Merge branch 'master' into jammyjellyfish2204

# Conflicts:
#	setup/management.sh
#	setup/mods.available/connect-nextcloud-to-miab.sh
#	setup/start.sh
#	setup/webmail.sh
#	tests/lib/carddav.sh
#	tests/lib/system.sh
#	tests/system-setup/setup-defaults.sh
#	tests/system-setup/setup-funcs.sh
#	tests/system-setup/upgrade.sh

changelog/gen.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+
+#
+# save a list of commits as markdown for a given tag or for a tag
+# determined automatically from bootstrap.sh and the current tag list
+#
+# this should be run from master, right before pushing a new release
+# tag
+#
+
+scriptdir=$(dirname "$0")
+miabdir="$scriptdir/.."
+
+branch=$(git branch --show-current)
+if [ $? -ne 0 ]; then
+    exit 1
+fi
+echo "Branch: $branch"
+
+tag_from_bootstrap() {
+    TAG=$(grep TAG= "$miabdir/setup/bootstrap.sh" | head -1 | awk -F= '{print $2}')
+    if [ $? -ne 0 -o -z "$TAG" ]; then
+        echo "Could not determine code version from bootstrap.sh !!!" 1>&2
+        return 1
+    fi
+}
+
+tag_from_git() {
+    local code="0"
+    case "$1" in
+        # the argument is a negative number (or blank). return the nth
+        # tag from bottom of the list given by `git tag`
+        -* | "" )
+        TAG=$(git tag | tail ${1:--1} | head -1)
+        code=$?
+        ;;
+
+        # else, return the tag prior to the tag given
+        * )
+        TAG=$(git tag | grep -B1 -F "$1" | head -1)
+        code=$?
+    esac
+
+    if [ $code -ne 0 -o -z "$TAG" ]; then
+        echo "Could not determine code version from git tag !!! arg=${1} code=$code" 1>&2
+        return 1
+    fi
+}
+
+tag_exists() {
+    local count
+    count=$(git tag | grep -c -xF "$1")
+    [ $count -eq 1 ] && return 0
+    [ $count -eq 0 ] && return 1
+    # should never happen...
+    echo "Problem: tag '$1' matches more than one line in git tag. Exiting."
+    exit 1
+}
+
+create_changelog() {
+    local from_ref="$1"
+    local to_ref="$2"
+    echo "Running: git log $from_ref..$to_ref" 1>&2
+    echo "| COMMIT | DATE | AUTHOR | TITLE |"
+    echo "| ------ | ---- | ------ | ----- |"
+    git log --no-merges --format="| [%h](https://github.com/downtownallday/mailinabox-ldap/commit/%H) | %cs | _%an_ | %s |" $from_ref..$to_ref
+}
+
+
+#
+# if a tag was given on the command line:
+#     output commits between
+#       a. tag prior to tag given, and
+#       b. tag given
+
+if [ ! -z "$1" ]; then
+    to_ref="$1"
+    tag_from_git "$1" || exit 1
+    from_ref="$TAG"
+    echo "Creating: $scriptdir/$to_ref.md"
+    cat > "$scriptdir/$to_ref.md" <<EOF
+## Commits for $to_ref
+EOF
+    create_changelog "$from_ref" "$to_ref" >> "$scriptdir/$to_ref.md" || exit 1
+
+else
+    tag_from_bootstrap || exit 1
+    bs_tag="$TAG"
+    echo -n "Bootstrap.sh tag $bs_tag: "
+    if tag_exists "$bs_tag"; then
+        echo "already exists"
+        of="$scriptdir/$branch.md"
+        if [ "$branch" != "master" ]; then
+            from_ref="master"
+            to_ref="$branch"
+            title="Unmerged commits from feature branch _${branch}_"
+        else
+            tag_from_git || exit 1
+            from_ref="$TAG"
+            to_ref="HEAD"
+            title="Commits on $branch since $from_ref"
+        fi
+        
+    else
+        echo "is new"
+        if [ "$branch" != "master" ]; then
+            of="$scriptdir/$branch.md"
+            from_ref="master"
+            to_ref="$branch"
+            title="Unmerged commits from feature branch _${branch}_"
+        else
+            of="$scriptdir/$bs_tag.md"
+            tag_from_git || exit 1
+            from_ref="$TAG"
+            to_ref="HEAD"
+            title="Commits for $bs_tag"
+        fi
+    fi
+
+    echo "Creating: $of"
+    cat > "$of" <<EOF
+## $title
+EOF
+    create_changelog "$from_ref" "$to_ref" >> "$of" || exit 1
+
+fi
+

changelog/v0.52.md

@@ -0,0 +1,32 @@
+## Commits for v0.52
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [90d63fd](https://github.com/downtownallday/mailinabox-ldap/commit/90d63fd208ebeca9378a31d97f844363296d6f51) | 2021-01-31 | _Joshua Tauberer_ | v0.52 |
+| [e81963e](https://github.com/downtownallday/mailinabox-ldap/commit/e81963e585f51b520461c951fd61f510d1b1679d) | 2021-01-31 | _Joshua Tauberer_ | Remove the instructions for checking that release tags are signed by me since I am not going to do that anymore |
+| [b1d703a](https://github.com/downtownallday/mailinabox-ldap/commit/b1d703a5e717c086aea0e37e9b14f78150181880) | 2021-01-31 | _Joshua Tauberer_ | Disable Backblaze B2 backups until #1899 is resolved |
+| [e3d98b7](https://github.com/downtownallday/mailinabox-ldap/commit/e3d98b781ea44218a9b063c01d3f9b603ac26427) | 2021-01-28 | _Felix Spöttel_ | Warn when connection to Spamhaus times out (#1817) |
+| [50d50ba](https://github.com/downtownallday/mailinabox-ldap/commit/50d50ba6538f03bcb35e6e2b580b413ae1275b45) | 2021-01-28 | _jvolkenant_ | Update zpush to 2.6.1 (#1908) |
+| [9b89a5c](https://github.com/downtownallday/mailinabox-ldap/commit/9b89a5c504c0b0e54db8df7c1974c6a65e79d24c) | 2021-01-13 | _downtownallday_ | Better handling of mail addressed to an alias |
+| [523a63f](https://github.com/downtownallday/mailinabox-ldap/commit/523a63f776dc07e174ba21f8e562ea9837193ccb) | 2021-01-12 | _downtownallday_ | Make the default table row limit 500 instead of 1000 |
+| [3e2858f](https://github.com/downtownallday/mailinabox-ldap/commit/3e2858f5def9ccdc944d684b5f334c4674b3d7e9) | 2021-01-12 | _downtownallday_ | Change wording |
+| [2a0e50c](https://github.com/downtownallday/mailinabox-ldap/commit/2a0e50c8d47d67a69036ffcc6ebf27f34d0d32d3) | 2021-01-11 | _downtownallday_ | Initial commit of a log capture and reporting feature |
+| [879467d](https://github.com/downtownallday/mailinabox-ldap/commit/879467d358d375c83225e57056569f305a1d969d) | 2021-01-05 | _Josh Brown_ | Fix typo in users.html (#1895) |
+| [8025c41](https://github.com/downtownallday/mailinabox-ldap/commit/8025c41ee40707b2ce954a762b9d076bf48cc012) | 2021-01-03 | _Nicolas North_ | Bump TTL for NS records to 1800 (30 min) to 86400 (1 day) as some registries require this (#1892) |
+| [7a5d729](https://github.com/downtownallday/mailinabox-ldap/commit/7a5d729a537221e043d5d24779ccb2a5f1b8cd05) | 2021-01-03 | _Josh Brown_ | Fix misspelling (#1893) |
+| [e2f9cd8](https://github.com/downtownallday/mailinabox-ldap/commit/e2f9cd845a362cff0c4e0dfc8b387978f5b17dd3) | 2020-12-28 | _jcm-shove-it_ | Update roundcube to 1.4.10 (#1891) |
+| [e26cf45](https://github.com/downtownallday/mailinabox-ldap/commit/e26cf4512c3e2c82a46824ce17bfe99da292d58a) | 2020-12-25 | _Joshua Tauberer_ | Update CHANGELOG |
+| [c728005](https://github.com/downtownallday/mailinabox-ldap/commit/c7280055a83085b3d3efd5a9296a1bea4923315c) | 2020-12-25 | _jvolkenant_ | Implement SPF/DMARC checks, add spam weight to those mails (#1836) |
+| [003e8b7](https://github.com/downtownallday/mailinabox-ldap/commit/003e8b7bb1579accd78dfd9d7b9e1e3b8a150f7b) | 2020-12-25 | _Hilko_ | Adjust max-recursion-queries to fix alternating rdns status (#1876) |
+| [86f3eee](https://github.com/downtownallday/mailinabox-ldap/commit/86f3eee23f6b5c7a06c4691f3d9a1031ad48d4bb) | 2020-12-21 | _downtownallday_ | Removing Travis CI completely in favor of local vagrant/virtualbox tests. |
+| [f5521b4](https://github.com/downtownallday/mailinabox-ldap/commit/f5521b45b585802b7c83b0aea40ca37b218d4adb) | 2020-12-21 | _downtownallday_ | Add tests for dmarc reject and spf softfail |
+| [4cc672e](https://github.com/downtownallday/mailinabox-ldap/commit/4cc672e85294352f4f23158f7d92b0cb5296caef) | 2020-12-21 | _downtownallday_ | Modify the handling of SPF checks and spam rules for policyd-spf |
+| [3422cc6](https://github.com/downtownallday/mailinabox-ldap/commit/3422cc61cede26d819d774a0a7cdabb0a85e3586) | 2020-12-19 | _Hilko_ | Include en_US.UTF-8 locale in daemon startup (#1883) |
+| [4c9bae5](https://github.com/downtownallday/mailinabox-ldap/commit/4c9bae517637cd0b4583143a868defd0703be2b9) | 2020-11-27 | _downtownallday_ | Create a default "pre-commit" set of virtual machines |
+| [8664afa](https://github.com/downtownallday/mailinabox-ldap/commit/8664afa99798c9dbd7b52cf67da7e90b3280bbf0) | 2020-11-26 | _Hilko_ | Implement Backblaze for Backup (#1812) |
+| [82229ce](https://github.com/downtownallday/mailinabox-ldap/commit/82229ce04baef6aeabd74a2c88e414b51236884d) | 2020-11-26 | _Joshua Tauberer_ | Document how to start the control panel from the command line and in debugging use a stable API key |
+| [f66e609](https://github.com/downtownallday/mailinabox-ldap/commit/f66e609d3fb00f2e3c0ef8185f16975dd181b665) | 2020-11-26 | _Richard Willis_ | Api spec cleanup (#1869) |
+| [b85b86e](https://github.com/downtownallday/mailinabox-ldap/commit/b85b86e6de8c6b0d134a24122ae1b1a6f8e1d3a7) | 2020-11-16 | _Victor_ | Add download zonefile button to external DNS page (#1853) |
+| [7fd35bb](https://github.com/downtownallday/mailinabox-ldap/commit/7fd35bbd11a78f4f655e6f05a944a1b627b2e04e) | 2020-11-15 | _Joshua Tauberer_ | Disable default Nextcloud apps that we don't support |
+| [7ce41e3](https://github.com/downtownallday/mailinabox-ldap/commit/7ce41e3865da598d2af4102b82e888d2ffed586d) | 2020-11-15 | _gumida_ | Changed mta-sts.txt end of line from LF to CRLF per RFC 8461 (#1863) |
+| [840f84d](https://github.com/downtownallday/mailinabox-ldap/commit/840f84da1a4741036a1ba92da27bc900ff3a8ad3) | 2020-10-07 | _Jeff Volkenant_ | Custom spamassassin rules for bad SPF/DMARC headers |
+| [3a59fe8](https://github.com/downtownallday/mailinabox-ldap/commit/3a59fe834fc852625becee0f45322c786bb05f46) | 2020-10-07 | _Jeff Volkenant_ | OpenDKIM/OpenDMARC header checks |

