external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity
2,445 Commits 6 Branches 85 Tags 43 MiB
190d7195d3
Commit Graph

37 Commits

Author SHA1 Message Date
downtownallday
190d7195d3 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 
The roundcube password plugin is not disabled.

# Conflicts:
#	management/utils.py
#	setup/start.sh
#	setup/system.sh
#	setup/webmail.sh
#	tools/editconf.py
 2023-01-15 20:35:08 -05:00
Hugh Secker-Walker
820a39b865
chore(python open): Refactor open and gzip.open to use context manager (#2203) 
Co-authored-by: Hugh Secker-Walker <hsw+miac@hodain.net>
 2023-01-15 08:28:43 -05:00
downtownallday
bf63ca827e Add copyright to source files 2022-09-19 14:45:11 -04:00
Joshua Tauberer
ab71abbc7c Update to latest cryptography Python package, add missing source at top of management.sh so it can run standalone (needs STORAGE_ROOT) 2022-07-28 14:42:51 -04:00
downtownallday
c135bf1f77 Merge branch 'jammyjellyfish2204' of https://github.com/mail-in-a-box/mailinabox into jammyjellyfish2204 
# Conflicts:
#	CHANGELOG.md
#	README.md
#	conf/nginx-top.conf
#	management/backup.py
#	setup/bootstrap.sh
#	setup/management.sh
#	setup/nextcloud.sh
#	setup/system.sh
#	setup/web.sh
#	setup/webmail.sh
#	setup/zpush.sh
#	tests/test_mail.py
 2022-06-21 23:58:17 -04:00
Joshua Tauberer
a6ae0e6da1 Update to latest cryptography Python package, add missing source at top of management.sh so it can run standalone (needs STORAGE_ROOT) 2022-06-19 07:31:07 -04:00
downtownallday
9057c12c38 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-10-16 21:07:36 -04:00
David Duque
8b166f3041
Display certificate expiry dates in ISO format (#1841) 2020-10-16 16:22:36 -04:00
downtownallday
640048db04 Merge branch 'master' into ldap 2020-05-29 17:11:39 -04:00
Joshua Tauberer
37dad9d4bb Provision certificates from Let's Encrypt grouped by DNS zone 
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).

Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.

Fixes #690.
 2020-05-29 15:38:18 -04:00
downtownallday
1f0d2ddb92 Issue #1340 - LDAP backend for accounts 
This commit will:

1. Change the user account database from sqlite to OpenLDAP
2. Add policyd-spf to postfix for SPF validation
3. Add a test runner with some automated test suites

Notes:

User account password hashes are preserved.

There is a new Roundcube contact list called "Directory" that lists the users in LDAP (MiaB users), similar to what Google Suite does.

Users can still change their password in Roundcube.

OpenLDAP is configured with TLS, but all remote access is blocked by firewall rules. Manual changes are required to open it for remote access (eg. "ufw allow proto tcp from <HOST> to any port ldaps").

The test runner is started by executing tests/runner.sh. Be aware that it will make changes to your system, including adding new users, domains, mailboxes, start/stop services, etc. It is highly unadvised to run it on a production system!

The LDAP schema that supports mail delivery with postfix and dovecot is located in conf/postfix.schema. This file is copied verbatim from the LdapAdmin project (GPL, ldapadmin.org). Instead of including the file in git, it could be referenced by URL and downloaded by the setup script if GPL is an issue or apply for a PEN from IANA.

Mangement console and other services should not appear or behave any differently than before.
 2020-01-17 17:03:21 -05:00
Joshua Tauberer
2f467556bd new ssl cert provisioning broke if a domain doesnt yet have a cert, fixes #1392 2018-07-19 11:40:49 -04:00
Joshua Tauberer
2a72c800f6 replace free_tls_certificates with certbot 2018-06-29 16:46:21 -04:00
Joshua Tauberer
8be23d5ef6 ssl_certificates: reuse query_dns function in status_checks and simplify calls by calling normalize_ip within query_dns 2018-06-29 16:46:21 -04:00
Joshua Tauberer
ef6f121491 when generating a CSR in the control panel, don't set empty attributes 
Same as in a52c56e571.

Fixes #1338.
 2018-01-28 09:07:54 -05:00
Joshua Tauberer
0088fb4553 install Python 3 packages in a virtualenv 
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.

See #1298, see #1264.
 2018-01-15 13:27:04 -05:00
Joshua Tauberer
add985ce5d letencrypt now supports idna, remove the check/block 2017-04-17 07:45:08 -04:00
Joshua Tauberer
a081d04082 move the custom exclusive process code from utils.py into a new python package named exclusiveprocess 2017-01-15 11:02:23 -05:00
Jonathan Chun
584cfe42c4 compare IPv6 addresses correctly with normalization (#1052) 2017-01-15 10:41:12 -05:00
Joshua Tauberer
cd717ec94e nightly TLS certificate provisioning should omit warnings about domains it cant provision for 2016-12-07 07:02:52 -05:00
Joshua Tauberer
c26bc841a2 more for dnspython exception with IPv6 addresses 
fixes #945, corrects prev commit (#947) in case of multiple AAAA records, adds changelog
 2016-09-23 07:41:24 -04:00
Mathis Hoffmann
163daea41c dnspython exception with IPv6 addresses 
see #945, merges #947
 2016-09-23 07:35:53 -04:00
Joshua Tauberer
49ea9cddd1 ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited 2016-03-06 14:39:34 -05:00
Joshua Tauberer
36cb2ef41d missing elif 2016-02-16 09:11:54 -05:00
Joshua Tauberer
1ba44b02d4 forgot to catch free_tls_certificates.client.ChallengeFailed 
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.

see #695, probably fixes it
 2016-02-15 18:22:16 -05:00
Joshua Tauberer
2f24328608 before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text 
Made a mistake refactoring the headless variable earlier.

fixes #696
 2016-02-13 12:38:16 -05:00
Joshua Tauberer
faaa74c3a7 tls: hide extra reasons why domains aren't getting a new certificate during setup 2016-01-14 07:21:08 -05:00
Joshua Tauberer
2882e63dd8 second part of provisioning tls certificates from the control panel 2016-01-04 18:43:17 -05:00
Joshua Tauberer
b8d6226a9a when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains 2016-01-04 18:43:17 -05:00
Joshua Tauberer
bac15d3919 provision tls certificates from the control panel 2016-01-04 18:43:16 -05:00
Joshua Tauberer
4b4f670adf s/SSL/TLS/ in user-visible text throughout the project 2016-01-04 18:43:16 -05:00
Joshua Tauberer
b1b57f9bfd don't try to get certs for IDNA domains and report all reasons for not fetching a certificate 
fixes #646
 2016-01-04 18:43:16 -05:00
Joshua Tauberer
b6933a73fa provision and install free SSL certificates from Let's Encrypt 2016-01-04 18:43:16 -05:00
Joshua Tauberer
d53332b7cf drop the CSR_COUNTRY setting and ask within the control panel 2015-12-26 11:48:23 -05:00
Joshua Tauberer
392d33b902 change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key 
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.

see #268
 2015-12-26 11:01:46 -05:00
Joshua Tauberer
be9efe0273 ensure malformed ssl certificate can't cause it to be written to an arbitrary path 2015-11-29 14:04:37 +00:00
Joshua Tauberer
766b98c4ad refactor: move SSL-related management functions into a new module ssl_certificates.py 2015-11-29 13:59:22 +00:00