Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3bbec18ac6 
							
						 
					 
					
						
						
							
							Merge pull request  #734  from yodax/dynamicpool  
						
						... 
						
						
						
						Create a temporary multiprocessing pool 
						
					 
					
						2016-02-28 12:39:11 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2be373fd06 
							
						 
					 
					
						
						
							
							Merge pull request  #727  from yodax/userlist  
						
						... 
						
						
						
						Allow files in /home/user-data/mail/mailboxes 
						
					 
					
						2016-02-28 12:33:38 -05:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							b71ad85e9f 
							
						 
					 
					
						
						
							
							Restore an empty line  
						
						
						
					 
					
						2016-02-26 09:51:22 +01:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							8ea2f5a766 
							
						 
					 
					
						
						
							
							Allow a server to be rebooted when a reboot is required  
						
						
						
					 
					
						2016-02-25 21:56:27 +01:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							6c1357e16c 
							
						 
					 
					
						
						
							
							Merge branch 'master' into dynamicpool  
						
						
						
					 
					
						2016-02-23 17:01:13 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5cabfd591b 
							
						 
					 
					
						
						
							
							(re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly  
						
						... 
						
						
						
						This was originally fixed in 143bbf37f47a93d219ef 
						
					 
					
						2016-02-23 10:16:04 -05:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							721730f0e8 
							
						 
					 
					
						
						
							
							Create a temporary multiprocessing pool  
						
						
						
					 
					
						2016-02-23 06:32:01 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							af80849857 
							
						 
					 
					
						
						
							
							Merge pull request  #732  from yodax/memory  
						
						... 
						
						
						
						Reduce percentages for required free memory checks 
						
					 
					
						2016-02-22 15:02:50 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4b2e48f2c0 
							
						 
					 
					
						
						
							
							Merge pull request  #726  from yodax/login  
						
						... 
						
						
						
						When previous panel was login, move to system_status 
						
					 
					
						2016-02-22 14:44:23 -05:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							1b24e2cbaf 
							
						 
					 
					
						
						
							
							Reduce percentages for required memory checks  
						
						
						
					 
					
						2016-02-22 17:49:19 +01:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							0843159fb4 
							
						 
					 
					
						
						
							
							Reduce number of processes in the pool to 5  
						
						
						
					 
					
						2016-02-22 17:38:30 +01:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							057903a303 
							
						 
					 
					
						
						
							
							Allow files in /home/user-data/mail/mailboxes  
						
						
						
					 
					
						2016-02-21 13:49:07 +01:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							b8e99c30a2 
							
						 
					 
					
						
						
							
							When previous panel was login, move to system_status  
						
						
						
					 
					
						2016-02-20 18:42:28 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							23ecff04b8 
							
						 
					 
					
						
						
							
							the logic in  4ed23f44e6 for taking backups more often was partly backward  
						
						
						
					 
					
						2016-02-18 07:50:59 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							36cb2ef41d 
							
						 
					 
					
						
						
							
							missing elif  
						
						
						
					 
					
						2016-02-16 09:11:54 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1ba44b02d4 
							
						 
					 
					
						
						
							
							forgot to catch free_tls_certificates.client.ChallengeFailed  
						
						... 
						
						
						
						Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it 
						
					 
					
						2016-02-15 18:22:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f24328608 
							
						 
					 
					
						
						
							
							before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text  
						
						... 
						
						
						
						Made a mistake refactoring the headless variable earlier.
fixes  #696  
						
					 
					
						2016-02-13 12:38:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8ea42847da 
							
						 
					 
					
						
						
							
							nightly status checks could fail if any domains had non-ASCII characters  
						
						... 
						
						
						
						https://discourse.mailinabox.email/t/status-check-emails-empty-after-upgrading-to-v0-16/1082/3 
A user on that thread suggests an alternate solution, adding `PYTHONIOENCODING=utf-8` to `/etc/environment`. Python docs say that affects stdin/out/err. But we also use these environment variables elsewhere to ensure that config files we read/write are opened with UTF8 too. Maybe all that can be simplified too. 
					
						2016-02-13 11:51:06 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4ed23f44e6 
							
						 
					 
					
						
						
							
							take a full backup more often so we don't keep backups around for so long  
						
						
						
					 
					
						2016-02-05 11:08:33 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							178527dab1 
							
						 
					 
					
						
						
							
							convert the backup increment time to the local timezone,  fixes   #700  
						
						... 
						
						
						
						Duplicity gives times in UTC. We were assuming times were in local time. 
						
					 
					
						2016-02-05 08:58:07 -05:00 
						 
				 
			
				
					
						
							
							
								Wolf-Bastian Pöttner 
							
						 
					 
					
						
						
						
						
							
						
						
							239eac662c 
							
						 
					 
					
						
						
							
							Fix: Correct IP is reported when using custom DNS  
						
						... 
						
						
						
						Fix bug that reports wrong ip, when custom DNS is enabled 
						
					 
					
						2016-02-04 21:32:11 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4e18f66db6 
							
						 
					 
					
						
						
							
							tls control panel: only show integral seconds while waiting the requested time from Lets Encrypt, in case we got back a non-integral number of seconds to wait  
						
						
						
					 
					
						2016-02-03 08:21:22 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							83ffc99b9c 
							
						 
					 
					
						
						
							
							change the public URL of bootstrap.sh to setup.sh  
						
						
						
					 
					
						2016-01-30 11:19:51 -05:00 
						 
				 
			
				
					
						
							
							
								mike 
							
						 
					 
					
						
						
						
						
							
						
						
							6b408ef824 
							
						 
					 
					
						
						
							
							Use utils.shell instead of subprocess.Popen  
						
						
						
					 
					
						2016-01-14 10:24:04 -05:00 
						 
				 
			
				
					
						
							
							
								Jeroen Jacobs 
							
						 
					 
					
						
						
						
						
							
						
						
							70111dafbc 
							
						 
					 
					
						
						
							
							Removes border and rounded corners from navbar  
						
						
						
					 
					
						2016-01-14 15:48:39 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							faaa74c3a7 
							
						 
					 
					
						
						
							
							tls: hide extra reasons why domains aren't getting a new certificate during setup  
						
						
						
					 
					
						2016-01-14 07:21:08 -05:00 
						 
				 
			
				
					
						
							
							
								mike 
							
						 
					 
					
						
						
						
						
							
						
						
							8932aaf4ef 
							
						 
					 
					
						
						
							
							needed libcgi-fast-perl and chown log files  
						
						
						
					 
					
						2016-01-13 23:55:45 -05:00 
						 
				 
			
				
					
						
							
							
								mike 
							
						 
					 
					
						
						
						
						
							
						
						
							6d6f3ea391 
							
						 
					 
					
						
						
							
							Added ability to use munin's dynazoom  
						
						
						
					 
					
						2016-01-13 22:20:33 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2ad7d0830e 
							
						 
					 
					
						
						
							
							add exception handling for what_version_is_this,  fixes   #659  
						
						
						
					 
					
						2016-01-09 09:23:07 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							07f9228694 
							
						 
					 
					
						
						
							
							Merge branch 'letsencrypt' for automatic provisioning of TLS certificates from Let's Encrypt  
						
						
						
					 
					
						2016-01-09 08:58:35 -05:00 
						 
				 
			
				
					
						
							
							
								baltoche 
							
						 
					 
					
						
						
						
						
							
						
						
							36e5772a8e 
							
						 
					 
					
						
						
							
							Update dns_update.py  
						
						
						
					 
					
						2016-01-05 16:56:16 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2882e63dd8 
							
						 
					 
					
						
						
							
							second part of provisioning tls certificates from the control panel  
						
						
						
					 
					
						2016-01-04 18:43:17 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							812ef024ef 
							
						 
					 
					
						
						
							
							status checks: check that the non-primary domains also resolve over IPv6, if configured  
						
						
						
					 
					
						2016-01-04 18:43:17 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							40cdc5aa30 
							
						 
					 
					
						
						
							
							status checks: if a domain's DNS isnt working dont check the TLS certificate because we cant automatically provision one now anyway  
						
						
						
					 
					
						2016-01-04 18:43:17 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b8d6226a9a 
							
						 
					 
					
						
						
							
							when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains  
						
						
						
					 
					
						2016-01-04 18:43:17 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bac15d3919 
							
						 
					 
					
						
						
							
							provision tls certificates from the control panel  
						
						
						
					 
					
						2016-01-04 18:43:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4b4f670adf 
							
						 
					 
					
						
						
							
							s/SSL/TLS/ in user-visible text throughout the project  
						
						
						
					 
					
						2016-01-04 18:43:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b1b57f9bfd 
							
						 
					 
					
						
						
							
							don't try to get certs for IDNA domains and report all reasons for not fetching a certificate  
						
						... 
						
