post icon [news] [activity] Projects Activities
[2021-07-27 08:29 +0200] WIP DuckCorp Infrastructure> Bug #728 (New): postfix-mta-sts-resolver.service: ConnectionResetError and service failure
[2021-07-22 08:34 +0200] WIP LdapWalker> Revision c0ea34e9 (ldapwalker): Detect duplicate values
[2021-07-22 07:58 +0200] WIP LdapWalker> Revision 62cf1e68 (ldapwalker): Add modifier to load value from file
[2021-07-16 09:32 +0200] WIP DuckCorp Infrastructure> Revision 2baaa7fd (duckcorp-infra): dc-web: fix common auth config (override)
[2021-07-14 16:21 +0200] WIP LdapWalker> Revision 8f526c75 (ldapwalker): modify: implement selection modifications
[2021-07-14 15:46 +0200] WIP LdapWalker> Revision 8663daa4 (ldapwalker): find: add where argument
[2021-07-14 15:41 +0200] WIP LdapWalker> Revision 9ce4a494 (ldapwalker): cmd_arg_where's allow_sel now defaults to false, it is clearer to understand
[2021-07-14 15:34 +0200] WIP LdapWalker> Revision 9172bb1c (ldapwalker): Improve cmd_arg_where loc check
[2021-07-14 15:33 +0200] WIP LdapWalker> Revision 5c05c3c7 (ldapwalker): mv: fix several checks and properly check result
[2021-07-14 15:25 +0200] WIP LdapWalker> Revision 9cc58e50 (ldapwalker): Clarify color for dangling synlinks
Word from the Admin Team
[archives] « Teru-teru-bozu, teru bozu, Do make tomorrow a sunny day, Like the sky in a dream sometime… »
  • song by Kyoson Asahara and Shinpei Nakayama (https://en.wikipedia.org/wiki/Teru_teru_b%C5%8Dzu)

Quack,

We hope you’re safe and doing well.

Improved Mailing-Lists

We upgraded our mailing-lists to Mailman 3. It’s not just about the shiny UI, the underlying mail routing daemon is better in many way.

We plan to add LDAP authentication but integration requires extra work since it’s not available out of the box.

New System for Users’ DNS Primary Zones (aka DNS4Tenants)

Banya, our GPG Mail Command gateway, is soon going to retire. This was inspired by Debian tools and made to be very secure, but unfortunately sending a properly GPG-signed/encrypted mail with most MUAs is still not that trivial, making zone updates more painful that it should be. The script doing the mail handling and DNS update was also far too brittle and maintenance over time proved problematic.

We’re replacing the current system with something easier to use without compromising security: tenants can now edit their zones in a git repository of their choice and under 5 minutes a script should pick the changes, check the zone validity, send errors to the user, and publish the result if all is fine. It might not sounds like it but the new script is by far simpler and smaller. The git repository will be fetched using HTTPS and can be hosted anywhere (including DC). If you wish to keep your zone hidden then it needs to be accessible using the script’s SSH key; most forges allow that. At DC this is also possible but we’re working on a better solution.

DC and MP zones are now managed using the new system and available in our openinfra repo. We’ll contact users to handle the migration.

Web Key Directory Service

If you have an email in @dc.o or @mp.o you can now make your GPG key available using this protocol if you use them in one of your UIDs. It is an alternate way of fetching keys: the owner of the domain certifies it is a valid email address and the key association. It is supported by more and more MUAs, and after all the security problems discovered in Key Servers’ implementations, it should both improve security and usability.

This comes with an automated way to setup and update the association, so you start using it right away.

We can also provide this service for hosted domains.

And some documentation: https://users.duckcorp.org/index.php/Services/WKD

Misc news

  • Matrix:
    • the server is working well; we still have made no decision about IRC mapping.
    • Documentation is now available: https://users.duckcorp.org/index.php/Services/Matrix
  • IRC: thanks to Mikachu’s suggestion we now have a DNSBL configured and it seems to be working well against the recent SPAM; it is also used for antispam (weighted)
  • DNSSEC: work has been done both upstream and on our side to fix various problems. Full automation is not yet complete but making progress.
  • Backup: Pilou added an extra disk for the backup on Nicecity. We have a basic backup but the target system is still WIP

Hugs. \_o<

Activism

  • Not f'd — you won't find me on Facebook

Special Support

  • FSF Member Logo
  • DUC Logo

Sponsors

  • Hivane
  • Nerim