Hello Bruce et al, One thing I did not specify. I have very strict idea in the way I am installing a package on a server I put online.
Ideally, I want to have some install process I setup once and I don't have to worry about anything, especially security. When I have to install a software, let's say Roundcube, I prefer to use the native version that comes with Debian server. Of course, it is a little bit outdated, but I know there is a security team behind that publishes security patches. I know these security patches will be applied, while I sleep or while I am in holidays, if I install and configure correctly unattended upgrades packages. If really I want more control, I know there is packages on Debian that will send me an email when updates are available, and I can install them from anywhere using SSH. In no case, I would be comfortable installing, on a Live server, Roundcube from the git repository, which is done fir this project. It is far too easy to forget and leave it for months with security issues opened for a while. Yes, I know there is cron scripts I can use to update the repository. But even in this case, who is guarantee me that nothing will break on my server? Once again, there is a Debian team that do a fabulous integration work, and I don't want to break my mail server just to have the latest version of Roundcube or Owncloud. By staying inside the Debian ecosystem, I am also sure that some third party applications or repositories will stay nicely integrated with the current state of my server. For instance, I know that I should be able to add syncthing (https://apt.syncthing.net/) repository as part of the deployment process, without worrying too much about conflict from files overwritten by these kind of manipulations. I don't say one opinion is better that the other, it is just the way I prefer to work - and as a matter - to live. Kind regards, André On 10/12/17 19:46, André Rodier wrote: > Thank you, > > I remember to had a look at this project, and I found it huge. > > I started mine because I want LDAP authentication. > > I also wanted less features / programs, less obtrusive, and better > attention to small details, like automatic DKIM generation and DNS updates. > > I hope not to end up with something as huge. > > André > > On 10/12/17 19:19, br...@secryption.com wrote: >> Check out https://github.com/sovereign/sovereign/blob/master/README.md >> >> >> Might have some of what you are looking for already done. >> >> >> Bruce >> >> >> On Dec 10, 2017 2:06 PM, André Rodier <an...@rodier.me> wrote: >> >> Hello everyone, >> >> I have been using Postfix and Dovecot for my personal emails for years. >> After being tired of reinstalling my personal mail server many times, I >> am currently writing some Ansible scripts to do it automatically. >> >> I obviously checked the other projects, and did not found anything close >> to what I am looking for, so I am implementing it now. >> >> The final goal is to have a box that once online, would setup itself, by >> creating the certificates, the DKIM keys and update the appropriate DNS >> records. >> >> This is so far what I have achieved: >> - Automatic generation of certificates using LetsEncrypt >> - Automatic update of the domain entries: imap, smtp, webmail, etc. >> - Automatic generation of a DKIM keys >> - Automatic update of specific records (MX, SPF, DKIM, etc.) >> - LDAP server for user accounts, with or without system login. >> - Installation of Postfix, Dovecot and Roundcube >> >> Sending DKIM signed emails is working, and the IMAP server is configured >> as well, although basic. >> >> The postfix and dovecot configuration are not yet entirely finished. I >> am planing to add an anti spam system, and sieve, amongst other things. >> >> Although in development during my spare time, the system is normally >> robust and you should be able to run it multiple times without errors. >> >> If anyone is interested to use it, to have a look, or to take part, it >> is here: https://github.com/progmaticltd/homebox >> >> Kind regards, >> André Rodier. >>