						
						
						fixes  #646  
					
						2016-01-04 18:43:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b6933a73fa 
							
						 
					 
					
						
						
							
							provision and install free SSL certificates from Let's Encrypt  
						
						
						
					 
					
						2016-01-04 18:43:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5033042b8c 
							
						 
					 
					
						
						
							
							backups: email the administrator when there's a problem  
						
						... 
						
						
						
						Refactor by moving the email-the-admin code out of the status checks and into a new separate tool.
This is why I suppressed non-error output of the backups last commit - so it doesn't send a daily email. 
						
					 
					
						2016-01-04 18:43:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89a46089ee 
							
						 
					 
					
						
						
							
							backups: suppress all output except errors  
						
						
						
					 
					
						2016-01-04 18:43:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e288d7730b 
							
						 
					 
					
						
						
							
							backups: trap an error that occurs as early as getting the current backup status  
						
						
						
					 
					
						2016-01-04 18:43:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							06a0e7f3fe 
							
						 
					 
					
						
						
							
							merge  #584  - Add checks to the management interface to report memory usage  
						
						
						
					 
					
						2016-01-01 18:13:21 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a9cd72bbf9 
							
						 
					 
					
						
						
							
							tighten the status text strings for free memory, add changelog entry  
						
						
						
					 
					
						2016-01-01 18:12:36 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							682b1dea5e 
							
						 
					 
					
						
						
							
							changelog/status checks updated for opening the sieve port  
						
						
						
					 
					
						2016-01-01 17:53:05 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8d19eade85 
							
						 
					 
					
						
						
							
							clarify the backup days option,  fixes   #570  
						
						
						
					 
					
						2015-12-26 12:04:26 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d53332b7cf 
							
						 
					 
					
						
						
							
							drop the CSR_COUNTRY setting and ask within the control panel  
						
						
						
					 
					
						2015-12-26 11:48:23 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							392d33b902 
							
						 
					 
					
						
						
							
							change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key  
						
						... 
						
						
						
						Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268  
						
					 
					
						2015-12-26 11:01:46 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4305a71916 
							
						 
					 
					
						
						
							
							merge  #587  - move backup and nightly status checks to 3am in system time  
						
						... 
						
						
						
						previously these were run in a cron.daily script which per crontab is run at 6:25 am local time 
						
					 
					
						2015-12-26 08:42:58 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a4d8e12fd7 
							
						 
					 
					
						
						
							
							clean up the backup time patch: dont choose timezone here, move status checks into the same 3am script  
						
						
						
					 
					
						2015-12-26 08:41:37 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							dbf4729109 
							
						 
					 
					
						
						
							
							add management/backup.py --restore  
						
						
						
					 
					
						2015-12-23 12:53:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6e6c993724 
							
						 
					 
					
						
						
							
							reword POP documentation, add to changelog/readme  
						
						
						
					 
					
						2015-12-12 08:46:18 -05:00 
						 
				 
			
				
					
						
							
							
								Marius 
							
						 
					 
					
						
						
						
						
							
						
						
							f8b4e3775d 
							
						 
					 
					
						
						
							
							Update mail-guide.html (POP3)  
						
						
						
					 
					
						2015-12-12 08:41:13 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fad69f85fa 
							
						 
					 
					
						
						
							
							Merge pull request  #605  from ariejan/feature/604-add-rfc2142-mail-aliases  
						
						... 
						
						
						
						Add alias for abuse@ 
						
					 
					
						2015-12-07 15:56:51 -05:00 
						 
				 
			
				
					
						
							
							
								Ariejan de Vroom 
							
						 
					 
					
						
						
						
						
							
						
						
							aedfe62bb0 
							
						 
					 
					
						
						
							
							Add alias for abuse@  
						
						
						
					 
					
						2015-12-07 16:31:58 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c4f00626ef 
							
						 
					 
					
						
						
							
							status checks: check that PRIMARY_HOSTNAME's AAAA record is working  
						
						
						
					 
					
						2015-12-07 09:08:00 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fdad83a1bb 
							
						 
					 
					
						
						
							
							status checks: check IPv6 reverse DNS  
						
						
						
					 
					
						2015-12-07 08:58:48 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5bbe9f9a04 
							
						 
					 
					
						
						
							
							status checks: when ipv6 is enabled, check that services are accessible over ipv6 too  
						
						
						
					 
					
						2015-12-07 08:37:04 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7a93d219ef 
							
						 
					 
					
						
						
							
							some cleanup in dns_update.py  
						
						
						
					 
					
						2015-11-29 14:59:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							808522d895 
							
						 
					 
					
						
						
							
							merge functions get_web_domains and get_default_www_redirects  
						
						
						
					 
					
						2015-11-29 14:46:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							be9efe0273 
							
						 
					 
					
						
						
							
							ensure malformed ssl certificate can't cause it to be written to an arbitrary path  
						
						
						
					 
					
						2015-11-29 14:04:37 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							766b98c4ad 
							
						 
					 
					
						
						
							
							refactor: move SSL-related management functions into a new module ssl_certificates.py  
						
						
						
					 
					
						2015-11-29 13:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c422543fdd 
							
						 
					 
					
						
						
							
							make the system SSL certificate a symlink so we never have to replace a certificate file, and flatten the directory structure of user-installed certificates  
						
						
						
					 
					
						2015-11-29 02:02:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cf33be4596 
							
						 
					 
					
						
						
							
							fix boto 2 conflict on Google Compute Engine instances  
						
						... 
						
						
						
						GCE installs some Python-2-only boto plugin that conflicts with boto running under Python 3. It gives a SyntaxError in /usr/share/google/boto/boto_plugins/compute_auth.py (https://github.com/GoogleCloudPlatform/compute-image-packages ).
Disabling boto's default configuration file prior to importing boto so that GCE's plugin is not loaded.
See https://discourse.mailinabox.email/t/500-internal-server-error-for-admin/942 . 
						
					 
					
						2015-11-26 14:51:44 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							161d096139 
							
						 
					 
					
						
						
							
							add a way to dump backup status from the command line  
						
						
						
					 
					
						2015-11-26 14:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							59f8aa1c31 
							
						 
					 
					
						
						
							
							Add checks to the management interface to report memory usage  
						
						
						
					 
					
						2015-11-20 01:48:59 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							59e9952a61 
							
						 
					 
					
						
						
							
							the explanatory text for setting up secondary nameservers was hidden until a secondary nameserver is added, so that wasn't helpful  
						
						
						
					 
					
						2015-11-19 07:00:32 -05:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							280de022cb 
							
						 
					 
					
						
						
							
							Change order in which service stop  
						
						
						
					 
					
						2015-11-17 05:22:42 -05:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							fa1cad7fb2 
							
						 
					 
					
						
						
							
							During the backup you will get login failures which will confuse iOS, so it is better to stop php-fpm as well  
						
						
						
					 
					
						2015-11-17 02:57:14 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1926bfa1c5 
							
						 
					 
					
						
						
							
							all DNS queries should have a timeout,  fixes   #591  
						
						
						
					 
					
						2015-11-11 12:25:55 +00:00 
						 
				 
			
				
					
						
							
							
								Sheldon Rupp 
							
						 
					 
					
						
						
						
						
							
						
						
							96b02e68ee 
							
						 
					 
					
						
						
							
							Change 'Wosign' to 'WoSign'  
						
						
						
					 
					
						2015-11-08 21:31:43 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ac238b9d28 
							
						 
					 
					
						
						
							
							dont run secondary nameserver checks if the zone's nameservers aren't correct to begin with, possibly because the user is using external DNS, see  #582  
						
						
						
					 
					
						2015-11-05 11:09:15 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3fd1279e7d 
							
						 
					 
					
						
						
							
							...but then also have to compare against the intended IP address, which might have a custom override, see  #582  
						
						
						
					 
					
						2015-11-03 12:06:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3bc38c89ab 
							
						 
					 
					
						
						
							
							secondary NS status checks in  3b91bc2c0a should not be skipped if the target IP address has been modified by a custom record  
						
						... 
						
