config issueshttps://git.autistici.org/ai3/config/-/issues2023-12-04T16:04:45Zhttps://git.autistici.org/ai3/config/-/issues/9Upgrade mysql roles for new 10.5 multi-instance semantics2023-12-04T16:04:45ZaleUpgrade mysql roles for new 10.5 multi-instance semanticsDebian bookworm has changed how mariadb-server does multi-instance, support seems better now that it was before, so we could try using the upstream systemd config again.Debian bookworm has changed how mariadb-server does multi-instance, support seems better now that it was before, so we could try using the upstream systemd config again.https://git.autistici.org/ai3/config/-/issues/8ARC support2023-09-25T09:06:11ZaleARC support[ARC](https://www.rfc-editor.org/rfc/rfc8617) is a thing now apparently and it is considered by large providers in antispam scoring, so it would be smart to support it.
There are two parts to it, Postfix should do ARC signing, and Mailm...[ARC](https://www.rfc-editor.org/rfc/rfc8617) is a thing now apparently and it is considered by large providers in antispam scoring, so it would be smart to support it.
There are two parts to it, Postfix should do ARC signing, and Mailman should try to avoid breaking it.
For Postfix, the point is to add Authentication-Results headers to all outbound messages (via smtp-auth or other means) to bootstrap the ARC verification chain, and then to have them signed pretty much in the same place where we do DKIM signatures.
The dkimpy library is able to do ARC signatures, but the dkimpy-milter package in Debian is not prepared to do so, although adding the functionality seems easy.
A plan:
* [ ] switch from OpenDKIM to dkimpy-milter
* [ ] make Postfix add Authentication-Results headers to emails sent by our users
* [ ] fork dkimpy-milter to add ARC support
Resources:
* [ARC official resources](http://arc-spec.org/?page_id=79) (incl. Mailman references)https://git.autistici.org/ai3/config/-/issues/7Clean up Prosody config2023-12-04T07:23:16ZaleClean up Prosody config```
Checking config...
mod_proxy65 is enabled both in modules_enabled and as Component "proxy.jabber.insicuri.net
" "proxy65"
This means the service is enabled on all VirtualHosts as well as the Component.
Are you sure this w...```
Checking config...
mod_proxy65 is enabled both in modules_enabled and as Component "proxy.jabber.insicuri.net
" "proxy65"
This means the service is enabled on all VirtualHosts as well as the Component.
Are you sure this what you want? It may cause unexpected behaviour.
```blalloblallohttps://git.autistici.org/ai3/config/-/issues/6Clean up Jabber-related public DNS names2023-12-04T07:22:40ZaleClean up Jabber-related public DNS namesAnd associated SSL certificates.
Which public DNS names should exist for Prosody? Currently we have, for each hosted domain:
* conference.jabber.*domain*
* proxy.jabber.*domain*
* pubsub.jabber.*domain*
* vjud.jabber.*domain*
I doubt ...And associated SSL certificates.
Which public DNS names should exist for Prosody? Currently we have, for each hosted domain:
* conference.jabber.*domain*
* proxy.jabber.*domain*
* pubsub.jabber.*domain*
* vjud.jabber.*domain*
I doubt any of these actually need to exist anymore...blalloblallohttps://git.autistici.org/ai3/config/-/issues/5Configurazione sql_mode di noblogs2021-08-25T10:57:11ZluchaConfigurazione sql_mode di noblogsIn https://git.autistici.org/ai3/config/-/blob/master/roles/noblogs/tasks/main.yml#L67 c'è un
```
# TODO: remove when https://git.autistici.org/noblogs/noblogs-composer/-/issues/12 is fixed.
sql_mode: "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO...In https://git.autistici.org/ai3/config/-/blob/master/roles/noblogs/tasks/main.yml#L67 c'è un
```
# TODO: remove when https://git.autistici.org/noblogs/noblogs-composer/-/issues/12 is fixed.
sql_mode: "ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
```
La issue linkata è stata chiusa (passaggio a LudicrousDB), vogliamo provare a rimuovere quella riga di configurazione `sql_mode`?https://git.autistici.org/ai3/config/-/issues/4tests break when domain != investici.org2023-12-04T07:17:06Zaletests break when domain != investici.orgProbably related to the testdata and the automated configuration of the internal *domain* vs. user domains.Probably related to the testdata and the automated configuration of the internal *domain* vs. user domains.https://git.autistici.org/ai3/config/-/issues/3account-automation-common runs multiple times2023-12-04T07:17:46Zaleaccount-automation-common runs multiple timesAnd yet its meta/ directory (which does not exist) should default to not supporting multiple includes...?And yet its meta/ directory (which does not exist) should default to not supporting multiple includes...?https://git.autistici.org/ai3/config/-/issues/2postfix-delivery bounce per unknown recipient2019-05-25T13:22:24Zalepostfix-delivery bounce per unknown recipientL'istanza postfix-delivery attualmente non e' davvero configurata come delivery-only, il default transport e' smtp quindi provera' a consegnare all'esterno recipient sconosciuti etc.L'istanza postfix-delivery attualmente non e' davvero configurata come delivery-only, il default transport e' smtp quindi provera' a consegnare all'esterno recipient sconosciuti etc.