Adam D. Barratt [Tue, 10 Dec 2019 22:15:40 +0000 (22:15 +0000)]
exim blacklist: generalise a couple of entries
and predict future variants based on the current pattern
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 10 Dec 2019 22:07:23 +0000 (22:07 +0000)]
eximconf: standardise on acl_m_body
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 10 Dec 2019 22:06:05 +0000 (22:06 +0000)]
exim blacklist: add repeat offenders
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 10 Dec 2019 22:05:43 +0000 (22:05 +0000)]
eximconf: block "this is an ad"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Tue, 10 Dec 2019 11:05:15 +0000 (12:05 +0100)]
lint fixes for the linux module
Julien Cristau [Tue, 10 Dec 2019 11:02:40 +0000 (12:02 +0100)]
blacklist acpi power meter at csail
Julien Cristau [Wed, 4 Dec 2019 20:58:31 +0000 (21:58 +0100)]
Delete obsolete hoster data
Paul Wise [Fri, 29 Nov 2019 06:15:07 +0000 (14:15 +0800)]
Extend lifetime of db.d.o archive key by a year
Adam D. Barratt [Fri, 22 Nov 2019 23:28:07 +0000 (23:28 +0000)]
exim blacklist: update based on recent observations
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 22 Nov 2019 23:27:44 +0000 (23:27 +0000)]
eximconf: reject poor Outlook forgeries
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 22 Nov 2019 21:38:44 +0000 (21:38 +0000)]
eximconf: flag mail claiming to be from Debian's webmail administrators
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 22 Nov 2019 21:36:28 +0000 (21:36 +0000)]
eximconf: create a convenience copy of the message body for matching
Apply a fairly naive attempt at removing quoted-printable line endings
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 22 Nov 2019 21:17:30 +0000 (21:17 +0000)]
eximconf: add a suspicious match
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 22 Nov 2019 21:17:04 +0000 (21:17 +0000)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 22 Nov 2019 20:47:36 +0000 (20:47 +0000)]
eximconf: reject mails with clearly faked Received: headers
Currently this is defined as claiming to have passed through
example.com
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Aurelien Jarno [Sat, 23 Nov 2019 12:19:37 +0000 (13:19 +0100)]
give access to the PG ddtp cluster to the ddtp role
Aurelien Jarno [Sat, 23 Nov 2019 10:21:19 +0000 (11:21 +0100)]
Add initial configuration for trabaci.debian.org running the ddtp role
Adam D. Barratt [Mon, 18 Nov 2019 18:09:56 +0000 (18:09 +0000)]
d.o: fix "Submitting Installation Reports" redirect
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Thu, 21 Nov 2019 07:45:27 +0000 (08:45 +0100)]
Cleanup data for decommissioned hosts
Julien Cristau [Mon, 18 Nov 2019 14:25:17 +0000 (15:25 +0100)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Héctor Orón Martínez [Mon, 18 Nov 2019 03:08:45 +0000 (04:08 +0100)]
decomission piu-slave-bm-a RT#7979
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Mon, 18 Nov 2019 03:06:48 +0000 (04:06 +0100)]
decomission senfter RT#8022
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Adam D. Barratt [Sat, 16 Nov 2019 11:09:40 +0000 (11:09 +0000)]
exim blacklist: add amazn.com
Being used for Amazon account phishing
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 15 Nov 2019 14:59:06 +0000 (15:59 +0100)]
temporarily remove lw02 from snapshot sync
Julien Cristau [Fri, 15 Nov 2019 14:56:16 +0000 (15:56 +0100)]
autofs: temporarily remove lw02
Julien Cristau [Fri, 15 Nov 2019 10:58:34 +0000 (11:58 +0100)]
autofs::bytemark: lint fixes
Julien Cristau [Fri, 15 Nov 2019 10:52:41 +0000 (11:52 +0100)]
autofs: mount debian-buildd at bytemark from milanollo instead of senfter
Julien Cristau [Wed, 13 Nov 2019 19:32:58 +0000 (20:32 +0100)]
roles::pubsub::entities: make lint happy
Julien Cristau [Wed, 13 Nov 2019 19:31:47 +0000 (20:31 +0100)]
decommission petrova (RT#7978)
Julien Cristau [Tue, 12 Nov 2019 22:37:56 +0000 (23:37 +0100)]
Disabling RA needs to happen late in if-pre-up, so that the interface actually exists
Rename our script to run later than the "vlan" one.
