1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Commit Graph

721 Commits

Author SHA1 Message Date
downtownallday
0f09880aa6 add -H option to /bin/chown call in case 'encrypted' is a symbolic link 2021-06-07 06:40:05 -04:00
downtownallday
fc4ad70535 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	management/dns_update.py
#	management/web_update.py
#	tests/test_mail.py
2021-05-15 22:35:48 -04:00
Joshua Tauberer
d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
Joshua Tauberer
e283a12047 Add null SPF, DMARC, and MX records for automatically generated autoconfig, autodiscover, and mta-sts subdomains; add null MX records for custom A-record subdomains
All A/AAAA-resolvable domains that don't send or receive mail should have these null records.

This simplifies the handling of domains a bit by handling automatically generated subdomains more like other domains.
2021-05-15 16:42:14 -04:00
Joshua Tauberer
e421addf1c Pre-load domain purpopses when building DNS zonefiles rather than querying mail domains at each subdomain 2021-05-09 08:16:07 -04:00
Joshua Tauberer
354a774989 Remove a debug line added in 8cda58fb 2021-05-09 07:34:44 -04:00
downtownallday
7144ed041e Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
#	setup/start.sh
2021-05-08 09:20:04 -04:00
Joshua Tauberer
aaa81ec879 Fix indentation issue in bc4ae51c2d 2021-05-08 09:06:18 -04:00
John @ S4
d4c5872547
Make clear that non-AWS S3 backups are supported (#1947)
Just a few wording changes to show that it is possible to make S3 backups to other services than AWS - prompted by a thread on MIAB discourse.
2021-05-08 08:32:58 -04:00
Hala Alajlan
bc4ae51c2d
Handle query dns timeout unhandled error (#1950)
Co-authored-by: hala alajlan <halalajlan@gmail.com>
2021-05-08 08:26:40 -04:00
Jawad Seddar
12aaebfc54
custom.yaml: add support for X-Frame-Options header and proxy_redirect off (#1954) 2021-05-08 08:25:33 -04:00
downtownallday
30f9cc07cd Clarify entry description 2021-04-15 09:09:24 -04:00
downtownallday
d20c3e6ffa Merge branch 'master' into postgrey-whitelist 2021-04-13 07:00:47 -04:00
downtownallday
4227fa2b42 Merge branch 'master' into reporting 2021-04-13 06:51:05 -04:00
downtownallday
6bfcd679e1 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
2021-04-13 00:22:55 -04:00
Joshua Tauberer
8cda58fb22 Speed up status checks a bit by removing a redundant check if the PRIMARY_HOSTNAME certificate is signed and valid 2021-04-12 19:42:12 -04:00
Joshua Tauberer
178c587654 Migrate to the ECDSAP256SHA256 (13) DNSSEC algorithm
* Stop generating RSASHA1-NSEC3-SHA1 keys on new installs since it is no longer recommended, but preserve the key on existing installs so that we continue to sign zones with existing keys to retain the chain of trust with existing DS records.
* Start generating ECDSAP256SHA256 keys during setup, the current best practice (in addition to RSASHA256 which is also ok). See https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1 and https://www.cloudflare.com/dns/dnssec/ecdsa-and-dnssec/.
* Sign zones using all available keys rather than choosing just one based on the TLD to enable rotation/migration to the new key and to give the user some options since not every registrar/TLD supports every algorithm.
* Allow a user to drop a key from signing specific domains using DOMAINS= in our key configuration file. Signing the zones with extraneous keys may increase the size of DNS responses, which isn't ideal, although I don't know if this is a problem in practice. (Although a user can delete the RSASHA1-NSEC3-SHA1 key file, the other keys will be re-generated on upgrade.)
* When generating zonefiles, add a hash of all of the DNSSEC signing keys so that when the keys change the zone is definitely regenerated and re-signed.
* In status checks, if DNSSEC is not active (or not valid), offer to use all of the keys that have been generated (for RSASHA1-NSEC3-SHA1 on existing installs, RSASHA256, and now ECDSAP256SHA256) with all digest types, since not all registers support everything, but list them in an order that guides users to the best practice.
* In status checks, if the deployed DS record doesn't use a ECDSAP256SHA256 key, prompt the user to update their DS record.
* In status checks, if multiple DS records are set, only fail if none are valid. If some use ECDSAP256SHA256 and some don't, remind the user to delete the DS records that don't.
* Don't fail if the DS record uses the SHA384 digest (by pre-generating a DS record with that digest type) but don't recommend it because it is not in the IANA mandatory list yet (https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml).

