Adam D. Barratt [Sun, 27 Oct 2019 19:36:26 +0000 (19:36 +0000)]
exim helo-check: remove duplicated entry
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 19:35:18 +0000 (19:35 +0000)]
exim helo-check: stop people claiming to be e.g. "mail.example.com"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 17:12:51 +0000 (17:12 +0000)]
eximconf: only append RBL text information when provided
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Laura Arjona Reina [Sun, 6 Oct 2019 08:57:38 +0000 (10:57 +0200)]
Developers Reference migrated to Sphinx and changed back to old names, update the redirects (see bug #931548)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sun, 27 Oct 2019 06:42:51 +0000 (07:42 +0100)]
make quantz use the ubc dak replica
Julien Cristau [Sun, 27 Oct 2019 06:39:38 +0000 (07:39 +0100)]
autofs: quantz at ubc
Julien Cristau [Sat, 26 Oct 2019 22:53:38 +0000 (00:53 +0200)]
autofs: make the linter happy
Julien Cristau [Sat, 26 Oct 2019 22:50:56 +0000 (00:50 +0200)]
no more autofs on dillon
Julien Cristau [Sat, 26 Oct 2019 20:07:01 +0000 (22:07 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Sat, 26 Oct 2019 18:05:44 +0000 (20:05 +0200)]
Add volumes for quantz at ubc
Julien Cristau [Sat, 26 Oct 2019 13:25:03 +0000 (15:25 +0200)]
Move static master duties from dillon to static-master-manda-01
Adam D. Barratt [Fri, 25 Oct 2019 20:31:46 +0000 (21:31 +0100)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 25 Oct 2019 20:30:38 +0000 (22:30 +0200)]
schroot: fix comment
Julien Cristau [Fri, 25 Oct 2019 20:26:59 +0000 (22:26 +0200)]
99builddsourceslist: temporarily add stretch-proposed-updates to stretch-security chroots
Temporarily add stretch-proposed-updates for stretch-security chroots as requested
by the security team to handle Thunderbird and Firefox ESR 68.x releases. This should
be removed with the release of the 9.12 point release.
Julien Cristau [Fri, 25 Oct 2019 20:13:37 +0000 (22:13 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Fri, 25 Oct 2019 20:07:28 +0000 (22:07 +0200)]
add static-master-manda-01
Adam D. Barratt [Fri, 25 Oct 2019 17:10:25 +0000 (18:10 +0100)]
eximconf: whitespace fixup
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 17:08:27 +0000 (18:08 +0100)]
eximconf: use acl_m_defopt instead of re-evaluating HAS_DEFAULT_OPTIONS
This makes no difference to the result, but makes reading debug output
much simpler.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 16:49:10 +0000 (17:49 +0100)]
eximconf: use "add_header" when the intent is to add headers
The "message" modifier for the "warn" verb can still be used to add
headers, but it's more obvious to use add_header explicitly
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 16:43:02 +0000 (17:43 +0100)]
eximconf: whitespace fix
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 24 Oct 2019 21:06:36 +0000 (22:06 +0100)]
eximconf: tag/reject mail matching specific suspicious content
This initial string matches an unsubscribe link using the text "if you...
were unknowingly or unintentionally added to the mailing list"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 21:42:51 +0000 (22:42 +0100)]
eximconf: remove reference to non-existent "relayhosts" file
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 21:32:41 +0000 (22:32 +0100)]
exim blacklist: more recent spammers
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 20:06:34 +0000 (21:06 +0100)]
exim blacklist: expire some very old entries
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 20:04:04 +0000 (21:04 +0100)]
exim blacklist: add more recent offenders
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 19:32:42 +0000 (20:32 +0100)]
eximconf: ensure all recipients have the same default options setting
This allows us to perform tests at DATA time that are dependent on the
default options flag
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 16:49:04 +0000 (17:49 +0100)]
eximconf: add an explanatory comment for default options
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 21:45:14 +0000 (22:45 +0100)]
eximconf: only treat @d.o addresses as eligible for default options
Service domains have no way of opting out of the settings, so don't
forcibly opt them in
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 25 Oct 2019 15:09:02 +0000 (17:09 +0200)]
Add /dev/sdc PV at manda
Julien Cristau [Mon, 21 Oct 2019 13:15:10 +0000 (15:15 +0200)]
snapshot-web: remove AWS block
Let's try and see if the rate-limiting makes things bearable.
