1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-23 07:27:05 +00:00
Commit Graph

51 Commits

Author SHA1 Message Date
Joshua Tauberer
8d6d84d87f run mailconfig.py's email address validator outside of the virtualenv during questions.sh
We don't have the virtualenv this early in setup.

Broken by 0088fb4553.

Fixes #1326.

See https://discourse.mailinabox.email/t/that-is-not-a-valid-email-error-during-mailinabox-installation/2793.
2018-01-20 10:59:37 -05:00
Joshua Tauberer
0088fb4553 install Python 3 packages in a virtualenv
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.

See #1298, see #1264.
2018-01-15 13:27:04 -05:00
Git Repository
19a928e4ec [Issue #1159] Remove any +tag name in email alias before checking privileges (#1181)
* [Issue #1159] Remove any +tag name in email alias before checking privileges

* Move priprivileged email check after the conversion to unicode so only IDNA serves as input
2017-07-21 11:10:16 -04:00
Dominik Murzynowski
36bef2ee16 Change password min-length to 8 characters (#1098) 2017-02-14 14:24:59 -05:00
yodax
057903a303 Allow files in /home/user-data/mail/mailboxes 2016-02-21 13:49:07 +01:00
Ariejan de Vroom
aedfe62bb0 Add alias for abuse@ 2015-12-07 16:31:58 +01:00
Joshua Tauberer
274e5ca676 let dovecot automatically create mailbox folders rather than doing it manually in the management daemon, fixes #554 2015-10-18 11:55:27 +00:00
Peter Timofejew
1bdfdbee89 Added 'Sent' folder when creating user. 2015-10-12 09:43:35 -04:00
Joshua Tauberer
6704da1446 silence errors in the admin if there is an invalid domain name in the database
see #531
2015-09-06 13:27:28 +00:00
Joshua Tauberer
a8074ae3e4 suppress some status output regarding new automatic aliases on first installation 2015-08-19 16:30:32 -04:00
Joshua Tauberer
cfc4e6b48b automatic administrator aliases are probably not bidirectional because the administrator@ address is an alias and not a user 2015-08-19 16:06:09 -04:00
Joshua Tauberer
5924d0fe0d various cleanup related to the new permitted_senders column for aliases 2015-08-14 23:05:08 +00:00
David Piggott
e6ff280984 Store and set alias receivers and senders separately for maximum control 2015-07-20 12:51:57 +01:00
David Piggott
3fdfad27cd Add support for bidirectional mail alias controls
This is an extension of #427. Building on that change it adds support in the
aliases table for flagging aliases as:
 1. Applicable to inbound and outbound mail.
 2. Applicable to inbound mail only.
 3. Applicable to outbound mail only.
 4. Disabled.

The aliases UI is also updated to allow administrators to set the direction of
each alias.

Using this extra information, the sqlite queries executed by Postfix are
updated so only the relevant alias types are checked.

The goal and result of this change is that outbound-only catch-all aliases can
now be defined (in fact catch-all aliases of any type can be defined).

This allow us to continue supporting relaying as described at
https://mailinabox.email/advanced-configuration.html#relay
without requiring that administrators either create regular aliases for each
outbound *relay* address, or that they create a catch-all alias and then face a
flood of spam.

I have tested the code as it is in this commit and fixed every issue I found,
so in that regard the change is complete. However I see room for improvement
in terms of updating terminology to make the UI etc. easier to understand.
I'll make those changes as subsequent commits so that this tested checkpoint is
not lost, but also so they can be rejected independently of the actual change
if not wanted.
2015-07-20 12:51:57 +01:00
Joshua Tauberer
acd91665b5 setting an alias to forward to two or more addresses was broken since aa33428311
fixes #482
2015-07-04 15:28:45 +00:00
Joshua Tauberer
42a506231b don't automatically create the administrator@ alias (e.g. on first user creation) because we dont know what it should be an alias to (leave this to be resolved manually), fixes #470
Was broken by 462a79cf47.
2015-06-30 09:16:22 -04:00
Joshua Tauberer
aa33428311 some IDNA functionality was still using Python's built-in IDNA 2003 encoder rather than the idna package's IDNA 2008 encoder 2015-06-30 13:09:18 +00:00
Joshua Tauberer
462a79cf47 fix what counts as a required alias, fixes #434 2015-06-06 12:12:10 +00:00
Joshua Tauberer
202c4a948b our users/aliases database is case sensitive - force new users/aliases to lowercase
Unfortunately our users/aliases database is case sensitive. (Perhaps I should have defined the columns with COLLATE NOCASE, see https://www.sqlite.org/datatype3.html.) Postfix always queries the tables in lowecase, so mail delivery would fail if a user or alias were defined with any capital letters. It would have also been possible to add multiple euqivalent addresses into the database with different case.

