Cullum Smith vor 2 Jahren
Ursprung
Commit
809f91c8a1
1 geänderte Dateien mit 5 neuen und 3 gelöschten Zeilen
  1. 5
    3
      README.md

+ 5
- 3
README.md Datei anzeigen

@@ -100,13 +100,15 @@ if allof ( address :is "from" "root@hostname.example.com",
100 100
 
101 101
 - **IPv6:** `spamd` does not currently support IPv6, so don't go adding a AAAA record for `mail` in the zonefile!
102 102
 
103
-- **Monitoring spamd**: just run `spamdb` to see a list of senders currently greylisted/whitelisted.
103
+- **Monitoring spamd:** just run `spamdb` to see a list of senders currently greylisted/whitelisted.
104 104
 
105
-- **Virtual Hosts**: a default vhost will be created for `www.domain.com`, with a bare domain redirect. Shove HTML files into `/var/www/htdocs/www.domain.com` to start sharing your worthless opinions with the internet! To add more vhosts, just put a configuration file in `/etc/sites` and include it in `/etc/httpd.d/sites.conf`.
105
+- **Virtual Hosts:** a default vhost will be created for `www.domain.com`, with a bare domain redirect. Shove HTML files into `/var/www/htdocs/www.domain.com` to start sharing your worthless opinions with the internet! To add more vhosts, just put a configuration file in `/etc/sites` and include it in `/etc/httpd.d/sites.conf`.
106 106
 
107 107
 - **Greylisting pitfalls:** `spamd` works by [greylisting](https://www.greylisting.org/). Unfortunately, big mailers like GMail often don't retry delivery from the same address, resulting in a greylist black hole described [here](https://poolp.org/posts/2018-01-08/spfwalk/). To alleviate this, I included a daily cron job that whitelists the IP addresses found in the SPF records for some of the big mailers like GMail and Yahoo. If you notice any other problematic domains, override the to the `bigmailers` list defined in [roles/spamd/deaults/main.yml](roles/spamd/defaults/main.yml) to have their IP ranges whitelisted. (And be sure to send me a pull request!)
108 108
 
109
-- **Password Resets:** if a user has a shell on the box, they can reset their own password using `dankctl resetpass`. Otherwise, an administrator can do this for them. It's on my todo list to make some kind of web interface for this.
109
+- **Password Resets:** Passwords can be reset using `dankctl resetpass`. Currently, only an administrator can do this, since giving users write access to their LDAP user entry could allow them to write a non-hashed password into their `userPassword` field. It's on my todo list to make some kind of web interface for this.
110
+
111
+- **SSH:** SSH keys are stored in LDAP and can be added/removed using `dankctl usermod`. If a user has a shell on the box, he can run this command with his own credentials. Users must be in the `ssh` group to connect.
110 112
 
111 113
 - **Backups**: another thing I'm leaving up to you, since your requirements will almost certainly be unique. Shouldn't be too difficult:
112 114
     - **Maildirs**: tar them up, maybe encrypt them, and scp them offsite periodically.

Laden…
Abbrechen
Speichern