external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-06-07 18:50:54 +00:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/main' into main

Browse Source
This commit is contained in:
Michael Kroes 2021-05-08 15:04:07 +02:00
commit 0cd8d7f203
11 changed files with 42 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -7,6 +7,11 @@ In Development
* Migrate to the ECDSAP256SHA256 DNSSEC algorithm. If a DS record is set for any of your domain names that have DNS hosted on your box, you will be prompted by status checks to update the DS record. * Migrate to the ECDSAP256SHA256 DNSSEC algorithm. If a DS record is set for any of your domain names that have DNS hosted on your box, you will be prompted by status checks to update the DS record.
* Roundcube's login cookie is updated to use a new encryption algorithm (AES-256-CBC instead of DES-EDE-CBC). * Roundcube's login cookie is updated to use a new encryption algorithm (AES-256-CBC instead of DES-EDE-CBC).
v0.53a (May 8, 2021)
--------------------
The download URL for Z-Push has been revised becaue the old URL stopped working.
v0.53 (April 12, 2021) v0.53 (April 12, 2021)
---------------------- ----------------------

2
README.md
View File

@ -58,7 +58,7 @@ Clone this repository and checkout the tag corresponding to the most recent rele
$ git clone https://github.com/mail-in-a-box/mailinabox $ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox $ cd mailinabox
$ git checkout v0.53 $ git checkout v0.53a
Begin the installation. Begin the installation.

2
management/status_checks.py
View File

@ -664,6 +664,8 @@ def check_mail_domain(domain, env, output):
if mx is None: if mx is None:
mxhost = None mxhost = None
elif mx == "[timeout]":
mxhost = None
else: else:
# query_dns returns a semicolon-delimited list # query_dns returns a semicolon-delimited list
# of priority-host pairs. # of priority-host pairs.

10
management/templates/system-backup.html
View File

@ -5,7 +5,7 @@
<h2>Backup Status</h2> <h2>Backup Status</h2>
<p>The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also have it stored on Amazon S3.</p> <p>The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also store in on S3-compatible services like Amazon Web Services (AWS).</p>
<h3>Configuration</h3> <h3>Configuration</h3>
@ -17,7 +17,7 @@
<option value="off">Nowhere (Disable Backups)</option> <option value="off">Nowhere (Disable Backups)</option>
<option value="local">{{hostname}}</option> <option value="local">{{hostname}}</option>
<option value="rsync">rsync</option> <option value="rsync">rsync</option>
<option value="s3">Amazon S3</option> <option value="s3">S3 (Amazon or compatible) </option>
<option value="b2">Backblaze B2</option> <option value="b2">Backblaze B2</option>
</select> </select>
</div> </div>
@ -73,8 +73,8 @@
<!-- S3 BACKUP --> <!-- S3 BACKUP -->
<div class="form-group backup-target-s3"> <div class="form-group backup-target-s3">
<div class="col-sm-10 col-sm-offset-2"> <div class="col-sm-10 col-sm-offset-2">
<p>Backups are stored in an Amazon Web Services S3 bucket. You must have an AWS account already.</p> <p>Backups are stored in an S3-compatible bucket. You must have an AWS or other S3 service account already.</p>
<p>You MUST manually copy the encryption password from <tt class="backup-encpassword-file"></tt> to a safe and secure location. You will need this file to decrypt backup files. It is NOT stored in your Amazon S3 bucket.</p> <p>You MUST manually copy the encryption password from <tt class="backup-encpassword-file"></tt> to a safe and secure location. You will need this file to decrypt backup files. It is <b>NOT</b> stored in your S3 bucket.</p>
</div> </div>
</div> </div>
<div class="form-group backup-target-s3"> <div class="form-group backup-target-s3">
@ -84,7 +84,7 @@
{% for name, host in backup_s3_hosts %} {% for name, host in backup_s3_hosts %}
<option value="{{host}}">{{name}}</option> <option value="{{host}}">{{name}}</option>
{% endfor %} {% endfor %}
<option value="other">Other</option> <option value="other">Other (non AWS)</option>
</select> </select>
</div> </div>
</div> </div>

