From 6eb9055275a50257734e18e4fa474a0b8f418053 Mon Sep 17 00:00:00 2001 From: Michael Kroes Date: Tue, 9 Oct 2018 13:09:54 +0200 Subject: [PATCH 01/13] Upgrade NextCloud to 13.06 (#1436) --- CHANGELOG.md | 2 +- setup/owncloud.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index befea2a7..dab1cab7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ In Development -------------- * Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup. -* Update to Nextcloud 13.0.5. +* Update to Nextcloud 13.0.6. * Update to Roundcube 1.3.7. * Update to Z-Push 2.4.4. diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 5825078d..e2f28984 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -154,8 +154,8 @@ InstallOwncloud() { fi } -owncloud_ver=13.0.5 -owncloud_hash=e2b4a4bebd4fac14feae1e6e8997682f73fa8b50 +owncloud_ver=13.0.6 +owncloud_hash=33e41f476f0e2be5dc7cdb9d496673d9647aa3d6 # Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ From 2f494e9a1ca42fefe34238ff980b505a8b252131 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 24 Oct 2018 16:09:59 -0400 Subject: [PATCH 02/13] CHANGELOG fixes/updates --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dab1cab7..a30001d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ In Development * Update to Nextcloud 13.0.6. * Update to Roundcube 1.3.7. * Update to Z-Push 2.4.4. +* Backup dates listed in the control panel now use an internationalized format. v0.28 (July 30, 2018) --------------------- @@ -34,7 +35,6 @@ Mail: Control Panel: -* We now use EFF's `certbot` tool to provision HTTPS certificates instead of our home-grown free_tls_certificates package. * The undocumented feature for proxying web requests to another server now sets X-Forwarded-For. v0.26c (February 13, 2018) From 16f38042ec0e90819af7a74a7a2e9aeacc842b5b Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 24 Oct 2018 16:12:25 -0400 Subject: [PATCH 03/13] v0.29 released, closes #1440 --- CHANGELOG.md | 4 ++-- README.md | 4 ++-- setup/bootstrap.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a30001d3..e1b788f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,8 @@ CHANGELOG ========= -In Development --------------- +v0.29 (October 25, 2018) +------------------------ * Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup. * Update to Nextcloud 13.0.6. diff --git a/README.md b/README.md index d7caacfa..ac138229 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ by me: $ curl -s https://keybase.io/joshdata/key.asc | gpg --import gpg: key C10BDD81: public key "Joshua Tauberer " imported - $ git verify-tag v0.28 + $ git verify-tag v0.29 gpg: Signature made ..... using RSA key ID C10BDD81 gpg: Good signature from "Joshua Tauberer " gpg: WARNING: This key is not certified with a trusted signature! @@ -72,7 +72,7 @@ and on my [personal homepage](https://razor.occams.info/). (Of course, if this r Checkout the tag corresponding to the most recent release: - $ git checkout v0.28 + $ git checkout v0.29 Begin the installation. diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index f25de9af..738b5abf 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -7,7 +7,7 @@ ######################################################### if [ -z "$TAG" ]; then - TAG=v0.28 + TAG=v0.29 fi # Are we running as root? From 0335595e7ee2633205d9b7ca0aeeb84e9ad9a5b5 Mon Sep 17 00:00:00 2001 From: Holger Just Date: Sun, 25 Nov 2018 16:40:21 +0100 Subject: [PATCH 04/13] Update Roundcube to version 1.3.8 (#1475) https://github.com/roundcube/roundcubemail/releases/tag/1.3.8 --- CHANGELOG.md | 4 ++++ setup/webmail.sh | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1b788f0..e1ef303b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ CHANGELOG ========= +In Development +-------------- + * Update to Roundcube 1.3.8. + v0.29 (October 25, 2018) ------------------------ diff --git a/setup/webmail.sh b/setup/webmail.sh index 38aee942..567a4f5a 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -35,8 +35,8 @@ apt-get purge -qq -y roundcube* #NODOC # Install Roundcube from source if it is not already present or if it is out of date. # Combine the Roundcube version number with the commit hash of plugins to track # whether we have the latest version of everything. -VERSION=1.3.7 -HASH=df0e29d09aae0b7a7ae98023dcd1ae3c6be77cd0 +VERSION=1.3.8 +HASH=90c7900ccf7b2f46fe49c650d5adb9b85ee9cc22 PERSISTENT_LOGIN_VERSION=dc5ca3d3f4415cc41edb2fde533c8a8628a94c76 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 CARDDAV_VERSION=2.0.4 From 5be74dec6e3a8dad7f3f4b2c406c9e4d307daa19 Mon Sep 17 00:00:00 2001 From: jeff-h Date: Mon, 3 Dec 2018 11:57:37 +1300 Subject: [PATCH 05/13] Improve postgrey logging (#1448) We can't presume the redelivery timeframe of the sending server. However, we do know the blacklist timeframe within which we will reject a redelivery. --- management/mail_log.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/mail_log.py b/management/mail_log.py index 106d70cb..79d6ea56 100755 --- a/management/mail_log.py +++ b/management/mail_log.py @@ -257,7 +257,7 @@ def scan_mail_log(env): print(textwrap.fill( "The following mail was greylisted, meaning the emails were temporarily rejected. " - "Legitimate senders will try again within ten minutes.", + "Legitimate senders must try again after three minutes.", width=80, initial_indent=" ", subsequent_indent=" " ), end='\n\n') From 000363492ee0186e6c533846ce5523e02a33c170 Mon Sep 17 00:00:00 2001 From: jeff-h Date: Mon, 3 Dec 2018 11:58:26 +1300 Subject: [PATCH 06/13] Improve greylisting explanation. (#1447) Hopefully this improves the accuracy of the greylisting description. --- management/templates/mail-guide.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/templates/mail-guide.html b/management/templates/mail-guide.html index d34cc9c3..0b43993b 100644 --- a/management/templates/mail-guide.html +++ b/management/templates/mail-guide.html @@ -59,7 +59,7 @@

