David Piggott
ca57560f11
Pass additional_records to recursive build_zone calls, closes #229
...
The problem was that custom records defined for a subdomain where implicit
records are otherwise defined (e.g. A/AAAA records for the root) were ignored.
Though additional_records for a subdomain are processed in the base call to
build_zone (the call for the parent domain), and so custom records that don't
override implicits were working fine, those that overrode implicits were
ignored.
This was because the recursive call to build_zone for the subdomain creates the
implicit records (including A/AAAA records for the root), and so by relying on
the base call to add the additional_records fails because has_rec returned
true.
Adding a subdomain's additional_records in the child call works because has_rec
returns false when testing whether to add an e.g. A/AAAA override for the root,
as the defaults have not yet been added.
2014-10-11 17:04:35 +01:00
Joshua Tauberer
17331e7d82
adding a really slick ssl certificate installation form in the control panel
2014-10-10 15:49:14 +00:00
Joshua Tauberer
5130b279d8
management/mail_log.py also include the previously rotated log file
2014-10-10 13:59:50 +00:00
Joshua Tauberer
aac6e49b94
spelling typo
2014-10-10 13:50:44 +00:00
Joshua Tauberer
ac49912b39
recommend DAVdroid
...
see http://discourse.mailinabox.email/t/recommend-a-different-android-carddav-and-caldav-android/102/1
2014-10-07 20:53:37 +00:00
Joshua Tauberer
0441a2e2e3
make a self-signed certificate on a non-primary domain a warning rather than an error, fixes #95
2014-10-07 20:41:07 +00:00
Joshua Tauberer
06a8ce1c9d
in the admin, show user mailbox sizes, fixes #210
2014-10-07 20:24:11 +00:00
Joshua Tauberer
443b084a17
in the admin, group aliases by domain, fixes #211
2014-10-07 19:47:46 +00:00
Joshua Tauberer
990649af2d
in the admin, group users by domain, fixes 209
2014-10-07 19:47:43 +00:00
Joshua Tauberer
6f4d29a410
tweak the new web instructions
2014-10-07 16:17:45 +00:00
Joshua Tauberer
6ab29c3244
add instructions for static web hosting into the control panel
2014-10-07 16:05:42 +00:00
Joshua Tauberer
bf9b770255
sort SSHFP records so that DNS updates don't trigger spurrious zone changes
2014-10-07 15:15:22 +00:00
Joshua Tauberer
9210ebdb9f
control panel tweaks
2014-10-07 15:12:35 +00:00
Joshua Tauberer
a56bb984d6
handle catastrophically bad certificates rather than raising an exception
2014-10-07 14:58:21 +00:00
Joshua Tauberer
7d1c0b3834
show SSL certificate expiration info in the control panel even long before certificates expire
2014-10-07 14:49:36 +00:00
Joshua Tauberer
20892b5d5b
status check on ns records should now take into account that secondary dns may be customized, see #223
2014-10-05 18:42:52 +00:00
Joshua Tauberer
4cf53cd8ee
backup status relativedelta was displaying wrong for deltas greater than 1 month
2014-10-05 18:23:29 +00:00
Joshua Tauberer
f42a1c5a74
allow overriding the second nameserver with a secondary/slave server
...
fixes #151
fixes #223
2014-10-05 14:53:42 +00:00
Joshua Tauberer
092c842a87
split external/custom dns into separate pages in the admin
2014-10-05 13:38:23 +00:00
Joshua Tauberer
d9ecc50119
since the management server binds to 127.0.0.1, must use that and not 'localhost' to connect to it because 'localhost' resolves to the IPv6 ::1 when it is available, see #224
2014-10-05 09:01:26 -04:00
Joshua Tauberer
4ae76aa2dd
dnssec: use RSASHA256 keys for .email domains
2014-10-04 17:29:42 +00:00
Joshua Tauberer
779d921410
status checks: put DNSSEC tests in a better order w.r.t. other tests
...
* If the PRIMARY_HOSTNAME is in a zone with a DS record set at the registrar, show any DNSSEC failure (but only a failure) immediately since it is probably the cause of other DNS errors displayed later.
* For zones, if a DS record is set at the register, do the DNSSEC test first because even the NS test will fail if DNSSEC is improperly configure.
