external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity
2,045 Commits 6 Branches 85 Tags 43 MiB
0df9de30c9
Commit Graph

123 Commits

Author SHA1 Message Date
downtownallday
0df9de30c9 Manage the local Postgrey whitelist in the admin console 2021-04-09 09:47:07 -04:00
downtownallday
8a6f962b3e Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	setup/management.sh
 2021-02-28 12:47:10 -05:00
Joshua Tauberer
6653dbb2e2 Sort the Custom DNS by zone and qname, and add an option to go back to the old sort order (creation order) 
Update the zone grouping style on the users and aliases page to match.

Fixes #1927
 2021-02-28 09:40:32 -05:00
downtownallday
e5d762da38 Don't report the api key to syslog 2021-02-19 05:22:35 -05:00
downtownallday
2a0e50c8d4 Initial commit of a log capture and reporting feature 
This adds a new section to the admin panel called "Activity", that
supplies charts, graphs and details about messages entering and leaving
the host.

A new daemon captures details of system mail activity by monitoring
the /var/log/mail.log file, summarizing it into a sqllite database
that's kept in user-data.
 2021-01-11 18:02:07 -05:00
downtownallday
24c156c594 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	setup/management.sh
 2020-11-27 16:50:12 -05:00
Joshua Tauberer
82229ce04b Document how to start the control panel from the command line and in debugging use a stable API key 2020-11-26 07:11:49 -05:00
downtownallday
a0dd58d29e Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-11-17 07:46:22 -05:00
Victor
b85b86e6de
Add download zonefile button to external DNS page (#1853) 
Co-authored-by: Joshua Tauberer <jt@occams.info>
 2020-11-16 06:03:41 -05:00
Joshua Tauberer
545e7a52e4 Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost 2020-10-31 10:23:43 -04:00
downtownallday
a7370beae0 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/daemon.py
#	management/mfa.py
 2020-10-29 16:56:36 -04:00
Joshua Tauberer
601c23d91b Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost 2020-10-29 15:42:00 -04:00
downtownallday
5deb88ab60 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/daemon.py
#	management/mfa.py
#	setup/mail-users.sh
 2020-09-29 22:20:15 -04:00
Felix Spöttel
be5032ffbe Don't expose mru_token and secret for enabled mfas over HTTP 2020-09-29 19:46:02 +02:00
downtownallday
042e8b4a56 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 2020-09-28 23:25:29 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
 2020-09-28 23:25:16 -04:00
Felix Spöttel
4dced10a3f Fix handling of bad input when enabling mfa 2020-09-28 21:06:59 +02:00
Joshua Tauberer
b80f225691 Reorganize MFA front-end and add label column 2020-09-27 08:31:23 -04:00
Joshua Tauberer
a8ea456b49 Reorganize the MFA backend methods 2020-09-26 09:58:25 -04:00
downtownallday
d68a89af61 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/mailconfig.py
 2020-09-12 19:44:22 -04:00
Felix Spöttel
dcb93d071c Add TOTP secret to user_key hash 
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
 2020-09-12 16:34:06 +02:00
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
 2020-09-10 15:23:27 -04:00
Felix Spöttel
2ea97f0643 Do not log failed login attempts for MissingToken errors 
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
 2020-09-06 13:08:44 +02:00
Felix Spöttel
481a333dc0 Address review feedback, thanks @hija 2020-09-04 20:28:15 +02:00
Felix Spöttel
7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table 
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
 2020-09-03 19:07:21 +02:00
Felix Spöttel
89b301afc7 Update OpenApi docs, rename /2fa/ => /mfa/ 2020-09-03 13:54:28 +02:00
Felix Spöttel
ce70f44c58 Extract TOTPStrategy class to totp.py 
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
 2020-09-03 11:19:19 +02:00
Felix Spöttel
8597646a12 Update API route naming, update setup page 
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
 2020-09-02 19:41:06 +02:00
Felix Spöttel
3c3683429b implement two factor check during login 2020-09-02 17:23:32 +02:00
Felix Spöttel
a7a66929aa add user interface for managing 2fa 
* update user schema with 2fa columns
 2020-09-02 16:48:23 +02:00
downtownallday
191b575ab2 Add a display name for users, saved as 'cn' in LDAP 2020-08-25 16:33:06 -04:00
downtownallday
1fb9316904 spaces -> tabs 2020-08-25 12:21:11 -04:00
downtownallday
22bfef6f59 Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias". 2020-08-25 12:00:55 -04:00
David Duque
94da7bb088
status_checks.py: Properly terminate the process pools (#1795) 
* Only spawn a thread pool when strictly needed

For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.

* Acquire pools with the 'with' statement
 2020-08-09 11:42:39 -04:00
Joshua Tauberer
870b82637a fix some wrong variable names, fixes #1353 2018-11-30 10:46:54 -05:00
Joshua Tauberer
b05b06c74a remove user account mailbox size from the control panel because it takes way too long to compute on very large mailboxes 
fixes #531
 2018-11-30 10:46:54 -05:00
Joshua Tauberer
2a72c800f6 replace free_tls_certificates with certbot 2018-06-29 16:46:21 -04:00
Joshua Tauberer
0088fb4553 install Python 3 packages in a virtualenv 
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.

See #1298, see #1264.
 2018-01-15 13:27:04 -05:00
Joshua Tauberer
35a360ef0b simplify how munin-cgi-graph is called to reduce the attack surface area 
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.

Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
 2016-08-19 12:42:43 -04:00
Michael Kroes
01fa8cf72c add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon 
(tests squashed into this commit by josh)
 2016-06-06 09:13:10 -04:00
Michael Kroes
f292e8fc5b Add generic login failed message 2016-03-26 14:06:43 +01:00
Joshua Tauberer
5edefbec27 merge #735 - Allow a server to be rebooted when a reboot is required 2016-03-23 16:39:40 -04:00
Joshua Tauberer
67555679bd move the reboot button, fix grammar, refactor check for DRY, add changelog entry 2016-03-23 16:37:15 -04:00
Joshua Tauberer
546d6f0026 merge #674 - Support munin's cgi dynazoom 2016-03-23 16:10:30 -04:00
Joshua Tauberer
bd86d44c8b simplify the munin_cgi wrapper / add changelog entry 2016-03-23 16:09:19 -04:00
Michael Kroes
b71ad85e9f Restore an empty line 2016-02-26 09:51:22 +01:00
Michael Kroes
8ea2f5a766 Allow a server to be rebooted when a reboot is required 2016-02-25 21:56:27 +01:00
yodax
721730f0e8 Create a temporary multiprocessing pool 2016-02-23 06:32:01 +01:00
yodax
0843159fb4 Reduce number of processes in the pool to 5 2016-02-22 17:38:30 +01:00