						
						
						see #582  
						
					 
					
						2015-11-03 06:48:04 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d0062b7de4 
							
						 
					 
					
						
						
							
							Merge pull request  #572  from OmgImAlexis/patch-1  
						
						... 
						
						
						
						Added wosign as a suggested free SSL provider. 
						
					 
					
						2015-10-31 14:57:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3b91bc2c0a 
							
						 
					 
					
						
						
							
							if secondary nameservers are given, status checks now check they are serving the right info  
						
						
						
					 
					
						2015-10-22 10:58:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4c4babd9e7 
							
						 
					 
					
						
						
							
							experimentally scanning the mail log to see if we can infer a good time to take a backup  
						
						
						
					 
					
						2015-10-22 10:35:14 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							274e5ca676 
							
						 
					 
					
						
						
							
							let dovecot automatically create mailbox folders rather than doing it manually in the management daemon,  fixes   #554  
						
						
						
					 
					
						2015-10-18 11:55:27 +00:00 
						 
				 
			
				
					
						
							
							
								Peter Timofejew 
							
						 
					 
					
						
						
						
						
							
						
						
							1bdfdbee89 
							
						 
					 
					
						
						
							
							Added 'Sent' folder when creating user.  
						
						
						
					 
					
						2015-10-12 09:43:35 -04:00 
						 
				 
			
				
					
						
							
							
								X O 
							
						 
					 
					
						
						
						
						
							
						
						
							ebffaab16a 
							
						 
					 
					
						
						
							
							Added wosign as a suggest free SSL provider.  
						
						
						
					 
					
						2015-10-11 11:33:18 +10:30 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6c8ee1862a 
							
						 
					 
					
						
						
							
							use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts);  fixes   #234  
						
						
						
					 
					
						2015-09-18 19:04:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							787beab63f 
							
						 
					 
					
						
						
							
							choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates  
						
						... 
						
						
						
						For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate. 
						
					 
					
						2015-09-18 13:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							58349a9410 
							
						 
					 
					
						
						
							
							when updating DNS, clear the local DNS cache  
						
						
						
					 
					
						2015-09-18 13:00:53 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							93c2258d23 
							
						 
					 
					
						
						
							
							let the HSTS header be controlled by the management daemon so some domains can choose to enable preload  
						
						
						
					 
					
						2015-09-08 21:20:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d60d73b7e0 
							
						 
					 
					
						
						
							
							status checks: dont error if there's a domain that dns_update hasn't been run yet on  
						
						
						
					 
					
						2015-09-06 13:27:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6704da1446 
							
						 
					 
					
						
						
							
							silence errors in the admin if there is an invalid domain name in the database  
						
						... 
						
						
						
						see #531  
						
					 
					
						2015-09-06 13:27:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4f6fa40dbd 
							
						 
					 
					
						
						
							
							warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web  
						
						
						
					 
					
						2015-09-05 20:07:51 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							104b804059 
							
						 
					 
					
						
						
							
							if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web  
						
						
						
					 
					
						2015-09-05 20:07:51 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							75a75a6f84 
							
						 
					 
					
						
						
							
							admin: rename my ajax javascript function to ajax_with_indicator; see  79c57c2303 
						
						
						
					 
					
						2015-09-04 18:40:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2e99589336 
							
						 
					 
					
						
						
							
							admin: fix jumpyness when a modal is shown (move overflow-y to body; make the navbar not fixed to top)  
						
						
						
					 
					
						2015-09-04 22:21:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							188b21dd36 
							
						 
					 
					
						
						
							
							bump bootstrap to 3.3.5 and jquery to 1.11.3 on the admin  
						
						
						
					 
					
						2015-09-04 22:13:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0cf56e0aad 
							
						 
					 
					
						
						
							
							add a random password generator to the users page of the admin  
						
						
						
					 
					
						2015-09-04 22:12:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c5082498ab 
							
						 
					 
					
						
						
							
							utils.py can't import non-standard modules because it is imported by migrate.py, which is run before anything is installed  
						
						... 
						
						
						
						closes  #540  
					
						2015-08-30 13:50:34 -04:00 
						 
				 
			
				
					
						
							
							
								Richard Willis 
							
						 
					 
					
						
						
						
						
							
						
						
							ab59323813 
							
						 
					 
					
						
						
							
							Added a note about TXT record length limitations and how to construct the records to bypass the limitation  
						
						
						
					 
					
						2015-08-28 15:50:02 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a56a9dc6a1 
							
						 
					 
					
						
						
							
							add Mail-in-a-Box version check to status checks  
						
						... 
						
						
						
						closes  #502  
					
						2015-08-28 12:34:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bc790ea581 
							
						 
					 
					
						
						
							
							backups: make the instructions about the backup password file more prominent  
						
						
						
					 
					
						2015-08-28 12:33:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							dbfd158388 
							
						 
					 
					
						
						
							
							dont refresh the backup page when there's an error saving the config  
						
						
						
					 
					
						2015-08-28 12:33:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2b1f7da654 
							
						 
					 
					
						
						
							
							S3 credentials for backup should not be displayed in the control panel,  fixes   #529  
						
						
						
					 
					
						2015-08-28 12:33:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0c9d431a3f 
							
						 
					 
					
						
						
							
							major cleanup to adding new version check to the status checks  
						
						
						
					 
					
						2015-08-28 12:29:55 +00:00 
						 
				 
			
				
					
						
							
							
								Norman Stanke 
							
						 
					 
					
						
						
						
						
							
						
						
							1a525df8ad 
							
						 
					 
					
						
						
							
							Add Mail-in-a-Box version status check.  
						
						
						
					 
					
						2015-08-28 11:55:21 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Willis 
							
						 
					 
					
						
						
						
						
							
						
						
							f26c0b71d2 
							
						 
					 
					
						
						
							
							Focus on fields in the login form  
						
						... 
						
						
						
						This just makes life a little easier...
Squashed the following commits:
* Use $.trim() for better browser support 
						
					 
					
						2015-08-27 22:17:13 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a8074ae3e4 
							
						 
					 
					
						
						
							
							suppress some status output regarding new automatic aliases on first installation  
						
						
						
					 
					
						2015-08-19 16:30:32 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cfc4e6b48b 
							
						 
					 
					
						
						
							
							automatic administrator aliases are probably not bidirectional because the administrator@ address is an alias and not a user  
						
						
						
					 
					
						2015-08-19 16:06:09 -04:00 
						 
				 
			
				
					
						
							
							
								root 
							
						 
					 
					
						
						
						
						
							
						
						
							39270a8e35 
							
						 
					 
					
						
						
							
							fix problem with certificate verification on OpenVZ servers  
						
						
						
					 
					
						2015-08-15 17:32:40 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8c08f957cd 
							
						 
					 
					
						
						
							
							bidirectional alias controls: a new permitted_senders column in the aliases table allows setting who can send as an address independently of where the address forwards to  
						
						... 
						
