From b85b86e6de8c6b0d134a24122ae1b1a6f8e1d3a7 Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 16 Nov 2020 12:03:41 +0100 Subject: [PATCH 01/12] Add download zonefile button to external DNS page (#1853) Co-authored-by: Joshua Tauberer --- api/mailinabox.yml | 27 +++++++++++++++++ management/daemon.py | 8 ++++++ management/dns_update.py | 11 +++++++ management/templates/custom-dns.html | 2 +- management/templates/external-dns.html | 40 ++++++++++++++++++++++++++ 5 files changed, 87 insertions(+), 1 deletion(-) diff --git a/api/mailinabox.yml b/api/mailinabox.yml index a9a2c124..6358afb4 100644 --- a/api/mailinabox.yml +++ b/api/mailinabox.yml @@ -743,6 +743,31 @@ paths: text/html: schema: type: string + /dns/zonefile/{zone}: + get: + tags: + - DNS + summary: Get DNS zonefile + description: Returns an array of all managed top-level domains. + operationId: getDnsZonefile + x-codeSamples: + - lang: curl + source: | + curl -X GET "https://{host}/admin/dns/zonefile/" \ + -u ":" + responses: + 200: + description: Successful operation + content: + application/json: + schema: + $ref: '#/components/schemas/DNSZonefileResponse' + 403: + description: Forbidden + content: + text/html: + schema: + type: string /dns/update: post: tags: @@ -2050,6 +2075,8 @@ components: items: $ref: '#/components/schemas/Hostname' description: DNS zones response. + DNSZonefileResponse: + type: string DNSSecondaryNameserverResponse: type: object required: diff --git a/management/daemon.py b/management/daemon.py index ffc6d5d5..3c19367b 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -1,3 +1,5 @@ +#!/usr/local/lib/mailinabox/env/bin/python3 + import os, os.path, re, json, time import multiprocessing.pool, subprocess @@ -338,6 +340,12 @@ def dns_get_dump(): from dns_update import build_recommended_dns return json_response(build_recommended_dns(env)) +@app.route('/dns/zonefile/') +@authorized_personnel_only +def dns_get_zonefile(zone): + from dns_update import get_dns_zonefile + return Response(get_dns_zonefile(zone, env), status=200, mimetype='text/plain') + # SSL @app.route('/ssl/status') diff --git a/management/dns_update.py b/management/dns_update.py index 748f87f1..ccca69cd 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -564,6 +564,17 @@ $TTL 1800 ; default time to live return True # file is updated +def get_dns_zonefile(zone, env): + for domain, fn in get_dns_zones(env): + if zone == domain: + break + else: + raise ValueError("%s is not a domain name that corresponds to a zone." % zone) + + nsd_zonefile = "/etc/nsd/zones/" + fn + with open(nsd_zonefile, "r") as f: + return f.read() + ######################################################################## def write_nsd_conf(zonefiles, additional_records, env): diff --git a/management/templates/custom-dns.html b/management/templates/custom-dns.html index 6984b081..b1b98b9b 100644 --- a/management/templates/custom-dns.html +++ b/management/templates/custom-dns.html @@ -89,7 +89,7 @@

- Multiple secondary servers can be separated with commas or spaces (i.e., ns2.hostingcompany.com ns3.hostingcompany.com). + Multiple secondary servers can be separated with commas or spaces (i.e., ns2.hostingcompany.com ns3.hostingcompany.com). To enable zone transfers to additional servers without listing them as secondary nameservers, add an IP address or subnet using xfr:10.20.30.40 or xfr:10.0.0.0/8.

+

Download zonefile

+

You can download your zonefiles here or use the table of records below.