Julien Cristau [Mon, 11 Nov 2019 12:22:37 +0000 (13:22 +0100)]
temporarily remove lw01 from snapshot sync
Julien Cristau [Sun, 10 Nov 2019 12:13:27 +0000 (13:13 +0100)]
autofs: temporarily remove lw01
Aurelien Jarno [Fri, 8 Nov 2019 21:12:07 +0000 (22:12 +0100)]
decomission klecker rt#7582
Julien Cristau [Fri, 8 Nov 2019 09:41:51 +0000 (10:41 +0100)]
Stop serving git and bzr repos on db.d.o
Julien Cristau [Fri, 8 Nov 2019 09:41:03 +0000 (10:41 +0100)]
Import db.d.o apache vhost into puppet
Adam D. Barratt [Thu, 7 Nov 2019 10:27:15 +0000 (10:27 +0000)]
d.o: move d-i hooks rewrite to d-i.d.o rather than d-i.alioth.d.o
The latter no longer exists since the Alioth shutdown
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 4 Nov 2019 19:21:45 +0000 (19:21 +0000)]
eximconf: one more match
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 19:06:08 +0000 (19:06 +0000)]
eximconf: add a couple of text matches
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 18:13:09 +0000 (18:13 +0000)]
exim helo check: reject claims to be *.mail.protection.outlook.com
The *.mail.protection names are used for inbound mail, outbound traffic
should come from *.outbound.protection.outlook.com
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 17:55:54 +0000 (17:55 +0000)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 17:55:16 +0000 (17:55 +0000)]
eximconf: fix typo ("adress")
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 2 Nov 2019 17:16:17 +0000 (17:16 +0000)]
exim helo-check: add smtp.outlook.com
Every connection using that HELO appears to be spam
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Sat, 2 Nov 2019 17:17:57 +0000 (18:17 +0100)]
autofs: add new lw11 snapshot storage
Adam D. Barratt [Fri, 1 Nov 2019 20:16:47 +0000 (20:16 +0000)]
eximconf: factor out content checks
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 1 Nov 2019 19:34:15 +0000 (19:34 +0000)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 1 Nov 2019 19:33:40 +0000 (19:33 +0000)]
eximconf: attempt to catch some "loads of money" spams
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Tue, 29 Oct 2019 15:13:52 +0000 (16:13 +0100)]
Revert "Add the posix_acl module"
This reverts commit
97927d5ad35af3af48b7a2d2f105aaf1802a8fcd.
We no longer need the posix_acl module
Peter Palfrader [Tue, 29 Oct 2019 15:13:14 +0000 (16:13 +0100)]
prosody: posix_acl is fighting with the prosody module about proper modes; remove ACLs
Peter Palfrader [Tue, 29 Oct 2019 15:01:52 +0000 (16:01 +0100)]
Remove -> in prosody profile to get rid of dependency cycle
Peter Palfrader [Tue, 29 Oct 2019 14:52:42 +0000 (15:52 +0100)]
Merge remote-tracking branch 'gfa/gfa/prosody'
* gfa/gfa/prosody:
Notify prosody when its certificates change
manage prosody using puppet
Add the posix_acl module
Add the prosody module
gustavo panizzo [Fri, 11 Oct 2019 13:32:28 +0000 (15:32 +0200)]
Notify prosody when its certificates change
gustavo panizzo [Thu, 13 Jun 2019 08:30:27 +0000 (16:30 +0800)]
manage prosody using puppet
at this stage, just replicate the current configuration using puppet
replace tabs by two spaces
fix lint warnings and errors in the rtc role
gustavo panizzo [Thu, 13 Jun 2019 07:36:05 +0000 (15:36 +0800)]
Add the posix_acl module
gustavo panizzo [Tue, 28 May 2019 15:54:55 +0000 (17:54 +0200)]
Add the prosody module
Adam D. Barratt [Sun, 27 Oct 2019 20:53:42 +0000 (20:53 +0000)]
eximconf: re-order checks to avoid unnecessary DNS lookups
If the result of the DNS lookup is not going to be used, then we may as
well not perform the lokup at all
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 20:03:01 +0000 (20:03 +0000)]
eximconf: reject messages that the sender says are spam
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 19:36:26 +0000 (19:36 +0000)]
exim helo-check: remove duplicated entry
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 19:35:18 +0000 (19:35 +0000)]
exim helo-check: stop people claiming to be e.g. "mail.example.com"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 27 Oct 2019 17:12:51 +0000 (17:12 +0000)]
eximconf: only append RBL text information when provided
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Laura Arjona Reina [Sun, 6 Oct 2019 08:57:38 +0000 (10:57 +0200)]
Developers Reference migrated to Sphinx and changed back to old names, update the redirects (see bug #931548)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sun, 27 Oct 2019 06:42:51 +0000 (07:42 +0100)]
make quantz use the ubc dak replica
Julien Cristau [Sun, 27 Oct 2019 06:39:38 +0000 (07:39 +0100)]
autofs: quantz at ubc
Julien Cristau [Sat, 26 Oct 2019 22:53:38 +0000 (00:53 +0200)]
autofs: make the linter happy
Julien Cristau [Sat, 26 Oct 2019 22:50:56 +0000 (00:50 +0200)]
no more autofs on dillon
Julien Cristau [Sat, 26 Oct 2019 20:07:01 +0000 (22:07 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Sat, 26 Oct 2019 18:05:44 +0000 (20:05 +0200)]
Add volumes for quantz at ubc
Julien Cristau [Sat, 26 Oct 2019 13:25:03 +0000 (15:25 +0200)]
Move static master duties from dillon to static-master-manda-01
Adam D. Barratt [Fri, 25 Oct 2019 20:31:46 +0000 (21:31 +0100)]
exim blacklist: update
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 25 Oct 2019 20:30:38 +0000 (22:30 +0200)]
schroot: fix comment
Julien Cristau [Fri, 25 Oct 2019 20:26:59 +0000 (22:26 +0200)]
99builddsourceslist: temporarily add stretch-proposed-updates to stretch-security chroots
Temporarily add stretch-proposed-updates for stretch-security chroots as requested
by the security team to handle Thunderbird and Firefox ESR 68.x releases. This should
be removed with the release of the 9.12 point release.