* But if a DS record is not set, the this is just a suggestion to configure DNSSEC so offer the suggestion last --- after mail and web checks.
see https://discourse.mailinabox.email/t/dns-nameserver-gandi-glue-records-issues/105/3
2014-10-01 12:13:11 +00:00
Joshua Tauberer
5c7ba2a4c7
preliminary work on a mail.log scanner to report things in the control panel
2014-09-27 13:33:13 +00:00
Joshua Tauberer
e9cc3fdaab
make mail instructions clearer and describe greylisting, DMARC policy
2014-09-27 13:32:22 +00:00
Joshua Tauberer
8bd37ea53c
add catch-alls to the admin again with nicer instructions
2014-09-27 13:32:22 +00:00
Joshua Tauberer
ab47144ae3
add strict SPF and DMARC records to any subdomains (including custom records) that do not have SPF/DMARC set
...
closes #208
2014-09-26 14:01:03 +00:00
Joshua Tauberer
9b6f9859d1
dns_update: assume DKIM is present
2014-09-26 14:01:03 +00:00
Joshua Tauberer
5a89f3c633
don't allow catch-all addresses in the admin because they take precedence over mail users and that's counter-intuitive
...
For now use the command-line tools/mail.py if you need it.
see #200
Revert "Changed incomming-email-input to type text"
This reverts commit 9631fab7b2
.
2014-09-24 12:36:47 +00:00
Joshua Tauberer
c2ddabe683
fix ajax loading indicator positioning
2014-09-21 17:41:46 +00:00
Joshua Tauberer
846768efcb
admin: update user's password from the admin
2014-09-21 17:24:01 +00:00
Joshua Tauberer
8dfbb90f3a
admin: simplify the users table a bit
2014-09-21 17:10:23 +00:00
Joshua Tauberer
c7c3bd33cf
DNS API should reject qnames that aren't in a zone managed by the box
...
see https://discourse.mailinabox.email/t/set-www-a-and-other-dns-records-after-install/63/10
2014-09-21 13:37:30 +00:00
Joshua Tauberer
1637153566
make the DNS API a little clearer
2014-09-21 13:37:30 +00:00
Joshua Tauberer
05510f25a5
warn if a SSL cert is expiring in 30 days
2014-09-21 13:37:30 +00:00
Joshua Tauberer
b8ea7282b0
don't run apt-get update
when generating the status checks output because it is so slow and should be update daily by cron anyway
2014-09-21 13:37:30 +00:00
Joshua Tauberer
ff0c85615b
correct typo in comment
2014-09-15 10:02:25 +00:00
Joshua Tauberer
16e2350fef
revise the description of A records on domains: the A record must be present for good deliverability so that the envelope domain resolves, but it doesn't have to resolve to this machine
2014-09-15 06:00:50 -04:00
Christian
9631fab7b2
Changed incomming-email-input to type text
...
The input type="email" validation won't allow "@example.com", which is needed for catch-all-aliases.
2014-09-12 18:08:33 +02:00
Joshua Tauberer
196e42e8b5
don't automatically create an alias if a user account already exists by that name
...
In the event the first user is an address that we'd normally create as an alias,
we'd generate a loop from the alias to the administrative alias to the first user
account (which was the alias again).
hopefully fixes #186
2014-09-09 11:41:47 +00:00
Joshua Tauberer
f09da719f7
show the response from spamhaus.org in the status checks output
2014-09-08 20:27:26 +00:00
Joshua Tauberer
e9e95cbed5
tweak backup explanatory text
2014-09-08 20:12:31 +00:00
Joshua Tauberer
98fc449b49
only hold onto backups for 14 days (not 31) and show when the backups will be deleted in the control panel
2014-09-08 20:09:18 +00:00
Joshua Tauberer
bab8b515ea
new logic for determining when to take a full backup
2014-09-08 19:42:54 +00:00
Joshua Tauberer
cce6bc02a8
add links to IANA tables for DNSSEC algorithm/digest number assignemnts
2014-09-07 10:59:20 -04:00
Joshua Tauberer
110e0f90d9
dns: move the quoting of TXT records to when we write the zone file so that we can display it unquoted in the External DNS instructions
2014-09-07 11:42:20 +00:00
Joshua Tauberer
b5122770cc
tweak admin template for external DNS
2014-09-07 07:22:39 -04:00
Joshua Tauberer
03f9358de4
when checking SSL certs are OK, check for wildcard certificates
...
