majic-ansible-roles Changeset

Changeset - 3a67313afb87

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 5 years ago 2020-12-22 18:38:04
branko@majic.rs

MAR-175: Update release notes regarding the mail_server.

1 file changed with 11 insertions and 0 deletions:

docs/releasenotes.rst

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -51,24 +51,26 @@ upgrade to Python 3.x, dropping support for Python 2.7. @@
 * ``mail_server`` role
   * Use 2048-bit Diffie-Hellman parameters for relevant TLS
     ciphers. This could introduce incompatibility with older
     clients/servers trying to connect to the SMTP/IMAP server.
   * Updated default set of TLS ciphers used by IMAP/SMTP servers
     (``mail_server_tls_ciphers`` parameter). All CBC ciphers have been
     dropped. This could introduce incompatibility with older clients
     trying to connect to the IMAP/SMTP server.
   * Dropped the use of ``procmail`` for local mail deliveries.
 * ``php_website`` role
   * Parameter ``enforce_https`` has been deprecated and
     removed. HTTPS is now mandatory in all cases.
 * ``preseed`` role
   * Parameter ``ansible_key`` is now mandatory.
   * Parameter ``preseed_directory`` is now mandatory.
 * ``web_server`` role
@@ @@ -120,24 +122,30 @@ upgrade to Python 3.x, dropping support for Python 2.7. @@
   * Support for running Prosody 0.11.x has been added. This is also
     the new default version of Prosody that gets deployed to the
     target system.
 **Bug fixes:**
 * ``common`` role
   * Run apticron at least once during initial installation to avoid
     accidental locking later on during the same playbook run.
 * ``mail_server`` role
   * Fixed the problem with the SMTP server (Postfix) not using TLS at
     all for outgoing SMTP connections. The server will now default to
     using opportunistic TLS (using TLS where available).
 * ``wsgi_website`` role
   * Deploy the requirement files used for upgrade checks to correct
     location when using Python 3. Previously the files would get
     deployed to directory dedicated to Python 2 version, which means
     the checks would be performed using Python 2 instead of Python 3.
 **New features/improvements:**
 * Tests have been updated to work with latest Molecule/Testinfra as
   part of the Ansible upgrade process.
 * X.509 artefacts used during testing are now generated on the fly
@@ @@ -146,24 +154,27 @@ upgrade to Python 3.x, dropping support for Python 2.7. @@
 * ``mail_forwader`` role
   * The role now supports specifying the maximum mail message size
     limit for the SMTP server to accept via
     ``mail_message_size_limit`` role parameter.
 * ``mail_server`` role
   * The role now supports specifying the maximum mail message size
     limit for the SMTP server to accept via
     ``mail_message_size_limit`` role parameter.
   * Mail server configuration has been slightly updated to better
     match what is currently the defaults in Debian Stretch.
 * ``xmpp_server`` role
   * Server now supports blocking users via `XEP-0191: Blocking Command
     <https://xmpp.org/extensions/xep-0191.html>`_.
   * Server now supports `XEP-0280: Message Carbons
     <http://xmpp.org/extensions/xep-0280.html>`_, letting multiple
     online XMPP clients receive/store the same message.
   * Server now supports `XEP-0313: Message Archive Management
     <https://xmpp.org/extensions/xep-0313.html>`_, storing copies of
     received messages server-side. Message expiration is configurable
     via parameter ``xmpp_server_archive_expiration``.
   * XMPP server certificate is checked on daily basis using the

0 comments (0 inline, 0 general)