						
						
						But the default permitted senders are the same as the addresses the alias forwards to.
Merge branch 'dhpiggott-bidirectional-alias-controls' 
						
					 
					
						2015-08-14 23:09:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5924d0fe0d 
							
						 
					 
					
						
						
							
							various cleanup related to the new permitted_senders column for aliases  
						
						
						
					 
					
						2015-08-14 23:05:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							848dea83ab 
							
						 
					 
					
						
						
							
							additional error handling for backups with an invalid target  
						
						
						
					 
					
						2015-08-12 11:19:59 +00:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							f96bef43cc 
							
						 
					 
					
						
						
							
							If no prefix is specified, set the path to '', otherwise boto won't list the files  
						
						
						
					 
					
						2015-08-11 13:54:30 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f4e8ee0af9 
							
						 
					 
					
						
						
							
							html errors in the backup template, my bad  
						
						
						
					 
					
						2015-08-09 20:34:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9ca116d545 
							
						 
					 
					
						
						
							
							add an option to disable backups  
						
						
						
					 
					
						2015-08-09 20:15:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cdd3a64638 
							
						 
					 
					
						
						
							
							after-backup was run with the wrong environment  
						
						
						
					 
					
						2015-08-09 20:08:33 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							99e51f8a52 
							
						 
					 
					
						
						
							
							use boto to get actual file sizes of backup files when S3 is used  
						
						
						
					 
					
						2015-08-09 20:08:33 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3b4b57c081 
							
						 
					 
					
						
						
							
							switching between backup options in the admin wasn't working at all  
						
						... 
						
						
						
						* going from s3 to file target wasn't working
* use 'local' in the config instead of a file: url, for the local target, so it is not path-specific
* break out the S3 fields since users can't be expected to know how to form a URL
* use boto to generate a list of S3 hosts
* use boto to validate that the user input for s3 is valid
* fix lots of html errors in the backup admin 
						
					 
					
						2015-08-09 20:08:33 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c7f8ead496 
							
						 
					 
					
						
						
							
							clean up the new backup configuration panel  
						
						
						
					 
					
						2015-08-09 20:08:30 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3f15879578 
							
						 
					 
					
						
						
							
							remove global variables in backup.py  
						
						
						
					 
					
						2015-08-09 17:54:46 +00:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							1cdd205eb7 
							
						 
					 
					
						
						
							
							Missed one max_age  
						
						
						
					 
					
						2015-07-28 20:58:39 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							77099b3bce 
							
						 
					 
					
						
						
							
							Reword backup min_time label  
						
						
						
					 
					
						2015-07-28 00:42:00 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							0d8a4099c1 
							
						 
					 
					
						
						
							
							Add placeholder attribute; use input instead of textarea  
						
						
						
					 
					
						2015-07-28 00:37:48 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							606cf6a941 
							
						 
					 
					
						
						
							
							Fix API typo  
						
						
						
					 
					
						2015-07-28 00:34:26 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							ba9065cada 
							
						 
					 
					
						
						
							
							Don't write collection_status output to file but parse it directly  
						
						
						
					 
					
						2015-07-27 22:30:22 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							e693802091 
							
						 
					 
					
						
						
							
							Rename max_age to min_age  
						
						... 
						
						
						
						Also clarify a comment and remove an unneeded type check 
						
					 
					
						2015-07-27 22:18:19 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							fa0dd684da 
							
						 
					 
					
						
						
							
							Add archive-dir argument to collection-status  
						
						
						
					 
					
						2015-07-27 22:13:28 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							43fb7fe635 
							
						 
					 
					
						
						
							
							Remove unused variable  
						
						
						
					 
					
						2015-07-27 22:11:43 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							91e4ea6e2f 
							
						 
					 
					
						
						
							
							Infer target_type from url  
						
						
						
					 
					
						2015-07-27 22:09:58 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							1e3e34f15f 
							
						 
					 
					
						
						
							
							Make backup API RESTful  
						
						
						
					 
					
						2015-07-27 22:00:36 +02:00 
						 
				 
			
				
					
						
							
							
								Leo Koppelkamm 
							
						 
					 
					
						
						
						
						
							
						
						
							2e6c410336 
							
						 
					 
					
						
						
							
							Make backups more configurable  
						
						... 
						
						
						
						Backup location and maximum age can now be configured in the admin panel.
For now only S3 is supported, but adding other duplicity supported backends should be straightforward. 
						
					 
					
						2015-07-27 21:53:34 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0293e04311 
							
						 
					 
					
						
						
							
							fix control panel links, broken in Firefox (worked in Chrome)  
						
						... 
						
						
						
						see https://discourse.mailinabox.email/t/bug-present-for-ages/694/3  
						
					 
					
						2015-07-25 14:12:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1900e512f2 
							
						 
					 
					
						
						
							
							improve the sort order of domains - siblings to the primary hostname were not sorted right  
						
						
						
					 
					
						2015-07-21 11:25:11 +00:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							123ac4fd33 
							
						 
					 
					
						
						
							
							s/email/address/ in aliases UI variable names  
						
						... 
						
						
						
						This makes the frontend consistent with the backend. 
						
					 
					
						2015-07-20 12:51:57 +01:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							423bb8e317 
							
						 
					 
					
						
						
							
							Fix remove-alias button breakage  
						
						
						
					 
					
						2015-07-20 12:51:57 +01:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							e6ff280984 
							
						 
					 
					
						
						
							
							Store and set alias receivers and senders separately for maximum control  
						
						
						
					 
					
						2015-07-20 12:51:57 +01:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							3fdfad27cd 
							
						 
					 
					
						
						
							
							Add support for bidirectional mail alias controls  
						
						... 
						
						
						
						This is an extension of #427 . Building on that change it adds support in the
aliases table for flagging aliases as:
 1. Applicable to inbound and outbound mail.
 2. Applicable to inbound mail only.
 3. Applicable to outbound mail only.
 4. Disabled.
The aliases UI is also updated to allow administrators to set the direction of
each alias.
Using this extra information, the sqlite queries executed by Postfix are
updated so only the relevant alias types are checked.
The goal and result of this change is that outbound-only catch-all aliases can
now be defined (in fact catch-all aliases of any type can be defined).
This allow us to continue supporting relaying as described at
https://mailinabox.email/advanced-configuration.html#relay 
without requiring that administrators either create regular aliases for each
outbound *relay* address, or that they create a catch-all alias and then face a
flood of spam.
I have tested the code as it is in this commit and fixed every issue I found,
so in that regard the change is complete. However I see room for improvement
in terms of updating terminology to make the UI etc. easier to understand.
I'll make those changes as subsequent commits so that this tested checkpoint is
not lost, but also so they can be rejected independently of the actual change
if not wanted. 
						
					 
					
						2015-07-20 12:51:57 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d3bbc0ec95 
							
						 
					 
					
						
						
							
							bug in new secondary nameservers  
						
						... 
						
						
						
						forgot a 'continue' statement
see 216acb0eebfixes  #497  
						
					 
					
						2015-07-20 11:25:16 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							541d9252f6 
							
						 
					 
					
						
						
							
							allow PEM files to have non-Unix line endings  
						
						
						
					 
					
						2015-07-17 11:44:28 +00:00 
						 
				 
			
				
					
						
							
							
								PortableTech 
							
						 
					 
					
						
						
						
						
							
						
						
							415f95b792 
							
						 
					 
					
						
						
							
							Add TLSA record for HTTPS connections.  
						
						... 
						
						
						
						While not widely supported, there are some browser addons that can
validate DNSSEC and TLSA for additional out-of-band verification of
certificates when browsing the web.  Costs nothing to implement and
might improve security in some situations. 
						
					 
					
						2015-07-13 09:12:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5dd5fc4a1c 
							
						 
					 
					
						
						
							
							clean up multiple secondary nameservers and zone xfr ip addresses  
						
						
						
					 
					
						2015-07-10 15:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Brian Bustin 
							
						 
					 
					
						
						
						
						
							
						
						
							09133c8f59 
							
						 
					 
					
						
						
							
							Initial backend changes to make it possible to have one or more secondary name servers  
						
						
						
					 
					
						2015-07-10 14:59:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							acd91665b5 
							
						 
					 
					
						
						
							
							setting an alias to forward to two or more addresses was broken since  aa33428311 
						
						... 
						