changelog/v0.53.md

@@ -0,0 +1,19 @@
+## Commits for v0.53
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [a697cd2](https://github.com/downtownallday/mailinabox-ldap/commit/a697cd2f01169218690179b72fa8d743385039ae) | 2021-04-13 | _Downtown Allday_ | Reflect new upstream default branch |
+| [f14eb2c](https://github.com/downtownallday/mailinabox-ldap/commit/f14eb2cdce9d82267b85fbfed70ce95f4b7e4d69) | 2021-04-12 | _Downtown Allday_ | v0.53 |
+| [87cc106](https://github.com/downtownallday/mailinabox-ldap/commit/87cc10657413aa78ab32f1c1b5856cf2c47431da) | 2021-04-07 | _downtownallday_ | Add 'last 7 days' and 'last 30 days' to report date range dropdown |
+| [3be7ba7](https://github.com/downtownallday/mailinabox-ldap/commit/3be7ba7c86520f20dcc354be872078250e5831d0) | 2021-04-07 | _downtownallday_ | Set the default interface for bridged networks to avoid interactive 'vagrant up'. Thx to https://stackoverflow.com/questions/33250304/how-to-automatically-select-bridged-network-interfaces-in-vagrant |
+| [002c4ed](https://github.com/downtownallday/mailinabox-ldap/commit/002c4edb88928fdc28bfe42ecda5e50b40bc104f) | 2021-04-07 | _downtownallday_ | Fix table alignment |
+| [b7faafc](https://github.com/downtownallday/mailinabox-ldap/commit/b7faafca6b9ceea06c697237622df714dbb61668) | 2021-03-17 | _downtownallday_ | Only consider messages that weren't rejected |
+| [6653dbb](https://github.com/downtownallday/mailinabox-ldap/commit/6653dbb2e2357462d22685a06f688f1fb02ed3cd) | 2021-02-28 | _Joshua Tauberer_ | Sort the Custom DNS by zone and qname, and add an option to go back to the old sort order (creation order) |
+| [5fc1162](https://github.com/downtownallday/mailinabox-ldap/commit/5fc11623556481019e6797c86565daa7577eb47b) | 2021-02-28 | _Joshua Tauberer_ | Other CHANGELOG entries |
+| [a839602](https://github.com/downtownallday/mailinabox-ldap/commit/a839602cba8eb36b8e4a13f46ed76aeea8249766) | 2021-02-28 | _Paul_ | Enable sending DMARC failure reports (#1929) |
+| [055ac07](https://github.com/downtownallday/mailinabox-ldap/commit/055ac076630241afe3464c09e2dd37886a497a47) | 2021-02-28 | _davDevOps_ | Update roundcube to 1.4.11 |
+| [c7b295f](https://github.com/downtownallday/mailinabox-ldap/commit/c7b295f4030f9efbfcf3d23e842aef4b68b9fa82) | 2021-02-28 | _davDevOps_ | Update zpush to 2.6.2 |
+| [d36a2cc](https://github.com/downtownallday/mailinabox-ldap/commit/d36a2cc938eea2b216b424084e1b82e34eee98c4) | 2021-02-28 | _Joshua Tauberer_ | Enable Backblaze B2 backups |
+| [82ca54d](https://github.com/downtownallday/mailinabox-ldap/commit/82ca54df962196466a0f8c02d28a8a605e777716) | 2021-02-28 | _jeremitu_ | Fixed #1894 log date over year change, START_DATE < END_DATE now. (#1905) |
+| [e5d762d](https://github.com/downtownallday/mailinabox-ldap/commit/e5d762da381134be8843ee1d0ee183e61de51d8a) | 2021-02-19 | _downtownallday_ | Don't report the api key to syslog |
+| [af62e7a](https://github.com/downtownallday/mailinabox-ldap/commit/af62e7a99bbe2852632daf274a4d8ad29a0cd523) | 2021-02-06 | _jvolkenant_ | Fixes unbound variable when upgrading from Nextcloud 13 (#1913) |
+| [2b44fe4](https://github.com/downtownallday/mailinabox-ldap/commit/2b44fe4a12ee2cbf272ea48b80c18540ce1bacef) | 2021-01-14 | _downtownallday_ | Only show alias if one |