+
+
+
+ + +
+ +
+
+ +

Records

@@ -57,6 +70,18 @@ From f66e609d3fb00f2e3c0ef8185f16975dd181b665 Mon Sep 17 00:00:00 2001 From: Richard Willis Date: Thu, 26 Nov 2020 11:56:04 +0000 Subject: [PATCH 02/12] Api spec cleanup (#1869) * Fix indentation * Add parameter definition and remove unused model * Update version * Quote example string --- api/mailinabox.yml | 66 +++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/api/mailinabox.yml b/api/mailinabox.yml index 6358afb4..14cf54de 100644 --- a/api/mailinabox.yml +++ b/api/mailinabox.yml @@ -15,7 +15,7 @@ info: license: name: CC0 1.0 Universal url: https://creativecommons.org/publicdomain/zero/1.0/legalcode - version: 0.47.0 + version: 0.51.0 x-logo: url: https://mailinabox.email/static/logo.png altText: Mail-in-a-Box logo @@ -744,30 +744,37 @@ paths: schema: type: string /dns/zonefile/{zone}: - get: - tags: - - DNS - summary: Get DNS zonefile - description: Returns an array of all managed top-level domains. - operationId: getDnsZonefile - x-codeSamples: - - lang: curl - source: | - curl -X GET "https://{host}/admin/dns/zonefile/" \ - -u ":" - responses: - 200: - description: Successful operation - content: - application/json: - schema: - $ref: '#/components/schemas/DNSZonefileResponse' - 403: - description: Forbidden - content: - text/html: - schema: - type: string + parameters: + - in: path + name: zone + schema: + $ref: '#/components/schemas/Hostname' + required: true + description: Hostname + get: + tags: + - DNS + summary: Get DNS zonefile + description: Returns a DNS zone file for a hostname. + operationId: getDnsZonefile + x-codeSamples: + - lang: curl + source: | + curl -X GET "https://{host}/admin/dns/zonefile/" \ + -u ":" + responses: + 200: + description: Successful operation + content: + application/json: + schema: + $ref: '#/components/schemas/DNSZonefileResponse' + 403: + description: Forbidden + content: + text/html: + schema: + type: string /dns/update: post: tags: @@ -1806,7 +1813,7 @@ components: text/plain: schema: type: string - example: 1.2.3.4 + example: '1.2.3.4' description: The value of the DNS record. example: '1.2.3.4' schemas: @@ -2690,13 +2697,6 @@ components: type: string MfaEnableSuccessResponse: type: string - MfaEnableBadRequestResponse: - type: object - required: - - error - properties: - error: - type: string MfaDisableRequest: type: object properties: From 82229ce04baef6aeabd74a2c88e414b51236884d Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 21 Nov 2020 08:09:37 -0500 Subject: [PATCH 03/12] Document how to start the control panel from the command line and in debugging use a stable API key --- management/daemon.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/management/daemon.py b/management/daemon.py index 3c19367b..a0cfefa6 100755 --- a/management/daemon.py +++ b/management/daemon.py @@ -1,4 +1,11 @@ #!/usr/local/lib/mailinabox/env/bin/python3 +# +# During development, you can start the Mail-in-a-Box control panel +# by running this script, e.g.: +# +# service mailinabox stop # stop the system process +# DEBUG=1 management/daemon.py +# service mailinabox start # when done debugging, start it up again import os, os.path, re, json, time import multiprocessing.pool, subprocess @@ -680,7 +687,22 @@ def log_failed_login(request): # APP if __name__ == '__main__': - if "DEBUG" in os.environ: app.debug = True + if "DEBUG" in os.environ: + # Turn on Flask debugging. + app.debug = True + + # Use a stable-ish master API key so that login sessions don't restart on each run. + # Use /etc/machine-id to seed the key with a stable secret, but add something + # and hash it to prevent possibly exposing the machine id, using the time so that + # the key is not valid indefinitely. + import hashlib + with open("/etc/machine-id") as f: + api_key = f.read() + api_key += "|" + str(int(time.time() / (60*60*2))) + hasher = hashlib.sha1() + hasher.update(api_key.encode("ascii")) + auth_service.key = hasher.hexdigest() + if "APIKEY" in os.environ: auth_service.key = os.environ["APIKEY"] if not app.debug: From 8664afa99798c9dbd7b52cf67da7e90b3280bbf0 Mon Sep 17 00:00:00 2001 From: Hilko Date: Thu, 26 Nov 2020 13:13:31 +0100 Subject: [PATCH 04/12] Implement Backblaze for Backup (#1812) * Installing b2sdk for b2 support * Added Duplicity PPA so the most recent version is used * Implemented list_target_files for b2 * Implemented b2 in frontend * removed python2 boto package --- management/backup.py | 17 +++++++++ management/templates/system-backup.html | 46 +++++++++++++++++++++++-- setup/management.sh | 16 ++++----- setup/system.sh | 3 ++ 4 files changed, 71 insertions(+), 11 deletions(-) diff --git a/management/backup.py b/management/backup.py index e1651552..0a8a021e 100755 --- a/management/backup.py +++ b/management/backup.py @@ -456,6 +456,23 @@ def list_target_files(config): raise ValueError(e.reason) return [(key.name[len(path):], key.size) for key in bucket.list(prefix=path)] + elif target.scheme == 'b2': + from b2sdk.v1 import InMemoryAccountInfo, B2Api + from b2sdk.v1.exception import NonExistentBucket + info = InMemoryAccountInfo() + b2_api = B2Api(info) + + # Extract information from target + b2_application_keyid = target.netloc[:target.netloc.index(':')] + b2_application_key = target.netloc[target.netloc.index(':')+1:target.netloc.index('@')] + b2_bucket = target.netloc[target.netloc.index('@')+1:] + + try: + b2_api.authorize_account("production", b2_application_keyid, b2_application_key) + bucket = b2_api.get_bucket_by_name(b2_bucket) + except NonExistentBucket as e: + raise ValueError("B2 Bucket does not exist. Please double check your information!") + return [(key.file_name, key.size) for key, _ in bucket.ls()] else: raise ValueError(config["target"]) diff --git a/management/templates/system-backup.html b/management/templates/system-backup.html index 6afe62c8..7cdc3803 100644 --- a/management/templates/system-backup.html +++ b/management/templates/system-backup.html @@ -18,6 +18,7 @@ + @@ -111,6 +112,31 @@ + +
+
+