This commit rejects new mail users that have capital letters and forces new aliases to lowecase. I prefer to reject rather than casefold user accounts so that the login credentials the user gave are exactly what goes into the database.

https://discourse.mailinabox.email/t/recipient-address-rejected-user-unknown-in-virtual-mailbox-table/512/4
2015-05-28 13:11:30 +00:00
David Piggott
d6c5f09a1a Use lowercase h for consistency in aliases template - it reads better (IMO!)
This also includes fixes for a typo and some whitespace inconsistencies in
mailconfig.py. In fact the capitalisation change and those fixes are the
remnants of a patch I had been running that changed the default aliases - it
was through developing it that I found the issues.

(I wanted to bring the number of patches I apply before deploying to zero and
in the case of this one I've come to view the way MIAB already is as superior,
so I've undone the core of my patch and these tiny issues are all that remain).
2015-05-28 13:46:15 +01:00
Joshua Tauberer
fc32cf5bcc permit the first user account to be a domain control validation address because a) it will necessarily be an admin and b) the user doesn't know the rules yet 2015-05-03 14:21:36 +00:00
Joshua Tauberer
5efd5abbe4 move the email address syntax validation for users and aliases into my new email_validator library (https://github.com/JoshData/python-email-validator) 2015-04-21 14:43:12 +00:00
Joshua Tauberer
a31d713fcc stricter validation of the domain parts of email addresses: only letters, numbers, and hyphens, and the TLD ends with a letter 2015-04-19 13:06:11 +00:00
Joshua Tauberer
072aeca1be prevent accidental domain control validation hijacking by limiting use of admin@ etc. addresses in users/aliases 2015-04-09 14:46:02 +00:00
Joshua Tauberer
322a5779f1 store IDNs (internationalized domain names) in IDNA (ASCII) in our database, not in Unicode
I changed my mind. In 1bf8f1991f I allowed Unicode domain names to go into the database. I thought that was nice because it's what the user *means*. But it's not how the web works. Web and DNS were working, but mail wasn't. Postfix (as shipped with Ubuntu 14.04 without support for SMTPUTF8) exists in an ASCII-only world. When it goes to the users/aliases table, it queries in ASCII (IDNA) only and had no hope of delivering mail if the domain was in full Unicode in the database. I was thinking ahead to SMTPUTF8, where we *could* put Unicode in the database (though that would prevent IDNA-encoded addressing from being deliverable) not realizing it isn't well supported yet anyway.

It's IDNA that goes on the wire in most places anyway (SMTP without SMTPUTF8 (and therefore how Postfix queries our users/aliases tables), DNS zone files, nginx config, CSR 'CN' field, X509 Common Name and Subject Alternative Names fields), so we should really be talking in terms of IDNA (i.e. ASCII).

This partially reverts commit 1bf8f1991f, where I added a lot of Unicode=>IDNA conversions when writing configuration files. Instead I'm doing Unicode=>IDNA before email addresses get into the users/aliases table. Now we assume the database uses IDNA-encoded ASCII domain names. When adding/removing aliases, addresses are converted to ASCII (w/ IDNA). User accounts must be ASCII-only anyway because of Dovecot's auth limitations, so we don't do any IDNA conversion (don't want to change the user's login info behind their back!). The aliases control panel page converts domains back to Unicode for display to be nice. The status checks converts the domains to Unicode just for the output headings.

A migration is added to convert existing aliases with Unicode domains into IDNA. Any custom DNS or web settings with Unicode may need to be changed.

Future support for SMTPUTF8 will probably need to add columns in the users/aliases table so that it lists both IDNA and Unicode forms.
2015-04-09 14:46:02 +00:00
Joshua Tauberer
680191d7cb drop the list of aliases from the users control panel page because with more than 50 aliases it seems to be so slow it times out
see https://discourse.mailinabox.email/t/small-bug-in-admin-panel-when-49-aliases/378
2015-03-22 13:59:05 +00:00
Joshua Tauberer
6df72bf4ac create the Trash folder on new user creation (fixes #359) 2015-03-22 13:33:17 +00:00
Joshua Tauberer
01f2451349 provide a better error message when creating a user account with non-ASCII characters 2015-03-22 12:33:06 +00:00
Joshua Tauberer
023b38df50 split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism
This was done to pave the way for two-factor authentication, but that's still a ways off.
2015-01-31 20:41:41 +00:00
Joshua Tauberer
85a40da83c catch-all aiases and domain aliases should not require postmaster@ and admin@ aliases because they'll forward anyway 2015-01-19 23:32:36 +00:00
Joshua Tauberer
1bf8f1991f internationalized domain names (DNS, web, CSRs, normalize to Unicode in database, prohibit non-ASCII characters in user account names)
* For non-ASCII domain names, we will keep the Unicode encoding in our users/aliases table. This is nice for the user and also simplifies things like sorting domain names (using Unicode lexicographic order is good, using ASCII lexicogrpahic order on IDNA is confusing).
* Write nsd config, nsd zone files, nginx config, and SSL CSRs with domains in IDNA-encoded ASCII.
* When checking SSL certificates, treat the CN and SANs as IDNA.
* Since Chrome has an interesting feature of converting Unicode to IDNA in <input type="email"> form fields, we'll also forcibly convert IDNA to Unicode in the domain part of email addresses before saving email addresses in the users/aliases tables so that the table is normalized to Unicode.
* Don't allow non-ASCII characters in user account email addresses. Dovecot gets confused when querying the Sqlite database (which we observed even for non-word ASCII characters too, so it may not be related to the character encoding).
2015-01-19 23:31:55 +00:00
Joshua Tauberer
7e7abf3b53 support "domain aliases" (@domain => @domain aliases)
This seemed to already be technically supported but the validation is now stricter and the admin is more helpful:

* Postfix seems to allow @domain.tld as an alias destination address but only if it is the only destination address (see the virtual man page).
 * Allow @domain.tld if it is the whole destination address string.
 * Otherwise, do not allow email addresses without local parts in the destination.
* In the admin, add a third tab for making it clear how to add a domain alias.

closes #265
2014-11-14 13:35:58 +00:00
Joshua Tauberer
06a8ce1c9d in the admin, show user mailbox sizes, fixes #210 2014-10-07 20:24:11 +00:00
Joshua Tauberer
443b084a17 in the admin, group aliases by domain, fixes #211 2014-10-07 19:47:46 +00:00
Joshua Tauberer
990649af2d in the admin, group users by domain, fixes 209 2014-10-07 19:47:43 +00:00
Joshua Tauberer
846768efcb admin: update user's password from the admin 2014-09-21 17:24:01 +00:00
Joshua Tauberer
196e42e8b5 don't automatically create an alias if a user account already exists by that name
In the event the first user is an address that we'd normally create as an alias,
we'd generate a loop from the alias to the administrative alias to the first user
account (which was the alias again).

hopefully fixes #186
2014-09-09 11:41:47 +00:00
Joshua Tauberer
b30d7ad80a web-based administrative UI
closes #19
2014-08-17 22:46:06 +00:00
Joshua Tauberer
e294f7c181 create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129 2014-08-09 16:49:57 +00:00
Joshua Tauberer
b56f82cb92 make a privileges column in the users table and mark the first user as an admin 2014-08-08 12:31:22 +00:00
Joshua Tauberer
9c7d476915 re-do catch-all aliases, fixes #107 (originally #104)
This reverts pull request #105 from jonessen96/master (84d2023f94) which was incorrect because it lost the "+" in DOT_ATOM_TEXT and so was not accepting any email addresses.

Am taking the opportunity to make the code cleaner while I'm here.
2014-07-13 12:29:43 +00:00
Jonas Platte
c35252720f Prohibited usage of empty local part for validate_email(email, strict = true) 2014-07-12 22:57:38 +02:00
Jonas Platte
70e4e7f7be Fixed validate_email not accepting catchalls (empty local part of the address) 2014-07-12 03:22:55 +02:00
Joshua Tauberer
85bd2c8804 use the Dovecot managesieve service to manage sieve scripts
This lets roundcube's manageseive plugin do cool things like vacation responses.

Also:

* Run the spam filtering sieve script out of a global sieve file that we'll place in /etc/dovecot. It is no longer necessary to create per-user sieve files for this. Remove them with a new migration. Remove the code that created them.

* Corrects the spam script. Backslashes were double-escaped probably because this script started embedded within the bash script. Not sure how this was working until now.

this adapts work by @h8h in #103
2014-07-10 23:09:07 +00:00
Joshua Tauberer
41b3df6d78 manage hostmaster@ and postmaster@ automatically, create administrator@ during setup instead
closes #94
2014-07-09 19:30:17 +00:00
Joshua Tauberer
49d5561933 when adding/removing mail addresses also update nginx's config 2014-07-06 12:16:50 +00:00
Joshua Tauberer
c8856f107d migrate the SSL certificates path for non-primary certs to a new layout using a new migration script 2014-06-30 20:41:29 +00:00
Joshua Tauberer
b5aa1b0f31 walk the user through choosing the PRIMARY_HOSTNAME by first asking for their email address 2014-06-30 10:20:58 -04:00
Joshua Tauberer
cecda9cec5 management: shell out external programs in a more secure way 2014-06-09 08:09:45 -04:00
Joshua Tauberer
242cadebc8 allow dashes in emails during validation, and for aliases allow a much wider range of characters, fixes #64
* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822
2014-06-06 10:51:36 -04:00