changelog/v0.54.md

@@ -0,0 +1,50 @@
+## Commits for v0.54
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [4cb46ea](https://github.com/downtownallday/mailinabox-ldap/commit/4cb46ea4658b91240c5676c52746e48aaaba7b3f) | 2021-06-20 | _Joshua Tauberer_ | v0.54 |
+| [0f09880](https://github.com/downtownallday/mailinabox-ldap/commit/0f09880aa6ae44fcf0eed183a12d69971b54cfe4) | 2021-06-07 | _downtownallday_ | add -H option to /bin/chown call in case 'encrypted' is a symbolic link |
+| [0b2e504](https://github.com/downtownallday/mailinabox-ldap/commit/0b2e504d7f6b586599f6943f3e32d77bfcd90ecc) | 2021-05-16 | _downtownallday_ | Remove extraneous hr's |
+| [e15d198](https://github.com/downtownallday/mailinabox-ldap/commit/e15d198eb6a58e619321ac6b3f61ddefbf649497) | 2021-05-16 | _downtownallday_ | Fix typo |
+| [b0b9f0e](https://github.com/downtownallday/mailinabox-ldap/commit/b0b9f0e9023dea264d66b2225cffe5b4c3aa4c4f) | 2021-05-16 | _downtownallday_ | Update wording |
+| [35fa3fe](https://github.com/downtownallday/mailinabox-ldap/commit/35fa3fe891574ce43705cec39c5b5e48cd4172ea) | 2021-05-15 | _Joshua Tauberer_ | Changelog entries |
+| [d510c8a](https://github.com/downtownallday/mailinabox-ldap/commit/d510c8ae2a5b55ef1b22cc57c8ff8a2fe8597546) | 2021-05-15 | _Joshua Tauberer_ | Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849) |
+| [e283a12](https://github.com/downtownallday/mailinabox-ldap/commit/e283a1204728024c3e0cf77fdb5292fbdecde85f) | 2021-05-15 | _Joshua Tauberer_ | Add null SPF, DMARC, and MX records for automatically generated autoconfig, autodiscover, and mta-sts subdomains; add null MX records for custom A-record subdomains |
+| [e421add](https://github.com/downtownallday/mailinabox-ldap/commit/e421addf1c13f4ba13f09b645f6d83a1772e4483) | 2021-05-09 | _Joshua Tauberer_ | Pre-load domain purpopses when building DNS zonefiles rather than querying mail domains at each subdomain |
+| [354a774](https://github.com/downtownallday/mailinabox-ldap/commit/354a774989b52a6084a9610dace0539d995ceead) | 2021-05-09 | _Joshua Tauberer_ | Remove a debug line added in 8cda58fb |
+| [aaa81ec](https://github.com/downtownallday/mailinabox-ldap/commit/aaa81ec87979decb50a352bee30d93e3d748439d) | 2021-05-08 | _Joshua Tauberer_ | Fix indentation issue in bc4ae51c2d19c7753d1c2e65bc26b443dd5048c8 |
+| [dbd6dae](https://github.com/downtownallday/mailinabox-ldap/commit/dbd6dae5ceda7cc0ce2c132be1f0b795f0a2c363) | 2021-05-08 | _Joshua Tauberer_ | Fix exit status issue cased by 69fc2fdd |
+| [d4c5872](https://github.com/downtownallday/mailinabox-ldap/commit/d4c5872547ee0222759be7c195a358698c5dfa66) | 2021-05-08 | _John @ S4_ | Make clear that non-AWS S3 backups are supported (#1947) |
+| [3701e05](https://github.com/downtownallday/mailinabox-ldap/commit/3701e05d925fe780e1a43e4d54b247473136f841) | 2021-05-08 | _Thomas Urban_ | Rewrite envelope from address in sieve forwards (#1949) |
+| [bc4ae51](https://github.com/downtownallday/mailinabox-ldap/commit/bc4ae51c2d19c7753d1c2e65bc26b443dd5048c8) | 2021-05-08 | _Hala Alajlan_ | Handle query dns timeout unhandled error (#1950) |
+| [12aaebf](https://github.com/downtownallday/mailinabox-ldap/commit/12aaebfc54972cab4edd990f1eec519535314a69) | 2021-05-08 | _Jawad Seddar_ | `custom.yaml`: add support for X-Frame-Options header and proxy_redirect off (#1954) |
+| [4981353](https://github.com/downtownallday/mailinabox-ldap/commit/49813534bdaeaa82e3ac1ee70b78e91af5783dba) | 2021-05-08 | _jvolkenant_ | Updated Nextcloud to 20.0.8, contacts to 3.5.1, calendar to 2.2.0 (#1960) |
+| [16e81e1](https://github.com/downtownallday/mailinabox-ldap/commit/16e81e14392ed70ce36c241b53c83e2751060e5f) | 2021-05-08 | _jvolkenant_ | Fix to allow for non forced "enforce" MTA_STS_MODE (#1970) |
+| [2e7f283](https://github.com/downtownallday/mailinabox-ldap/commit/2e7f2835e734ff1bd02830953b5476fa66866336) | 2021-05-08 | _Joshua Tauberer_ | v0.53a |
+| [8a5f9f4](https://github.com/downtownallday/mailinabox-ldap/commit/8a5f9f464ad170da78c0595314cf598ed80797db) | 2021-05-08 | _Joshua Tauberer_ | Download Z-Push from alternate site |
+| [69fc2fd](https://github.com/downtownallday/mailinabox-ldap/commit/69fc2fdd3aa0e1c88d7fa7434560025e1b97848c) | 2021-05-03 | _Joshua Tauberer_ | Hide spurrious Nextcloud setup output |
+| [9b07d86](https://github.com/downtownallday/mailinabox-ldap/commit/9b07d86bf786bda73bc8c5ad95d2d9cb9e08be3f) | 2021-05-03 | _Joshua Tauberer_ | Use $(...) notation instead of legacy backtick notation for embedded shell commands |
+| [ae3feeb](https://github.com/downtownallday/mailinabox-ldap/commit/ae3feebd80195bd467262208f2cdada1b3fc458b) | 2021-05-03 | _Joshua Tauberer_ | Fix warnings reported by shellcheck |
+| [2c295bc](https://github.com/downtownallday/mailinabox-ldap/commit/2c295bcafd8e00a8f6a33a8b9d827a7aeacedbb5) | 2021-04-23 | _Joshua Tauberer_ | Upgrade the Roundcube persistent login cookie encryption to AES-256-CBC and increase the key length accordingly |
+| [30f9cc0](https://github.com/downtownallday/mailinabox-ldap/commit/30f9cc07cdba2570d9ea7439b82a47f05c08b119) | 2021-04-15 | _downtownallday_ | Clarify entry description |
+| [39a07bd](https://github.com/downtownallday/mailinabox-ldap/commit/39a07bd3a37687600a7a3b22b523acf5ce9db4c9) | 2021-04-15 | _downtownallday_ | when encryption-at-rest is enabled, ensure postgrey loads the local client whitelist file after a re-mount |
+| [8cda58f](https://github.com/downtownallday/mailinabox-ldap/commit/8cda58fb2282f53ed0bb5c3707bafe031c2ae7d7) | 2021-04-12 | _Joshua Tauberer_ | Speed up status checks a bit by removing a redundant check if the PRIMARY_HOSTNAME certificate is signed and valid |
+| [178c587](https://github.com/downtownallday/mailinabox-ldap/commit/178c5876542d3b9c756e4f153d02167dd169bf86) | 2021-04-12 | _Joshua Tauberer_ | Migrate to the ECDSAP256SHA256 (13) DNSSEC algorithm |
+| [36d9cbb](https://github.com/downtownallday/mailinabox-ldap/commit/36d9cbb4e8586e909b2a4d0b482322a44b3b1958) | 2021-04-12 | _downtownallday_ | Split the User Activity/IMAP connections tab into two tables to better deal with the quantity of data |
+| [34569d2](https://github.com/downtownallday/mailinabox-ldap/commit/34569d24a95a547100a185107d8722de9d29c9c2) | 2021-04-11 | _Joshua Tauberer_ | v0.53 |
+| [212b0b7](https://github.com/downtownallday/mailinabox-ldap/commit/212b0b74cb9fca10a91e298b6915891f7f8d2401) | 2021-04-10 | _downtownallday_ | Add missing file |
+| [26609c4](https://github.com/downtownallday/mailinabox-ldap/commit/26609c422358b96ccf96eabc7c211c6ae687f663) | 2021-04-10 | _downtownallday_ | Fix cell alignment |
+| [b881325](https://github.com/downtownallday/mailinabox-ldap/commit/b881325bcbd0091da66068c0e1b3aa6a301e3ba7) | 2021-04-10 | _downtownallday_ | Add ability to view message headers in the user activity panel ... and add message-id to output detail |
+| [f80978b](https://github.com/downtownallday/mailinabox-ldap/commit/f80978b6d812a9678299088554b46086943555f8) | 2021-04-10 | _downtownallday_ | Add missing import |
+| [2ec25b7](https://github.com/downtownallday/mailinabox-ldap/commit/2ec25b75c1aa5bc73eadb29513986c32b498e8f9) | 2021-04-10 | _downtownallday_ | Switch to ES6 modules |
+| [c1d9219](https://github.com/downtownallday/mailinabox-ldap/commit/c1d92195d861f2f0374cf1f16499ed328a588bfe) | 2021-04-09 | _downtownallday_ | Change text case |
+| [8093837](https://github.com/downtownallday/mailinabox-ldap/commit/8093837e933ef693832cbb793be19ae4d2b811d7) | 2021-04-09 | _downtownallday_ | use systemctl 'restart' instead of 'start' |
+| [0df9de3](https://github.com/downtownallday/mailinabox-ldap/commit/0df9de30c9aa4d2447407878290e45352fea7d59) | 2021-04-09 | _downtownallday_ | Manage the local Postgrey whitelist in the admin console |
+| [82e06a6](https://github.com/downtownallday/mailinabox-ldap/commit/82e06a6f15ca816e385d454fc644329523eeaedd) | 2021-04-09 | _downtownallday_ | Include remote_host, remote_ip and failure_info with user's received mail details |
+| [0ec968c](https://github.com/downtownallday/mailinabox-ldap/commit/0ec968c3b6ff2bfc9e2792e7c81fb2fa53f54983) | 2021-04-09 | _downtownallday_ | Fix model update on create and activate |
+| [606e5e0](https://github.com/downtownallday/mailinabox-ldap/commit/606e5e056923b02de4c0971b8e542dccf34754cc) | 2021-04-08 | _downtownallday_ | Better handling of timeseries containing just one value |
+| [26319ac](https://github.com/downtownallday/mailinabox-ldap/commit/26319ac59bc43da7efbd359b36a3a832c994d1ef) | 2021-04-08 | _downtownallday_ | Add 'today' and 'yesterday' to date range picker |
+| [b4c2cde](https://github.com/downtownallday/mailinabox-ldap/commit/b4c2cdef7d59b2354ab4190b874c0b00e642809a) | 2021-04-08 | _downtownallday_ | Include IMAP connection records in overall db stats table |
+| [721dd12](https://github.com/downtownallday/mailinabox-ldap/commit/721dd1273fdf168136e3df0f186c689b1eecaa3c) | 2021-04-08 | _downtownallday_ | Add IMAP connection reporting Fix binsizes and barwidths on timeseries charts Fix timezone issue in timeseries scales |
+| [ac811bc](https://github.com/downtownallday/mailinabox-ldap/commit/ac811bcbd1b7a879b30e824c1e844395d05efdad) | 2021-04-07 | _downtownallday_ | Add some test scripts |
+| [2b3c2fc](https://github.com/downtownallday/mailinabox-ldap/commit/2b3c2fcc02c2edc779e7188e92365768cadfd7fd) | 2021-04-07 | _downtownallday_ | Fix slowness when typing in search box |
+| [33ea865](https://github.com/downtownallday/mailinabox-ldap/commit/33ea865d65509651c6788338365a408302696a3e) | 2021-04-07 | _downtownallday_ | Capture Dovecot logs |

