From 50d50ba6538f03bcb35e6e2b580b413ae1275b45 Mon Sep 17 00:00:00 2001
From: jvolkenant <jeff@volkenant.net>
Date: Thu, 28 Jan 2021 15:20:19 -0800
Subject: [PATCH 1/5] Update zpush to 2.6.1 (#1908)

---
 setup/zpush.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/zpush.sh b/setup/zpush.sh
index 0cedf967..b7e0aa43 100755
--- a/setup/zpush.sh
+++ b/setup/zpush.sh
@@ -22,8 +22,8 @@ apt_install \
 phpenmod -v php imap
 
 # Copy Z-Push into place.
-VERSION=2.5.2
-TARGETHASH=2dc3dbd791b96b0ba2638df0d3d1e03c7e1cbab2
+VERSION=2.6.1
+TARGETHASH=a4415f0dc0ed884acc8ad5c506944fc7e6d68eeb
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC

From e3d98b781ea44218a9b063c01d3f9b603ac26427 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Sp=C3=B6ttel?=
 <1682504+fspoettel@users.noreply.github.com>
Date: Thu, 28 Jan 2021 23:22:43 +0000
Subject: [PATCH 2/5] Warn when connection to Spamhaus times out (#1817)

---
 management/status_checks.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/management/status_checks.py b/management/status_checks.py
index 36da034a..631a82a2 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -293,6 +293,8 @@ def run_network_checks(env, output):
 	zen = query_dns(rev_ip4+'.zen.spamhaus.org', 'A', nxdomain=None)
 	if zen is None:
 		output.print_ok("IP address is not blacklisted by zen.spamhaus.org.")
+	elif zen == "[timeout]":
+		output.print_warning("Connection to zen.spamhaus.org timed out. We could not determine whether your server's IP address is blacklisted. Please try again later.")
 	else:
 		output.print_error("""The IP address of this machine %s is listed in the Spamhaus Block List (code %s),
 			which may prevent recipients from receiving your email. See http://www.spamhaus.org/query/ip/%s."""
@@ -678,6 +680,8 @@ def check_mail_domain(domain, env, output):
 	dbl = query_dns(domain+'.dbl.spamhaus.org', "A", nxdomain=None)
 	if dbl is None:
 		output.print_ok("Domain is not blacklisted by dbl.spamhaus.org.")
+	elif dbl == "[timeout]":
+		output.print_warning("Connection to dbl.spamhaus.org timed out. We could not determine whether the domain {} is blacklisted. Please try again later.".format(domain))
 	else:
 		output.print_error("""This domain is listed in the Spamhaus Domain Block List (code %s),
 			which may prevent recipients from receiving your mail.

From b1d703a5e717c086aea0e37e9b14f78150181880 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 31 Jan 2021 08:33:20 -0500
Subject: [PATCH 3/5] Disable Backblaze B2 backups until #1899 is resolved

---
 CHANGELOG.md                            | 1 -
 management/templates/system-backup.html | 3 +--
 setup/management.sh                     | 5 ++---
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 579ab9f0..ff8db287 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,6 @@ In Development
 
 * Incoming emails with SPF/DKIM/DMARC failures now have a higher spam score, and these messages are more likely to appear in the junk folder, since they are often spam/phishing.
 * A new Download button in the control panel's External DNS page can be used to download the required DNS records in zonefile format.
-* Backblaze B2 is now a supported backup protocol.
 * Fixed the problem when the control panel would report DNS entries as Not Set by increasing a bind query limit.
 * Fixed a control panel startup bug on some systems.
 * Fixed the MTA-STS policy file's line endings.
diff --git a/management/templates/system-backup.html b/management/templates/system-backup.html
index 7cdc3803..7c4fef13 100644
--- a/management/templates/system-backup.html
+++ b/management/templates/system-backup.html
@@ -18,7 +18,6 @@
         <option value="local">{{hostname}}</option>
         <option value="rsync">rsync</option>
         <option value="s3">Amazon S3</option>
-        <option value="b2">Backblaze B2</option>
       </select>
     </div>
   </div>
@@ -343,4 +342,4 @@ function init_inputs(target_type) {
     set_host($('#backup-target-s3-host-select').val());
   }
 }
-</script>
\ No newline at end of file
+</script>
diff --git a/setup/management.sh b/setup/management.sh
index dcef0891..1a5ab53e 100755
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -27,10 +27,9 @@ done
 # provision free TLS certificates.
 apt_install duplicity python-pip virtualenv certbot
 
-# b2sdk is used for backblaze backups.
 # boto is used for amazon aws backups.
 # Both are installed outside the pipenv, so they can be used by duplicity
-hide_output pip3 install --upgrade b2sdk boto
+hide_output pip3 install --upgrade boto
 