fixes #175 (hopefully)
2014-09-03 17:31:47 +00:00
Joshua Tauberer
f77f1e656c
split CardDAV instrctions into a new page and add CalDAV instructions; create nice redirects at /cloud/calendar and /cloud/contacts
2014-09-03 10:51:19 +00:00
Joshua Tauberer
b420e560c3
dont show 'make admin' on archived mailbox accounts and other control panel cleanup
2014-09-03 10:17:46 +00:00
Joshua Tauberer
7a449c76a1
set the DNS TTL to 30 minutes rather than 1 day
...
Also updating the values for secondary DNS, but we're not set up
for secondary DNS so it won't matter.
see #172
2014-09-01 23:06:55 +00:00
Joshua Tauberer
3853e8dd93
show the status of backups in the control panel
2014-09-01 13:06:53 +00:00
Joshua Tauberer
10a37cd033
add SSHFP records to DNS
2014-08-27 12:59:40 +00:00
Joshua Tauberer
684d9b3c70
prettify the custom DNS docs
2014-08-27 12:57:47 +00:00
Joshua Tauberer
699923d605
Merge pull request #166 from benschumacher/master
...
Fix typo in dns_update.py.
2014-08-26 16:13:11 -04:00
Ben Schumacher
d5efb05f31
Fix typo in dns_update.py.
2014-08-26 15:58:34 -04:00
Sebastian Kosch
2afd0be591
Replace spaces by tabs in 106-109
2014-08-26 12:16:20 -04:00
Joshua Tauberer
92c7815d2c
Merge pull request #156 from skosch/patch-1
...
Allow users to insert custom nginx configuration directives through new optional files.
2014-08-26 10:24:22 -04:00
Joshua Tauberer
06a4046d13
fix link to /cloud in the admin, fixes #160
2014-08-26 11:51:47 +00:00
Joshua Tauberer
9b8d85de45
if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH
2014-08-26 11:31:45 +00:00
Joshua Tauberer
b76cbae5a0
document the DNS API in the control panel
...
see #140 , #155 , df20d447a9
2014-08-25 23:52:41 +00:00
Joshua Tauberer
ed8ce16fb5
show custom DNS records in the control panel too, fixes #155
2014-08-25 23:35:44 +00:00
Joshua Tauberer
a32806da32
create STORAGE_ROOT/backup/duplicity if it doesn't exist
...
fixes #158
2014-08-25 23:29:00 +00:00
Joshua Tauberer
18f0406541
update comments in backup.py
2014-08-25 23:28:43 +00:00
Joshua Tauberer
bc9d670981
prettify mail guide
2014-08-25 23:24:41 +00:00
Sebastian Kosch
00b5c6ee9c
test_domain -> domain
2014-08-25 16:02:13 -04:00
Sebastian Kosch
76ff9735cc
Move custom server blocks to STORAGE_ROOT
2014-08-25 13:25:44 -04:00
Sebastian Kosch
9bfff1f679
Add server block customizations
...
This allows users to add a file /etc/nginx/conf.d/includes/mydomain.com.conf, the contents of which will be included in the server block for mydomain.com.
2014-08-24 17:34:15 -04:00
Joshua Tauberer
df20d447a9
add an api for setting custom DNS records
...
Works like this:
```curl -d "" --user email:password https://.../admin/dns/set/qname/rtype/value ```
where the rtype and value default to "A" and the remote IP address of the request, so that a simple, empty POST to
```https://.../admin/dns/set/desktop.mydomain.com ```
will point desktop.mydomain.com to the caller's IPv4 address.
closes #140
2014-08-23 23:03:45 +00:00
Joshua Tauberer
6e3b04ce83
when generating SSL CSRs, using SHA256 as SHA1 is being phased out, per @konklone
2014-08-23 17:49:33 -04:00
Joshua Tauberer
2d5097345a
move the package update check into the system status checks
2014-08-21 11:24:40 +00:00
Joshua Tauberer
294d19e0af
rename whats_next.py to status_checks.py
2014-08-21 10:43:55 +00:00
Joshua Tauberer
46f3d05034
add the network checks to whats_next
...
