merge master branch

This commit is contained in:
Joshua Tauberer 2018-12-02 18:19:15 -05:00
commit 0d4565e71d
9 changed files with 42 additions and 13 deletions

View File

@ -6,11 +6,28 @@ This branch supports Ubuntu 18.04 **only**. When upgrading, **always** upgrade y
In Development In Development
-------------- --------------
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup. Setup:
* Update to Nextcloud 13.0.5. * Update to Roundcube 1.3.8.
* Add missing rsyslog package to install line since some OS images don't have it installed by default.
* A log file for nsd was added.
Control Panel:
* The users page now documents that passwords should only have ASCII characters to prevent character encoding mismaches between clients and the server.
* The users page no longer shows user mailbox sizes because this was extremely slow for very large mailboxes.
* The Mail-in-a-Box version is now shown in the system status checks even when the new-version check is disabled.
* The alises page now warns that alises should not be used to forward mail off of the box. Mail filters within Roundcube are better for that.
* The explanation of greylisting has been improved.
v0.29 (October 25, 2018)
------------------------
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
* Update to Nextcloud 13.0.6.
* Update to Roundcube 1.3.7. * Update to Roundcube 1.3.7.
* Update to Z-Push 2.4.4. * Update to Z-Push 2.4.4.
* Backup dates listed in the control panel now use an internationalized format.
v0.28 (July 30, 2018) v0.28 (July 30, 2018)
--------------------- ---------------------
@ -37,7 +54,6 @@ Mail:
Control Panel: Control Panel:
* We now use EFF's `certbot` tool to provision HTTPS certificates instead of our home-grown free_tls_certificates package.
* The undocumented feature for proxying web requests to another server now sets X-Forwarded-For. * The undocumented feature for proxying web requests to another server now sets X-Forwarded-For.
v0.26c (February 13, 2018) v0.26c (February 13, 2018)

View File

@ -58,7 +58,7 @@ by me:
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import $ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
$ git verify-tag v0.28 $ git verify-tag v0.29
gpg: Signature made ..... using RSA key ID C10BDD81 gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>" gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
@ -71,7 +71,7 @@ and on my [personal homepage](https://razor.occams.info/). (Of course, if this r
Checkout the tag corresponding to the most recent release: Checkout the tag corresponding to the most recent release:
$ git checkout v0.28 $ git checkout v0.29
Begin the installation. Begin the installation.

View File

@ -257,7 +257,7 @@ def scan_mail_log(env):
print(textwrap.fill( print(textwrap.fill(
"The following mail was greylisted, meaning the emails were temporarily rejected. " "The following mail was greylisted, meaning the emails were temporarily rejected. "
"Legitimate senders will try again within ten minutes.", "Legitimate senders must try again after three minutes.",
width=80, initial_indent=" ", subsequent_indent=" " width=80, initial_indent=" ", subsequent_indent=" "
), end='\n\n') ), end='\n\n')

View File

@ -59,7 +59,7 @@
</div> </div>
<div class="panel-body"> <div class="panel-body">
<h4>Greylisting</h4> <h4>Greylisting</h4>
<p>Your box using a technique called greylisting to cut down on spam. Greylisting works by delaying mail from people you haven&rsquo;t received mail from before for up to about 10 minutes. The vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please give it up to 10-15 minutes to arrive.</p> <p>Your box uses a technique called greylisting to cut down on spam. Greylisting works by initially rejecting mail from people you haven&rsquo;t received mail from before. Legitimate mail servers will attempt redelivery shortly afterwards, but the vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please be aware there will be a minimum of 3 minutes delay, depending how soon the remote server attempts redelivery.</p>
<h4>+tag addresses</h4> <h4>+tag addresses</h4>
<p>Every incoming email address also receives mail for <code>+tag</code> addresses. If your email address is <code>you@yourdomain.com</code>, you&rsquo;ll also automatically get mail sent to <code>you+anythinghere@yourdomain.com</code>. Use this as a fast way to segment incoming mail for your own filtering rules without having to create aliases in this control panel.</p> <p>Every incoming email address also receives mail for <code>+tag</code> addresses. If your email address is <code>you@yourdomain.com</code>, you&rsquo;ll also automatically get mail sent to <code>you+anythinghere@yourdomain.com</code>. Use this as a fast way to segment incoming mail for your own filtering rules without having to create aliases in this control panel.</p>