changelog/v55.md

@@ -0,0 +1,46 @@
+## Commits for v55
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [65861c6](https://github.com/downtownallday/mailinabox-ldap/commit/65861c68b728b0cf290724fd8f8da013b779eb7c) | 2021-10-18 | _Joshua Tauberer_ | Version 55 |
+| [71a7a3e](https://github.com/downtownallday/mailinabox-ldap/commit/71a7a3e201d69fee53419d822e47ddd6ee177fc5) | 2021-10-18 | _Joshua Tauberer_ | Upgrade to Roundcube 1.5 |
+| [1c3bca5](https://github.com/downtownallday/mailinabox-ldap/commit/1c3bca53bb7f42604b917d85e79339c5fda7690e) | 2021-10-18 | _Richard Willis_ | Fix broken link in external-dns.html (#2045) |
+| [b643cb3](https://github.com/downtownallday/mailinabox-ldap/commit/b643cb3478c619b000f7350bbd450e2184cc8a2b) | 2021-10-13 | _ukfhVp0zms_ | Update calendar/contacts android app info (#2044) |
+| [31dc967](https://github.com/downtownallday/mailinabox-ldap/commit/31dc96757c4bfd0ac50487404bc7cfe8f3551144) | 2021-10-02 | _downtownallday_ | Add help text |
+| [113b7bd](https://github.com/downtownallday/mailinabox-ldap/commit/113b7bd827f9f16c45e4403448f7a65b9c353f74) | 2021-09-24 | _Joshua Tauberer_ | Disable SMTPUTF8 in Postfix because Dovecot LMTP doesn't support it and bounces messages that require SMTPUTF8 |
+| [3e19f85](https://github.com/downtownallday/mailinabox-ldap/commit/3e19f85fadf41a600678f21bad1562647a961809) | 2021-09-24 | _Joshua Tauberer_ | Add domain maps from Unicode forms of internationalized domains to their ASCII forms |
+| [11e84d0](https://github.com/downtownallday/mailinabox-ldap/commit/11e84d0d40e9db8a4ec2208823bcdbfee84c2028) | 2021-09-24 | _Joshua Tauberer_ | Move automatically generated aliases to a separate database table |
+| [79966e3](https://github.com/downtownallday/mailinabox-ldap/commit/79966e36e3f74a50e923c74e83faf76e16c6ef13) | 2021-09-24 | _Joshua Tauberer_ | Set a cookie for /admin/munin pages to grant access to Munin reports |
+| [66b15d4](https://github.com/downtownallday/mailinabox-ldap/commit/66b15d42a505feecd1013bcb41ee2aa73ca850ee) | 2021-09-24 | _Joshua Tauberer_ | CHANGELOG entries |
+| [df46e13](https://github.com/downtownallday/mailinabox-ldap/commit/df46e1311b05d4f01e1908dbfaa4102c18aa9094) | 2021-09-24 | _drpixie_ | Include NSD config files from /etc/nsd/nsd.conf.d/*.conf (#2035) |
+| [353084c](https://github.com/downtownallday/mailinabox-ldap/commit/353084ce6726e7aaee9b9df1c87dd03df29c5f9e) | 2021-09-19 | _Elsie Hupp_ | Use "smart invert" for dark mode (#2038) |
+| [763cdfc](https://github.com/downtownallday/mailinabox-ldap/commit/763cdfcd7ec7ce88d2e236c5c7c27d699dfb2bf5) | 2021-09-14 | _downtownallday_ | remove /admin/me call, which is no longer available, and use the new api_credentials Object, which used to be a String. add X-Requested-With header to requests so 401's are not returned by daemon.py. |
+| [9ea03e1](https://github.com/downtownallday/mailinabox-ldap/commit/9ea03e18c9a9a28ce8e3c4421625c337e2f8217d) | 2021-09-14 | _downtownallday_ | automatically install avahi for systems with a .local tld |
+| [4b285c3](https://github.com/downtownallday/mailinabox-ldap/commit/4b285c3201efe8a7105260d69761a9128d5e61a4) | 2021-09-14 | _downtownallday_ | Prepare for multiple base system support and automatically update and remove stale vagrant boxes |
+| [3d32dba](https://github.com/downtownallday/mailinabox-ldap/commit/3d32dbab225b38f0bcb5d1e87cd14e7c132d2599) | 2021-09-14 | _downtownallday_ | Explicitly create a /etc/ldap/ldap.conf in the docker image so ldap tools recognize the system's trusted root certificate list |
+| [3f2b2ef](https://github.com/downtownallday/mailinabox-ldap/commit/3f2b2ef1466ae5846cd74cea47c395a1290d5719) | 2021-09-14 | _downtownallday_ | Stop the capture daemon during ehdd shutdown to avoid "busy" mount |
+| [91079ab](https://github.com/downtownallday/mailinabox-ldap/commit/91079ab9347b7326a11c4011ce7c6cf8cf8b1491) | 2021-09-10 | _mailinabox-contributor_ | add numeric flag value to DNSSEC DS status message (#2033) |
+| [e5909a6](https://github.com/downtownallday/mailinabox-ldap/commit/e5909a62870fc3a9d39a7ffe63a5264f9666ea79) | 2021-09-06 | _Joshua Tauberer_ | Allow non-admin login to the control panel and show/hide menu items depending on the login state |
+| [26932ec](https://github.com/downtownallday/mailinabox-ldap/commit/26932ecb103b326069f3653e4420d770189c1460) | 2021-09-06 | _Joshua Tauberer_ | Add a 'welcome' panel to the control panel and make it the default page instead of the status checks which take too long to load |
+| [e884c47](https://github.com/downtownallday/mailinabox-ldap/commit/e884c4774f3ef4fc01e43595e46948456a76ddbf) | 2021-09-06 | _Joshua Tauberer_ | Replace HMAC-based session API keys with tokens stored in memory in the daemon process |
+| [53ec0f3](https://github.com/downtownallday/mailinabox-ldap/commit/53ec0f39cb074dc43a2f8b245aa8d4d12c74914e) | 2021-09-06 | _Joshua Tauberer_ | Use 'secrets' to generate the system API key and remove some debugging-related code |
+| [700188c](https://github.com/downtownallday/mailinabox-ldap/commit/700188c44392aaa3a1e5cd5feaa59767db38cb53) | 2021-09-06 | _Joshua Tauberer_ | Roundcube 1.5 RC |
+| [4f8697c](https://github.com/downtownallday/mailinabox-ldap/commit/4f8697c07dd2e78dbe2de15fc198a9ff7e556429) | 2021-08-23 | _downtownallday_ | change badge link |
+| [71526bc](https://github.com/downtownallday/mailinabox-ldap/commit/71526bc2947d13f44a0c58b77773b12ff9096f0c) | 2021-08-23 | _downtownallday_ | Add badge |
+| [be932af](https://github.com/downtownallday/mailinabox-ldap/commit/be932af8139d359f9dff9fd461edb4314d309229) | 2021-08-23 | _downtownallday_ | git remote url does not contain .git extension in github actions |
+| [0876a9a](https://github.com/downtownallday/mailinabox-ldap/commit/0876a9a7de98b621cde9c38aaad2d65794143a84) | 2021-08-23 | _downtownallday_ | non-standard git remotes in github actions |
+| [0c2c76a](https://github.com/downtownallday/mailinabox-ldap/commit/0c2c76a6dcc7d71c1b6a7528383bcb36370c094d) | 2021-08-23 | _downtownallday_ | Patch upstream to install php-xml instead of php-xsl |
+| [2a9fcd7](https://github.com/downtownallday/mailinabox-ldap/commit/2a9fcd7101c8f9d286b3ba1ca4442c08dff8a698) | 2021-08-23 | _downtownallday_ | add upgrade-from-upstream job |
+| [c29eb2f](https://github.com/downtownallday/mailinabox-ldap/commit/c29eb2fb23d54a8d4dd254cb0a7ce15620e8ee31) | 2021-08-23 | _downtownallday_ | add 127.0.1.1 if it does not exist |
+| [f8a679b](https://github.com/downtownallday/mailinabox-ldap/commit/f8a679b9c27f654e250d04cb4c63ca7080dc586d) | 2021-08-23 | _downtownallday_ | ensure system hostname is resolvable locally |
+| [71d3b79](https://github.com/downtownallday/mailinabox-ldap/commit/71d3b79965e123c50cc8fd4f50fcc7799496ff51) | 2021-08-23 | _downtownallday_ | avoid installing php-xsl, which is a virtual package provided by php-xml on github images |
+| [bad57e8](https://github.com/downtownallday/mailinabox-ldap/commit/bad57e8688b97f01011978be124ca1a9b15eec82) | 2021-08-23 | _downtownallday_ | Try running update-alternatives for php 7.2 as before system-setup |
+| [d8c52fe](https://github.com/downtownallday/mailinabox-ldap/commit/d8c52fedc58584febdf54f8e86ebb6b6749e170d) | 2021-08-23 | _downtownallday_ | Try using nanasess/setup-php action to resolve issue where setup/webmail.sh, which runs the roundcubemail/bin/updatedb.sh script, fails with "Unsupported PHP version. Required PHP >= 5.4 and < 8.0" indicating that PHP >= 8.0 is actually installed! |
+| [5911f05](https://github.com/downtownallday/mailinabox-ldap/commit/5911f05f89801a34690c4cf471fdbb1afdc40d31) | 2021-08-23 | _downtownallday_ | use sudo |
+| [c855133](https://github.com/downtownallday/mailinabox-ldap/commit/c855133c412e556a9f7134feecec1581a0062083) | 2021-08-23 | _downtownallday_ | fix formatting |
+| [7fd1f0a](https://github.com/downtownallday/mailinabox-ldap/commit/7fd1f0ae312956ef545904a64b66adf29ace17ef) | 2021-08-23 | _downtownallday_ | Initial commit |
+| [ba80d9e](https://github.com/downtownallday/mailinabox-ldap/commit/ba80d9e72dd984af0ee733d55291a00e7f8685e6) | 2021-08-23 | _David Duque_ | Show backup retention period form when configuring B2 backups (#2024) |
+| [67b5711](https://github.com/downtownallday/mailinabox-ldap/commit/67b5711c683df8f05acd48ce13c4afcb2c5d3008) | 2021-08-22 | _Joshua Tauberer_ | Recommend that DS records be updated to not use SHA1 and exclude MUST NOT methods (SHA1) and the unlikely option RSASHA1-NSEC3-SHA1 (7) + SHA-384 (4) from the DS record suggestions |
+| [20ccda8](https://github.com/downtownallday/mailinabox-ldap/commit/20ccda8710411552d69978aeff41a9281fbb2012) | 2021-08-22 | _myfirstnameispaul_ | Re-order DS record algorithms by digest type and revise warning message. |
+| [0ba841c](https://github.com/downtownallday/mailinabox-ldap/commit/0ba841c7b66979e00e0d790b53555f05f72e9063) | 2021-08-22 | _NewbieOrange_ | fail2ban now supports ipv6 (#2015) |
+| [daad122](https://github.com/downtownallday/mailinabox-ldap/commit/daad122236f7eca841e9a46fa19dd57f44bcb5ac) | 2021-08-16 | _lamkin_ | Ignore bad encoding in email addresses when parsing maillog files (#2017) |
+| [21ad26e](https://github.com/downtownallday/mailinabox-ldap/commit/21ad26e452efebf5cfcac951ff9c723f9da6966a) | 2021-07-28 | _NewbieOrange_ | Disable auto-complete for 2FA code in the control panel login form (#2013) |

