1
0
miroir de https://github.com/mail-in-a-box/mailinabox.git synchronisé 2025-10-24 17:50:54 +00:00
Graphe des révisions

203 Révisions

Auteur SHA1 Message Date
downtownallday
d349150dd0 Merge remote-tracking branch 'upstream/main' into merge-upstream
# Conflicts:
#	.gitignore
#	management/auth.py
#	management/daemon.py
#	management/mail_log.py
#	management/mailconfig.py
#	management/mfa.py
#	management/ssl_certificates.py
#	management/status_checks.py
#	management/utils.py
#	management/web_update.py
#	setup/mail-postfix.sh
#	setup/migrate.py
#	setup/preflight.sh
#	setup/webmail.sh
#	tests/test_mail.py
#	tools/editconf.py
2024-03-12 07:41:14 -04:00
solomon-s-b
84919fefa4
Fix miab-munin.conf filter not capturing HTTP/2.0 (#2359) 2024-03-10 07:15:25 -04:00
downtownallday
3774a78b03 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	setup/nextcloud.sh
2023-06-16 17:32:28 -04:00
Michael Heuberger
98628622c7
Bump Nextcloud to v25.0.7 (#2268)
Also
- bumps calendar and contacts apps
- adds extra migration steps between these versions
- adds cron job for Calendar updates
- rotates nextloud log file after upgrading
- adds primary key indices migrations
- adjusts configs slightly
- adds more well-known entries in nginx to improve service discovery
- reformats some comments (line-breaking)
2023-06-16 11:49:55 -04:00
downtownallday
190d7195d3 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
The roundcube password plugin is not disabled.

# Conflicts:
#	management/utils.py
#	setup/start.sh
#	setup/system.sh
#	setup/webmail.sh
#	tools/editconf.py
2023-01-15 20:35:08 -05:00
downtownallday
e0a237c857 Fixes #17: start services after unattended upgrades 2022-12-02 15:09:29 -05:00
downtownallday
65a3c7e243 Correct dav paths 2022-09-20 22:16:51 -04:00
downtownallday
bf63ca827e Add copyright to source files 2022-09-19 14:45:11 -04:00
downtownallday
603b716ac2 add additional protections to the management daemon's runtime environment 2022-09-18 15:43:10 -04:00
downtownallday
45d5b7cb25 Merge branch 'jammyjellyfish2204' of https://github.com/mail-in-a-box/mailinabox into jammyjellyfish2204
# Conflicts:
#	setup/webmail.sh
#	tools/editconf.py
2022-09-17 19:54:52 -04:00
Steve Hay
3fd2e3efa9
Replace Flask built-in WSGI server with gunicorn (#2158) 2022-09-17 08:03:16 -04:00
Joshua Tauberer
78d71498fa Upgrade from PHP 7.2 to 8.0 for Ubuntu 22.04
* Add the PHP PPA.
* Specify the version when invoking the php CLI.
* Specify the version in package names.
* Update paths to 8.0 (using a variable in the setup scripts).
* Update z-push's php-xsl dependency to php8.0-xml.
* php-json is now built-into PHP.

Although PHP 8.1 is the stock version in Ubuntu 22.04, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.
2022-07-28 14:02:46 -04:00
downtownallday
27dcb5d7ca Enable fail2ban for z-push and add a test for it 2022-07-18 15:52:04 -04:00
downtownallday
c135bf1f77 Merge branch 'jammyjellyfish2204' of https://github.com/mail-in-a-box/mailinabox into jammyjellyfish2204
# Conflicts:
#	CHANGELOG.md
#	README.md
#	conf/nginx-top.conf
#	management/backup.py
#	setup/bootstrap.sh
#	setup/management.sh
#	setup/nextcloud.sh
#	setup/system.sh
#	setup/web.sh
#	setup/webmail.sh
#	setup/zpush.sh
#	tests/test_mail.py
2022-06-21 23:58:17 -04:00
Joshua Tauberer
0159347673 Upgrade from PHP 7.2 to 8.0 for Ubuntu 22.04
* Add the PHP PPA.
* Specify the version when invoking the php CLI.
* Specify the version in package names.
* Update paths to 8.0 (using a variable in the setup scripts).
* Update z-push's php-xsl dependency to php8.0-xml.
* php-json is now built-into PHP.

