Merge branch 'master' into v7

README.rst

@@ -2,22 +2,23 @@
 NethServer documentation
 ========================
 
-Sphinx documentation sources for www.nethserver.org_.
+Sphinx documentation sources for docs.nethserver.org_.
 
-You can find a directory for each available language.
-Inside each language directory there are some specials files:
+The docs sources are under ``administrator-manual/en/`` directory.  You can find
+only English (en) here because translated paragraphs are handled by Transifex.
+Under the same directory there are some specials files:
 
 * conf.py: Sphinx configuration
 * Makefile: Sphinx build makefile
 * index.rst: document structure
 
-All other .rst files are chapters of the manual. 
-If you wish to add a new chapter, create a new file and add it to the index.rst file.
+All other ``.rst`` files are chapters of the manual.  If you wish to add a new
+chapter, create a new file and add it to the index.rst file.
 
 Documentation available here:
 
-* Administrator manual (English and Italian): http://docs.nethserver.org
-* Developer manual (English only): http://docs.nethserver.org/projects/nethserver-devel
+* Administrator manual: http://docs.nethserver.org
+* Developer manual: http://docs.nethserver.org/projects/nethserver-devel
 
 .. _www.nethserver.org: http://www.nethserver.org
 
@@ -28,16 +29,16 @@ The easiest way to contribute is by forking and editing the repository
 directly on GitHub:
 
 * Create a GitHub account if you don't already have it
-* Go to https://github.com/nethesis/nethserver-docs and fork the project
+* Go to https://github.com/NethServer/docs and fork the project
 * You can now edit any page using GitHub web interface and see a live preview of the output
 * When you're done, simply create a new pull request
 * A new automatic build is launched after the pull request is merged by a developer
 
-You can also use the traditional way by cloning nethserver-docs 
-repository (https://github.com/nethesis/nethserver-docs ) to your 
+You can also use the traditional way by cloning the ``docs``
+repository (https://github.com/nethesis/nethserver-docs ) to your
 machine and sending patches to the mailing list.
 
-While editing, please follow below guidelines.
+While editing, please follow the guidelines below.
 
 Editing guidelines
 ------------------
@@ -231,18 +232,4 @@ resources to Transifex by manually editing ``.tx/config``.
 Upgrading developer manual
 ==========================
 
-Developer manual is built using files from this repository
-and READMEs files from other github repositories.
-
-To update the developer manual follow these steps:
-
-* Checkout this repository and move to developer-manual directory
-* If needed, add the name of new github repositories inside the ``modules`` file
-* Execute ``pull-modules`` script
-* Try to build the manual: ::
-
-   make html
-
-* After fixing errors and warnings, commit the changes
-
-
+Developer manual is now hosted at https://github.com/NethServer/dev

administrator-manual/en/.tx/config

@@ -333,3 +333,9 @@ source_file = _build/locale/team_chat.pot
 source_lang = en
 type = PO
 
+[docs-v7.dedalo]
+file_filter = locale/<lang>/LC_MESSAGES/dedalo.po
+source_file = _build/locale/dedalo.pot
+source_lang = en
+type = PO
+

administrator-manual/en/backup.rst

@@ -458,6 +458,10 @@ For example, to backup a software installed inside :file:`/opt` directory, add t
 
   /opt/mysoftware
 
+
+The same syntax applies to configuration backup. Modifications should be done inside the file :file:`/etc/backup-config.d/custom.include`.
+
+
 **Exclusion**
 
 If you wish to exclude a file or directory from data backup, add a line to the file :file:`/etc/backup-data.d/custom.exclude`.

administrator-manual/en/hotsync.rst

@@ -48,11 +48,11 @@ Installation
 
     To install the module on MASTER execute from command line: ::
 
-      yum install nethserver-hotsync
+      yum -y install nethserver-hotsync
 
     To install the module on SLAVE execute from command line: ::
 
-      yum install --disablerepo=nethesis-updates,nethesis-upstream nethserver-hotsync
+      yum -y install --disablerepo=nethesis-*,nh-* nethserver-hotsync
 
 
 

administrator-manual/en/mail.rst

@@ -24,12 +24,12 @@ See also the following related topics:
 * Simple Mail Transfer Protocol (SMTP) [#SMTP]_
 * DKIM signature [#DKIM]_
 
-.. warning::
+.. note::
 
     Since |product| 7.5.1804 new :ref:`email-section`,
     :ref:`pop3_connector-section` and :ref:`pop3_proxy-section` installations
-    are based on the Rspamd filter engine. Previous |product| installations can
-    be manually upgraded to Rspamd as described in :ref:`email2-section`
+    are based on the Rspamd filter engine. Previous |product| installations are
+    automatically upgraded to Rspamd as described in :ref:`email2-section`
 
 .. index::
    pair: email; relay
@@ -402,7 +402,7 @@ adjusted under :guilabel:`Email > Filter > Anti spam`.
    SMTP-compliant MTA will attempt to deliver the deferred message again.
 