Backups are stored in a Backblaze B2 bucket. You must have a Backblaze account already.

+

You MUST manually copy the encryption password from to a safe and secure location. You will need this file to decrypt backup files. It is NOT stored in your Backblaze B2 bucket.

+
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
@@ -144,7 +170,7 @@ function toggle_form() { var target_type = $("#backup-target-type").val(); - $(".backup-target-local, .backup-target-rsync, .backup-target-s3").hide(); + $(".backup-target-local, .backup-target-rsync, .backup-target-s3, .backup-target-b2").hide(); $(".backup-target-" + target_type).show(); init_inputs(target_type); @@ -215,7 +241,7 @@ function show_system_backup() { } function show_custom_backup() { - $(".backup-target-local, .backup-target-rsync, .backup-target-s3").hide(); + $(".backup-target-local, .backup-target-rsync, .backup-target-s3, .backup-target-b2").hide(); api( "/system/backup/config", "GET", @@ -245,6 +271,15 @@ function show_custom_backup() { var host = hostpath.shift(); $("#backup-target-s3-host").val(host); $("#backup-target-s3-path").val(hostpath.join('/')); + } else if (r.target.substring(0, 5) == "b2://") { + $("#backup-target-type").val("b2"); + var targetPath = r.target.substring(5); + var b2_application_keyid = targetPath.split(':')[0]; + var b2_applicationkey = targetPath.split(':')[1].split('@')[0]; + var b2_bucket = targetPath.split('@')[1]; + $("#backup-target-b2-user").val(b2_application_keyid); + $("#backup-target-b2-pass").val(b2_applicationkey); + $("#backup-target-b2-bucket").val(b2_bucket); } toggle_form() }) @@ -264,6 +299,11 @@ function set_custom_backup() { target = "rsync://" + $("#backup-target-rsync-user").val() + "@" + $("#backup-target-rsync-host").val() + "/" + $("#backup-target-rsync-path").val(); target_user = ''; + } else if (target_type == "b2") { + target = 'b2://' + $('#backup-target-b2-user').val() + ':' + $('#backup-target-b2-pass').val() + + '@' + $('#backup-target-b2-bucket').val() + target_user = ''; + target_pass = ''; } @@ -303,4 +343,4 @@ function init_inputs(target_type) { set_host($('#backup-target-s3-host-select').val()); } } - + \ No newline at end of file diff --git a/setup/management.sh b/setup/management.sh index ae942985..f5685d4f 100755 --- a/setup/management.sh +++ b/setup/management.sh @@ -18,11 +18,7 @@ while [ -d /usr/local/lib/python3.4/dist-packages/acme ]; do pip3 uninstall -y acme; done -# duplicity is used to make backups of user data. It uses boto -# (via Python 2) to do backups to AWS S3. boto from the Ubuntu -# package manager is too out-of-date -- it doesn't support the newer -# S3 api used in some regions, which breaks backups to those regions. -# See #627, #653. +# duplicity is used to make backups of user data. # # virtualenv is used to isolate the Python 3 packages we # install via pip from the system-installed packages. @@ -30,7 +26,11 @@ done # certbot installs EFF's certbot which we use to # provision free TLS certificates. apt_install duplicity python-pip virtualenv certbot -hide_output pip2 install --upgrade boto + +# b2sdk is used for backblaze backups. +# boto is used for amazon aws backups. +# Both are installed outside the pipenv, so they can be used by duplicity +hide_output pip3 install --upgrade b2sdk boto # Create a virtualenv for the installation of Python 3 packages # used by the management daemon. @@ -50,8 +50,8 @@ hide_output $venv/bin/pip install --upgrade pip hide_output $venv/bin/pip install --upgrade \ rtyaml "email_validator>=1.0.0" "exclusiveprocess" \ flask dnspython python-dateutil \ - qrcode[pil] pyotp \ - "idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver + qrcode[pil] pyotp \ + "idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver b2sdk # CONFIGURATION diff --git a/setup/system.sh b/setup/system.sh index 4d33deb6..07f4aa1b 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -93,6 +93,9 @@ hide_output add-apt-repository -y universe # Install the certbot PPA. hide_output add-apt-repository -y ppa:certbot/certbot +# Install the duplicity PPA. +hide_output add-apt-repository -y ppa:duplicity-team/duplicity-release-git + # ### Update Packages # Update system packages to make sure we have the latest upstream versions From 3422cc61cede26d819d774a0a7cdabb0a85e3586 Mon Sep 17 00:00:00 2001 From: Hilko Date: Sun, 20 Dec 2020 01:11:58 +0100 Subject: [PATCH 05/12] Include en_US.UTF-8 locale in daemon startup (#1883) Fixes #1881. --- setup/management.