						
						
						fixes  #482  
					
						2015-07-04 15:28:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ff4780d5fb 
							
						 
					 
					
						
						
							
							better error handling of invalid PEM files  
						
						
						
					 
					
						2015-07-03 14:00:59 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0924f8ca7a 
							
						 
					 
					
						
						
							
							allow for PEM private keys in the 'BEGIN PRIVATE KEY' format too  
						
						... 
						
						
						
						see https://discourse.mailinabox.email/t/another-upgrade-failure/630/5  
						
					 
					
						2015-07-02 15:37:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e57e08088a 
							
						 
					 
					
						
						
							
							the control panel would not allow installing a certificate for a www redirect domain,  fixes   #475  
						
						
						
					 
					
						2015-07-02 10:53:54 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							42a506231b 
							
						 
					 
					
						
						
							
							don't automatically create the administrator@ alias (e.g. on first user creation) because we dont know what it should be an alias to (leave this to be resolved manually),  fixes   #470  
						
						... 
						
						
						
						Was broken by 462a79cf47 
						
					 
					
						2015-06-30 09:16:22 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e3252f53da 
							
						 
					 
					
						
						
							
							idna domains in certificate subject alternative names were not handled correctly after switching to cryptography package  
						
						
						
					 
					
						2015-06-30 13:09:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							aa33428311 
							
						 
					 
					
						
						
							
							some IDNA functionality was still using Python's built-in IDNA 2003 encoder rather than the idna package's IDNA 2008 encoder  
						
						
						
					 
					
						2015-06-30 13:09:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5ef1cfbdc7 
							
						 
					 
					
						
						
							
							forgot new version.html template file  
						
						
						
					 
					
						2015-06-25 17:43:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7527b4dc27 
							
						 
					 
					
						
						
							
							show the Mail-in-a-Box version in the control panel and a button to ping the MiaB website for the latest version  
						
						... 
						
						
						
						fixes  #441  
					
						2015-06-25 13:43:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							299a2315c1 
							
						 
					 
					
						
						
							
							dkim 2048 bits - migration and zone file generation changes  
						
						... 
						
						
						
						* Add a migration to delete any existing DKIM key so that existing machines get a fresh 2048-bit key. (Sadly we don't support key rotation so the change is immediate.)
* Because the DNS record for a 2048-bit key is so much longer, the way we read OpenDKIM's DNS record text file had to be modified to combine an arbitrary number of TXT record quoted ("...") strings.
* When writing out the TXT record value, the string must be split into quoted ("...") strings with a maximum length of 255 bytes each, per the DNS spec.
* Added a changelog entry. 
						
					 
					
						2015-06-25 13:06:29 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							dece359c90 
							
						 
					 
					
						
						
							
							validate certificates using the cryptography python package as much as possible, shelling out to openssl just once instead of four times per certificate  
						
						... 
						
						
						
						* Use `cryptography` instead of parsing openssl's output.
* When checking if we can reuse the primary domain certificate or a www-parent-domain certificate for a domain, avoid shelling out to openssl entirely. 
						
					 
					
						2015-06-21 14:53:37 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							43d50d0667 
							
						 
					 
					
						
						
							
							Merge pull request  #445  from bizonix/patch-1  
						
						... 
						
						
						
						fix wrong redirect for automatic www subdomain redirects 
						
					 
					
						2015-06-18 07:05:01 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6258a7f311 
							
						 
					 
					
						
						
							
							status checks were broken if sshd was not present,  fixes   #444  
						
						
						
					 
					
						2015-06-18 11:01:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ab36cc8968 
							
						 
					 
					
						
						
							
							whitespace=>tabs  
						
						
						
					 
					
						2015-06-18 10:54:51 +00:00 
						 
				 
			
				
					
						
							
							
								bizonix 
							
						 
					 
					
						
						
						
						
							
						
						
							33b71c6b3c 
							
						 
					 
					
						
						
							
							fix wrong redirect  
						
						... 
						
						
						
						$ curl -I https://www.site.co.il/static/images/1.png?a=b  | grep Location
Location: https://site.co.il?a=b 
but should be something like 
Location: https://site.co.il/static/images/1.png?a=b  
						
					 
					
						2015-06-18 01:48:15 +03:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2af557139d 
							
						 
					 
					
						
						
							
							default IPv6 AAAA records were missing  
						
						... 
						
						
						
						This was broken by the ability to have multiple TXT records in 9f1d633ae4 
						
					 
					
						2015-06-17 06:47:22 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1990f32ca4 
							
						 
					 
					
						
						
							
							typo,  fixes   #435  
						
						
						
					 
					
						2015-06-06 13:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							807939c0e4 
							
						 
					 
					
						
						
							
							make the +tag address tips clearer  
						
						
						
					 
					
						2015-06-06 13:02:23 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5008cc603e 
							
						 
					 
					
						
						
							
							merge - munin system monitoring  
						
						
						
					 
					
						2015-06-06 12:52:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9857db96cd 
							
						 
					 
					
						
						
							
							add a link to the /admin/munin page from the control panel nav bar  
						
						
						
					 
					
						2015-06-06 12:52:16 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e9e6d94e3b 
							
						 
					 
					
						
						
							
							the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac  
						
						
						
					 
					
						2015-06-06 12:38:19 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							462a79cf47 
							
						 
					 
					
						
						
							
							fix what counts as a required alias,  fixes   #434  
						
						
						
					 
					
						2015-06-06 12:12:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f792deeebd 
							
						 
					 
					
						
						
							
							when the undocumented custom web settings has a redirect or proxy at the root of a domain, use a minimal nginx config template (same as the new default www redirects)  
						
						
						
					 
					
						2015-06-04 12:32:00 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							95173bb327 
							
						 
					 
					
						
						
							
							provide redirects from www subdomains of zones to their parent domain  
						
						... 
						
						
						
						* Split the nginx templates again so we have just the part needed to make a domain do a redirect separate from the rest.
* Add server blocks to the nginx config for these domains.
* List these domains in the SSL certificate install admin panel.
* Generate default 'www' records just for domains we provide default redirects for.
Fixes  #321 . 
						
					 
					
						2015-06-04 12:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1d09e2406b 
							
						 
					 
					
						
						
							
							refactor how the nginx config file is assembled  
						
						... 
						
						
						
						This doesn't change anything. Just preparation for the next commit. 
						
					 
					
						2015-06-04 12:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c9add7a8bf 
							
						 
					 
					
						
						
							
							if a user sets a custom A record on PRIMARY_HOSTNAME, which is ignored anyway, don't let that cause PRIMARY_HOSTNAME from being dropped from nginx.conf  
						
						... 
						
						
						
						Could be related to https://discourse.mailinabox.email/t/nginx-lost-admin-record-after-install-ssl-cert-problem/528 . 
						
					 
					
						2015-06-04 12:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2b341d884f 
							
						 
					 
					
						
						
							
							merge  #396  - allow the backup process to work after a hostname change  
						
						
						
					 
					
						2015-05-30 13:55:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							141a09b31e 
							
						 
					 
					
						
						
							
							changelog, comments for duplicity --allow-source-mismatch  
						
						
						
					 
					
						2015-05-30 13:46:39 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4fa58169f1 
							
						 
					 
					
						
						
							
							after installing an SSL certificate from the control panel the page wasn't being refreshed, broken in  ec73c171c7 
						
						
						
					 
					
						2015-05-28 18:45:53 +00:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							f78bbab289 
							
						 
					 
					
						
						
							
							Make SPF forbid any outbound mail from non-mail domains  
						
						
						
					 
					
						2015-05-28 18:11:44 +01:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							7b9b978a6d 
							
						 
					 
					
						
						
							
							Improve DMARC and SPF record descriptions  
						
						
						
					 
					
						2015-05-28 16:34:58 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							202c4a948b 
							
						 
					 
					
						
						
							
							our users/aliases database is case sensitive - force new users/aliases to lowercase  
						
						... 
						