Although PHP 8.1 is the stock version in Ubuntu 22.04, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.
2022-06-19 07:31:05 -04:00
jbandholz
9004bb6e8e
Add IPV6 addresses to fail2ban ignoreip (#2069)
Update jails.conf to include IPV6 localhost and external ip to ignoreip line.  Update system.sh to include IPV6 address in replacement.  See mail-in-a-box#2066 for details.
2022-06-05 09:40:54 -04:00
downtownallday
72827f365d Change service and package names referring to php 8.0 to php 8.1 2022-02-25 19:47:30 -05:00
downtownallday
4e6550ed22 Merge branch 'jammyjellyfish2204' of https://github.com/mail-in-a-box/mailinabox into jammyjellyfish2204
# Conflicts:
#	README.md
#	setup/mail-dovecot.sh
#	setup/system.sh
#	setup/webmail.sh
#	setup/zpush.sh
#	tests/test_mail.py
2022-01-11 16:39:39 -05:00
Daniel Mabbett
ae20878431 Upgrade from PHP 7.2 to 8.0 for Ubuntu 22.04
(Updated by @JoshData from the original commit which was for Ubuntu 20.04 using PHP 7.4. And although 8.1 seems to be available, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.)
2022-01-08 20:07:32 -05:00
downtownallday
66ac35871e Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
Upstream is adding handling for utf8 domains by creating a domain alias @utf8 -> @idna. I'm deviating from this approach by setting multiple email address (idna and utf8) per user and alias where a domain contains non-ascii characters. The maildrop (mailbox) remains the same - all mail goes to the user's mailbox regardless of which email address was used. This is more in line with how other systems (eg. active directory), handle multiple email addresses for a single user.

# Conflicts:
#	README.md
#	management/mailconfig.py
#	management/templates/index.html
#	setup/dns.sh
#	setup/mail-users.sh
2021-10-01 17:43:48 -04:00
downtownallday
fc4ad70535 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	management/dns_update.py
#	management/web_update.py
#	tests/test_mail.py
2021-05-15 22:35:48 -04:00
Joshua Tauberer
d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
downtownallday
2a0e50c8d4 Initial commit of a log capture and reporting feature
This adds a new section to the admin panel called "Activity", that
supplies charts, graphs and details about messages entering and leaving
the host.

A new daemon captures details of system mail activity by monitoring
the /var/log/mail.log file, summarizing it into a sqllite database
that's kept in user-data.
2021-01-11 18:02:07 -05:00
downtownallday
a0dd58d29e Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-11-17 07:46:22 -05:00
gumida
7ce41e3865
Changed mta-sts.txt end of line from LF to CRLF per RFC 8461 (#1863) 2020-11-15 07:54:34 -05:00
downtownallday
ad3174f08e Merge branch 'totp' 2020-10-31 11:39:35 -04:00
downtownallday
6589a31883 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-10-13 20:22:18 -04:00
Felix Spöttel
7d6c7b6610
Increase mta-sts max_age to one week (#1829)
This aligns the policy with the example policy found in the  spec
see https://tools.ietf.org/html/rfc8461#section-3.2
2020-10-02 21:27:21 -04:00
downtownallday
f6b04b314f Add totpMruTokenTime to upgrade 2020-09-30 11:50:49 -04:00
downtownallday
100acb119b Add a totpMruTokenTime value to record the time when the mru token was used
Use the totpMruTokenTime as the id to uniquely identify a totp entry
2020-09-30 11:00:58 -04:00
downtownallday
60771b7615 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-09-29 09:12:25 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
2020-09-28 23:25:16 -04:00
0pis
7f0f28f8e3
Use tabs instead of spaces in nginx conf (#1827)
* conf/nginx-primaryonly.conf: Use tabs instead of spaces
* management/web_update.py: Includes the tabs so they display with the correct indentation when added to the local.conf