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/setup/management.sh b/setup/management.sh index f5685d4f..dcef0891 100755 --- a/setup/management.sh +++ b/setup/management.sh @@ -90,6 +90,12 @@ rm -f /tmp/bootstrap.zip # running after a reboot. cat > $inst_dir/start < Date: Fri, 25 Dec 2020 23:19:16 +0100 Subject: [PATCH 06/12] Adjust max-recursion-queries to fix alternating rdns status (#1876) --- setup/system.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/setup/system.sh b/setup/system.sh index 07f4aa1b..208a35df 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -320,6 +320,9 @@ fi #NODOC # name server, on IPV6. # * The listen-on directive in named.conf.options restricts `bind9` to # binding to the loopback interface instead of all interfaces. +# * The max-recursion-queries directive increases the maximum number of iterative queries. +# If more queries than specified are sent, bind9 returns SERVFAIL. After flushing the cache during system checks, +# we ran into the limit thus we are increasing it from 75 (default value) to 100. apt_install bind9 tools/editconf.py /etc/default/bind9 \ "OPTIONS=\"-u bind -4\"" @@ -327,6 +330,10 @@ if ! grep -q "listen-on " /etc/bind/named.conf.options; then # Add a listen-on directive if it doesn't exist inside the options block. sed -i "s/^}/\n\tlisten-on { 127.0.0.1; };\n}/" /etc/bind/named.conf.options fi +if ! grep -q "max-recursion-queries " /etc/bind/named.conf.options; then + # Add a max-recursion-queries directive if it doesn't exist inside the options block. + sed -i "s/^}/\n\tmax-recursion-queries 100;\n}/" /etc/bind/named.conf.options +fi # First we'll disable systemd-resolved's management of resolv.conf and its stub server. # Breaking the symlink to /run/systemd/resolve/stub-resolv.conf means From c7280055a83085b3d3efd5a9296a1bea4923315c Mon Sep 17 00:00:00 2001 From: jvolkenant Date: Fri, 25 Dec 2020 14:22:24 -0800 Subject: [PATCH 07/12] Implement SPF/DMARC checks, add spam weight to those mails (#1836) --- setup/dkim.sh | 26 ++++++++++++++++++++++ setup/spamassassin.sh | 50 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/setup/dkim.sh b/setup/dkim.sh index 5bd32370..05221b27 100755 --- a/setup/dkim.sh +++ b/setup/dkim.sh @@ -64,6 +64,32 @@ tools/editconf.py /etc/opendmarc.conf -s \ "Syslog=true" \ "Socket=inet:8893@[127.0.0.1]" +# SPFIgnoreResults causes the filter to ignore any SPF results in the header +# of the message. This is useful if you want the filter to perfrom SPF checks +# itself, or because you don't trust the arriving header. This added header is +# used by spamassassin to evaluate the mail for spamminess. + +tools/editconf.py /etc/opendmarc.conf -s \ + "SPFIgnoreResults=true" + +# SPFSelfValidate causes the filter to perform a fallback SPF check itself +# when it can find no SPF results in the message header. If SPFIgnoreResults +# is also set, it never looks for SPF results in headers and always performs +# the SPF check itself when this is set. This added header is used by +# spamassassin to evaluate the mail for spamminess. + +tools/editconf.py /etc/opendmarc.conf -s \ + "SPFSelfValidate=true" + +# AlwaysAddARHeader Adds an "Authentication-Results:" header field even to +# unsigned messages from domains with no "signs all" policy. The reported DKIM +# result will be "none" in such cases. Normally unsigned mail from non-strict +# domains does not cause the results header field to be