 2. If the spam score is above :guilabel:`Spam threshold` the message is **marked
-   as spam** by adding the special header ``X-Spam-Flag: YES`` for specific
+   as spam** by adding the special header ``X-Spam: Yes`` for specific
    treatments, then it is delivered like other messages. As an alternative, the
    :guilabel:`Add a prefix to spam messages subject` option makes the spam flag
    visible on the subject of the message, by prefixing the given string to the

administrator-manual/en/mail2.rst

@@ -6,35 +6,29 @@ Email module transition to Rspamd
 
 Since |product| 7.5.1804 new :ref:`email-section`, :ref:`pop3_connector-section`
 and :ref:`pop3_proxy-section` installations are based on the Rspamd [#RSPAMD]_
-filter engine. Previous |product| installations can be manually upgraded to
-Rspamd as described by this section.
+filter engine.
 
-New configuration features, specific to Rspamd-based implementation, are now
-documented in :ref:`email-section`. Here is a brief list:
+* Previous |product| installations are automatically upgraded to
+  Rspamd as described by this section.
 
-* DKIM signature
-* Rspamd web UI
-* Greylist threshold [#GREY]_
+* New configuration features, specific to the Rspamd-based implementation, are
+  documented in :ref:`email-section`. Here is a brief list:
+
+    * DKIM signature
+    * Rspamd web UI
+    * Greylist threshold [#GREY]_
 
 Feature changes
 ===============
 
-.. warning::
-
-    There are some changes that must be considered when manually upgrading to
-    the new Email implementation based on Rspamd.
-
-    Since |product| 7.5.1804 a new installation has different default settings.
 
 Append a legal notice
 ---------------------
 
 The :guilabel:`Email > Domains > Append a legal note to sent messages` (also
 known as "Disclaimer") feature was split in a separate, optional package:
-``nethserver-mail2-disclaimer``. The upgrade procedures documented in this
-section install it for backward compatibility, however new installations should
-avoid it, as it relies on an old package [#ALTERMIME]_ that can be removed in
-future releases.
+``nethserver-mail2-disclaimer``. New installations should avoid it, as it relies
+on an old package [#ALTERMIME]_ that can be removed in future releases.
 
 .. index::
    pair: port; imap
@@ -84,85 +78,8 @@ from IP addresses` before upgrading.
 Upgrade procedures
 ==================
 
-It is possible to switch a running system to the new module, starting from
-the old **Email**, **SMTP proxy** and **POP3 connector** modules.
-
-Make sure the system is updated with the latest packages before running the
-upgrade procedure.
-
-.. only:: nscom
-
-    If something is wrong with ``rspamd``, please report the issue on
-    `community.nethserver.org <https://community.nethserver.org>`_.
-
-To switch an old mail server with ``amavisd-new`` filter engine to ``rspamd``
-run the upgrade commands reported on the following sections. It is possible
-to revert the upgrade too.
-
-From Email module
------------------
-
-Upgrade: ::
-
-    yum swap \
-        -- remove nethserver-mail-{common,disclaimer,filter,server} \
-        -- install nethserver-mail2-{common,disclaimer,filter,server}
-
-Revert upgrade: ::
-
-    yum swap \
-        -- install nethserver-mail-{common,disclaimer,filter,server} \
-        -- remove nethserver-mail2-{common,disclaimer,filter,server}
-
-From SMTP proxy module
-----------------------
-
-Upgrade: ::
-
-    yum swap \
-        -- remove nethserver-mail-{common,disclaimer,filter} \
-        -- install nethserver-mail2-{common,disclaimer,filter}
-
-Revert upgrade: ::
-
-    yum swap \
-        -- install nethserver-mail-{common,disclaimer,filter} \
-        -- remove nethserver-mail2-{common,disclaimer,filter}
-
-From POP3 connector module
---------------------------
-
-When upgrading, the POP3 connector settings of each account
-regarding :guilabel:`Check messages for SPAM` and :guilabel:`Check messages for
-virus` options are ignored and overridden by the new :guilabel:`Scan messages
-with email filter`.
-
-Upgrade: ::
-
-    yum swap \
-        -- remove nethserver-mail-{common,disclaimer,filter,server} nethserver-getmail nethserver-spamd \
-        -- install nethserver-mail2-{common,disclaimer,filter,server,getmail}
-
-Revert upgrade: ::
-
-    yum swap \
-        -- install nethserver-mail-{common,disclaimer,filter,server} nethserver-getmail \
-        -- remove nethserver-mail2-{common,disclaimer,filter,server,getmail}
-
-From POP3 proxy module
-----------------------
-
-Upgrade: ::
-
-    yum swap \
-        -- remove nethserver-mail-{common,disclaimer,filter} nethserver-p3scan nethserver-spamd \
-        -- install nethserver-mail2-{common,disclaimer,filter,p3scan}
-
-Revert upgrade: ::
+Manual upgrade procedures are no longer needed: upgrade occurs automatically.
 