View File

@ -7,7 +7,7 @@
######################################################### #########################################################
if [ -z "$TAG" ]; then if [ -z "$TAG" ]; then
TAG=v0.28 TAG=v0.29
fi fi
# Are we running as root? # Are we running as root?

View File

@ -26,6 +26,7 @@ cat > /etc/nsd/nsd.conf << EOF;
# Do not edit. Overwritten by Mail-in-a-Box setup. # Do not edit. Overwritten by Mail-in-a-Box setup.
server: server:
hide-version: yes hide-version: yes
logfile: "/var/log/nsd.log"
# identify the server (CH TXT ID.SERVER entry). # identify the server (CH TXT ID.SERVER entry).
identity: "" identity: ""
@ -41,6 +42,18 @@ server:
EOF EOF
# Add log rotation
cat > /etc/logrotate.d/nsd <<EOF;
/var/log/nsd.log {
weekly
missingok
rotate 12
compress
delaycompress
notifempty
}
EOF
# Since we have bind9 listening on localhost for locally-generated # Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, and the system # DNS queries that require a recursive nameserver, and the system
# might have other network interfaces for e.g. tunnelling, we have # might have other network interfaces for e.g. tunnelling, we have

View File

@ -75,8 +75,8 @@ InstallNextcloud() {
fi fi
} }
nextcloud_ver=13.0.5 nextcloud_ver=13.0.6
nextcloud_hash=e2b4a4bebd4fac14feae1e6e8997682f73fa8b50 nextcloud_hash=33e41f476f0e2be5dc7cdb9d496673d9647aa3d6
# Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade) # Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
if [ ! -d /usr/local/lib/owncloud/ ] \ if [ ! -d /usr/local/lib/owncloud/ ] \

View File

@ -126,7 +126,7 @@ echo Installing system packages...
apt_install python3 python3-dev python3-pip \ apt_install python3 python3-dev python3-pip \
netcat-openbsd wget curl git sudo coreutils bc \ netcat-openbsd wget curl git sudo coreutils bc \
haveged pollinate unzip \ haveged pollinate unzip \
unattended-upgrades cron ntp fail2ban unattended-upgrades cron ntp fail2ban rsyslog
# ### Suppress Upgrade Prompts # ### Suppress Upgrade Prompts
# When Ubuntu 20 comes out, we don't want users to be prompted to upgrade, # When Ubuntu 20 comes out, we don't want users to be prompted to upgrade,

View File

@ -28,8 +28,8 @@ apt_install \
# Install Roundcube from source if it is not already present or if it is out of date. # Install Roundcube from source if it is not already present or if it is out of date.
# Combine the Roundcube version number with the commit hash of plugins to track # Combine the Roundcube version number with the commit hash of plugins to track
# whether we have the latest version of everything. # whether we have the latest version of everything.
VERSION=1.3.7 VERSION=1.3.8
HASH=df0e29d09aae0b7a7ae98023dcd1ae3c6be77cd0 HASH=90c7900ccf7b2f46fe49c650d5adb9b85ee9cc22
PERSISTENT_LOGIN_VERSION=dc5ca3d3f4415cc41edb2fde533c8a8628a94c76 PERSISTENT_LOGIN_VERSION=dc5ca3d3f4415cc41edb2fde533c8a8628a94c76
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
CARDDAV_VERSION=2.0.4 CARDDAV_VERSION=2.0.4