Greylisting

-

Your box using a technique called greylisting to cut down on spam. Greylisting works by delaying mail from people you haven’t received mail from before for up to about 10 minutes. The vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please give it up to 10-15 minutes to arrive.

+

Your box uses a technique called greylisting to cut down on spam. Greylisting works by initially rejecting mail from people you haven’t received mail from before. Legitimate mail servers will attempt redelivery shortly afterwards, but the vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please be aware there will be a minimum of 3 minutes delay, depending how soon the remote server attempts redelivery.

+tag addresses

Every incoming email address also receives mail for +tag addresses. If your email address is you@yourdomain.com, you’ll also automatically get mail sent to you+anythinghere@yourdomain.com. Use this as a fast way to segment incoming mail for your own filtering rules without having to create aliases in this control panel.

From a7dded818283ae565d97fe364b429f0675ccf178 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Mon, 3 Dec 2018 00:00:16 +0100 Subject: [PATCH 07/13] Add a logfile entry to the NSD conf file (#1434) Having a log file can help debugging when something goes wrong and NSD doesn't fail or MiaB doesn't notify you. See https://discourse.mailinabox.email/t/dns-email-domain-becomes-inaccessible-every-few-hours/3770 --- setup/dns.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/setup/dns.sh b/setup/dns.sh index 191a3adc..5d86227a 100755 --- a/setup/dns.sh +++ b/setup/dns.sh @@ -26,6 +26,7 @@ cat > /etc/nsd/nsd.conf << EOF; # Do not edit. Overwritten by Mail-in-a-Box setup. server: hide-version: yes + logfile: "/var/log/nsd.log" # identify the server (CH TXT ID.SERVER entry). identity: "" @@ -41,6 +42,18 @@ server: EOF +# Add log rotation +cat > /etc/logrotate.d/nsd < Date: Fri, 30 Nov 2018 09:30:55 -0500 Subject: [PATCH 08/13] document password character limitation fixes #407 --- CHANGELOG.md | 9 ++++++++- management/templates/users.html | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1ef303b..2b16f3c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,14 @@ CHANGELOG In Development -------------- - * Update to Roundcube 1.3.8. + +Setup: + +* Update to Roundcube 1.3.8. + +Control Panel: + +* The users page now documents that passwords should only have ASCII characters to prevent character encoding mismaches between clients and the server. v0.29 (October 25, 2018) ------------------------ diff --git a/management/templates/users.html b/management/templates/users.html index cf944c86..c70ac0da 100644 --- a/management/templates/users.html +++ b/management/templates/users.html @@ -31,7 +31,7 @@
    -
  • Passwords must be at least eight characters and may not contain spaces. For best results, generate a random password.
    • +
  • Passwords must be at least eight characters consisting of English lettters and numbers only. For best results, generate a random password.
  • Use aliases to create email addresses that forward to existing accounts.
  • Administrators get access to this control panel.
  • User accounts cannot contain any international (non-ASCII) characters, but aliases can.