Julien Cristau [Mon, 21 Oct 2019 12:19:42 +0000 (14:19 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Peter Palfrader [Mon, 21 Oct 2019 09:42:29 +0000 (11:42 +0200)]
Parameterize webserver class
Peter Palfrader [Mon, 21 Oct 2019 09:34:07 +0000 (11:34 +0200)]
Clean up and document apache2::config
Peter Palfrader [Mon, 21 Oct 2019 09:30:04 +0000 (11:30 +0200)]
Clean up and document apache2::module
Peter Palfrader [Mon, 21 Oct 2019 09:27:19 +0000 (11:27 +0200)]
Clean up and document apache2::site
Peter Palfrader [Mon, 21 Oct 2019 09:19:55 +0000 (11:19 +0200)]
whitespace: apache2/manifests
Peter Palfrader [Mon, 21 Oct 2019 09:08:10 +0000 (11:08 +0200)]
Move apache module configs to apache2::module dir; add compat includes
Peter Palfrader [Mon, 21 Oct 2019 09:04:42 +0000 (11:04 +0200)]
whitespace/quoting: apache
Adam D. Barratt [Sun, 20 Oct 2019 11:45:59 +0000 (12:45 +0100)]
fail2ban: lint fixes
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 19 Oct 2019 12:12:08 +0000 (13:12 +0100)]
exim blacklist: add a repeat offender
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:59:06 +0000 (21:59 +0100)]
Note that exim contains tracker-specific configuration
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:58:33 +0000 (21:58 +0100)]
Indicate that ticharich needs trackermaster exim config
RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:58:03 +0000 (21:58 +0100)]
exim: use a different local part suffix for tracker virtual users
Part of RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:56:31 +0000 (21:56 +0100)]
exim: allow a host to indicate that it is the master for tracker.d.o
Part of RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 17 Oct 2019 19:37:34 +0000 (20:37 +0100)]
eximconf: add logging for Subject headers
For troubleshooting and to provide input to policy decisions
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Wed, 16 Oct 2019 14:46:25 +0000 (16:46 +0200)]
ftp-master as historical_master (part of RT#7644)
Julien Cristau [Tue, 15 Oct 2019 16:47:20 +0000 (18:47 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Peter Palfrader [Tue, 15 Oct 2019 11:02:26 +0000 (13:02 +0200)]
yamlinfo: use different dir to list all nodes
We used Dir.entries('/var/lib/puppet/yaml/node/') to get a list of all
nodes. That dir is now empty. Switch to using
Dir.entries('/var/lib/puppet/yaml/facts/').
Both are probably bad, but yamlinfo() should be phased out in favor of
hiera/puppetdb anyhow, so for now this is a temporary fix.
Peter Palfrader [Tue, 15 Oct 2019 11:01:35 +0000 (13:01 +0200)]
Catch empty *info when we get it from the functions in modules/deprecated
Peter Palfrader [Tue, 15 Oct 2019 11:01:10 +0000 (13:01 +0200)]
Catch empty data arrays at start of entropy_provider function
Adam D. Barratt [Mon, 14 Oct 2019 21:25:04 +0000 (22:25 +0100)]
eximconf: include RBL response value in reject messages
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 21:19:42 +0000 (22:19 +0100)]
eximconf: reject bounces to "neversender" addresses
If an address never originates mail then there is no reason for it to be
receiving NDRs
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)]
fail2ban: (strictly) ban hosts that are well over the ratelimit
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 20:08:33 +0000 (21:08 +0100)]
eximconf: more RBLs for the default set
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 19:54:08 +0000 (20:54 +0100)]
exim_surbl.pl: enable DBL checks
This should be safe enough to do by default
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 19:44:38 +0000 (20:44 +0100)]
eximconf: add more RBL config to the default options setup
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 14 Oct 2019 19:25:42 +0000 (20:25 +0100)]
eximconf: switch default options back to on
The ud-ldap change has been deployed, so the frontends now have access
to the full set of options.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Mon, 14 Oct 2019 18:18:31 +0000 (20:18 +0200)]
debian_org: lint fixes
Julien Cristau [Mon, 14 Oct 2019 18:00:08 +0000 (20:00 +0200)]
Fix yet another typo
Julien Cristau [Mon, 14 Oct 2019 17:54:52 +0000 (19:54 +0200)]
I should learn to type
Julien Cristau [Mon, 14 Oct 2019 17:52:12 +0000 (19:52 +0200)]
Use a pre-up script to turn off accept_ra
Turns out the /all/ sysctl is a no-op.