11
management/web_update.py
View File

@ -160,17 +160,27 @@ def make_domain_config(domain, templates, ssl_certificates, env):
for path, url in yaml.get("proxies", {}).items(): for path, url in yaml.get("proxies", {}).items():
# Parse some flags in the fragment of the URL. # Parse some flags in the fragment of the URL.
pass_http_host_header = False pass_http_host_header = False
proxy_redirect_off = False
frame_options_header_sameorigin = False
m = re.search("#(.*)$", url) m = re.search("#(.*)$", url)
if m: if m:
for flag in m.group(1).split(","): for flag in m.group(1).split(","):
if flag == "pass-http-host": if flag == "pass-http-host":
pass_http_host_header = True pass_http_host_header = True
elif flag == "no-proxy-redirect":
proxy_redirect_off = True
elif flag == "frame-options-sameorigin":
frame_options_header_sameorigin = True
url = re.sub("#(.*)$", "", url) url = re.sub("#(.*)$", "", url)
nginx_conf_extra += "\tlocation %s {" % path nginx_conf_extra += "\tlocation %s {" % path
nginx_conf_extra += "\n\t\tproxy_pass %s;" % url nginx_conf_extra += "\n\t\tproxy_pass %s;" % url
if proxy_redirect_off:
nginx_conf_extra += "\n\t\tproxy_redirect off;"
if pass_http_host_header: if pass_http_host_header:
nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;" nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;"
if frame_options_header_sameorigin:
nginx_conf_extra += "\n\t\tproxy_set_header X-Frame-Options SAMEORIGIN;"
nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;" nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;"
nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;" nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;"
@ -251,3 +261,4 @@ def get_web_domains_info(env):
} }
for domain in get_web_domains(env) for domain in get_web_domains(env)
] ]

2
setup/bootstrap.sh
View File

@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
# want to display in status checks. # want to display in status checks.
if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" == "Ubuntu 18.04 LTS" ]; then if [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' )" == "Ubuntu 18.04 LTS" ]; then
# This machine is running Ubuntu 18.04. # This machine is running Ubuntu 18.04.
TAG=v0.53 TAG=v0.53a
elif [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' )" == "Ubuntu 14.04 LTS" ]; then elif [ "$(lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' )" == "Ubuntu 14.04 LTS" ]; then
# This machine is running Ubuntu 14.04. # This machine is running Ubuntu 14.04.

1
setup/mail-dovecot.sh
View File

@ -183,6 +183,7 @@ plugin {
sieve_after = $STORAGE_ROOT/mail/sieve/global_after sieve_after = $STORAGE_ROOT/mail/sieve/global_after
sieve = $STORAGE_ROOT/mail/sieve/%d/%n.sieve sieve = $STORAGE_ROOT/mail/sieve/%d/%n.sieve
sieve_dir = $STORAGE_ROOT/mail/sieve/%d/%n sieve_dir = $STORAGE_ROOT/mail/sieve/%d/%n
sieve_redirect_envelope_from = recipient
} }
EOF EOF

12
setup/nextcloud.sh
View File

@ -97,12 +97,12 @@ InstallNextcloud() {
} }
# Nextcloud Version to install. Checks are done down below to step through intermediate versions. # Nextcloud Version to install. Checks are done down below to step through intermediate versions.
nextcloud_ver=20.0.1 nextcloud_ver=20.0.8
nextcloud_hash=f2b3faa570c541df73f209e873a1c2852e79eab8 nextcloud_hash=372b0b4bb07c7984c04917aff86b280e68fbe761
contacts_ver=3.4.1 contacts_ver=3.5.1
contacts_hash=aee680a75e95f26d9285efd3c1e25cf7f3bfd27e contacts_hash=d2ffbccd3ed89fa41da20a1dff149504c3b33b93
calendar_ver=2.1.2 calendar_ver=2.2.0
calendar_hash=930c07863bb7a65652dec34793802c8d80502336 calendar_hash=673ad72ca28adb8d0f209015ff2dca52ffad99af
user_external_ver=1.0.0 user_external_ver=1.0.0
user_external_hash=3bf2609061d7214e7f0f69dd8883e55c4ec8f50a user_external_hash=3bf2609061d7214e7f0f69dd8883e55c4ec8f50a