changelog/v56.md

@@ -0,0 +1,30 @@
+## Commits for v56
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [3a7de05](https://github.com/downtownallday/mailinabox-ldap/commit/3a7de051ee1e87d08589a946e3d05bbf6f6806fc) | 2022-01-19 | _Joshua Tauberer_ | Version 56 (January 19, 2022) |
+| [d6cd4e8](https://github.com/downtownallday/mailinabox-ldap/commit/d6cd4e826cc0568ec4453dc5d26e3d380f6b3912) | 2022-01-11 | _downtownallday_ | Ensure pip3 is installed before installing email_validator |
+| [f11cb04](https://github.com/downtownallday/mailinabox-ldap/commit/f11cb04a72a5215810e92f64140a556101f2086f) | 2022-01-08 | _Darek Kowalski_ | Update Vagrant private IP address, fix issue #2062 (#2064) |
+| [cb564a1](https://github.com/downtownallday/mailinabox-ldap/commit/cb564a130a8bf6f59d147f8434d246c0bc9c03a9) | 2022-01-08 | _Joshua Tauberer_ | Fix DNS secondary nameserver refesh failure retry period |
+| [d1d6318](https://github.com/downtownallday/mailinabox-ldap/commit/d1d63188628b58273f2726a51fa8befceb4327fb) | 2022-01-08 | _Joshua Tauberer_ | Set systemd journald log retention to 10 days (from no limit) to reduce disk usage |
+| [34b7a02](https://github.com/downtownallday/mailinabox-ldap/commit/34b7a02f4f4e4f1b76fa94021851af8e72d2e24b) | 2022-01-08 | _Joshua Tauberer_ | Update Roundcube to 1.5.2 |
+| [a312acc](https://github.com/downtownallday/mailinabox-ldap/commit/a312acc3bc44ce163ceb5d15ffd38ea5ee16f1fb) | 2022-01-08 | _Joshua Tauberer_ | Update to Nextcloud 20.0.8 and update apps |
+| [aab1ec6](https://github.com/downtownallday/mailinabox-ldap/commit/aab1ec691c1cdfbf56332642277434892336ac91) | 2022-01-08 | _Joshua Tauberer_ | CHANGELOG entries |
+| [520caf6](https://github.com/downtownallday/mailinabox-ldap/commit/520caf65571c0cdbac88e7fb56c04bacfb112778) | 2022-01-02 | _Erik Hennig_ | fix: typo in system backup template (#2081) |
+| [c92fd02](https://github.com/downtownallday/mailinabox-ldap/commit/c92fd022627a95e9a25cd2c177a97d93335d8ab2) | 2021-12-25 | _jvolkenant_ | Don't die if column already exists on Nextcloud 18 upgrade (#2078) |
+| [a85c429](https://github.com/downtownallday/mailinabox-ldap/commit/a85c429a857c21b64bf3c510f63f86bc2bf3d2df) | 2021-12-19 | _Arno Hautala_ | regex change to exclude comma from sasl_username (#2074) |
+| [d9cd7d2](https://github.com/downtownallday/mailinabox-ldap/commit/d9cd7d2002ae3fdf88ef289db65c4aa94ac2a341) | 2021-12-15 | _downtownallday_ | Add a setup mod to configure unattended-upgrades to email root on failures |
+| [177fd19](https://github.com/downtownallday/mailinabox-ldap/commit/177fd19b9b34831e51f51950e93d746b73de6555) | 2021-12-05 | _downtownallday_ | Increase session lifetime from 10 minutes to 1 hour |
+| [6c24a13](https://github.com/downtownallday/mailinabox-ldap/commit/6c24a130b93093b0be29c4050f48536e94323455) | 2021-12-05 | _downtownallday_ | Display common name in the directory |
+| [50a5cb9](https://github.com/downtownallday/mailinabox-ldap/commit/50a5cb90bc63d3f492641bf39ed943886f9c4eab) | 2021-11-30 | _Ilnahro_ | Include rsync to the installed basic packages (#2067) |
+| [aac878d](https://github.com/downtownallday/mailinabox-ldap/commit/aac878dce51832827613c60d6f0cfafd1a5fa61d) | 2021-11-23 | _steadfasterX_ | fix: key flag id for KSK, fix format (#2063) |
+| [1828538](https://github.com/downtownallday/mailinabox-ldap/commit/182853864651cbd40ab2cf76698cf1877b1acf94) | 2021-11-15 | _downtownallday_ | Refresh script for latest roundcube carddav plugin Belongs with last commit... |
+| [0621687](https://github.com/downtownallday/mailinabox-ldap/commit/06216876a23a55db6fce7d36502863d459fcc6c5) | 2021-11-15 | _downtownallday_ | Update roundcube carddav plugin to support roundcube 1.5 and close a security hole |
+| [58b0323](https://github.com/downtownallday/mailinabox-ldap/commit/58b0323b3626d29a8c8a419f72fecf32ee4509c5) | 2021-11-04 | _jvolkenant_ | Update persistent_login for Roundcube 1.5 (#2055) |
+| [646f971](https://github.com/downtownallday/mailinabox-ldap/commit/646f971d8bac7671646e4167b71b45b4b609e048) | 2021-10-31 | _kiekerjan_ | Update mailinabox.yml (#2054) |
+| [86067be](https://github.com/downtownallday/mailinabox-ldap/commit/86067be1425cb7df60c347dc1998ce9fc533acdd) | 2021-10-27 | _Felix Spöttel_ | fix(docs): set a schema for /logout responses (#2051) |
+| [3bb6f02](https://github.com/downtownallday/mailinabox-ldap/commit/3bb6f021a73635668f966f5cd784060d493b018e) | 2021-10-27 | _downtownallday_ | Fix tests that were broken by commit bb54370 |
+| [db8e0fd](https://github.com/downtownallday/mailinabox-ldap/commit/db8e0fdf660ef944f962109f4f732914d4fde531) | 2021-10-27 | _downtownallday_ | Remove /etc/ldap/ldap.conf creation as it's now created by the Nextcloud docker image |
+| [c67ff24](https://github.com/downtownallday/mailinabox-ldap/commit/c67ff241c43aa101e3e830795ae0fea54c947f67) | 2021-10-23 | _Joshua Tauberer_ | Updates to security.md |
+| [7b4cd44](https://github.com/downtownallday/mailinabox-ldap/commit/7b4cd443bf3f49c66ee2eb7f695b6a53232f7d81) | 2021-10-22 | _Joshua Tauberer_ | How to report security issues |
+| [3401754](https://github.com/downtownallday/mailinabox-ldap/commit/34017548d5833e598fc0b72f9b816fa788c119d3) | 2021-10-22 | _Joshua Tauberer_ | Don't crash if a custom DNS entry is not under a zone managed by the box, fixes #1961 |