-    yum swap \
-        -- install nethserver-mail-{common,disclaimer,filter} nethserver-p3scan nethserver-spamd \
-        -- remove nethserver-mail2-{common,disclaimer,filter,p3scan}
 
 .. rubric:: References
 

administrator-manual/en/pop3_connector.rst

@@ -5,12 +5,12 @@
 POP3 connector
 ==============
 
-.. warning::
+.. note::
 
     Since |product| 7.5.1804 new :ref:`email-section`,
     :ref:`pop3_connector-section` and :ref:`pop3_proxy-section` installations
-    are based on the Rspamd filter engine. Previous |product| installations can
-    be manually upgraded to Rspamd as described in :ref:`email2-section`
+    are based on the Rspamd filter engine. Previous |product| installations are
+    automatically upgraded to Rspamd as described in :ref:`email2-section`
 
 The :guilabel:`POP3 connector` page allows configuring a list of mail
 accounts that will be checked regularly. Messages coming from the remote

administrator-manual/en/pop3_proxy.rst

@@ -5,12 +5,12 @@
 POP3 proxy
 ==========
 
-.. warning::
+.. note::
 
     Since |product| 7.5.1804 new :ref:`email-section`,
     :ref:`pop3_connector-section` and :ref:`pop3_proxy-section` installations
-    are based on the Rspamd filter engine. Previous |product| installations can
-    be manually upgraded to Rspamd as described in :ref:`email2-section`
+    are based on the Rspamd filter engine. Previous |product| installations are
+    automatically upgraded to Rspamd as described in :ref:`email2-section`
 
 A user on the LAN can configure an email client 
 in order to connect to an external POP3 server and download mail messages. 

administrator-manual/en/sogo.rst

@@ -1,3 +1,5 @@
+.. _SOGo-section:
+
 ====
 SOGo
 ====
@@ -95,7 +97,7 @@ Terms highlighted in **bold** are documented in SOGo `installation and configura
 * ``AdminUsers`` comma separated list of accounts allowed to bypass SOGo ACLs. See **SOGoSuperUsernames** key
 * Notifications comma separated list of values (no spaces between commas). Known item names are ``ACLs``, ``Folders``, ``Appointments``. See **SOGoSendEMailNotifications**
 * ``{Drafts,Sent,Trash}Folder`` See respective **SOGoFolderName** parameters
-* ``VirtualHosts`` comma separated list of host keys in ``hosts`` DB, with ``type=self``. SOGo is reachable from the default host name plus any host listed here (see #2371).
+* ``VirtualHosts`` SOGo is reachable from the default host name plus the host (FQDN) listed here. The host key is generated/removed in ``hosts`` DB, with ``type=self`` automatically.
 
 
 
@@ -137,21 +139,21 @@ Set by default to 2048KB: ::
 ActiveSync
 ==========
 
-According to this :ref:`webtop-vs-sogo`, WebTop and SOGo can be installed on the same machine.
+According to this :ref:`webtop-vs-sogo`, WebTop and SOGo can be installed on the same machine, although it is discouraged to keep such setup on the long run.
 
-ActiveSync is enabled by default on SOGo and WebTop, but if both packages are installed, WebTop will take precedence.
+ActiveSync is enabled by default on SOGo and WebTop. At installation of SOGo, Webtop-ActiveSync is disabled and SOGo will take precedence.
 
-To disable ActiveSync on SOGo: ::
+SOGo-ActiveSync can be disabled in the server-manager at the SOGo-panel or with: ::
 
   config setprop sogod ActiveSync disabled
   signal-event nethserver-sogo-update
 
-To disable ActiveSync on WebTop: ::
+To enable ActiveSync on WebTop: ::
 
-  config setprop webtop ActiveSync disabled
+  config setprop webtop ActiveSync enabled
   signal-event nethserver-webtop5-update
 
-To enabale ActiveSync on SOGo again: ::
+To enable ActiveSync on SOGo again: ::
 
   config setprop sogod ActiveSync enabled
   signal-event nethserver-sogo-update

administrator-manual/en/tlspolicy.rst

@@ -7,17 +7,40 @@ TLS policy
 The :guilabel:`TLS policy` page controls how individual services configure the
 Transport Layer Security (TLS) protocol, by selecting a *policy identifier*.
 
+If not otherwise stated, the TLS settings of policies are always *cumulative*: 
+**newer policies extend older ones**.
+
 Each module implementation decides how to implement a specific policy
 identifier, providing a trade off between security and client compatibility.
 Newer policies are biased towards security, whilst older ones provide better
 compatibility with old clients.
 
 The following sections describe each policy identifier.
 
+Policy 2018-10-01
+-----------------
+
+This policy restricts the TLS settings of the default Ejabberd configuration. 
+It applies only to Ejabberd version 18 and greater.
+
+Ejabberd (XMPP)
+    * See https://bettercrypto.org/static/applied-crypto-hardening.pdf category B
+    * Disabled SSLv3 and TLSv1.0
+    * Cipher server priority
+    * ECC certificate
+    * Ciphers suite ::
+
+        ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+
 Policy 2018-06-21
 -----------------
 
-This policy extends ``2018-03-30`` by adding the support for ECC certificates.
+This policy extends ``2018-03-30`` by adding the support for ECC certificates to
+
+* Apache
+* Dovecot
+* OpenSSH
+* Postfix
 
 Slapd (openldap-servers)
     * Reference https://access.redhat.com/articles/1474813