added. This added header +# is used by spamassassin to evaluate the mail for spamminess. + +tools/editconf.py /etc/opendkim.conf -s \ + "AlwaysAddARHeader=true" + # Add OpenDKIM and OpenDMARC as milters to postfix, which is how OpenDKIM # intercepts outgoing mail to perform the signing (by adding a mail header) # and how they both intercept incoming mail to add Authentication-Results diff --git a/setup/spamassassin.sh b/setup/spamassassin.sh index d6c8b83b..989bbff4 100755 --- a/setup/spamassassin.sh +++ b/setup/spamassassin.sh @@ -67,6 +67,56 @@ tools/editconf.py /etc/spamassassin/local.cf -s \ "add_header all Report"=_REPORT_ \ "add_header all Score"=_SCORE_ + +# Authentication-Results SPF/Dmarc checks +# --------------------------------------- +# OpenDKIM and OpenDMARC are configured to validate and add "Authentication-Results: ..." +# headers by checking the sender's SPF & DMARC policies. Instead of blocking mail that fails +# these checks, we can use these headers to evaluate the mail as spam. +# +# Our custom rules are added to their own file so that an update to the deb package config +# does not remove our changes. +# +# We need to escape period's in $PRIMARY_HOSTNAME since spamassassin config uses regex. + +escapedprimaryhostname="${PRIMARY_HOSTNAME//./\\.}" + +cat > /etc/spamassassin/miab_spf_dmarc.cf << EOF +# Evaluate DMARC Authentication-Results +header DMARC_PASS Authentication-Results =~ /$escapedprimaryhostname; dmarc=pass/ +describe DMARC_PASS DMARC check passed +score DMARC_PASS -0.1 + +header DMARC_NONE Authentication-Results =~ /$escapedprimaryhostname; dmarc=none/ +describe DMARC_NONE DMARC record not found +score DMARC_NONE 0.1 + +header DMARC_FAIL_NONE Authentication-Results =~ /$escapedprimaryhostname; dmarc=fail \(p=none/ +describe DMARC_FAIL_NONE DMARC check failed (p=none) +score DMARC_FAIL_NONE 2.0 + +header DMARC_FAIL_QUARANTINE Authentication-Results =~ /$escapedprimaryhostname; dmarc=fail \(p=quarantine/ +describe DMARC_FAIL_QUARANTINE DMARC check failed (p=quarantine) +score DMARC_FAIL_QUARANTINE 5.0 + +header DMARC_FAIL_REJECT Authentication-Results =~ /$escapedprimaryhostname; dmarc=fail \(p=reject/ +describe DMARC_FAIL_REJECT DMARC check failed (p=reject) +score DMARC_FAIL_REJECT 10.0 + +# Evaluate SPF Authentication-Results +header SPF_PASS Authentication-Results =~ /$escapedprimaryhostname; spf=pass/ +describe SPF_PASS SPF check passed +score SPF_PASS -0.1 + +header SPF_NONE Authentication-Results =~ /$escapedprimaryhostname; spf=none/ +describe SPF_NONE SPF record not found +score SPF_NONE 2.0 + +header SPF_FAIL Authentication-Results =~ /$escapedprimaryhostname; spf=fail/ +describe SPF_FAIL SPF check failed +score SPF_FAIL 5.0 +EOF + # Bayesean learning # ----------------- # From e26cf4512c3e2c82a46824ce17bfe99da292d58a Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 25 Dec 2020 17:28:34 -0500 Subject: [PATCH 08/12] Update CHANGELOG --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd1745a8..fb146e80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,17 @@ CHANGELOG ========= +In Development +-------------- + +* Incoming emails with SPF/DKIM/DMARC failures now have a higher spam score, and these messages are more likely to appear in the junk folder, since they are often spam/phishing. +* A new Download button in the control panel's External DNS page can be used to download the required DNS records in zonefile format. +* Blackblaze is now a supported backup protocol. +* Fixed the problem when the control panel would report DNS entries as Not Set by increasing a bind query limit. +* Fixed a control panel startup bug on some systems. +* Fixed the MTA-STS policy file's line endings. +* Nextcloud's photos, dashboard, and activity apps are disabled since we only support contacts and calendar. + v0.51 (November 14, 2020) ------------------------- From e2f9cd845a362cff0c4e0dfc8b387978f5b17dd3 Mon Sep 17 00:00:00 2001 From: jcm-shove-it Date: Mon, 28 Dec 2020 14:11:33 +0100 Subject: [PATCH 09/12] Update roundcube to 1.4.10 (#1891) --- setup/webmail.