 # Create a virtualenv for the installation of Python 3 packages
 # used by the management daemon.
@@ -51,7 +50,7 @@ hide_output $venv/bin/pip install --upgrade \
 	rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
 	flask dnspython python-dateutil \
   qrcode[pil] pyotp \
-	"idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver b2sdk
+	"idna>=2.0.0" "cryptography==2.2.2" boto psutil postfix-mta-sts-resolver
 
 # CONFIGURATION
 

From e81963e585f51b520461c951fd61f510d1b1679d Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 31 Jan 2021 08:47:33 -0500
Subject: [PATCH 4/5] Remove the instructions for checking that release tags
 are signed by me since I am not going to do that anymore

---
 README.md | 27 +++++----------------------
 1 file changed, 5 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index fcda83f9..02445a20 100644
--- a/README.md
+++ b/README.md
@@ -54,36 +54,18 @@ See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-fr
 
 For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
 
-Clone this repository:
+Clone this repository and checkout the tag corresponding to the most recent release:
 
 	$ git clone https://github.com/mail-in-a-box/mailinabox
 	$ cd mailinabox
-
-_Optional:_ Download Josh's PGP key and then verify that the sources were signed
-by him:
-
-	$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
-	gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
-
-	$ git verify-tag v0.51
-	gpg: Signature made ..... using RSA key ID C10BDD81
-	gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
-	gpg: WARNING: This key is not certified with a trusted signature!
-	gpg:          There is no indication that the signature belongs to the owner.
-	Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81
-
-You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the
-fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
-and on his [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions.)
-
-Checkout the tag corresponding to the most recent release:
-
-	$ git checkout v0.51
+	$ git checkout v0.52
 
 Begin the installation.
 
 	$ sudo setup/start.sh
 
+The installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.
+
 For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
 
 Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
@@ -91,6 +73,7 @@ Post your question on the [discussion forum](https://discourse.mailinabox.email/
 Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.
 This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
 
+
 Contributing and Development
 ----------------------------
 

From 90d63fd208ebeca9378a31d97f844363296d6f51 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 31 Jan 2021 08:39:46 -0500
Subject: [PATCH 5/5] v0.52

---
 CHANGELOG.md       | 31 +++++++++++++++++++++++++------
 setup/bootstrap.sh |  2 +-
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ff8db287..a7d548ff 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,14 +1,33 @@
 CHANGELOG
 =========
 
-In Development
---------------
+v0.52 (January 31, 2021)
+------------------------
+
+Software updates:
+
+* Upgraded Roundcube to version 1.4.10.
+* Upgraded zpush to 2.6.1.
+
+Mail:
+
+* Incoming emails with SPF/DKIM/DMARC failures now get a higher spam score, and these messages are more likely to appear in the junk folder, since they are often spam/phishing.
+* Fixed the MTA-STS policy file's line endings.
+
+Control panel:
 
-* Incoming emails with SPF/DKIM/DMARC failures now have a higher spam score, and these messages are more likely to appear in the junk folder, since they are often spam/phishing.
 * A new Download button in the control panel's External DNS page can be used to download the required DNS records in zonefile format.
 * Fixed the problem when the control panel would report DNS entries as Not Set by increasing a bind query limit.
 * Fixed a control panel startup bug on some systems.
-* Fixed the MTA-STS policy file's line endings.
+* Improved an error message on a DNS lookup timeout.
+* A typo was fixed.
+
+DNS:
+
+* The TTL for NS records has been increased to 1 day to comply with some registrar requirements.
+
+System:
+
 * Nextcloud's photos, dashboard, and activity apps are disabled since we only support contacts and calendar.
 
 v0.51 (November 14, 2020)
@@ -23,7 +42,7 @@ Mail:
 
 * The MTA-STA max_age value was increased to the normal one week.
 
-Control Panel:
+Control panel:
 
 * Two-factor authentication can now be enabled for logins to the control panel. However, keep in mind that many online services (including domain name registrars, cloud server providers, and TLS certificate providers) may allow an attacker to take over your account or issue a fraudulent TLS certificate with only access to your email address, and this new two-factor authentication does not protect access to your inbox. It therefore remains very important that user accounts with administrative email addresses have strong passwords.
 * TLS certificate expiry dates are now shown in ISO8601 format for clarity.
@@ -49,7 +68,7 @@ TLS:
 
 * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
 
-Control Panel:
+Control panel:
 
 * The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
 * User passwords can now have spaces.
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index b6110fa8..79c7d389 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -20,7 +20,7 @@ if [ -z "$TAG" ]; then
 	# want to display in status checks.
 	if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" == "Ubuntu 18.04 LTS" ]; then
 		# This machine is running Ubuntu 18.04.
-		TAG=v0.51
+		TAG=v0.52
 
 	elif [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" == "Ubuntu 14.04 LTS" ]; then
 		# This machine is running Ubuntu 14.04.