2
setup/start.sh
View File

@ -94,7 +94,7 @@ PUBLIC_IP=$PUBLIC_IP
PUBLIC_IPV6=$PUBLIC_IPV6 PUBLIC_IPV6=$PUBLIC_IPV6
PRIVATE_IP=$PRIVATE_IP PRIVATE_IP=$PRIVATE_IP
PRIVATE_IPV6=$PRIVATE_IPV6 PRIVATE_IPV6=$PRIVATE_IPV6
MTA_STS_MODE=${MTA_STS_MODE-} MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
EOF EOF
# Start service configuration. # Start service configuration.

10
setup/web.sh
View File

@ -126,13 +126,13 @@ chmod a+r /var/lib/mailinabox/mozilla-autoconfig.xml
# nginx configuration at /.well-known/mta-sts.txt # nginx configuration at /.well-known/mta-sts.txt
# more documentation is available on: # more documentation is available on:
# https://www.uriports.com/blog/mta-sts-explained/ # https://www.uriports.com/blog/mta-sts-explained/
# default mode is "enforce". Change to "testing" which means # default mode is "enforce". In /etc/mailinabox.conf change
# "Messages will be delivered as though there was no failure # "MTA_STS_MODE=testing" which means "Messages will be delivered
# but a report will be sent if TLS-RPT is configured" if you # as though there was no failure but a report will be sent if
# are not sure you want this yet. Or "none". # TLS-RPT is configured" if you are not sure you want this yet. Or "none".
PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2) PUNY_PRIMARY_HOSTNAME=$(echo "$PRIMARY_HOSTNAME" | idn2)
cat conf/mta-sts.txt \ cat conf/mta-sts.txt \
| sed "s/MODE/${MTA_STS_MODE:-enforce}/" \ | sed "s/MODE/${MTA_STS_MODE}/" \
| sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \ | sed "s/PRIMARY_HOSTNAME/$PUNY_PRIMARY_HOSTNAME/" \
> /var/lib/mailinabox/mta-sts.txt > /var/lib/mailinabox/mta-sts.txt
chmod a+r /var/lib/mailinabox/mta-sts.txt chmod a+r /var/lib/mailinabox/mta-sts.txt

6
setup/zpush.sh
View File

@ -23,7 +23,7 @@ phpenmod -v php imap
# Copy Z-Push into place. # Copy Z-Push into place.
VERSION=2.6.2 VERSION=2.6.2
TARGETHASH=4b312d64227ef887b24d9cc8f0ae17519586f6e2 TARGETHASH=f0e8091a8030e5b851f5ba1f9f0e1a05b8762d80
needs_update=0 #NODOC needs_update=0 #NODOC
if [ ! -f /usr/local/lib/z-push/version ]; then if [ ! -f /usr/local/lib/z-push/version ]; then
needs_update=1 #NODOC needs_update=1 #NODOC
@ -33,12 +33,12 @@ elif [[ $VERSION != $(cat /usr/local/lib/z-push/version) ]]; then
fi fi
if [ $needs_update == 1 ]; then if [ $needs_update == 1 ]; then
# Download # Download
wget_verify "https://stash.z-hub.io/rest/api/latest/projects/ZP/repos/z-push/archive?at=refs%2Ftags%2F$VERSION&format=zip" $TARGETHASH /tmp/z-push.zip wget_verify "https://github.com/Z-Hub/Z-Push/archive/refs/tags/$VERSION.zip" $TARGETHASH /tmp/z-push.zip
# Extract into place. # Extract into place.
rm -rf /usr/local/lib/z-push /tmp/z-push rm -rf /usr/local/lib/z-push /tmp/z-push
unzip -q /tmp/z-push.zip -d /tmp/z-push unzip -q /tmp/z-push.zip -d /tmp/z-push
mv /tmp/z-push/src /usr/local/lib/z-push mv /tmp/z-push/*/src /usr/local/lib/z-push
rm -rf /tmp/z-push.zip /tmp/z-push rm -rf /tmp/z-push.zip /tmp/z-push
rm -f /usr/sbin/z-push-{admin,top} rm -f /usr/sbin/z-push-{admin,top}