+| [bb54370](https://github.com/downtownallday/mailinabox-ldap/commit/bb543700f5d15b724d91c27ecd93e65e13c415e2) | 2021-10-19 | _downtownallday_ | Fix smart host alias (alias with no forward to's). Postfix recently started rejecting these mails with "Sender address rejected: domain not found". This ensures the special case is handled properly. |

changelog/v57.md

@@ -0,0 +1,21 @@
+## Commits for v57
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [1f88490](https://github.com/downtownallday/mailinabox-ldap/commit/1f8849021abadc7c440e895e2feb2eb9916542a0) | 2022-06-12 | _downtownallday_ | Update changelog |
+| [379ae8e](https://github.com/downtownallday/mailinabox-ldap/commit/379ae8ea8c4a098950df6b8ffc15b935f561965d) | 2022-06-12 | _downtownallday_ | Add .md file extension |
+| [2aca421](https://github.com/downtownallday/mailinabox-ldap/commit/2aca421415f9f498c21a49588d1cff6ce3d8f2de) | 2022-06-12 | _Joshua Tauberer_ | Version 57 |
+| [99474b3](https://github.com/downtownallday/mailinabox-ldap/commit/99474b348f0dd2632057c18c6a8c4e6464962878) | 2022-06-12 | _Joshua Tauberer_ | Update backup to be compatible with duplicity 0.8.23 |
+| [8bebaf6](https://github.com/downtownallday/mailinabox-ldap/commit/8bebaf6a484a38aca199bdbe68e937abc6a1394d) | 2022-06-11 | _Joshua Tauberer_ | Simplify duplicity command line by omitting rsync options if the backup target type is not rsync |
+| [6ff93bb](https://github.com/downtownallday/mailinabox-ldap/commit/6ff93bb87e86fde270da5b667ab89fe86eab7364) | 2022-06-05 | _downtownallday_ | add miab directory as 'safe' for git |
+| [ee8d627](https://github.com/downtownallday/mailinabox-ldap/commit/ee8d627c3b6822bfb5dd3eb441fe42428a15f4de) | 2022-06-05 | _downtownallday_ | Improve formatting of setup output |
+| [9004bb6](https://github.com/downtownallday/mailinabox-ldap/commit/9004bb6e8ecf4ef8062859693919215149c68c47) | 2022-06-05 | _jbandholz_ | Add IPV6 addresses to fail2ban ignoreip (#2069) |
+| [69d8fde](https://github.com/downtownallday/mailinabox-ldap/commit/69d8fdef9915127f016eb6424322a149cdff25d7) | 2022-06-05 | _m-picc_ | Specify b2sdk version 1.14.1 (#2125) |
+| [eeee712](https://github.com/downtownallday/mailinabox-ldap/commit/eeee712cf3ad4d337479956f2c036071cc7e93c9) | 2022-05-04 | _Austin Ewens_ | Switched to using tags over releases for NextCloud contacts/calendar (#2105) |
+| [9b0da60](https://github.com/downtownallday/mailinabox-ldap/commit/9b0da60c24701041e7dadfc9556f84d727c4b319) | 2022-04-09 | _downtownallday_ | Fix detection of installed nc app The script erroneously determined the contacts app was installed because it matched "contactsintegration" |
+| [70475cc](https://github.com/downtownallday/mailinabox-ldap/commit/70475cc2943a49842bbd4cfb43d39ba82e382603) | 2022-04-08 | _downtownallday_ | Allow the nextcloud service account to be able to change user account passwords. This should be removed once Nextcloud Server iss 18406 is fixed. |
+| [6e40c69](https://github.com/downtownallday/mailinabox-ldap/commit/6e40c69cb5e04b633384135417c451882dc594a9) | 2022-03-26 | _lamberete_ | Error message using IPv4 instead of failing IPv6. |
+| [c0e54f8](https://github.com/downtownallday/mailinabox-ldap/commit/c0e54f87d70cd4b33b5e20e26d3ab454f0c0724f) | 2022-03-26 | _lamberete_ | Sorting ds records on report. |
+| [98f4e5b](https://github.com/downtownallday/mailinabox-ldap/commit/98f4e5b2fc61e18d0f74dd2b37afa9df51c7ef9c) | 2022-03-06 | _downtownallday_ | Add a changelog of commits for each release |
+| [82e203b](https://github.com/downtownallday/mailinabox-ldap/commit/82e203b3ec40701bb53f1f11db84b7215b9be062) | 2022-02-08 | _downtownallday_ | Fix issue where a postfix/submission connection using TLS on port 465 would be reported as "insecure" |
+| [fd2ff00](https://github.com/downtownallday/mailinabox-ldap/commit/fd2ff00a6efb53302d9699aaeaee465f3f7da597) | 2022-01-29 | _downtownallday_ | Use persistent_login plugin's "Auth Token" support for Roundcube. The old way was very insecure and is subject to dictionary attack of the unsalted encrypted password stored in a browser cookie. |
+| [54dc064](https://github.com/downtownallday/mailinabox-ldap/commit/54dc06416b3a87d7ef6cbfd2b760c69cd37a753c) | 2022-01-29 | _downtownallday_ | Periodically clean the roundcube database |

changelog/v57a.md

@@ -0,0 +1,6 @@
+## Commits for v57a
+| COMMIT | DATE | AUTHOR | TITLE |
+| ------ | ---- | ------ | ----- |
+| [3c3d62a](https://github.com/downtownallday/mailinabox-ldap/commit/3c3d62ac2709ee510214878ef06af0c6009f4e0b) | 2022-06-19 | _Joshua Tauberer_ | Version 57a |
+| [d829d74](https://github.com/downtownallday/mailinabox-ldap/commit/d829d74048ce9cc3cfda51f45428cfe482a1ce02) | 2022-06-18 | _Joshua Tauberer_ | Pin b2sdk to version 1.14.1 in the virtualenv also |
+| [0ef7b33](https://github.com/downtownallday/mailinabox-ldap/commit/0ef7b33a551237fe554caabdfc60571a94298812) | 2022-06-14 | _downtownallday_ | Remove output prefix It's too difficult to read, especially when getting user input via stdin |

management/reporting/capture/db/SqliteEventStore.py

@@ -24,6 +24,9 @@ mta_conn_fields = [
 	'remote_auth_success',
 	'remote_auth_attempts',
 	'remote_used_starttls',
+	'remote_used_tls',
+	'tls_version',
+	'tls_cipher',
 	'disposition',
 ]
 