Julien Cristau [Fri, 25 Oct 2019 20:13:37 +0000 (22:13 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Fri, 25 Oct 2019 20:07:28 +0000 (22:07 +0200)]
add static-master-manda-01
Adam D. Barratt [Fri, 25 Oct 2019 17:10:25 +0000 (18:10 +0100)]
eximconf: whitespace fixup
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 17:08:27 +0000 (18:08 +0100)]
eximconf: use acl_m_defopt instead of re-evaluating HAS_DEFAULT_OPTIONS
This makes no difference to the result, but makes reading debug output
much simpler.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 16:49:10 +0000 (17:49 +0100)]
eximconf: use "add_header" when the intent is to add headers
The "message" modifier for the "warn" verb can still be used to add
headers, but it's more obvious to use add_header explicitly
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 25 Oct 2019 16:43:02 +0000 (17:43 +0100)]
eximconf: whitespace fix
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 24 Oct 2019 21:06:36 +0000 (22:06 +0100)]
eximconf: tag/reject mail matching specific suspicious content
This initial string matches an unsubscribe link using the text "if you...
were unknowingly or unintentionally added to the mailing list"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 21:42:51 +0000 (22:42 +0100)]
eximconf: remove reference to non-existent "relayhosts" file
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 21:32:41 +0000 (22:32 +0100)]
exim blacklist: more recent spammers
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 20:06:34 +0000 (21:06 +0100)]
exim blacklist: expire some very old entries
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 20:04:04 +0000 (21:04 +0100)]
exim blacklist: add more recent offenders
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 19:32:42 +0000 (20:32 +0100)]
eximconf: ensure all recipients have the same default options setting
This allows us to perform tests at DATA time that are dependent on the
default options flag
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Tue, 22 Oct 2019 16:49:04 +0000 (17:49 +0100)]
eximconf: add an explanatory comment for default options
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 21 Oct 2019 21:45:14 +0000 (22:45 +0100)]
eximconf: only treat @d.o addresses as eligible for default options
Service domains have no way of opting out of the settings, so don't
forcibly opt them in
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Julien Cristau [Fri, 25 Oct 2019 15:09:02 +0000 (17:09 +0200)]
Add /dev/sdc PV at manda
Julien Cristau [Mon, 21 Oct 2019 13:15:10 +0000 (15:15 +0200)]
snapshot-web: remove AWS block
Let's try and see if the rate-limiting makes things bearable.
Julien Cristau [Mon, 21 Oct 2019 12:19:42 +0000 (14:19 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Peter Palfrader [Mon, 21 Oct 2019 09:42:29 +0000 (11:42 +0200)]
Parameterize webserver class
Peter Palfrader [Mon, 21 Oct 2019 09:34:07 +0000 (11:34 +0200)]
Clean up and document apache2::config
Peter Palfrader [Mon, 21 Oct 2019 09:30:04 +0000 (11:30 +0200)]
Clean up and document apache2::module
Peter Palfrader [Mon, 21 Oct 2019 09:27:19 +0000 (11:27 +0200)]
Clean up and document apache2::site
Peter Palfrader [Mon, 21 Oct 2019 09:19:55 +0000 (11:19 +0200)]
whitespace: apache2/manifests
Peter Palfrader [Mon, 21 Oct 2019 09:08:10 +0000 (11:08 +0200)]
Move apache module configs to apache2::module dir; add compat includes
Peter Palfrader [Mon, 21 Oct 2019 09:04:42 +0000 (11:04 +0200)]
whitespace/quoting: apache
Adam D. Barratt [Sun, 20 Oct 2019 11:45:59 +0000 (12:45 +0100)]
fail2ban: lint fixes
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sat, 19 Oct 2019 12:12:08 +0000 (13:12 +0100)]
exim blacklist: add a repeat offender
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:59:06 +0000 (21:59 +0100)]
Note that exim contains tracker-specific configuration
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:58:33 +0000 (21:58 +0100)]
Indicate that ticharich needs trackermaster exim config
RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:58:03 +0000 (21:58 +0100)]
exim: use a different local part suffix for tracker virtual users
Part of RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 18 Oct 2019 20:56:31 +0000 (21:56 +0100)]
exim: allow a host to indicate that it is the master for tracker.d.o
Part of RT#7283
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
projects / mirror / dsa-puppet.git / log