						
						
						Unfortunately our users/aliases database is case sensitive. (Perhaps I should have defined the columns with COLLATE NOCASE, see https://www.sqlite.org/datatype3.html .) Postfix always queries the tables in lowecase, so mail delivery would fail if a user or alias were defined with any capital letters. It would have also been possible to add multiple euqivalent addresses into the database with different case.
This commit rejects new mail users that have capital letters and forces new aliases to lowecase. I prefer to reject rather than casefold user accounts so that the login credentials the user gave are exactly what goes into the database.
https://discourse.mailinabox.email/t/recipient-address-rejected-user-unknown-in-virtual-mailbox-table/512/4  
						
					 
					
						2015-05-28 13:11:30 +00:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							d6c5f09a1a 
							
						 
					 
					
						
						
							
							Use lowercase h for consistency in aliases template - it reads better (IMO!)  
						
						... 
						
						
						
						This also includes fixes for a typo and some whitespace inconsistencies in
mailconfig.py. In fact the capitalisation change and those fixes are the
remnants of a patch I had been running that changed the default aliases - it
was through developing it that I found the issues.
(I wanted to bring the number of patches I apply before deploying to zero and
in the case of this one I've come to view the way MIAB already is as superior,
so I've undone the core of my patch and these tiny issues are all that remain). 
						
					 
					
						2015-05-28 13:46:15 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a9ed9ae936 
							
						 
					 
					
						
						
							
							more work on munin  
						
						... 
						
						
						
						* install the munin-node package
* don't install munin-plugins-extra (if the user wants it they can add it)
* expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file 
						
					 
					
						2015-05-25 17:03:52 +00:00 
						 
				 
			
				
					
						
							
							
								StevesMonkey 
							
						 
					 
					
						
						
						
						
							
						
						
							05438d047d 
							
						 
					 
					
						
						
							
							Fixing minor misspelling of the word: encrypted  
						
						
						
					 
					
						2015-05-25 10:15:57 +09:30 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4f98d470a0 
							
						 
					 
					
						
						
							
							'/dev/stdout' does not exist on some systems (!)  
						
						... 
						
						
						
						The OVH VPS provider creates systems without /dev/stdout. I have never seen that before. But fine. We were passing it as a command line option to `openssl req`, but outputting to stdout is the default so it's not necessary to specify /dev/stdout.
Fixes  #277 . Also https://discourse.mailinabox.email/t/500-internal-server-error/475/10 . 
						
					 
					
						2015-05-16 13:34:47 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							57abae3999 
							
						 
					 
					
						
						
							
							if the main ssl cert is expiring soon, the end of setup would display the control panel instructions as if the cert were self-signed  
						
						
						
					 
					
						2015-05-14 19:16:31 +00:00 
						 
				 
			
				
					
						
							
							
								Xoib 
							
						 
					 
					
						
						
						
						
							
						
						
							202e49a897 
							
						 
					 
					
						
						
							
							allow the backup process to work after a hostname change  
						
						
						
					 
					
						2015-05-13 13:52:23 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8886c9b6bc 
							
						 
					 
					
						
						
							
							move the server: block of nsd.conf out of the management daemon and into the setup scripts  
						
						
						
					 
					
						2015-05-04 11:24:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fc32cf5bcc 
							
						 
					 
					
						
						
							
							permit the first user account to be a domain control validation address because a) it will necessarily be an admin and b) the user doesn't know the rules yet  
						
						
						
					 
					
						2015-05-03 14:21:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1e9c587b92 
							
						 
					 
					
						
						
							
							rewrite the DNS API to permit setting multiple records of the same type on the same domain  
						
						... 
						
						
						
						e.g. multiple TXT records
fixes  #333  
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9f1d633ae4 
							
						 
					 
					
						
						
							
							re-do the custom DNS get/set routines so it is possible to store more than one record for a qname-rtype pair, like multiple TXT records  
						
						
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f01189631a 
							
						 
					 
					
						
						
							
							management api: make json responses nicely formatted  
						
						... 
						
						
						
						Better while debugging. 
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							542877ee46 
							
						 
					 
					
						
						
							
							use the font-awesome .fa-spinner.fa-pulse classes for the AJAX loading indicator, rather than the static glyphicon-time icon  
						
						
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f1760b516d 
							
						 
					 
					
						
						
							
							control panel: sometimes the ajax loading modal would show after operations were already done  
						
						... 
						
						
						
						Needed to add the clearQueue flag to jQuery's stop() method 
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							febfa72d60 
							
						 
					 
					
						
						
							
							race condition between backups and status checks - connection refused  
						
						... 
						
						
						
						At the end of the backup, wait a bit for dovecot and postfix to finish restarting.
Hopefully fixes  #381 . 
						
					 
					
						2015-04-29 21:06:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c03e00035f 
							
						 
					 
					
						
						
							
							prevent archiving of the user's own account because they'll lose access to the control panel  
						
						
						
					 
					
						2015-04-28 07:17:21 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f8866ef32 
							
						 
					 
					
						
						
							
							if there are no users at all the warning on the control panel login screen was incorrect  
						
						
						
					 
					
						2015-04-28 07:17:21 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f98afac6df 
							
						 
					 
					
						
						
							
							if you make an API call with a user-specific API key (e.g. from control panel) but your account no longer exists on the system, there was an unhandled error  
						
						... 
						
						
						
						see 1039a08be6 
						
					 
					
						2015-04-28 07:17:21 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5efd5abbe4 
							
						 
					 
					
						
						
							
							move the email address syntax validation for users and aliases into my new email_validator library ( https://github.com/JoshData/python-email-validator )  
						
						
						
					 
					
						2015-04-21 14:43:12 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							35f4a49d10 
							
						 
					 
					
						
						
							
							my html5 stub was wrong;  8c3aed2846 
						
						
						
					 
					
						2015-04-19 13:21:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a31d713fcc 
							
						 
					 
					
						
						
							
							stricter validation of the domain parts of email addresses: only letters, numbers, and hyphens, and the TLD ends with a letter  
						
						
						
					 
					
						2015-04-19 13:06:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8c3aed2846 
							
						 
					 
					
						
						
							
							update the control panel html template to my latest html5 stub  
						
						... 
						
						
						
						jquery 1.11.1, bootstrap 3.3.0, better accessibility, see https://github.com/JoshData/html5-stub  
						
					 
					
						2015-04-11 15:40:19 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							36168b4609 
							
						 
					 
					
						
						
							
							add a 'backup --verify' command to run duplicity's verify command to check that the backup files are OK  
						
						
						
					 
					
						2015-04-11 18:43:46 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bd498def76 
							
						 
					 
					
						
						
							
							backups now use duplicity's built-in gpg symmetric encryption  
						
						... 
						
						
						
						Merge branch 'dhpiggott-gpg-encrypt-backups' 
						
					 
					
						2015-04-11 18:33:57 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d8279c48ac 
							
						 
					 
					
						
						
							
							new backup method tweaks  
						
						... 
						
						
						
						* use the AES256 cipher, be explicit that only the first line of secret_key.txt is used, and sanity check that the passphrase is long enough
* change overship of the encrypted files to the user-data user
* simplify variable names in management/backup.py
* although I appreciate long comments I am trimming the commentary about the backup migration
* revise the control panel template to not refer to the old unencrypted files
* add CHANGELOG entry 
						
					 
					
						2015-04-11 18:32:22 +00:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							4232245546 
							
						 
					 
					
						
						
							
							Use built in duplicity encryption (GPG) for backups,  closes   #362 ,  closes   #363  
						
						... 
						
