1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Commit Graph

610 Commits

Author SHA1 Message Date
downtownallday
22bfef6f59 Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias". 2020-08-25 12:00:55 -04:00
downtownallday
d0d12fbc1c Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-08-09 12:13:31 -04:00
David Duque
94da7bb088
status_checks.py: Properly terminate the process pools (#1795)
* Only spawn a thread pool when strictly needed

For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.

* Acquire pools with the 'with' statement
2020-08-09 11:42:39 -04:00
downtownallday
ac35bdc544 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-29 10:34:47 -04:00
Richard Willis
c50170b816
Update "Remove Alias" modal title (#1800) 2020-07-29 10:01:20 -04:00
downtownallday
ccb0421729 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-16 07:57:09 -04:00
David Duque
967409b157
Drop requirement for passwords to have no spaces (#1789) 2020-07-16 07:23:11 -04:00
David Duque
1b2711fc42
Add 'always' modifier to the HSTS add_header directive (#1790)
This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header)
2020-07-16 07:21:14 -04:00
downtownallday
c866b4d0fa Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-08 19:36:15 -04:00
David Duque
e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses (#1787) 2020-07-08 18:26:47 -04:00
downtownallday
5f008d91b8 Ignore alias domains that have no forward-to because we don't accept mail locally for the alias 2020-06-15 12:26:12 -04:00
downtownallday
77145e2f38 Fix server error on non-change:
"ldap3.core.exceptions.LDAPChangeError: no changes in modify request"
2020-06-15 12:24:03 -04:00
downtownallday
979c36b8c1 Merge branch 'qa-upgrade' 2020-06-14 18:38:42 -04:00
downtownallday
b0090edd52 Test upgrade to LDAP from upstream Mail-in-a-Box/sqlite 2020-06-14 13:51:00 -04:00
downtownallday
49920ee332 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-06-13 06:30:55 -04:00
Joshua Tauberer
6fd3195275 Fix MTA-STS policy id so it does not have invalid characters, fixes #1779 2020-06-12 13:09:11 -04:00
downtownallday
27c1b93bcf Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
#	management/mailconfig.py
#	management/web_update.py
2020-06-11 15:13:40 -04:00
Joshua Tauberer
9db2fc7f05 In web proxies, add X-{Forwarded-{Host,Proto},Real-IP} and 'proxy_set_header Host' when there is a flag
Merges #1432, more or less.
2020-06-11 12:20:17 -04:00
Joshua Tauberer
e03a6541ce Don't make autoconfig/autodiscover subdomains and SRV records when the parent domain has no user accounts
These subdomains/records are for automatic configuration of mail clients, but if there are no user accounts on a domain, there is no need to publish a DNS record, provision a TLS certificate, or create an nginx server config block.
2020-06-11 12:20:17 -04:00
downtownallday
d2f418a363 Use sha1 hash of maildrop instead of a generated UUID 2020-06-09 20:24:46 -04:00
Vasek Sraier
df9bb263dc
daily_tasks.sh: redirect stderr to stdout (#1768)
When the management commands fail, they can print something to the standard error output.
The administrator would never notice, because it wouldn't be send to him with the usual emails.
Fixes #1763
2020-06-07 09:56:45 -04:00
downtownallday
e41370948b Merge branch 'master' into ldap 2020-05-30 09:49:12 -04:00
Joshua Tauberer
3a4b8da8fd More for MTA-STS for incoming mail
* Create the mta_sts A/AAAA records even if there is no valid TLS certificate because we can't get a TLS certificate if we don't set up the domains.
* Make the policy id in the TXT record stable by using a hash of the policy file so that the DNS record doesn't change every day, which means no nightly notification and also it allows for longer caching by sending MTAs.
2020-05-30 08:04:09 -04:00
downtownallday
640048db04 Merge branch 'master' into ldap 2020-05-29 17:11:39 -04:00
Joshua Tauberer
37dad9d4bb Provision certificates from Let's Encrypt grouped by DNS zone
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).

Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.

Fixes #690.
2020-05-29 15:38:18 -04:00
Joshua Tauberer
b805f8695e Move status checks for www, autoconfig, autodiscover, and mta-sts to within the section for the parent domain
Since we're checking the MTA-STS policy, there's no need to check that the domain resolves etc. directly.
2020-05-29 15:38:13 -04:00
Joshua Tauberer
10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
A. Schippers
afc9f9686a
Publish MTA-STS policy for incoming mail (#1731)
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
downtownallday
e7c27d9035 Merge branch 'master' into ldap 2020-04-21 07:04:23 -04:00
Michael Becker
40b21c466d
Fypo fix in users.html (#1748) 2020-04-13 22:10:52 -04:00
downtownallday
53ba80daaf Merge branch 'master' into ldap 2020-04-11 18:12:32 -04:00
Sumit
d67e09f334
Allowing adding nginx aliases in www/custom.yaml (#1742)
with this nginx will keep on proxying requests and serve static content
instead of passing this responsibility to proxied server