@@ -207,6 +210,15 @@ schema_updates = [
 		"UPDATE db_info SET value='2' WHERE key='schema_version'"
 	],
 
+	# update 3
+	[
+		"ALTER TABLE mta_connection ADD COLUMN remote_used_tls INTEGER DEFAULT 0",
+		"ALTER TABLE mta_connection ADD COLUMN tls_version TEXT DEFAULT NULL COLLATE NOCASE",
+		"ALTER TABLE mta_connection ADD COLUMN tls_cipher TEXT DEFAULT NULL COLLATE NOCASE",
+
+		"UPDATE db_info SET value='3' WHERE key='schema_version'"
+	],
+
 ]
 
 

management/reporting/capture/mail/DovecotLogHandler.py

@@ -530,5 +530,6 @@ class DovecotLogHandler(CommonHandler):
                 self.store(match['imap_conn'])
             return
 
-        self.log_match('IGNORED', None, line)
+        if 'imap' in line:
+            self.log_match('IGNORED', None, line)
 

management/reporting/capture/mail/PostfixLogHandler.py

@@ -131,6 +131,12 @@ class PostfixLogHandler(CommonHandler):
         #   2=message_id
         self.re_postfix_message_id = re.compile('postfix/cleanup\[\d+\]: ([A-F0-9]+): message-id=(<[^>]*>)')
 
+        # 5a. Feb  8 08:25:37 mail postfix/cleanup[6908]: 74D901FB74: replace: header Received: from [IPv6:::1] (unknown [IPv6:xxx])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost. from unknown[x:x:x:x:x]; from=<user@tld> to=<user@tld> proto=ESMTP helo=<[IPv6:::1]>: Received: from authenticated-user (myhost.com [a.b.c.d])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost.com (Postfix) with ESMTPSA id 34E902FB74??for <user@tld>; Tue,  8 Feb 2022 08:25:37 -0500 (GMT)
+        #   1=postfix_msg_id
+        #   2=tls version (eg "1.3")
+        #   3=tls cipher (eg "TLS_AES_128_GCM_SHA256")
+        self.re_postfix_tls = re.compile('postfix/cleanup\[\d+\]: ([A-F0-9]+): replace: header Received: [^;]*\(using (TLSv[^ ]*) with cipher ([^ ]*)')
+
         # 6. opendkim: POSTFIX-MSG-ID: <result>
         # Dec  6 08:21:33 mail opendkim[6267]: DD95A1F796: s=pf2014 d=github.com SSL
         # SSL:
@@ -535,7 +541,8 @@ class PostfixLogHandler(CommonHandler):
                 "service": "smtpd" if m.group(2)=="smtpd" else "submission",
                 "service_tid": m.group(3),
                 "remote_host": m.group(4),
-                "remote_ip": m.group(5)
+                "remote_ip": m.group(5),
+                'remote_used_tls': 0,
             }
             self.add_new_connection(mta_conn)
             return { 'mta_conn': mta_conn }
@@ -843,6 +850,22 @@ class PostfixLogHandler(CommonHandler):
                 return { 'mta_conn':mta_conn, 'mta_accept':mta_accept }
             return True
 
+    
+    def match_postfix_tls(self, line):
+        # 5a. Feb  8 08:25:37 mail postfix/cleanup[6908]: 74D901FB74: replace: header Received: from [IPv6:::1] (unknown [IPv6:xxx])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost. from unknown[x:x:x:x:x]; from=<user@tld> to=<user@tld> proto=ESMTP helo=<[IPv6:::1]>: Received: from authenticated-user (myhost.com [a.b.c.d])??(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))??(No client certificate requested)??by myhost.com (Postfix) with ESMTPSA id 34E902FB74??for <user@tld>; Tue,  8 Feb 2022 08:25:37 -0500 (GMT)
+        m = self.re_postfix_tls.search(line)
+        if m:
+            postfix_msg_id = m.group(1)
+            v = {
+                'remote_used_tls': 1,
+                'tls_version': m.group(2),
+                'tls_cipher': m.group(3)
+            }
+            mta_conn, mta_accept = self.find_by_postfix_msg_id(postfix_msg_id)
+            if mta_conn and 'tls_version' not in mta_conn:
+                mta_conn.update(v)
+                return { 'mta_conn':mta_conn, 'mta_accept':mta_accept }
+            return True
 
 
     def match_opendkim(self, line):
@@ -1231,6 +1254,7 @@ class PostfixLogHandler(CommonHandler):
                     'disposition': 'reject'
                 })
             elif mta_conn.get('remote_used_starttls',0)==0 and \
+                 mta_conn.get('remote_used_tls',0)==0 and \
                  mta_conn.get('remote_ip') != '127.0.0.1':
                 mta_conn.update({
                     'disposition': 'insecure'
@@ -1349,6 +1373,11 @@ class PostfixLogHandler(CommonHandler):
             self.log_match('message_id', match, line)
             return
 
+        match = self.match_postfix_tls(line)
+        if match:
+            self.log_match('tls', match, line)
+            return
+
         match = self.match_opendkim(line)
         if match:
             self.log_match('opendkim', match, line)
@@ -1394,7 +1423,8 @@ class PostfixLogHandler(CommonHandler):
                 # we're done - not queued and disconnected ... save it
                 self.store(match['mta_conn'])
             return
-        
-        self.log_match('IGNORED', None, line)
+
+        if 'postfix' in line:
+            self.log_match('IGNORED', None, line)
 
 

management/reporting/capture/tests/run.sh

@@ -8,6 +8,7 @@ log="./mail.log"
 pos="./pos.json"
 sqlite="./capture.sqlite"
 config="./config.json"
+loglevel="debug"  #debug | info
 
 if [ -e "./debug.log" ]; then
     log="./debug.log"
@@ -31,4 +32,5 @@ fi
 
 echo "USING LOG: $log"
 echo "DB: $sqlite"
-python3 ../capture.py -d -loglevel info $@ -logfile "$log" -posfile "$pos" -sqlitefile "$sqlite" -config "$config"
+echo "LOGLEVEL: $loglevel"
+python3 ../capture.py -d -loglevel $loglevel $@ -logfile "$log" -posfile "$pos" -sqlitefile "$sqlite" -config "$config"

setup/ldap.sh

@@ -589,6 +589,15 @@ apply_access_control() {
 	ldapmodify -Q -Y EXTERNAL -H ldapi:/// >/dev/null <<EOF
 dn: $cdn
 replace: olcAccess
+# the next line is for nextcloud to be able to change user account
+# passwords. remove it when nextcloud server issue #18406 is fixed
+olcAccess: to dn.subtree="${LDAP_USERS_BASE}" attrs=userPassword
+  by dn.exact="cn=management,${LDAP_SERVICES_BASE}" write
+  by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
+  by dn.exact="cn=nextcloud,${LDAP_SERVICES_BASE}" write
+  by self =wx
+  by anonymous auth
+  by * none
 olcAccess: to attrs=userPassword
   by dn.exact="cn=management,${LDAP_SERVICES_BASE}" write
   by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read

setup/mods.available/connect-nextcloud-to-miab.sh

@@ -386,7 +386,7 @@ install_app() {
     if [ ! -x /usr/bin/sudo ]; then
         say "WARNING: sudo is not installed: Unable to run occ to check and/or install Nextcloud app \"$app\"."
         
