diff options
Diffstat (limited to 'server/setup/05-service-settings')
6 files changed, 108 insertions, 8 deletions
diff --git a/server/setup/05-service-settings/02-SERVICES.txt b/server/setup/05-service-settings/02-SERVICES.txt index 6adcca3..f832bea 100644 --- a/server/setup/05-service-settings/02-SERVICES.txt +++ b/server/setup/05-service-settings/02-SERVICES.txt @@ -115,6 +115,29 @@ Debian 7.00 (Wheezy) - cd /etc/mail - make + - SPF + - add TXT dns entry jogamp.org IN TXT "v=spf1 mx a ptr:jogamp.org ip6:2a01:4f8:192:1164::2 -all" + + - DKIM + https://dev.kafol.net/2013/01/dkim-spf-sendmail-for-multiple-domains.html + apt-get install opendkim + apt-get install opendkim-tools + vi /etc/opendkim.conf + mkdir /etc/opendkim/ + mkdir /etc/opendkim/keys + mkdir /etc/opendkim/keys/jogamp.org + vi /etc/opendkim/TrustedHosts + vi /etc/opendkim/SigningTable + vi /etc/opendkim/KeyTable + opendkim-genkey -D /etc/opendkim/keys/jogamp.org -d jogamp.org -s default + chown -R opendkim:opendkim /etc/opendkim + chmod -R go-rwx /etc/opendkim + + - add TXT dns entry default._domainkey.jogamp.org IN TXT "v=DKIM1; k=rsa; p=PUB-KEY" + + - DMARC + - add TXT dns entry _dmarc.jogamp.org IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]; adkim=r; aspf=r; pct=100; rf=afrf; sp=none" + /etc/init.d/sendmail start 10 GIT @@ -128,18 +151,56 @@ Debian 7.00 (Wheezy) - ln -s /usr/share/gitweb DocumentRoot/git - cp srv/scm/gitweb.conf -11 apache2 +11 Apache2 / Webservices + +11.1 generic + - apache2 and build .. + apt-get install apache2 mysql-server build-essential + - php apt-get install php5-pgsql php5-ldap php5-imap php5-odbc php5-dev php5-common php5 php5-mysql php5-gd php5-xmlrpc \ php5-xsl php5-cli php5-intl php5-pspell php5-snmp php5-sasl + +11.2 bugzilla + - Debian 7 + Squash that - DO NOT INSTALL SYSTEM WIDE modules: + apt-get install libgd-gd2-perl libgd-graph-perl libgd-tools libgdal-perl libgdal-dev libgdata-dev libgd2-xpm-dev + apt-get install libappconfig-perl libdate-calc-perl libtemplate-perl libmime-perl libdatetime-timezone-perl libdatetime-perl libemail-sender-perl libemail-mime-perl libemail-mime-modifier-perl libdbi-perl libdbd-mysql-perl libcgi-pm-perl libmath-random-isaac-perl libmath-random-isaac-xs-perl apache2-mpm-prefork libapache2-mod-perl2 libapache2-mod-perl2-dev libchart-perl libxml-perl libxml-twig-perl perlmagick libgd-graph-perl libtemplate-plugin-gd-perl libsoap-lite-perl libhtml-scrubber-perl libjson-rpc-perl libtheschwartz-perl libtest-taint-perl libauthen-radius-perl libfile-slurp-perl libencode-detect-perl libmodule-build-perl libnet-ldap-perl libauthen-sasl-perl libtemplate-perl-doc libfile-mimeinfo-perl libhtml-formattext-withlinks-perl libmysqlclient-dev lynx-cur graphviz python-sphinx libgd2-xpm-dev + + Ensure the following are NOT installed: + dpkg -P libjson-any-perl libcgi-application-plugin-json-perl libcgi-application-extra-plugin-bundle-perl libjson-perl + + I had to remove system wide perl modules .. collision .. why o why + i.e. how to enforce bugzilla to use bugzilla/lib installed modules only? + - misc for perl/bugzilla - Perl: redo init (find closest mirror ..) - perl -MCPAN -e shell - o conf init - - Packages - - apt-get install libgd-gd2-perl libgd-graph-perl libgd-tools libgdal-perl libgdal-dev libgdata-dev libgd2-xpm-dev + See https://bugzilla.readthedocs.org/en/5.0/installing/linux.html#perl-modules + ./checksetup.pl --check-modules + /usr/bin/perl install-module.pl --upgrade-all + ./checksetup.pl --check-modules + ./checksetup.pl + + - https://www.bugzilla.org/download/#stable + +11.3 mediawiki + - https://www.mediawiki.org/wiki/Download + + - Vector skin (default): + vi wiki/skins/Vector/variables.less + // @html-font-size: 100%; + @html-font-size: 95%; + + Extension mediawiki-bugzillareports + - https://www.mediawiki.org/wiki/Extension:Bugzilla_Reports + - https://www.mediawiki.org/wiki/Extension_talk:Bugzilla_Reports#Google_Code_Shutting_Down + - https://github.com/nakal/mediawiki-bugzillareports + +11.X Apache .. - Sync config files in /etc/apache2/ with: etc/apache2/apache2.diff - see also etc/apache2/mods-enabled.lst, etc .. diff --git a/server/setup/05-service-settings/etc/mail/sendmail.mc b/server/setup/05-service-settings/etc/mail/sendmail.mc index 704e4da..9cfbbb9 100644 --- a/server/setup/05-service-settings/etc/mail/sendmail.mc +++ b/server/setup/05-service-settings/etc/mail/sendmail.mc @@ -132,11 +132,11 @@ dnl define(`confCACERT', `/etc/ssl/local/ca-my.crt')dnl dnl define(`confCRL', `/etc/ssl/local/ca-my.crl')dnl dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl -define(`confCACERT', `/etc/ssl/local/thawte-SSL123_CA_Bundle.pem')dnl -define(`confSERVER_CERT', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl -define(`confSERVER_KEY', `/etc/ssl/local/jogamp2013-hostkey.mail.pem')dnl -define(`confCLIENT_CERT', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl -define(`confCLIENT_KEY', `/etc/ssl/local/jogamp2013-hostcert.pem')dnl +define(`confCACERT', `/etc/ssl/local/thawte-ca-cert3-20151105.pem')dnl +define(`confSERVER_CERT', `/etc/ssl/local/jogamp2016a-hostcert.pem')dnl +define(`confSERVER_KEY', `/etc/ssl/local/jogamp2016a-hostkey.mail.pem')dnl +define(`confCLIENT_CERT', `/etc/ssl/local/jogamp2016a-hostcert.pem')dnl +define(`confCLIENT_KEY', `/etc/ssl/local/jogamp2016a-hostkey.mail.pem')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl @@ -180,6 +180,8 @@ dnl # dnl FEATURE(local_procmail, `/usr/lib/dovecot/dovecot-lda', `/usr/lib/dovecot/dovecot-lda -d $u')dnl dnl MODIFY_MAILER_FLAGS(`LOCAL', `-f')dnl +INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost') + dnl # dnl # The access db is the basis for most of sendmail's checking dnl # FEATURE(`access_db', , `skip')dnl diff --git a/server/setup/05-service-settings/etc/opendkim.conf b/server/setup/05-service-settings/etc/opendkim.conf new file mode 100644 index 0000000..10c9064 --- /dev/null +++ b/server/setup/05-service-settings/etc/opendkim.conf @@ -0,0 +1,33 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +AutoRestart yes +UMask 002 +Syslog yes +AutoRestartRate 10/1h +Canonicalization relaxed/simple +ExternalIgnoreList refile:/etc/opendkim/TrustedHosts +InternalHosts refile:/etc/opendkim/TrustedHosts +KeyTable refile:/etc/opendkim/KeyTable +LogWhy yes +Mode sv +PidFile /var/run/opendkim/opendkim.pid +SignatureAlgorithm rsa-sha256 +SigningTable refile:/etc/opendkim/SigningTable +Socket inet:8891@localhost +SyslogSuccess Yes +TemporaryDirectory /var/tmp +UserID opendkim:opendkim + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures +# (ATPS) (experimental) +#ATPSDomains example.com + diff --git a/server/setup/05-service-settings/etc/opendkim/KeyTable b/server/setup/05-service-settings/etc/opendkim/KeyTable new file mode 100644 index 0000000..05d3b19 --- /dev/null +++ b/server/setup/05-service-settings/etc/opendkim/KeyTable @@ -0,0 +1 @@ +default._domainkey.jogamp.org jogamp.org:default:/etc/opendkim/keys/jogamp.org/default.private diff --git a/server/setup/05-service-settings/etc/opendkim/SigningTable b/server/setup/05-service-settings/etc/opendkim/SigningTable new file mode 100644 index 0000000..7211e4d --- /dev/null +++ b/server/setup/05-service-settings/etc/opendkim/SigningTable @@ -0,0 +1 @@ +*@jogamp.org default._domainkey.jogamp.org diff --git a/server/setup/05-service-settings/etc/opendkim/TrustedHosts b/server/setup/05-service-settings/etc/opendkim/TrustedHosts new file mode 100644 index 0000000..e0888a7 --- /dev/null +++ b/server/setup/05-service-settings/etc/opendkim/TrustedHosts @@ -0,0 +1,2 @@ +127.0.0.1 +jogamp.org |