Adam D. Barratt [Sun, 13 Oct 2019 19:12:06 +0000 (20:12 +0100)]
eximconf: only set "greylisting requested" flag for handled domains
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 18:24:25 +0000 (19:24 +0100)]
eximconf: skip greylisting for hosts with high dnswl.org trust
It's unlikely to do anything other than delay mail in these cases
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 18:14:17 +0000 (19:14 +0100)]
exim blacklist: remove escape protection
It's only needed in lists within the configuration, not in files
used for searches.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 16:16:47 +0000 (17:16 +0100)]
exim blacklist: simplify whole-domain entries
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 16:11:48 +0000 (17:11 +0100)]
exim blacklist: add more recent spammers
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 13 Oct 2019 07:37:26 +0000 (08:37 +0100)]
eximconf: assume that unlisted recipients don't want default options
At least until mail-default-options.db lists all users.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 21:55:58 +0000 (22:55 +0100)]
exim: add some RBLs for secretary@d.o (RT#5281)
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 21:53:20 +0000 (22:53 +0100)]
exim: enable greylisting for secretary@d.o (RT#5281)
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 21:49:53 +0000 (22:49 +0100)]
eximconf: spacing fix
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 21:05:07 +0000 (22:05 +0100)]
eximconf: re-do "enable greylisting for users with default options"
The previous attempt failed due to the fact that the right-hand-side
of match_* conditions is not expanded, for security reasons.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Sat, 12 Oct 2019 20:03:07 +0000 (22:03 +0200)]
Revert "eximconf: enable greylisting for users with default options"
Seems to break with "missing } at end of condition inside "or" group"
This reverts commit
08a1906121670d960592fbbf6ec489ff54c8b64c.
Adam D. Barratt [Sat, 12 Oct 2019 15:37:55 +0000 (16:37 +0100)]
virtualdomains-mailrelay.erb: add tracker.debian.org
This is required in order to allow spam filtering on the frontends for
the domain. Mail delivery (and thus alias checking) is still handled
by the tracker server itself.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 12 Oct 2019 12:09:07 +0000 (13:09 +0100)]
eximconf: enable greylisting for users with default options
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 11 Oct 2019 19:54:25 +0000 (20:54 +0100)]
eximconf: also use GREYLIST_LOCAL_PARTS for greylistd
In addition to reducing duplication, this also brings the fixes applied
to postgrey support in
82efd346ca1500048366eac43d191c1a2a7d01fc to the
greylistd checks.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 11 Oct 2019 18:23:25 +0000 (19:23 +0100)]
eximconf: add a macro to check if the user wants "default options"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 11 Oct 2019 16:52:00 +0000 (17:52 +0100)]
eximconf: remove "temporary weasel hack"
The affected tickets have been closed since 2012, so that's probably
been temporary enough now. :)
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 10 Oct 2019 19:21:57 +0000 (20:21 +0100)]
eximconf: migrate from CDB to BDB for ud-ldap generated files (RT#4648)
The BDB files use keys that are not null-terminated, so we must use the
"dbmnz" lookup type, rather than the more generally obvious "dbm"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Fri, 11 Oct 2019 09:13:41 +0000 (11:13 +0200)]
Fix dependency loop in mirror_health when a service is set to absent: the file need not notify the service as the service subscribes to the file if enable is present
Julien Cristau [Wed, 9 Oct 2019 13:56:26 +0000 (15:56 +0200)]
mirror-health: don't (ab)use the proxy interface
monkey-patch urllib3.util.connection.create_connection to override
address resolution, which is ugly but makes this work with https.
