Scott Bronson
1cab5a6d4b
add caldav and carddav records to DNS status checks
2016-09-30 18:51:09 -07:00
Mathis Hoffmann
163daea41c
dnspython exception with IPv6 addresses
...
see #945 , merges #947
2016-09-23 07:35:53 -04:00
cs@twoflower
00bd23eb04
fix status_checks.py free disk space reporting #932
2016-09-15 17:01:21 +01:00
Joshua Tauberer
b044dda28f
put the ufw status checks in the network section, add a punctuation mark, add changelog entry
2016-07-29 09:23:36 -04:00
Michael Kroes
736b3de221
Improve matching of ufw output. Reuse network service list. Improve messages
2016-04-07 16:03:28 +02:00
Michael Kroes
c9f30e8059
Add status checks for ufw
2016-04-02 13:41:16 +02:00
Joshua Tauberer
67555679bd
move the reboot button, fix grammar, refactor check for DRY, add changelog entry
2016-03-23 16:37:15 -04:00
yodax
1b24e2cbaf
Reduce percentages for required memory checks
2016-02-22 17:49:19 +01:00
Wolf-Bastian Pöttner
239eac662c
Fix: Correct IP is reported when using custom DNS
...
Fix bug that reports wrong ip, when custom DNS is enabled
2016-02-04 21:32:11 +01:00
Joshua Tauberer
83ffc99b9c
change the public URL of bootstrap.sh to setup.sh
2016-01-30 11:19:51 -05:00
Joshua Tauberer
2ad7d0830e
add exception handling for what_version_is_this, fixes #659
2016-01-09 09:23:07 -05:00
Joshua Tauberer
812ef024ef
status checks: check that the non-primary domains also resolve over IPv6, if configured
2016-01-04 18:43:17 -05:00
Joshua Tauberer
40cdc5aa30
status checks: if a domain's DNS isnt working dont check the TLS certificate because we cant automatically provision one now anyway
2016-01-04 18:43:17 -05:00
Joshua Tauberer
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b6933a73fa
provision and install free SSL certificates from Let's Encrypt
2016-01-04 18:43:16 -05:00
Joshua Tauberer
5033042b8c
backups: email the administrator when there's a problem
...
Refactor by moving the email-the-admin code out of the status checks and into a new separate tool.
This is why I suppressed non-error output of the backups last commit - so it doesn't send a daily email.
2016-01-04 18:43:02 -05:00
Joshua Tauberer
06a0e7f3fe
merge #584 - Add checks to the management interface to report memory usage
2016-01-01 18:13:21 -05:00
Joshua Tauberer
a9cd72bbf9
tighten the status text strings for free memory, add changelog entry
2016-01-01 18:12:36 -05:00
Joshua Tauberer
682b1dea5e
changelog/status checks updated for opening the sieve port
2016-01-01 17:53:05 -05:00
Joshua Tauberer
c4f00626ef
status checks: check that PRIMARY_HOSTNAME's AAAA record is working
2015-12-07 09:08:00 -05:00
Joshua Tauberer
fdad83a1bb
status checks: check IPv6 reverse DNS
2015-12-07 08:58:48 -05:00
Joshua Tauberer
5bbe9f9a04
status checks: when ipv6 is enabled, check that services are accessible over ipv6 too
2015-12-07 08:37:04 -05:00
Joshua Tauberer
808522d895
merge functions get_web_domains and get_default_www_redirects
2015-11-29 14:46:08 +00:00
Joshua Tauberer
766b98c4ad
refactor: move SSL-related management functions into a new module ssl_certificates.py
2015-11-29 13:59:22 +00:00
Michael Kroes
59f8aa1c31
Add checks to the management interface to report memory usage
2015-11-20 01:48:59 -05:00
Joshua Tauberer
1926bfa1c5
all DNS queries should have a timeout, fixes #591
2015-11-11 12:25:55 +00:00
Joshua Tauberer
ac238b9d28
dont run secondary nameserver checks if the zone's nameservers aren't correct to begin with, possibly because the user is using external DNS, see #582
2015-11-05 11:09:15 +00:00
Joshua Tauberer
3fd1279e7d
...but then also have to compare against the intended IP address, which might have a custom override, see #582
2015-11-03 12:06:03 +00:00
Joshua Tauberer
3bc38c89ab
secondary NS status checks in 3b91bc2c0a
should not be skipped if the target IP address has been modified by a custom record
...
see #582
2015-11-03 06:48:04 -05:00
Joshua Tauberer
3b91bc2c0a
if secondary nameservers are given, status checks now check they are serving the right info
2015-10-22 10:58:36 +00:00
Joshua Tauberer
787beab63f
choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates
...
