This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
amber_replacment [2018/06/28 23:03] SLUUG Administration [Source media or media image] |
amber_replacment [2018/07/11 16:01] SLUUG Administration [Critical Services] |
||
---|---|---|---|
Line 21: | Line 21: | ||
* DNS | * DNS | ||
* [[Email]] | * [[Email]] | ||
+ | * [[Fail2Ban]] | ||
* Lists | * Lists | ||
====DNS==== | ====DNS==== | ||
- | master DNS zone but Bud will be in public zone | ||
- | transfer service to Bind from ? | ||
- | ====Email==== | + | * master DNS zone is on Bock but NOT published as NS. |
+ | * Public DNS is provided via BuddyNS [.org], for which SLUUG contributes a few bucks a year. | ||
==== Postfix ==== | ==== Postfix ==== | ||
- | === Completed 180627 === | + | === Completed 2018-06-27 === |
* Finished mysql configuration of postfix | * Finished mysql configuration of postfix | ||
Line 37: | Line 37: | ||
* Disabled postgrey | * Disabled postgrey | ||
* All other filters already disabled | * All other filters already disabled | ||
+ | * Verify postfixadmin before cutover | ||
+ | * PLAIN login method changed to TLS | ||
+ | * (requires TLS connection before sending password) | ||
+ | | ||
+ | === Email system testing successful 2018-06-28 === | ||
=== ToDo === | === ToDo === | ||
- | * Verify postfixadmin before cutover | + | * Configure maildir for new users in postfixadmin |
* Setup and enable postgrey | * Setup and enable postgrey | ||
* Setup and enable SpamAssassin or rspamd | * Setup and enable SpamAssassin or rspamd | ||
* Setup and enable clamav | * Setup and enable clamav | ||
* Setup and enable Amavisd? | * Setup and enable Amavisd? | ||
+ | * Setup and configure Webalizer | ||
+ | |||
- | * Change PLAIN login method to TLS?? | ||
- | (require TLS connection before sending password) | ||
Line 60: | Line 65: | ||
==== Let's Encrypt ==== | ==== Let's Encrypt ==== | ||
+ | <code> | ||
* certbot from github is curreent, required for wildcard certs | * certbot from github is curreent, required for wildcard certs | ||
* Install requires dev libraries for headers: | * Install requires dev libraries for headers: | ||
Line 74: | Line 79: | ||
_acme-challenge.sluug.org with the following value: | _acme-challenge.sluug.org with the following value: | ||
| | ||
- | EGAoTq2e_Cf8TwYV4EN7zBLNfdgHodgoy9yX_WaLrGY | + | EGAoTq2e_Cf8TwYV4EN7zBLNfdgHodgoy9yX_WaLrGY |
+ | |||
+ | | ||
| | ||
IMPORTANT NOTES: | IMPORTANT NOTES: | ||
Line 124: | Line 131: | ||
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | ||
Donating to EFF: https://eff.org/donate-le'' | Donating to EFF: https://eff.org/donate-le'' | ||
+ | |||
+ | </code> | ||
==== Misc packages installed ==== | ==== Misc packages installed ==== |