						
						
						[Josh merged some subsequent commits:]
* Guard via idempotency against termination between migration operations
* Final corrections and tweaks
* Pass passphrase through to all duplicity calls
Empirical evidence (a failed cron job) shows that cleanup requires the
passphrase (so it presumably needs to decrypt metadata), and though
remove-older-than has been working fine without it, it won't do any harm
to set it in case that changes or there are any special cases.
* Add back the archive-dir override but locate it at STORAGE_ROOT/backup/cache 
						
					 
					
						2015-04-11 17:51:44 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							072aeca1be 
							
						 
					 
					
						
						
							
							prevent accidental domain control validation hijacking by limiting use of admin@ etc. addresses in users/aliases  
						
						
						
					 
					
						2015-04-09 14:46:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cb656f9ef4 
							
						 
					 
					
						
						
							
							in status checks replace '=>' with a Unicode arrow and tweak how aliases are reported  
						
						
						
					 
					
						2015-04-09 14:46:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							322a5779f1 
							
						 
					 
					
						
						
							
							store IDNs (internationalized domain names) in IDNA (ASCII) in our database, not in Unicode  
						
						... 
						
						
						
						I changed my mind. In 1bf8f1991f1bf8f1991f 
						
					 
					
						2015-04-09 14:46:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ec039719de 
							
						 
					 
					
						
						
							
							prevent caching of ajax responses in the control panel  
						
						... 
						
						
						
						GET requests might be cached. Definitely happens on Internet Explorer. Makes it look like the user is getting unauthorized access.
See https://discourse.mailinabox.email/t/fresh-install-can-login-to-webmail-but-not-admin/394/4 . 
						
					 
					
						2015-03-31 14:52:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							14b16b2f36 
							
						 
					 
					
						
						
							
							allow custom DNS TXT records for SPF, DKIM, and DMARC to override the ones we want to set  
						
						... 
						
						
						
						fixes  #323 
fixes  #324  
					
						2015-03-30 01:20:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cbc7e280d6 
							
						 
					 
					
						
						
							
							set the SPF record after custom DNS records so that the SPF record doesn't prevent all custom TXT records from coming in  
						
						
						
					 
					
						2015-03-30 01:18:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3d21f2223e 
							
						 
					 
					
						
						
							
							status checks: turn missing DNSSEC into a warning instead of an error; omit an error about missing TLSA if DNSSEC isn't in use; if DNSSEC is in use, make a missing TLSA record a warning instead of an error  
						
						
						
					 
					
						2015-03-28 11:24:05 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							710a69b812 
							
						 
					 
					
						
						
							
							turn some nameserver status check errors into warnings if the domain resolves correctly since the user might be using External DNS,  closes   #330  
						
						
						
					 
					
						2015-03-28 11:23:59 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							298e19598b 
							
						 
					 
					
						
						
							
							small bug in the new system status checks show-changes command  
						
						... 
						
						
						
						see 4d22fb9b2afixes  #360  
						
					 
					
						2015-03-22 14:03:12 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							680191d7cb 
							
						 
					 
					
						
						
							
							drop the list of aliases from the users control panel page because with more than 50 aliases it seems to be so slow it times out  
						
						... 
						
						
						
						see https://discourse.mailinabox.email/t/small-bug-in-admin-panel-when-49-aliases/378  
						
					 
					
						2015-03-22 13:59:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6df72bf4ac 
							
						 
					 
					
						
						
							
							create the Trash folder on new user creation ( fixes   #359 )  
						
						
						
					 
					
						2015-03-22 13:33:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							01f2451349 
							
						 
					 
					
						
						
							
							provide a better error message when creating a user account with non-ASCII characters  
						
						
						
					 
					
						2015-03-22 12:33:06 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4d22fb9b2a 
							
						 
					 
					
						
						
							
							run status checks each night and email the administrator with the changes from the previous day's results  
						
						
						
					 
					
						2015-03-21 16:02:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c18d58b13f 
							
						 
					 
					
						
						
							
							backups: predict when the next backup will occur  
						
						
						
					 
					
						2015-03-21 15:22:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7c0ca42145 
							
						 
					 
					
						
						
							
							status checks: don't check that dovecot-sieve is publicly accessible  
						
						
						
					 
					
						2015-03-08 18:35:33 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Schumacher 
							
						 
					 
					
						
						
						
						
							
						
						
							6558f05d1d 
							
						 
					 
					
						
						
							
							Give the DNS update tool the ability to customize MX records. Useful if you want a subdomain to send mail to another host.  
						
						
						
					 
					
						2015-03-04 13:32:35 -05:00 
						 
				 
			
				
					
						
							
							
								Jack Twilley 
							
						 
					 
					
						
						
						
						
							
						
						
							b2fcd4c9e5 
							
						 
					 
					
						
						
							
							Now supports domains with multiple MX records.  
						
						... 
						
						
						
						The status check on MX records now correctly handles domains with
multiple MX records. 
						
					 
					
						2015-02-22 17:05:09 -08:00 
						 
				 
			
				
					
						
							
							
								Jack Twilley 
							
						 
					 
					
						
						
						
						
							
						
						
							ead6f96513 
							
						 
					 
					
						
						
							
							Changed MX check to respect priorities other than 10.  
						
						... 
						
						
						
						Reordered the if a little, added some string parsing, and modified the
OK text to include a warning. 
						
					 
					
						2015-02-20 11:29:28 -08:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7ec662c83f 
							
						 
					 
					
						
						
							
							status checks: use a worker pool that lives across flask requests, see  #327  
						
						
						
					 
					
						2015-02-18 16:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							348d2b8701 
							
						 
					 
					
						
						
							
							Merge pull request  #326  from dhpiggott/custom-dns-filter-secondary-nameserver  
						
						... 
						
						
						
						Do not show '_secondary_nameserver' in Custom DNS table 
						
					 
					
						2015-02-17 08:31:34 -05:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							12f0dcb23b 
							
						 
					 
					
						
						
							
							Do not show '_secondary_nameserver' in Custom DNS table  
						
						... 
						
						
						
						It's redundant and potentially confusing, as any secondary NS shows in "Using a
Secondary Nameserver". 
						
					 
					
						2015-02-17 13:28:48 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							449a538e6b 
							
						 
					 
					
						
						
							
							if a CNAME is set for a domain, don't create a website for that domain (just like A/AAAA records)  
						
						
						
					 
					
						2015-02-17 00:48:26 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3c50c9a18b 
							
						 
					 
					
						
						
							
							when serving a 'www.' domain, check if the parent domain's ssl certificate can be used besides checking PRIMARY_HOSTNAME  
						
						... 
						
						
						
						Removing buy_certificate.py which is not working and I don't want to update its call signatures. 
						
					 
					
						2015-02-17 00:42:25 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3c10ec70a5 
							
						 
					 
					
						
						
							
							update comment  
						
						
						
					 
					
						2015-02-17 00:08:04 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fba4d4702e 
							
						 
					 
					
						
						
							
							install opendmarc to add Authentication-Results headers for DMARC too  
						
						
						
					 
					
						2015-02-16 23:17:44 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							143bbf37f4 
							
						 
					 
					
						
						
							
							all mail domains, not just (top-level) zones, must have an entry in the opendkim key tables so that such outgoing mail gets signed  
						
						... 
						
						
						
						If you had both x.y.com and y.com configured here, x.y.com mail would not get DKIM-signed. 
						
					 
					
						2015-02-16 18:13:51 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fd3ad267ba 
							
						 
					 
					
						
						
							
							if a domain has a catch-all or domain alias then we no longer force the creation of postmaster@ and so we should not be checking for its existence in the status checks  
						
						... 
						
						
						
						see 85a40da83c 
						
					 
					
						2015-02-15 19:07:10 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							330583f71d 
							
						 
					 
					
						
						
							
							status checks: if a service isn't available publicly, check if it is available on the loopback interface to distinguish not running from not accessible  
						
						
						
					 
					
						2015-02-13 09:30:25 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e096144713 
							
						 
					 
					
						
						
							
							Outlook 2007 or later on Windows 7 and later  
						
						... 
						