For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate.
2015-09-18 13:25:18 +00:00
Joshua Tauberer
d60d73b7e0
status checks: dont error if there's a domain that dns_update hasn't been run yet on
2015-09-06 13:27:35 +00:00
Joshua Tauberer
6704da1446
silence errors in the admin if there is an invalid domain name in the database
...
see #531
2015-09-06 13:27:28 +00:00
Joshua Tauberer
4f6fa40dbd
warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web
2015-09-05 20:07:51 +00:00
Joshua Tauberer
a56a9dc6a1
add Mail-in-a-Box version check to status checks
...
closes #502
2015-08-28 12:34:02 +00:00
Joshua Tauberer
0c9d431a3f
major cleanup to adding new version check to the status checks
2015-08-28 12:29:55 +00:00
Norman Stanke
1a525df8ad
Add Mail-in-a-Box version status check.
2015-08-28 11:55:21 +00:00
root
39270a8e35
fix problem with certificate verification on OpenVZ servers
2015-08-15 17:32:40 +02:00
David Piggott
e6ff280984
Store and set alias receivers and senders separately for maximum control
2015-07-20 12:51:57 +01:00
David Piggott
3fdfad27cd
Add support for bidirectional mail alias controls
...
This is an extension of #427 . Building on that change it adds support in the
aliases table for flagging aliases as:
1. Applicable to inbound and outbound mail.
2. Applicable to inbound mail only.
3. Applicable to outbound mail only.
4. Disabled.
The aliases UI is also updated to allow administrators to set the direction of
each alias.
Using this extra information, the sqlite queries executed by Postfix are
updated so only the relevant alias types are checked.
The goal and result of this change is that outbound-only catch-all aliases can
now be defined (in fact catch-all aliases of any type can be defined).
This allow us to continue supporting relaying as described at
https://mailinabox.email/advanced-configuration.html#relay
without requiring that administrators either create regular aliases for each
outbound *relay* address, or that they create a catch-all alias and then face a
flood of spam.
I have tested the code as it is in this commit and fixed every issue I found,
so in that regard the change is complete. However I see room for improvement
in terms of updating terminology to make the UI etc. easier to understand.
I'll make those changes as subsequent commits so that this tested checkpoint is
not lost, but also so they can be rejected independently of the actual change
if not wanted.
2015-07-20 12:51:57 +01:00
Joshua Tauberer
541d9252f6
allow PEM files to have non-Unix line endings
2015-07-17 11:44:28 +00:00
Joshua Tauberer
5dd5fc4a1c
clean up multiple secondary nameservers and zone xfr ip addresses
2015-07-10 15:42:33 +00:00
Brian Bustin
09133c8f59
Initial backend changes to make it possible to have one or more secondary name servers
2015-07-10 14:59:38 +00:00
Joshua Tauberer
ff4780d5fb
better error handling of invalid PEM files
2015-07-03 14:00:59 +00:00
Joshua Tauberer
0924f8ca7a
allow for PEM private keys in the 'BEGIN PRIVATE KEY' format too
...
see https://discourse.mailinabox.email/t/another-upgrade-failure/630/5
2015-07-02 15:37:26 -04:00
Joshua Tauberer
e3252f53da
idna domains in certificate subject alternative names were not handled correctly after switching to cryptography package
2015-06-30 13:09:18 +00:00
Joshua Tauberer
aa33428311
some IDNA functionality was still using Python's built-in IDNA 2003 encoder rather than the idna package's IDNA 2008 encoder
2015-06-30 13:09:18 +00:00
Joshua Tauberer
7527b4dc27
show the Mail-in-a-Box version in the control panel and a button to ping the MiaB website for the latest version
...
fixes #441
2015-06-25 13:43:11 +00:00
Joshua Tauberer
dece359c90
validate certificates using the cryptography python package as much as possible, shelling out to openssl just once instead of four times per certificate
...
* Use `cryptography` instead of parsing openssl's output.
* When checking if we can reuse the primary domain certificate or a www-parent-domain certificate for a domain, avoid shelling out to openssl entirely.
2015-06-21 14:53:37 +00:00
Joshua Tauberer
6258a7f311
status checks were broken if sshd was not present, fixes #444
2015-06-18 11:01:11 +00:00