-    elif [ -z "$(sudo -E -u www-data php $NCDIR/occ app:list | grep -F $app:)" ]; then
+    elif [ -z "$(sudo -E -u www-data php $NCDIR/occ app:list | grep -F "${app}:")" ]; then
         say_verbose "Install app '$app'"
         sudo -E -u www-data php $NCDIR/occ app:install $app
         [ $? -ne 0 ] && die "Unable to install Nextcloud app '$app'"

setup/start.sh

@@ -168,7 +168,9 @@ fi
 if [ -d "${LOCAL_MODS_DIR:-local}" ]; then
     for mod in $(ls "${LOCAL_MODS_DIR:-local}" | grep -v '~$'); do
         if [ -x ${LOCAL_MODS_DIR:-local}/$mod ]; then
-            ${LOCAL_MODS_DIR:-local}/$mod |& sed -e "s/^/mod(${mod%%.*}): /"
+            echo ""
+            echo "Running mod: ${LOCAL_MODS_DIR:-local}/$mod"
+            ${LOCAL_MODS_DIR:-local}/$mod
         fi
     done
 fi

setup/webmail.sh

@@ -41,7 +41,7 @@ apt_install php${PHP_VER}-ldap
 # the error message.
 VERSION=1.6-rc
 HASH=c44c683a06117162f4fccf5bd5883d4ed3595e45
-PERSISTENT_LOGIN_VERSION=59ca1b0d3a02cff5fa621c1ad581d15f9d642fe8
+PERSISTENT_LOGIN_VERSION=version-5.3.0
 HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+
 CARDDAV_VERSION=4.4.1
 CARDDAV_VERSION_AND_VARIANT=4.4.1-roundcube16
@@ -203,6 +203,15 @@ cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php <<EOF;
 ?>
 EOF
 
+# Configure persistent_login (required database tables are created
+# later in this script)
+cat > ${RCM_PLUGIN_DIR}/persistent_login/config.inc.php <<EOF
+<?php
+/* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. */
+\$rcmail_config['ifpl_use_auth_tokens'] = true;  # enable AuthToken cookies
+?>
+EOF
+
 # Create writable directories.
 mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
 chown -R www-data.www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
@@ -243,6 +252,19 @@ php$PHP_VER ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube
 chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
 chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
 
+# Create persistent login plugin's database tables
+sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite < ${RCM_PLUGIN_DIR}/persistent_login/sql/sqlite.sql
+
 # Enable PHP modules.
 phpenmod -v $PHP_VER imap ldap
 restart_service php$PHP_VER-fpm
+
+# Periodically clean the roundcube database (see roundcubemail/INSTALL)
+cat > /etc/cron.daily/mailinabox-roundcubemail << EOF
+#!/bin/bash
+# Mail-in-a-Box
+# Clean up the roundcube database
+cd $RCM_DIR && bin/cleandb.sh >/dev/null
+EOF
+chmod +x /etc/cron.daily/mailinabox-roundcubemail
+

tests/lib/carddav.sh

@@ -247,9 +247,7 @@ roundcube_force_carddav_refresh() {
     [ -z "$carddav_major" ] && carddav_major="3"
 
     if [ $carddav_major -eq 3 ]; then
-        if [ ! -e "$RCM_DIR/bin/carddav_refresh.sh" ]; then
-            echo "Please ignore the following errors about no such table carddav_addressbooks and carddav_migrations"
-        fi
+        # old version
         sync_script="$assets_dir/mail/roundcube/carddav_refresh_v3.sh"
     else
         sync_script="$assets_dir/mail/roundcube/carddav_refresh.sh"
@@ -261,6 +259,7 @@ roundcube_force_carddav_refresh() {
     fi
     
     pushd "$RCM_DIR" >/dev/null
+    echo "Please ignore errors about 'no such table carddav_addressbooks' and 'no such table carddav_migrations'"
     /usr/bin/php${PHP_VER} bin/carddav_refresh.sh "$user" "$pass"
     code=$?
     popd >/dev/null

tests/lib/installed-state.sh

@@ -6,6 +6,29 @@
 # installations to a subsequent MiaB-LDAP upgrade
 #
 
+parse_miab_version_string() {
+    local tmpfile
+    tmpfile=$(mktemp)
+    awk -F- '
+/^v[0-9]+\./ { split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2; next }  
+
+$1 ~ /^v[0-9]+[a-z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"a"+1; print "RELEASE="; next }
+
+$1 ~ /^v[0-9]+[A-Z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"A"+1; print "RELEASE="; next }
+
+$1 ~ /^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next } 
+
+{ exit 1 }' >> "$tmpfile" <<< "$1"
+    
+    if [ $? -ne 0 ]; then
+        rm -f "$tmpfile"
+        return 1
+    fi
+    source "$tmpfile"
+    rm -f "$tmpfile"
+    return 0
+}
+
 
 installed_state_capture() {
     # users and aliases
@@ -29,8 +52,25 @@ installed_state_capture() {
     fi
     H2 "create info.txt"
     echo "STATE_VERSION=1" > "$info"
-    echo "GIT_VERSION='$(git describe)'" >>"$info"
-    git describe | awk -F- '{ split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2 }' >>"$info"
+    local gitver=$(git describe)
+    echo "GIT_VERSION='$gitver'" >>"$info"
+
+    if [ -z "$gitver" ]; then
+        # git: "No names found, cannot describe anything"
+        MAJOR=999
+        MINOR=
+        RELEASE=
+    else
+        parse_miab_version_string "$gitver"
+        if [ $? -ne 0 ]; then
+            echo "Unable to parse version string: '$gitver'"
+            return 1
+        fi
+    fi
+    echo "MAJOR=$MAJOR" >>"$info"
+    echo "MINOR=$MINOR" >>"$info"
+    echo "RELEASE=$RELEASE" >>"$info"
+    
     echo "GIT_ORIGIN='$(git remote -v | grep ^origin | grep 'fetch)$' | awk '{print $2}')'" >>"$info"
     echo "MIGRATION_VERSION=$([ -e "$STORAGE_ROOT/mailinabox.version" ] && cat "$STORAGE_ROOT/mailinabox.version")" >>"$info"
     echo "MIGRATION_ML_VERSION=$([ -e "$STORAGE_ROOT/mailinabox-ldap.version" ] && cat "$STORAGE_ROOT/mailinabox-ldap.version")" >>"$info"
@@ -85,14 +125,14 @@ installed_state_compare() {
     #
     source "$s1/info.txt"
     MAJOR_A="$MAJOR"
-    MINOR_A="$MINOR"
+    MINOR_A="${MINOR:-0}"
     RELEASE_A="${RELEASE:-0}"
     PROD_A="miab"
     grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_A="miabldap"
     
     source "$s2/info.txt"
     MAJOR_B="$MAJOR"
-    MINOR_B="$MINOR"
+    MINOR_B="${MINOR:-0}"
     RELEASE_B="${RELEASE:-0}"
     PROD_B="miab"
     grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_B="miabldap"

tests/suites/ldap-access.sh

@@ -19,6 +19,10 @@
 #	   no anonymous binds to root DSE
 #	   no anonymous binds to database
 #
+# Exception: the nextcloud service account is allowed to change user
+# passwords until this issue is fixed:
+#
+#    https://github.com/nextcloud/server/issues/18406
 
 
 test_user_change_password() {
@@ -113,6 +117,30 @@ test_user_access() {
 }
 
 
+test_nextcloud_service_access() {
+	# The nextcloud service account is allowed to change user
+	# passwords until issue #18406 is fixed
+	test_start "nextcloud-service-access"
+
+	# create regular user with password "alice"
+	local alice="alice@somedomain.com"	  
+	create_user "alice@somedomain.com" "alice"
+	local alice_dn="$ATTR_DN"
+
+	# allowed: update userPassword of a user account
+	assert_w_access "$alice_dn" "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_PASSWORD" write "userPassword=$(slappasswd_hash "alice-new")"
+
+	# not allowed: update userPassword of service account
+	assert_w_access "$LDAP_POSTFIX_DN" "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_PASSWORD" no-write "userPassword=$(slappasswd_hash "test-new")"
+	
+	# not allowed: update userPassword of own account
+	assert_w_access "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_PASSWORD" no-write "userPassword=$(slappasswd_hash "test-new")"
+	
+	delete_user "$alice"
+	
+	test_end
+}
+
 
 test_service_change_password() {
 	# service accounts should not be able to change other user's
@@ -249,6 +277,7 @@ test_user_change_password
 test_user_access
 test_service_change_password
 test_service_access
+test_nextcloud_service_access
 test_root_dse
 test_anon_bind
 

tests/system-setup/upgrade.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
 # setup MiaB-LDAP by:
-#    1. installing older version of MiaB-LDAP
+#    1. installing a prior version of MiaB-LDAP
 #    2. adding some data (users/aliases/etc)
-#    3. upgrading to latest MiaB-LDAP
+#    3. upgrading to master branch version of MiaB-LDAP
 #
 # See setup-defaults.sh for usernames and passwords
 #