Without this the one needs to run an additional server to server static
content on the proxied url
2020-04-11 14:17:46 -04:00
downtownallday
b8cf7bc193 Merge branch 'master' into ldap 2020-03-15 09:51:10 -04:00
Jarek Jurasz
db9637ce4f Fix Feb 29 issue #1733 2020-03-03 20:59:28 +01:00
Jarek Jurasz
f908bc364e mail_log.py reading forward #1593 2020-03-03 20:56:30 +01:00
downtownallday
1f0d2ddb92 Issue #1340 - LDAP backend for accounts
This commit will:

1. Change the user account database from sqlite to OpenLDAP
2. Add policyd-spf to postfix for SPF validation
3. Add a test runner with some automated test suites

Notes:

User account password hashes are preserved.

There is a new Roundcube contact list called "Directory" that lists the users in LDAP (MiaB users), similar to what Google Suite does.

Users can still change their password in Roundcube.

OpenLDAP is configured with TLS, but all remote access is blocked by firewall rules. Manual changes are required to open it for remote access (eg. "ufw allow proto tcp from <HOST> to any port ldaps").

The test runner is started by executing tests/runner.sh. Be aware that it will make changes to your system, including adding new users, domains, mailboxes, start/stop services, etc. It is highly unadvised to run it on a production system!

The LDAP schema that supports mail delivery with postfix and dovecot is located in conf/postfix.schema. This file is copied verbatim from the LdapAdmin project (GPL, ldapadmin.org). Instead of including the file in git, it could be referenced by URL and downloaded by the setup script if GPL is an issue or apply for a PEN from IANA.

Mangement console and other services should not appear or behave any differently than before.
2020-01-17 17:03:21 -05:00
Matthias Hähnel
cd62fd9826 Update usage hint in backup.py (#1662)
removed explicit call of the system python, cause the file has a shebang with the mail-in-a-box shipped python. 
for me the system python complaint, that it is missing some modules
2019-11-23 08:04:22 -05:00
Joshua Tauberer
f6f75f6fab Don't fail when resolving zone transfer IP addresses since a nameserver may not have an IPv6 address 2019-11-19 09:57:33 -05:00
Edwin Schaap
2f54f39f31 If xfr is subnet, do not create "notify" entry (#1672) 2019-11-10 11:58:22 -05:00
Dan Jensen
cde4e0caca Change SSL notification email subject (#1653)
Previously the notification email sent when a box's SSL certificate
is automatically updated said, "Error Provisioning TLS Certificate"
even when there was no error. This changes the subject line to "TLS
Certificate Provisioning Results", which is more accurate.
2019-11-02 15:29:05 -04:00
notEvil
7558ffd4f3 Allow dns zone transfer from IPv6 (#1643) 2019-10-28 06:31:50 -04:00
Victor
50e9e8af30 Sort custom dns table based on fqdn, rtype, and value (#1651) 2019-10-28 06:29:40 -04:00
Joshua Tauberer
a70ba94b0c add autoconfig domains before subtracting domains with overridden A records so that a custom DNS record can be used to suppress TLS certificate generation for those domains if needed 2019-09-10 07:11:16 -04:00
Joshua Tauberer
3ff9817325 document the xfr: CIDR notation, fix spaces vs tabs and syntax error, broken by c7377e602d, #1616 2019-08-31 08:50:44 -04:00
Kim Schulz
c7377e602d make it possible to use subnet addresses for axfr (#1616)
it is sometimes needed to be able to set axfr to more than just one ip address. This can be done with multiple xfr: in  the secondary dns input but if you need to add an entire subnet segment (xxx.xxx.xxx.0/yy) then it will not work.
With this patch it is now possible to use a subnet as input for xfr the same way as if it was an ip address.
2019-08-31 08:00:18 -04:00
Snacho
08021ea19f Fix an issue when Secondary NS has multiple A records (#1633)
If a custom secondary NS server has multiple A records status_checks.py will fail with a timeout and Web UI won't load.
2019-08-31 07:58:12 -04:00
captainwasabi
c4cb828f65 Fix rsync backup options string: extraneous single quotes causing problems (#1629)
The resulting command had nested single quotes which doesn't work

I think this fixes all/most of the issues in #1627.  I am getting a full backup, then the next time it's run I get an incremental.  running from the CLI with --status looks good, --verify looks good, and --list looks good.
2019-08-13 05:57:05 -04:00
captainwasabi
0657f9e875 add proper check for DNS error in list_target_files (#1625)
The elif needed to check to see if the string was in the listing of results of the shell command.  As it was the conditional was just the string which always evaluates to true and was therefore giving a misleading error message.
2019-08-13 05:47:11 -04:00
jvolkenant
fd5b11823c Add AAAA records for autodiscover & autoconfig (#1606) 2019-07-10 06:28:37 -04:00
Michael Heuberger
0d4c693792 Add missing login form method to keep LastPass happy (#1565) 2019-05-12 05:10:34 -07:00