See #1953
2021-04-12 19:42:12 -04:00
downtownallday
36d9cbb4e8 Split the User Activity/IMAP connections tab into two tables to better deal with the quantity of data 2021-04-12 15:07:56 -04:00
downtownallday
212b0b74cb Add missing file 2021-04-10 17:26:36 -04:00
downtownallday
9c87884837 Merge branch 'reporting' into postgrey-whitelist 2021-04-10 16:50:30 -04:00
downtownallday
26609c4223 Fix cell alignment 2021-04-10 16:49:46 -04:00
downtownallday
b881325bcb Add ability to view message headers in the user activity panel
... and add message-id to output detail
2021-04-10 13:33:08 -04:00
downtownallday
f80978b6d8 Add missing import 2021-04-10 10:09:05 -04:00
downtownallday
2ec25b75c1 Switch to ES6 modules 2021-04-10 09:29:29 -04:00
downtownallday
c1d92195d8 Change text case 2021-04-09 14:58:30 -04:00
downtownallday
0df9de30c9 Manage the local Postgrey whitelist in the admin console 2021-04-09 09:47:07 -04:00
downtownallday
82e06a6f15 Include remote_host, remote_ip and failure_info with user's received mail details 2021-04-09 07:33:49 -04:00
downtownallday
0ec968c3b6 Fix model update on create and activate 2021-04-09 06:44:25 -04:00
downtownallday
606e5e0569 Better handling of timeseries containing just one value 2021-04-08 14:43:35 -04:00
downtownallday
26319ac59b Add 'today' and 'yesterday' to date range picker 2021-04-08 14:41:53 -04:00
downtownallday
b4c2cdef7d Include IMAP connection records in overall db stats table 2021-04-08 13:29:04 -04:00
downtownallday
721dd1273f Add IMAP connection reporting
Fix binsizes and barwidths on timeseries charts
Fix timezone issue in timeseries scales
2021-04-08 12:53:32 -04:00
downtownallday
ac811bcbd1 Add some test scripts 2021-04-07 18:11:21 -04:00
downtownallday
2b3c2fcc02 Fix slowness when typing in search box 2021-04-07 18:03:50 -04:00
downtownallday
33ea865d65 Capture Dovecot logs 2021-04-07 18:03:06 -04:00
downtownallday
87cc106574 Add 'last 7 days' and 'last 30 days' to report date range dropdown 2021-04-07 09:25:26 -04:00
downtownallday
ff6cdf14f6 Merge branch 'master' into reporting 2021-04-07 08:28:31 -04:00
downtownallday
002c4edb88 Fix table alignment 2021-04-07 08:27:22 -04:00
downtownallday
b7faafca6b Only consider messages that weren't rejected 2021-03-17 15:33:16 -04:00
downtownallday
8a6f962b3e Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	setup/management.sh
2021-02-28 12:47:10 -05:00
Joshua Tauberer
6653dbb2e2 Sort the Custom DNS by zone and qname, and add an option to go back to the old sort order (creation order)
Update the zone grouping style on the users and aliases page to match.

Fixes #1927
2021-02-28 09:40:32 -05:00
Joshua Tauberer
d36a2cc938 Enable Backblaze B2 backups
This reverts commit b1d703a5e7 and adds python3-setuptools per the first version of #1899 which fixes an installation error for the b2sdk Python package.
2021-02-28 08:04:14 -05:00
jeremitu
82ca54df96
Fixed #1894 log date over year change, START_DATE < END_DATE now. (#1905)
* Fixed #1894 log date over year change, START_DATE < END_DATE now.

* Corrected mail_log.py argument help and message.

Co-authored-by: Jarek <jarek@box.jurasz.de>
2021-02-28 07:59:26 -05:00
downtownallday
e5d762da38 Don't report the api key to syslog 2021-02-19 05:22:35 -05:00
downtownallday
3c676fd2c1 Merge branch 'master' into reporting 2021-01-31 17:16:34 -05:00
downtownallday
810bf15a43 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
#	setup/management.sh
2021-01-31 16:56:49 -05:00
Joshua Tauberer
b1d703a5e7 Disable Backblaze B2 backups until #1899 is resolved 2021-01-31 08:33:56 -05:00
Felix Spöttel
e3d98b781e
Warn when connection to Spamhaus times out (#1817) 2021-01-28 18:22:43 -05:00
downtownallday
2b44fe4a12 Only show alias if one 2021-01-14 15:00:29 -05:00
downtownallday
9b89a5c504 Better handling of mail addressed to an alias 2021-01-13 22:29:16 -05:00