Hello Bruce et al,

One thing I did not specify. I have very strict idea in the way I am
installing a package on a server I put online.

Ideally, I want to have some install process I setup once and I don't
have to worry about anything, especially security.

When I have to install a software, let's say Roundcube, I prefer to use
the native version that comes with Debian server. Of course, it is a
little bit outdated, but I know there is a security team behind that
publishes security patches. I know these security patches will be
applied, while I sleep or while I am in holidays, if I install and
configure correctly unattended upgrades packages.

If really I want more control, I know there is packages on Debian that
will send me an email when updates are available, and I can install them
from anywhere using SSH.

In no case, I would be comfortable installing, on a Live server,
Roundcube from the git repository, which is done fir this project. It is
far too easy to forget and leave it for months with security issues
opened for a while.

Yes, I know there is cron scripts I can use to update the repository.
But even in this case, who is guarantee me that nothing will break on my
server? Once again, there is a Debian team that do a fabulous
integration work, and I don't want to break my mail server just to have
the latest version of Roundcube or Owncloud.

By staying inside the Debian ecosystem, I am also sure that some third
party applications or repositories will stay nicely integrated with the
current state of my server. For instance, I know that I should be able
to add syncthing (https://apt.syncthing.net/) repository as part of the
deployment process, without worrying too much about conflict from files
overwritten by these kind of manipulations.

I don't say one opinion is better that the other, it is just the way I
prefer to work - and as a matter - to live.

Kind regards,

On 10/12/17 19:46, André Rodier wrote:
> Thank you,
> I remember to had a look at this project, and I found it huge.
> I started mine because I want LDAP authentication.
> I also wanted less features / programs, less obtrusive, and  better
> attention to small details, like automatic DKIM generation and DNS updates.
> I hope not to end up with something as huge.
> André
> On 10/12/17 19:19, br...@secryption.com wrote:
>> Check out https://github.com/sovereign/sovereign/blob/master/README.md
>> Might have some of what you are looking for already done. 
>> Bruce
>> On Dec 10, 2017 2:06 PM, André Rodier <an...@rodier.me> wrote:
>> Hello everyone,
>> I have been using Postfix and Dovecot for my personal emails for years.
>> After being tired of reinstalling my personal mail server many times, I
>> am currently writing some Ansible scripts to do it automatically.
>> I obviously checked the other projects, and did not found anything close
>> to what I am looking for, so I am implementing it now.
>> The final goal is to have a box that once online, would setup itself, by
>> creating the certificates, the DKIM keys and update the appropriate DNS
>> records.
>> This is so far what I have achieved:
>> - Automatic generation of certificates using LetsEncrypt
>> - Automatic update of the domain entries: imap, smtp, webmail, etc.
>> - Automatic generation of a DKIM keys
>> - Automatic update of specific records (MX, SPF, DKIM, etc.)
>> - LDAP server for user accounts, with or without system login.
>> - Installation of Postfix, Dovecot and Roundcube
>> Sending DKIM signed emails is working, and the IMAP server is configured
>> as well, although basic.
>> The postfix and dovecot configuration are not yet entirely finished. I
>> am planing to add an anti spam system, and sieve, amongst other things.
>> Although in development during my spare time, the system is normally
>> robust and you should be able to run it multiple times without errors.
>> If anyone is interested to use it, to have a look, or to take part, it
>> is here: https://github.com/progmaticltd/homebox
>> Kind regards,
>> André Rodier.

Reply via email to