Peter Palfrader [Mon, 21 Oct 2019 09:42:29 +0000 (11:42 +0200)]
Parameterize webserver class
Peter Palfrader [Mon, 21 Oct 2019 09:34:07 +0000 (11:34 +0200)]
Clean up and document apache2::config
Peter Palfrader [Mon, 21 Oct 2019 09:30:04 +0000 (11:30 +0200)]
Clean up and document apache2::module
Peter Palfrader [Mon, 21 Oct 2019 09:27:19 +0000 (11:27 +0200)]
Clean up and document apache2::site
Peter Palfrader [Mon, 21 Oct 2019 09:19:55 +0000 (11:19 +0200)]
whitespace: apache2/manifests
Peter Palfrader [Mon, 21 Oct 2019 09:08:10 +0000 (11:08 +0200)]
Move apache module configs to apache2::module dir; add compat includes
Peter Palfrader [Mon, 21 Oct 2019 09:04:42 +0000 (11:04 +0200)]
whitespace/quoting: apache
Adam D. Barratt [Sun, 20 Oct 2019 11:45:59 +0000 (12:45 +0100)]
fail2ban: lint fixes
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 19 Oct 2019 12:12:08 +0000 (13:12 +0100)]
exim blacklist: add a repeat offender
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:59:06 +0000 (21:59 +0100)]
Note that exim contains tracker-specific configuration
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:58:33 +0000 (21:58 +0100)]
Indicate that ticharich needs trackermaster exim config
RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:58:03 +0000 (21:58 +0100)]
exim: use a different local part suffix for tracker virtual users
Part of RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:56:31 +0000 (21:56 +0100)]
exim: allow a host to indicate that it is the master for tracker.d.o
Part of RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 17 Oct 2019 19:37:34 +0000 (20:37 +0100)]
eximconf: add logging for Subject headers
For troubleshooting and to provide input to policy decisions
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Wed, 16 Oct 2019 14:46:25 +0000 (16:46 +0200)]
ftp-master as historical_master (part of RT#7644)
Julien Cristau [Tue, 15 Oct 2019 16:47:20 +0000 (18:47 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Peter Palfrader [Tue, 15 Oct 2019 11:02:26 +0000 (13:02 +0200)]
yamlinfo: use different dir to list all nodes
We used Dir.entries('/var/lib/puppet/yaml/node/') to get a list of all
nodes. That dir is now empty. Switch to using
Dir.entries('/var/lib/puppet/yaml/facts/').
Both are probably bad, but yamlinfo() should be phased out in favor of
hiera/puppetdb anyhow, so for now this is a temporary fix.
Peter Palfrader [Tue, 15 Oct 2019 11:01:35 +0000 (13:01 +0200)]
Catch empty *info when we get it from the functions in modules/deprecated
Peter Palfrader [Tue, 15 Oct 2019 11:01:10 +0000 (13:01 +0200)]
Catch empty data arrays at start of entropy_provider function
Adam D. Barratt [Mon, 14 Oct 2019 21:25:04 +0000 (22:25 +0100)]
eximconf: include RBL response value in reject messages
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 21:19:42 +0000 (22:19 +0100)]
eximconf: reject bounces to "neversender" addresses
If an address never originates mail then there is no reason for it to be
receiving NDRs
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)]
fail2ban: (strictly) ban hosts that are well over the ratelimit
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 20:08:33 +0000 (21:08 +0100)]
eximconf: more RBLs for the default set
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 19:54:08 +0000 (20:54 +0100)]
exim_surbl.pl: enable DBL checks
This should be safe enough to do by default
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 19:44:38 +0000 (20:44 +0100)]
eximconf: add more RBL config to the default options setup
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 19:25:42 +0000 (20:25 +0100)]
eximconf: switch default options back to on
The ud-ldap change has been deployed, so the frontends now have access
to the full set of options.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Mon, 14 Oct 2019 18:18:31 +0000 (20:18 +0200)]
debian_org: lint fixes
Julien Cristau [Mon, 14 Oct 2019 18:00:08 +0000 (20:00 +0200)]
Fix yet another typo
Julien Cristau [Mon, 14 Oct 2019 17:54:52 +0000 (19:54 +0200)]
I should learn to type
Julien Cristau [Mon, 14 Oct 2019 17:52:12 +0000 (19:52 +0200)]
Use a pre-up script to turn off accept_ra
Turns out the /all/ sysctl is a no-op.
Adam D. Barratt [Sun, 13 Oct 2019 19:12:06 +0000 (20:12 +0100)]
eximconf: only set "greylisting requested" flag for handled domains
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 18:24:25 +0000 (19:24 +0100)]
eximconf: skip greylisting for hosts with high dnswl.org trust
It's unlikely to do anything other than delay mail in these cases
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 18:14:17 +0000 (19:14 +0100)]
exim blacklist: remove escape protection
It's only needed in lists within the configuration, not in files
used for searches.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 16:16:47 +0000 (17:16 +0100)]
exim blacklist: simplify whole-domain entries
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 16:11:48 +0000 (17:11 +0100)]
exim blacklist: add more recent spammers
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 07:37:26 +0000 (08:37 +0100)]
eximconf: assume that unlisted recipients don't want default options
At least until mail-default-options.db lists all users.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 21:55:58 +0000 (22:55 +0100)]
exim: add some RBLs for secretary@d.o (RT#5281)
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 21:53:20 +0000 (22:53 +0100)]
exim: enable greylisting for secretary@d.o (RT#5281)
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
projects / mirror / dsa-puppet.git / log