6c843fc92e
TOTP two-factor authentication
2015-01-31 20:57:09 +00:00
1f0345fe0e
replace Dovecot authentication (formerly an sql query) with a call to our management daemon
2015-01-31 20:57:03 +00:00
7e05d7478f
run status checks asynchronously so that they finish faster, since many checks are waiting on network replies and ought not to block the whole thing
2015-01-31 20:42:43 +00:00
8fd98d7db3
status checks: s/env['out']/output/
2015-01-31 20:42:43 +00:00
1039a08be6
/admin login now issues a user-specific key for future calls (rather than providing the system-wide API key or passing the password on each request)
2015-01-31 20:42:43 +00:00
023b38df50
split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism
...
This was done to pave the way for two-factor authentication, but that's still a ways off.
2015-01-31 20:41:41 +00:00
3187053b3a
dont save the CSR generated to make self-signed certificates for non-primary domains (it has no value and might be confusing)
2015-01-31 13:27:06 +00:00
a3e526e818
Merge pull request #307 from pierreozoux/master
...
Typo
2015-01-29 12:52:37 -05:00
f6d4621834
Typo
2015-01-29 17:03:20 +00:00
d075113c1a
Merge pull request #306 from dhpiggott/fix-backup-typos
...
Fix typos in backup status template
2015-01-29 08:22:44 -05:00
63f2abd923
Fix typos in backup status template
2015-01-29 09:25:12 +00:00
624cc7876a
Merge pull request #297 from kurthuwig/fix_typo
...
Fix typo in mail-guide.html
2015-01-21 08:52:39 -05:00
d3059c810f
Fix typo in mail-guide.html
...
Sercurity -> Security
2015-01-21 08:23:26 +01:00
85a40da83c
catch-all aiases and domain aliases should not require postmaster@ and admin@ aliases because they'll forward anyway
2015-01-19 23:32:36 +00:00
1bf8f1991f
internationalized domain names (DNS, web, CSRs, normalize to Unicode in database, prohibit non-ASCII characters in user account names)
...
* For non-ASCII domain names, we will keep the Unicode encoding in our users/aliases table. This is nice for the user and also simplifies things like sorting domain names (using Unicode lexicographic order is good, using ASCII lexicogrpahic order on IDNA is confusing).
* Write nsd config, nsd zone files, nginx config, and SSL CSRs with domains in IDNA-encoded ASCII.
* When checking SSL certificates, treat the CN and SANs as IDNA.
* Since Chrome has an interesting feature of converting Unicode to IDNA in <input type="email"> form fields, we'll also forcibly convert IDNA to Unicode in the domain part of email addresses before saving email addresses in the users/aliases tables so that the table is normalized to Unicode.
* Don't allow non-ASCII characters in user account email addresses. Dovecot gets confused when querying the Sqlite database (which we observed even for non-word ASCII characters too, so it may not be related to the character encoding).
2015-01-19 23:31:55 +00:00
d155aa8745
if all system services are running, say so in the status checks rather than being totally silent
2015-01-19 22:04:25 +00:00
c0bfd6d15f
bring CHANGELOG up to date
2015-01-19 22:04:25 +00:00
24cc108147
if a custom CNAME record is set, don't add a default A/AAAA record, e.g. for 'www'
...
see https://discourse.mailinabox.email/t/multiple-domains-in-mail-in-a-box-with-the-domains-being-hosted-elsewhere/56/18
2015-01-19 22:04:21 +00:00
b02d7d990e
install cron in case it isn't already installed
2015-01-11 20:00:11 +00:00
87f82addbc
preflight memory check: units problems
...
/proc/meminfo reports kibibytes. Lower the minimum memory requirement so that 768 MB (not MiB) also is allowed.
Report the detected memory in MB (not KiB), to be clearer.
Fixes #289 .
2015-01-11 14:13:35 +00:00
09713e8eab
status checks: check that system services are running
...
If bind9 isn't running, dont proceed with other checks because we can't do DNS checks. Even though we skip, add error handling so that a failed call to rndc doesn't crash and that a timeout in a DNS check doesn't crash the status checks.