						
						
						fixes  #308  
					
						2015-02-13 13:29:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							150611123a 
							
						 
					 
					
						
						
							
							typo/text tweak  
						
						
						
					 
					
						2015-02-05 09:17:48 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							abfc17ee62 
							
						 
					 
					
						
						
							
							web admin: simplify the instructions for creating a separate web directory for particular sites by moving it into a modal  
						
						
						
					 
					
						2015-02-05 09:12:55 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							97be9c94b9 
							
						 
					 
					
						
						
							
							if the user has set a http proxy or redirect on the root path of a domain, using custom.yaml, skip the domain from the static hosting panel because it wont be serving any static files  
						
						
						
					 
					
						2015-02-05 08:55:57 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							21b00e8fbb 
							
						 
					 
					
						
						
							
							if a custom A record is set, dont put in a default AAAA record pointing to the box because it will probably be wrong --- the user should either set an AAAA record or let the domain not resolve on IPv6  
						
						
						
					 
					
						2015-02-03 21:51:19 -05:00 
						 
				 
			
				
					
						
							
							
								Ian Beringer 
							
						 
					 
					
						
						
						
						
							
						
						
							20d20df829 
							
						 
					 
					
						
						
							
							allow for non-standard ssh port in status check  
						
						... 
						
						
						
						closes  #313  
					
						2015-02-01 23:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7e05d7478f 
							
						 
					 
					
						
						
							
							run status checks asynchronously so that they finish faster, since many checks are waiting on network replies and ought not to block the whole thing  
						
						
						
					 
					
						2015-01-31 20:42:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd98d7db3 
							
						 
					 
					
						
						
							
							status checks: s/env['out']/output/  
						
						
						
					 
					
						2015-01-31 20:42:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1039a08be6 
							
						 
					 
					
						
						
							
							/admin login now issues a user-specific key for future calls (rather than providing the system-wide API key or passing the password on each request)  
						
						
						
					 
					
						2015-01-31 20:42:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							023b38df50 
							
						 
					 
					
						
						
							
							split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism  
						
						... 
						
						
						
						This was done to pave the way for two-factor authentication, but that's still a ways off. 
						
					 
					
						2015-01-31 20:41:41 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3187053b3a 
							
						 
					 
					
						
						
							
							dont save the CSR generated to make self-signed certificates for non-primary domains (it has no value and might be confusing)  
						
						
						
					 
					
						2015-01-31 13:27:06 +00:00 
						 
				 
			
				
					
						
							
							
								David Piggott 
							
						 
					 
					
						
						
						
						
							
						
						
							63f2abd923 
							
						 
					 
					
						
						
							
							Fix typos in backup status template  
						
						
						
					 
					
						2015-01-29 09:25:12 +00:00 
						 
				 
			
				
					
						
							
							
								Kurt Huwig 
							
						 
					 
					
						
						
						
						
							
						
						
							d3059c810f 
							
						 
					 
					
						
						
							
							Fix typo in mail-guide.html  
						
						... 
						
						
						
						Sercurity -> Security 
						
					 
					
						2015-01-21 08:23:26 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							85a40da83c 
							
						 
					 
					
						
						
							
							catch-all aiases and domain aliases should not require postmaster@ and admin@ aliases because they'll forward anyway  
						
						
						
					 
					
						2015-01-19 23:32:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1bf8f1991f 
							
						 
					 
					
						
						
							
							internationalized domain names (DNS, web, CSRs, normalize to Unicode in database, prohibit non-ASCII characters in user account names)  
						
						... 
						
						
						
						* For non-ASCII domain names, we will keep the Unicode encoding in our users/aliases table. This is nice for the user and also simplifies things like sorting domain names (using Unicode lexicographic order is good, using ASCII lexicogrpahic order on IDNA is confusing).
* Write nsd config, nsd zone files, nginx config, and SSL CSRs with domains in IDNA-encoded ASCII.
* When checking SSL certificates, treat the CN and SANs as IDNA.
* Since Chrome has an interesting feature of converting Unicode to IDNA in <input type="email"> form fields, we'll also forcibly convert IDNA to Unicode in the domain part of email addresses before saving email addresses in the users/aliases tables so that the table is normalized to Unicode.
* Don't allow non-ASCII characters in user account email addresses. Dovecot gets confused when querying the Sqlite database (which we observed even for non-word ASCII characters too, so it may not be related to the character encoding). 
						
					 
					
						2015-01-19 23:31:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d155aa8745 
							
						 
					 
					
						
						
							
							if all system services are running, say so in the status checks rather than being totally silent  
						
						
						
					 
					
						2015-01-19 22:04:25 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							24cc108147 
							
						 
					 
					
						
						
							
							if a custom CNAME record is set, don't add a default A/AAAA record, e.g. for 'www'  
						
						... 
						
						
						
						see https://discourse.mailinabox.email/t/multiple-domains-in-mail-in-a-box-with-the-domains-being-hosted-elsewhere/56/18  
						
					 
					
						2015-01-19 22:04:21 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							09713e8eab 
							
						 
					 
					
						
						
							
							status checks: check that system services are running  
						
						... 
						
						
						
						If bind9 isn't running, dont proceed with other checks because we can't do DNS checks. Even though we skip, add error handling so that a failed call to rndc doesn't crash and that a timeout in a DNS check doesn't crash the status checks. 
						
					 
					
						2015-01-11 14:13:35 +00:00 
						 
				 
			
				
					
						
							
							
								Francisco de Juan 
							
						 
					 
					
						
						
						
						
							
						
						
							6499c82d7f 
							
						 
					 
					
						
						
							
							explain how to add SRV records to DNS zonefile using the API  
						
						
						
					 
					
						2015-01-04 10:23:34 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fddab5d432 
							
						 
					 
					
						
						
							
							allow the dns api to set srv records  
						
						... 
						
						
						
						see https://discourse.mailinabox.email/t/create-srv-record-at-the-dns-server/225  
						
					 
					
						2015-01-02 23:39:09 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f141af4b61 
							
						 
					 
					
						
						
							
							status checks: dont die if openssh-server isn't installed  
						
						... 
						
						
						
						see https://discourse.mailinabox.email/t/local-dns-is-not-working-was-unable-to-check-system-status/165/39  
						
					 
					
						2015-01-02 22:59:29 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3d8ea0e6ed 
							
						 
					 
					
						
						
							
							mail log scanner: dont assume lines are utf8  
						
						
						
					 
					
						2015-01-02 22:49:25 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							399f9d9bdf 
							
						 
					 
					
						
						
							
							in status checks, clear bind9 cache using rndc rather than restarting bind9  
						
						
						
					 
					
						2014-12-26 13:22:14 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2b76fd299e 
							
						 
					 
					
						
						
							
							admin: ensure multiple concurrent api calls dont confuse the ajax loading indicator (track number of open requets, stop fade animation when it is time to hide)  
						
						
						
					 
					
						2014-12-21 22:47:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							90592bb157 
							
						 
					 
					
						
						
							
							add a control panel for setting custom dns records so that we dont have to use the api manually  
						
						
						
					 
					
						2014-12-21 11:31:24 -05:00 
						 
				 
			
				
					
						
							
							
								Marc Schiller 
							
						 
					 
					
						
						
						
						
							
						
						
							c3a7e3413b 
							
						 
					 
					
						
						
							
							Fixed a small status check bug, where secondary dns server check fails misleadingly.  
						
						
						
					 
					
						2014-12-09 12:40:32 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d390bfb215 
							
						 
					 
					
						
						
							
							indicate in the admin when a multi-domain or wildcard certificate is in use  
						
						
						
					 
					
						2014-12-05 14:43:52 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ceba53f1c4 
							
						 
					 
					
						
						
							
							explain how to install a multi-domain or wildcard ssl cert; if one is installed, the Replace Cert button in the admin for non-primary domains should not replace the cert on the primary domain  
						
						
						
					 
					
						2014-12-05 14:25:14 -05:00