Peter Palfrader [Wed, 9 Oct 2019 09:08:04 +0000 (11:08 +0200)]
Retire dsa-is-shutdown-scheduled in favor of test -e /run/systemd/shutdown/scheduled
Peter Palfrader [Wed, 9 Oct 2019 08:53:52 +0000 (10:53 +0200)]
Remove local-scheduled-shutdown check
We had a cronjob that would run dsa-is-shutdown-scheduled every two
minutes and touch a file in /run that was then exposed via apache
as /shutdown-in-progress. However, nothing appears to use this.
In particular, the fastly health checker uses /_health which is
backed by a service specific health service.
Peter Palfrader [Wed, 9 Oct 2019 08:53:23 +0000 (10:53 +0200)]
Ignore doc and .yardoc directories created by the linter
Peter Palfrader [Tue, 8 Oct 2019 18:53:47 +0000 (20:53 +0200)]
long options are king
Julien Cristau [Tue, 8 Oct 2019 17:53:07 +0000 (19:53 +0200)]
dbmaster: enable puppet-restricted-acl.conf apache snippet
Julien Cristau [Tue, 8 Oct 2019 15:18:38 +0000 (17:18 +0200)]
dbmaster: make lint happy
Julien Cristau [Tue, 8 Oct 2019 15:09:22 +0000 (17:09 +0200)]
Make the apt_restricted acl an apache macro
Julien Cristau [Tue, 8 Oct 2019 14:41:07 +0000 (16:41 +0200)]
debian_org::apt_restricted: fix fragment name
Julien Cristau [Tue, 8 Oct 2019 14:37:17 +0000 (16:37 +0200)]
debian_org::apt_restricted: base::public_addresses is an array
Julien Cristau [Tue, 8 Oct 2019 14:14:14 +0000 (16:14 +0200)]
Generate the apache ACL for draghi's "restricted" repo (RT#7962)
Julien Cristau [Tue, 8 Oct 2019 10:27:16 +0000 (12:27 +0200)]
prefix coccia volumes at bm with OLD-
Julien Cristau [Mon, 7 Oct 2019 19:57:45 +0000 (21:57 +0200)]
autofs: add debian-debug at ubc
Peter Palfrader [Tue, 8 Oct 2019 06:11:14 +0000 (08:11 +0200)]
Update stdlib and concat to 6.1.0 both
Peter Palfrader [Tue, 8 Oct 2019 06:01:53 +0000 (08:01 +0200)]
Suggest different variables to use if we want to tunnel both v4 and v6
Peter Palfrader [Tue, 8 Oct 2019 05:59:03 +0000 (07:59 +0200)]
document the ipsec::network and ipsec::peer manifests, change default address to the one in base::, and add proper prefixlengths to raw ip addresses in the networks list
Julien Cristau [Mon, 7 Oct 2019 19:39:28 +0000 (21:39 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Mon, 7 Oct 2019 19:38:06 +0000 (21:38 +0200)]
coccia and usper no longer need access to projectb on bmdb1
Aurelien Jarno [Mon, 7 Oct 2019 19:34:38 +0000 (21:34 +0200)]
wuiet.d.o no longer needs access to projectb on bmdb1
Aurelien Jarno [Mon, 7 Oct 2019 19:20:47 +0000 (21:20 +0200)]
Give wuiet.d.o access to the ubc projectb replica
Adam D. Barratt [Mon, 7 Oct 2019 19:18:56 +0000 (20:18 +0100)]
exim blacklist: also bounce@pro2aut2.com
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
projects / mirror / dsa-puppet.git / log