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/webmail.sh b/setup/webmail.sh index 3e725027..de4ca528 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -28,8 +28,8 @@ apt_install \ # Install Roundcube from source if it is not already present or if it is out of date. # Combine the Roundcube version number with the commit hash of plugins to track # whether we have the latest version of everything. -VERSION=1.4.9 -HASH=df650f4d3eae9eaae2d5a5f06d68665691daf57d +VERSION=1.4.10 +HASH=36b2351030e1ebddb8e39190d7b0ba82b1bbec1b PERSISTENT_LOGIN_VERSION=6b3fc450cae23ccb2f393d0ef67aa319e877e435 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 CARDDAV_VERSION=3.0.3 From 7a5d729a537221e043d5d24779ccb2a5f1b8cd05 Mon Sep 17 00:00:00 2001 From: Josh Brown Date: Sun, 3 Jan 2021 16:54:31 -0600 Subject: [PATCH 10/12] Fix misspelling (#1893) Change Blackblaze to Backblaze. Include B2 as the integration name. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb146e80..579ab9f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ In Development * Incoming emails with SPF/DKIM/DMARC failures now have a higher spam score, and these messages are more likely to appear in the junk folder, since they are often spam/phishing. * A new Download button in the control panel's External DNS page can be used to download the required DNS records in zonefile format. -* Blackblaze is now a supported backup protocol. +* Backblaze B2 is now a supported backup protocol. * Fixed the problem when the control panel would report DNS entries as Not Set by increasing a bind query limit. * Fixed a control panel startup bug on some systems. * Fixed the MTA-STS policy file's line endings. From 8025c41ee40707b2ce954a762b9d076bf48cc012 Mon Sep 17 00:00:00 2001 From: Nicolas North Date: Sun, 3 Jan 2021 23:57:54 +0100 Subject: [PATCH 11/12] Bump TTL for NS records to 1800 (30 min) to 86400 (1 day) as some registries require this (#1892) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Nicolas North [norðurljósahviða] --- management/dns_update.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/management/dns_update.py b/management/dns_update.py index ccca69cd..781fb1dc 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -470,14 +470,14 @@ def write_nsd_zone(domain, zonefile, records, env, force): zone = """ $ORIGIN {domain}. -$TTL 1800 ; default time to live +$TTL 86400 ; default time to live @ IN SOA ns1.{primary_domain}. hostmaster.{primary_domain}. ( __SERIAL__ ; serial number 7200 ; Refresh (secondary nameserver update interval) - 1800 ; Retry (when refresh fails, how often to try again) + 86400 ; Retry (when refresh fails, how often to try again) 1209600 ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway) - 1800 ; Negative TTL (how long negative responses are cached) + 86400 ; Negative TTL (how long negative responses are cached) ) """ From 879467d358d375c83225e57056569f305a1d969d Mon Sep 17 00:00:00 2001 From: Josh Brown Date: Tue, 5 Jan 2021 20:12:01 -0600 Subject: [PATCH 12/12] Fix typo in users.html (#1895) lettters -> letters fixes #1888 --- management/templates/users.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/templates/users.html b/management/templates/users.html index 78fef61a..4b349875 100644 --- a/management/templates/users.html +++ b/management/templates/users.html @@ -31,7 +31,7 @@
    -
  • Passwords must be at least eight characters consisting of English lettters and numbers only. For best results, generate a random password.
    • +
  • Passwords must be at least eight characters consisting of English letters and numbers only. For best results, generate a random password.
  • Use aliases to create email addresses that forward to existing accounts.
  • Administrators get access to this control panel.
  • User accounts cannot contain any international (non-ASCII) characters, but aliases can.