Co-authored-by: 0pis <0pis>
2020-09-27 07:13:33 -04:00
downtownallday
c6816d5641 Fix comment 2020-09-10 17:05:56 -04:00
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
2020-09-10 15:23:27 -04:00
downtownallday
ac35bdc544 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-29 10:34:47 -04:00
Hilko
1098e2b48e
Add noindex to www_default meta tags (#1791) 2020-07-29 10:03:33 -04:00
downtownallday
640048db04 Merge branch 'master' into ldap 2020-05-29 17:11:39 -04:00
A. Schippers
afc9f9686a
Publish MTA-STS policy for incoming mail (#1731)
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
downtownallday
a30b721014 Merge branch 'master' into ldap 2020-05-11 13:45:12 -04:00
yeuna92
c87b62b8c2
Fix path to Roundcube error log in fail2ban jails.conf (#1761) 2020-05-11 08:59:42 -04:00
Joshua Tauberer
c19f8c9ee6 Change Mozilla autoconfig useGlobalPreferredServer property to false
Fixes #1736.
2020-05-10 19:29:01 -04:00
downtownallday
1f0d2ddb92 Issue #1340 - LDAP backend for accounts
This commit will:

1. Change the user account database from sqlite to OpenLDAP
2. Add policyd-spf to postfix for SPF validation
3. Add a test runner with some automated test suites

Notes:

User account password hashes are preserved.

There is a new Roundcube contact list called "Directory" that lists the users in LDAP (MiaB users), similar to what Google Suite does.

Users can still change their password in Roundcube.

OpenLDAP is configured with TLS, but all remote access is blocked by firewall rules. Manual changes are required to open it for remote access (eg. "ufw allow proto tcp from <HOST> to any port ldaps").

The test runner is started by executing tests/runner.sh. Be aware that it will make changes to your system, including adding new users, domains, mailboxes, start/stop services, etc. It is highly unadvised to run it on a production system!

The LDAP schema that supports mail delivery with postfix and dovecot is located in conf/postfix.schema. This file is copied verbatim from the LdapAdmin project (GPL, ldapadmin.org). Instead of including the file in git, it could be referenced by URL and downloaded by the setup script if GPL is an issue or apply for a PEN from IANA.

Mangement console and other services should not appear or behave any differently than before.
2020-01-17 17:03:21 -05:00
Joshua Tauberer
f53b18ebb9 Upgrade TLS settings 2019-12-01 17:49:36 -05:00
Joshua Tauberer
46f64e0e0a fail2ban should watch for managesieve logins too, fixes #1622 2019-08-31 09:04:17 -04:00
jvolkenant
193763f8f0 Update to Nextcloud 15.0.8, Contacts to 3.1.1, and Calendar to 1.6.5 (#1577)
* Update to Nextcloud 15.0.7, Contacts to 3.1.1, and Calendar to 1.6.5
* Enabled localhost-only insecure IMAP login for localhost Nextcloud auth
* Add package php-imagick and BigInt conversion
* added support for /cloud/oc[sm]-provider/ endpoint
2019-06-16 11:10:52 -04:00
jvolkenant
aff80ac58c Autodiscovery fix for additional hosted email domains, Fixes #941 (#1467) 2019-05-09 10:13:23 -07:00
jvolkenant
c60e3dc842 fail2ban ssh/ssh-ddos and sasl are now sshd and postfix-sasl (fixes #1453, merges #1454)
* fail2ban ssh/ssh-ddos and sasl are now sshd and postfix-sasl

* specified custom datepattern for miab-owncloud.conf
2019-01-18 09:40:51 -05:00
jvolkenant
8d5670068a fixes nginx warning about duplicate ssl configuration (#1460) 2018-10-25 15:18:21 -04:00
Joshua Tauberer
bbfa01f33a update to PHP 7.2
* drop the ondrej/php PPA since PHP 7.x is available directly from Ubuntu 18.04
* intall PHP 7.2 which is just the "php" package in Ubuntu 18.04
* some package names changed, some unnecessary packages are no longer provided
* update paths
2018-10-03 13:00:15 -04:00