    • From c5c413b44725cea033a6b0ffeb3e77c7b447335e Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 30 Nov 2018 09:33:24 -0500 Subject: [PATCH 09/13] remove user account mailbox size from the control panel because it takes way too long to compute on very large mailboxes fixes #531 --- CHANGELOG.md | 1 + management/daemon.py | 2 +- management/mailconfig.py | 7 +------ management/templates/users.html | 4 ---- 4 files changed, 3 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b16f3c6..6ddf299b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ Setup: Control Panel: * The users page now documents that passwords should only have ASCII characters to prevent character encoding mismaches between clients and the server. +* The users page no longer shows user mailbox sizes because this was extremely slow for very large mailboxes. v0.29 (October 25, 2018) ------------------------ diff --git a/management/daemon.py b/management/daemon.py index 2e23c8aa..334749e4 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -146,7 +146,7 @@ def me(): @authorized_personnel_only def mail_users(): if request.args.get("format", "") == "json": - return json_response(get_mail_users_ex(env, with_archived=True, with_slow_info=True)) + return json_response(get_mail_users_ex(env, with_archived=True)) else: return "".join(x+"\n" for x in get_mail_users(env)) diff --git a/management/mailconfig.py b/management/mailconfig.py index 82c922e4..28e1c623 100755 --- a/management/mailconfig.py +++ b/management/mailconfig.py @@ -105,7 +105,7 @@ def get_mail_users(env): users = [ row[0] for row in c.fetchall() ] return utils.sort_email_addresses(users, env) -def get_mail_users_ex(env, with_archived=False, with_slow_info=False): +def get_mail_users_ex(env, with_archived=False): # Returns a complex data structure of all user accounts, optionally # including archived (status="inactive") accounts. # @@ -139,9 +139,6 @@ def get_mail_users_ex(env, with_archived=False, with_slow_info=False): } users.append(user) - if with_slow_info: - user["mailbox_size"] = utils.du(os.path.join(env['STORAGE_ROOT'], 'mail/mailboxes', *reversed(email.split("@")))) - # Add in archived accounts. if with_archived: root = os.path.join(env['STORAGE_ROOT'], 'mail/mailboxes') @@ -158,8 +155,6 @@ def get_mail_users_ex(env, with_archived=False, with_slow_info=False): "mailbox": mbox, } users.append(user) - if with_slow_info: - user["mailbox_size"] = utils.du(mbox) # Group by domain. domains = { } diff --git a/management/templates/users.html b/management/templates/users.html index c70ac0da..dee79d42 100644 --- a/management/templates/users.html +++ b/management/templates/users.html @@ -43,7 +43,6 @@ Email Address Actions - Mailbox Size @@ -73,8 +72,6 @@ archive account - - @@ -156,7 +153,6 @@ function show_users() { n.attr('data-email', user.email); n.find('.address').text(user.email) - n.find('.mailboxsize').text(nice_size(user.mailbox_size)) n2.find('.restore_info tt').text(user.mailbox); if (user.status == 'inactive') continue; From ef28a1defd7720a41856d87c7e4f595f7c910732 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 30 Nov 2018 10:26:49 -0500 Subject: [PATCH 10/13] show the Mail-in-a-Box version in the system status checks even when the new-version check is disabled fixes #922 --- CHANGELOG.md | 1 + management/status_checks.py | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ddf299b..5fc22a69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ Control Panel: * The users page now documents that passwords should only have ASCII characters to prevent character encoding mismaches between clients and the server. * The users page no longer shows user mailbox sizes because this was extremely slow for very large mailboxes. +* The Mail-in-a-Box version is now shown in the system status checks even when the new-version check is disabled. v0.29 (October 25, 2018) ------------------------ diff --git a/management/status_checks.py b/management/status_checks.py index 3b0026d9..86cfe33f 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -795,14 +795,14 @@ def get_latest_miab_version(): def check_miab_version(env, output): config = load_settings(env) - if config.get("privacy", True): - output.print_warning("Mail-in-a-Box version check disabled by privacy setting.") - else: - try: - this_ver = what_version_is_this(env) - except: - this_ver = "Unknown" + try: + this_ver = what_version_is_this(env) + except: + this_ver = "Unknown" + if config.get("privacy", True): + output.print_warning("You are running version Mail-in-a-Box %s. Mail-in-a-Box version check disabled by privacy setting." % this_ver) + else: latest_ver = get_latest_miab_version() if this_ver == latest_ver: From a211ad422bf0dc52d0246933a4e22bfeb20e3a26 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 30 Nov 2018 10:36:19 -0500 Subject: [PATCH 11/13] add a note on the aliases page that aliases should not be used to forward to outside domains fixes #1198 --- CHANGELOG.md | 1 + management/templates/aliases.html | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5fc22a69..af3be9f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Control Panel: * The users page now documents that passwords should only have ASCII characters to prevent character encoding mismaches between clients and the server. * The users page no longer shows user mailbox sizes because this was extremely slow for very large mailboxes. * The Mail-in-a-Box version is now shown in the system status checks even when the new-version check is disabled. +* The alises page now warns that alises should not be used to forward mail off of the box. Mail filters within Roundcube are better for that. v0.29 (October 25, 2018) ------------------------ diff --git a/management/templates/aliases.html b/management/templates/aliases.html index 78556df8..89af221f 100644 --- a/management/templates/aliases.html +++ b/management/templates/aliases.html @@ -39,8 +39,9 @@
    -
    - Enter just the part of an email address starting with the @-sign. +
    + Enter just the part of an email address starting with the @-sign. + Only forward mail to addresses handled by this Mail-in-a-Box, since mail forwarded by aliases to other domains may be rejected or filtered by the receiver. To forward mail to other domains, create a mail user and then log into webmail for the user and create a filter rule to forward mail.
    From bd54b4104151ab0698d98a1848531f35dc699258 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sun, 2 Dec 2018 17:38:47 -0500 Subject: [PATCH 12/13] add missing rsyslog to apt install line see #1438 --- CHANGELOG.md | 1 + setup/system.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af3be9f8..688e3b96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ In Development Setup: * Update to Roundcube 1.3.8. +* Add missing rsyslog package to install line since some OS images don't have it installed by default. Control Panel: diff --git a/setup/system.sh b/setup/system.sh index 04728051..d096f7a4 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -126,7 +126,7 @@ echo Installing system packages... apt_install python3 python3-dev python3-pip \ netcat-openbsd wget curl git sudo coreutils bc \ haveged pollinate unzip \ - unattended-upgrades cron ntp fail2ban + unattended-upgrades cron ntp fail2ban rsyslog # ### Add PHP7 PPA From b3b798adf2267d7be3a818309bab65d6b50dcee4 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sun, 2 Dec 2018 18:03:17 -0500 Subject: [PATCH 13/13] changelog entries --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 688e3b96..0bde872b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Setup: * Update to Roundcube 1.3.8. * Add missing rsyslog package to install line since some OS images don't have it installed by default. +* A log file for nsd was added. Control Panel: @@ -15,6 +16,7 @@ Control Panel: * The users page no longer shows user mailbox sizes because this was extremely slow for very large mailboxes. * The Mail-in-a-Box version is now shown in the system status checks even when the new-version check is disabled. * The alises page now warns that alises should not be used to forward mail off of the box. Mail filters within Roundcube are better for that. +* The explanation of greylisting has been improved. v0.29 (October 25, 2018) ------------------------