Commit Graph

1555 Commits

Author SHA1 Message Date
Joshua Tauberer b60ca25e53 add comments to the new get_default_hostname etc. functions, and simplify the logic in the Vagrantfile and start.sh so that we always call into the same two functions 2014-06-07 14:57:03 -04:00
Michael Kropat 43ef49c737 Improve hostname/IP default values
Default IP+hostname values were incorrect for my VPS provider. I
improved the detection, which should give correct results results for
almost any provider. Specific issues addressed:

- icanhazip.com detection was only enabled in non-interactive mode
- `hostname` is by convention a short (non-fqdn) name in Ubuntu
- `hostname --fqdn` fails if provider does not pouplate `hosts` file
- `hostname -i` fails if provider does not populate `hosts` file
- `curl` without `--fail` will someday return crazy results
  when icanhazip.com returns 500 errors or similar
2014-06-07 14:11:42 -04:00
Joshua Tauberer add1545deb Merge pull request #65 from mkropat/mkropat/password-mask
Mask password input on stdin in tools/mail.py
2014-06-06 17:18:33 -04:00
Michael Kropat 5774205bc2 Mask password input on stdin 2014-06-06 17:07:30 -04:00
Joshua Tauberer 242cadebc8 allow dashes in emails during validation, and for aliases allow a much wider range of characters, fixes #64
* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822
2014-06-06 10:51:36 -04:00
Joshua Tauberer f1dac1fe13 show less output when updating DNS configuration 2014-06-06 10:51:36 -04:00
Joshua Tauberer 389c354c8f Vagrant updates
* use a public box (the official Ubuntu 14.04 box which contra the description does have VBox Guest Additions installed)
* now that we allow SSH password logins, since Vagrant requires it, dont muck with sshd_config here
* don't put the machine on the public network because that will allow anyone to log into it with Vagrant's default username/password, duh
2014-06-06 10:51:36 -04:00
Joshua Tauberer f9c3f33e74 move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase 2014-06-06 10:51:36 -04:00
Joshua Tauberer 6194c63f76 add management comments for checking for updated Ubuntu packages and applying updates 2014-06-05 20:57:30 +00:00
Joshua Tauberer cab7321dbb remove vestigal docker compatibility that prevented starting services during setup 2014-06-04 20:04:26 -04:00
Joshua Tauberer 295981828f Vagrantize
* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started
2014-06-04 19:39:58 -04:00
Joshua Tauberer 3961e1aec3 test_dns: more error handling 2014-06-04 19:31:55 -04:00
Joshua Tauberer 7fa4862f1a refactor dns_update so that the zone is first generated in a file-format agnostic way 2014-06-04 19:00:31 -04:00
Joshua Tauberer 8ed15168c0 the new dns_update totally forgot to write the OpenDKIM tables 2014-06-04 18:44:13 -04:00
Joshua Tauberer 2f0d036504 the bc package is no longer needed since redoing dns_update 2014-06-04 17:27:01 -04:00
Joshua Tauberer d6e6cfd3c9 mail test: catch typical connecting errors and display nicer output 2014-06-04 17:13:06 -04:00
Joshua Tauberer fff06f7d71 improve DNS test output 2014-06-04 17:01:49 -04:00
Joshua Tauberer 2bbb7a5e7e remove Docker stuff since it doesnt work 2014-06-04 10:57:23 -04:00
Joshua Tauberer a35fa12465 script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate 2014-06-04 11:38:20 +00:00
Joshua Tauberer ea62c2419d typo in updating DKIM, dont regenerate the DKIM private key each time setup is run 2014-06-03 21:42:33 +00:00
Joshua Tauberer 2a9349a64e show the SSL certificate's fingerprint during setup so the user can sort of pin it 2014-06-03 21:39:49 +00:00
Joshua Tauberer bb7905aefd on second and later runs of start.sh, recall the inputs the user entered the last time 2014-06-03 21:31:13 +00:00
Joshua Tauberer 24edd5ce91 the SSL CSR must be generated with a country code 2014-06-03 21:17:10 +00:00
Joshua Tauberer 89730bd643 new backup script, see #11 2014-06-03 21:16:38 +00:00
Joshua Tauberer 51dd2ed70b update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00
Joshua Tauberer c54b0cbefc move management into a daemon service running as root
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.

This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
Joshua Tauberer da15ae5375 rename the scripts directory to setup 2014-06-03 11:12:38 +00:00
Joshua Tauberer af03feb389 remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)
partially reverts 6d473f81ac
2014-05-23 09:01:03 +00:00
Joshua Tauberer 19aba091d7 test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation 2014-05-17 08:32:40 -04:00
Joshua Tauberer f91830f0e3 clean up README a bit; moving the bit Rationale into the github wiki 2014-05-15 08:57:44 -04:00
Joshua Tauberer 6d473f81ac add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client 2014-05-15 12:10:35 +00:00
Joshua Tauberer b646771517 redirect all HTTP to HTTPS and enable HSTS, closes #18 2014-05-14 12:15:11 +00:00
Joshua Tauberer 091a58ac94 dns_update needs to run with bash when run directly, see #39 2014-05-12 23:38:55 +00:00
Joshua Tauberer c722625041 test_dns: add ADSP and DMARC tests, see #14 2014-05-10 08:03:18 -04:00
Joshua Tauberer c403895f95 test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME) 2014-05-10 08:03:13 -04:00
Joshua Tauberer bdadf3017d test_dns: handle case where a DNS record is missing (vs incorrect) 2014-05-10 08:03:07 -04:00
Joshua Tauberer d5971e383b add ADSP and DMARC records; see #14 2014-05-10 11:58:27 +00:00
Joshua Tauberer a8938e107e DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain 2014-05-10 11:58:27 +00:00
Joshua Tauberer cfcb5f5bbd merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker
See http://phusion.github.io/baseimage-docker/ for why the stock Ubuntu
image from Docker is not good enough for a complex system.

Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.

see #16; merges #49
2014-05-06 10:05:14 -04:00
Joshua Tauberer 80b367ab07 test_mail: gracefully handled when the server has no reverse DNS available 2014-05-06 10:02:29 -04:00
Joshua Tauberer 63ef8f7b04 missing wget dependency used by roundcube installation 2014-05-06 10:02:06 -04:00
Joshua Tauberer e247929386 docker: don't start services ourself
* let the base image's system services manager handle it
* move our container start script to occur before system services are started
2014-05-06 10:00:30 -04:00
Joshua Tauberer 1db0dd3092 system.sh: make apt-get upgrade quieter 2014-05-06 09:57:11 -04:00
Joshua Tauberer fbd7d731e8 docker: fix startup scripts for nsd and dovecot to run them in the foreground 2014-05-06 09:56:20 -04:00
Joshua Tauberer 0659a0bb16 Merge branch 'better_docker' of https://github.com/pjz/mailinabox into pjz-better_docker
our trees had diverged, various conflicts resolved
2014-05-02 14:54:21 -04:00
Joshua Tauberer 189dd6000e docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then 2014-05-02 14:23:56 -04:00
Joshua Tauberer 3fdcbe542f don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name 2014-05-02 14:22:59 -04:00
Joshua Tauberer 89bb5da986 dns: missing dependency on bc 2014-05-02 14:18:26 -04:00
Paul Jimenez 5ceec760b9 Better Dockerfile support 2014-05-02 13:03:37 -04:00
Joshua Tauberer acec82950b docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e and setting an environment variable) 2014-05-01 22:39:45 -04:00