2015-01-11 14:13:35 +00:00
0aa3941832
release v0.06
2015-01-04 15:18:13 -05:00
fea77e41df
Owncloud doesnt't support CARDDAV_SUPPORTS_SYNC
...
partialy reverts 93a722f; closes #287
2015-01-04 16:04:32 +00:00
74ef9ab7c5
Merge pull request #288 from fjuan/srv_doc
...
explain how to add SRV records to DNS zonefile using the API
2015-01-04 09:19:24 -05:00
6499c82d7f
explain how to add SRV records to DNS zonefile using the API
2015-01-04 10:23:34 +01:00
80e97feee2
update CHANGELOG
2015-01-02 23:47:19 +00:00
fddab5d432
allow the dns api to set srv records
...
see https://discourse.mailinabox.email/t/create-srv-record-at-the-dns-server/225
2015-01-02 23:39:09 +00:00
c4e4805160
ensure postfix/postgrey agree on whether to communicate with ipv4 or ipv6
...
see https://discourse.mailinabox.email/t/postgrey-and-ipv6/227
2015-01-02 23:37:16 +00:00
c75950125d
set dovecot default_process_limit and fs.inotify.max_user_instances to better defaults
...
See https://discourse.mailinabox.email/t/mailserver-limits/228 .
2015-01-02 23:25:52 +00:00
f141af4b61
status checks: dont die if openssh-server isn't installed
...
see https://discourse.mailinabox.email/t/local-dns-is-not-working-was-unable-to-check-system-status/165/39
2015-01-02 22:59:29 +00:00
3d8ea0e6ed
mail log scanner: dont assume lines are utf8
2015-01-02 22:49:25 +00:00
6efeff6fce
[Z-Push] Owncloud doesnt't support CARDDAV_SUPPORTS_SYNC, so set it to false
2014-12-29 16:35:47 +01:00
399f9d9bdf
in status checks, clear bind9 cache using rndc rather than restarting bind9
2014-12-26 13:22:14 +00:00
2b76fd299e
admin: ensure multiple concurrent api calls dont confuse the ajax loading indicator (track number of open requets, stop fade animation when it is time to hide)
2014-12-21 22:47:11 +00:00
90592bb157
add a control panel for setting custom dns records so that we dont have to use the api manually
2014-12-21 11:31:24 -05:00
5cf38b950a
bump ownCloud to 7.0.4; fixes #283
2014-12-12 01:00:35 +00:00
3bc5361491
Merge pull request #282 from m4rcs/master
...
Fix NS status check - should sort on both ends of the comparison
2014-12-09 11:17:30 -05:00
c3a7e3413b
Fixed a small status check bug, where secondary dns server check fails misleadingly.
2014-12-09 12:40:32 +01:00
d390bfb215
indicate in the admin when a multi-domain or wildcard certificate is in use
2014-12-05 14:43:52 -05:00
ceba53f1c4
explain how to install a multi-domain or wildcard ssl cert; if one is installed, the Replace Cert button in the admin for non-primary domains should not replace the cert on the primary domain
2014-12-05 14:25:14 -05:00
be59bcd47d
for .fund domains use RSASHA256 DNSSEC keys
2014-12-05 12:03:21 -05:00
cfe0fa912a
add a 'redirects' feature in web/custom.yaml
2014-12-05 12:03:21 -05:00
31d6128a2b
nginx: explicitly listen on both ipv4 and ipv6 (works even if ipv6 isn't present)
2014-11-30 14:41:30 +00:00
82cf5b72e4
simplify some output in the work-in-progress mail log scanner
2014-11-30 14:41:30 +00:00
8ec8c42441
Merge pull request #275 from grepwood/master
...
add `apt-get install sudo`
2014-11-25 10:39:13 -05:00
7e36e1fd90
added sudo to the list
...
not all setups have it and the miab installer depends on it
2014-11-25 15:36:34 +00:00
a7710e9058
dns.resolver.query treats hostnames as relative names if they don't end in a period
...
Relative hostnames have a fall-back lookup with the machine's hostname appended, which makes no sense. Add a period, e.g. "my.hostname.com" => "my.hostname.com.", to prevent that.
This caused false positive Spamhaus checks. Fixes #185 .
2014-11-21 15:16:59 +00:00
3133dcd5a3
release 0.05
2014-11-18 16:52:02 +00:00
057c1dd913
recommend IMAP/SMTP for everyone
2014-11-18 16:47:42 +00:00
06f2477cfd
the new iOS configuration profile also is used on OS X 10.10.1, see #261
2014-11-18 16:32:37 +00:00
Joshua Tauberer
pierreozoux
David Piggott
Kurt Huwig
Francisco de Juan
H8H
Marc Schiller
Michael Dec