* zen.spamhaus.org
* dbl.spamhaus.org
* checks if a connection to Google's MTA on port 25 works
2014-08-19 11:16:49 +00:00
Joshua Tauberer
91821adfd7
nameserver checks should be case insensitive
2014-08-18 22:41:27 +00:00
Joshua Tauberer
b30d7ad80a
web-based administrative UI
...
closes #19
2014-08-17 22:46:06 +00:00
Joshua Tauberer
ba8e015795
dns_update: dont restart the opendkim process if nothing changed
2014-08-17 20:42:17 +00:00
Joshua Tauberer
919a5a8f0b
whats_next: when there are multiple responses like for NS records sort the responses so we can compare to a fixed order
2014-08-17 19:55:03 +00:00
Joshua Tauberer
f299825a95
in the nginx override YAML file, change how proxies are specified into a mapping
2014-08-17 19:40:45 +00:00
Joshua Tauberer
04454b35c6
(merge) CardDAV, CalDAV via ownCloud and move to z-push fork fork
...
Merges branch 'owncloud' of github.com:jkaberg/mailinabox
which is pull request #135 , closes #135
thanks @jkaberg, @fmbiete, @owncloud
2014-08-17 15:31:08 -04:00
Joshua Tauberer
f41ec93cbe
management: dont raise an exception on a poorly formatted authentication header
2014-08-17 11:50:05 -04:00
Joshua Tauberer
6e380ade17
owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME
2014-08-16 12:33:10 +00:00
Joshua Tauberer
8c9f278166
owncloud: support MOD_X_ACCEL_REDIRECT_ENABLED
...
This lets downloads from the file app work.
2014-08-15 23:16:54 +00:00
Joshua Tauberer
e625a424fd
whats_next: check that the TLSA record is correct, fixes #139
2014-08-13 19:42:49 +00:00
Joshua Tauberer
0eceb2012f
use php5-fpm rather than our own custom launcher script for PHP+FastCGI
2014-08-12 11:00:54 +00:00
Joshua Tauberer
1312b0254b
backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old
2014-08-11 11:45:40 +00:00
Joshua Tauberer
f66914d634
backup: automatically take a full backup when the sum of the increments get very large
2014-08-11 11:38:32 +00:00
Joshua Tauberer
58e300e113
backup must be full on the first run because incremental backup will fail, fixes #134
2014-08-11 07:16:58 -04:00
Joshua Tauberer
e294f7c181
create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129
2014-08-09 16:49:57 +00:00
Joshua Tauberer
b56f82cb92
make a privileges column in the users table and mark the first user as an admin
2014-08-08 12:31:22 +00:00
Joshua Tauberer
6a512042dc
after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location
2014-08-02 14:16:08 +00:00
Joshua Tauberer
6d4fab1e6a
whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using
...
fixes #120 (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest
Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1 in which a user asks about the DS parameters that Gandi asks for.
2014-08-01 12:15:05 +00:00
Joshua Tauberer
30178ef019
add a --force flag to dns_update
2014-08-01 12:05:34 +00:00
Joshua Tauberer
168c06939d
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces
...
hopefully fixes #121 ; thanks for the help @sfPlayer1
2014-07-29 20:07:26 -04:00
Joshua Tauberer
8042ab66ac
dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain
2014-07-20 15:23:17 +00:00
Joshua Tauberer
8354d9732a
in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses
2014-07-20 14:53:55 +00:00
Joshua Tauberer
1ad9c70887
refactor custom DNS records
2014-07-20 14:48:20 +00:00
Joshua Tauberer
2e0680de4f
the check for whether a custom DNS setting is valid was in the wrong place
2014-07-20 14:41:02 +00:00
sfPlayer1
89acbe4127
Update dns_update.py
...
Add new extra bool parameter.
2014-07-18 13:05:32 +02:00
sfPlayer1
0e893626c8
Add IPv6 glue records as well
...
The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.
This caused http://dnscheck.pingdom.com to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.
Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld
I'm not very familiar with Python and DNS, please verify ;)
2014-07-18 13:03:09 +02:00
Joshua Tauberer
42c891032d
don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend
2014-07-17 13:08:05 +00:00
Joshua Tauberer
d7a9e7cc17
run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box
2014-07-17 13:08:05 +00:00