Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							242cadebc8 
							
						 
					 
					
						
						
							
							allow dashes in emails during validation, and for aliases allow a much wider range of characters,  fixes   #64  
						
						... 
						
						
						
						* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822 
						
					 
					
						2014-06-06 10:51:36 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f1dac1fe13 
							
						 
					 
					
						
						
							
							show less output when updating DNS configuration  
						
						
						
					 
					
						2014-06-06 10:51:36 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							389c354c8f 
							
						 
					 
					
						
						
							
							Vagrant updates  
						
						... 
						
						
						
						* use a public box (the official Ubuntu 14.04 box which contra the description does have VBox Guest Additions installed)
* now that we allow SSH password logins, since Vagrant requires it, dont muck with sshd_config here
* don't put the machine on the public network because that will allow anyone to log into it with Vagrant's default username/password, duh 
						
					 
					
						2014-06-06 10:51:36 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f9c3f33e74 
							
						 
					 
					
						
						
							
							move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase  
						
						
						
					 
					
						2014-06-06 10:51:36 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6194c63f76 
							
						 
					 
					
						
						
							
							add management comments for checking for updated Ubuntu packages and applying updates  
						
						
						
					 
					
						2014-06-05 20:57:30 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cab7321dbb 
							
						 
					 
					
						
						
							
							remove vestigal docker compatibility that prevented starting services during setup  
						
						
						
					 
					
						2014-06-04 20:04:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							295981828f 
							
						 
					 
					
						
						
							
							Vagrantize  
						
						... 
						
						
						
						* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/ 
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started 
						
					 
					
						2014-06-04 19:39:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3961e1aec3 
							
						 
					 
					
						
						
							
							test_dns: more error handling  
						
						
						
					 
					
						2014-06-04 19:31:55 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7fa4862f1a 
							
						 
					 
					
						
						
							
							refactor dns_update so that the zone is first generated in a file-format agnostic way  
						
						
						
					 
					
						2014-06-04 19:00:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8ed15168c0 
							
						 
					 
					
						
						
							
							the new dns_update totally forgot to write the OpenDKIM tables  
						
						
						
					 
					
						2014-06-04 18:44:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f0d036504 
							
						 
					 
					
						
						
							
							the bc package is no longer needed since redoing dns_update  
						
						
						
					 
					
						2014-06-04 17:27:01 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d6e6cfd3c9 
							
						 
					 
					
						
						
							
							mail test: catch typical connecting errors and display nicer output  
						
						
						
					 
					
						2014-06-04 17:13:06 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fff06f7d71 
							
						 
					 
					
						
						
							
							improve DNS test output  
						
						
						
					 
					
						2014-06-04 17:01:49 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2bbb7a5e7e 
							
						 
					 
					
						
						
							
							remove Docker stuff since it doesnt work  
						
						
						
					 
					
						2014-06-04 10:57:23 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a35fa12465 
							
						 
					 
					
						
						
							
							script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate  
						
						
						
					 
					
						2014-06-04 11:38:20 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ea62c2419d 
							
						 
					 
					
						
						
							
							typo in updating DKIM, dont regenerate the DKIM private key each time setup is run  
						
						
						
					 
					
						2014-06-03 21:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2a9349a64e 
							
						 
					 
					
						
						
							
							show the SSL certificate's fingerprint during setup so the user can sort of pin it  
						
						
						
					 
					
						2014-06-03 21:39:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bb7905aefd 
							
						 
					 
					
						
						
							
							on second and later runs of start.sh, recall the inputs the user entered the last time  
						
						
						
					 
					
						2014-06-03 21:31:13 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							24edd5ce91 
							
						 
					 
					
						
						
							
							the SSL CSR must be generated with a country code  
						
						
						
					 
					
						2014-06-03 21:17:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89730bd643 
							
						 
					 
					
						
						
							
							new backup script, see  #11  
						
						
						
					 
					
						2014-06-03 21:16:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							51dd2ed70b 
							
						 
					 
					
						
						
							
							update nginx SSL options,  fixes   #61  
						
						
						
					 
					
						2014-06-03 14:06:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c54b0cbefc 
							
						 
					 
					
						
						
							
							move management into a daemon service running as root  
						
						... 
						
						
						
						* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.
This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed. 
						
					 
					
						2014-06-03 13:56:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							da15ae5375 
							
						 
					 
					
						
						
							
							rename the scripts directory to setup  
						
						
						
					 
					
						2014-06-03 11:12:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							af03feb389 
							
						 
					 
					
						
						
							
							remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)  
						
						... 
						
						
						
						partially reverts 6d473f81ac 
						
					 
					
						2014-05-23 09:01:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							19aba091d7 
							
						 
					 
					
						
						
							
							test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation  
						
						
						
					 
					
						2014-05-17 08:32:40 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f91830f0e3 
							
						 
					 
					
						
						
							
							clean up README a bit; moving the bit Rationale into the github wiki  
						
						
						
					 
					
						2014-05-15 08:57:44 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6d473f81ac 
							
						 
					 
					
						
						
							
							add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client  
						
						
						
					 
					
						2014-05-15 12:10:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b646771517 
							
						 
					 
					
						
						
							
							redirect all HTTP to HTTPS and enable HSTS,  closes   #18  
						
						
						
					 
					
						2014-05-14 12:15:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							091a58ac94 
							
						 
					 
					
						
						
							
							dns_update needs to run with bash when run directly, see  #39  
						
						
						
					 
					
						2014-05-12 23:38:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c722625041 
							
						 
					 
					
						
						
							
							test_dns: add ADSP and DMARC tests, see  #14  
						
						
						
					 
					
						2014-05-10 08:03:18 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c403895f95 
							
						 
					 
					
						
						
							
							test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME)  
						
						
						
					 
					
						2014-05-10 08:03:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bdadf3017d 
							
						 
					 
					
						
						
							
							test_dns: handle case where a DNS record is missing (vs incorrect)  
						
						
						
					 
					
						2014-05-10 08:03:07 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d5971e383b 
							
						 
					 
					
						
						
							
							add ADSP and DMARC records; see  #14  
						
						
						
					 
					
						2014-05-10 11:58:27 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a8938e107e 
							
						 
					 
					
						
						
							
							DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain  
						
						
						
					 
					
						2014-05-10 11:58:27 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cfcb5f5bbd 
							
						 
					 
					
						
						
							
							merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker  
						
						... 
						
						
						
						See http://phusion.github.io/baseimage-docker/  for why the stock Ubuntu
image from Docker is not good enough for a complex system.
Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.
see #16 ; merges #49  
						
					 
					
						2014-05-06 10:05:14 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							80b367ab07 
							
						 
					 
					
						
						
							
							test_mail: gracefully handled when the server has no reverse DNS available  
						
						
						
					 
					
						2014-05-06 10:02:29 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							63ef8f7b04 
							
						 
					 
					
						
						
							
							missing wget dependency used by roundcube installation  
						
						
						
					 
					
						2014-05-06 10:02:06 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e247929386 
							
						 
					 
					
						
						
							
							docker: don't start services ourself  
						
						... 
						
						
						
						* let the base image's system services manager handle it
* move our container start script to occur before system services are started 
						
					 
					
						2014-05-06 10:00:30 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1db0dd3092 
							
						 
					 
					
						
						
							
							system.sh: make apt-get upgrade quieter  
						
						
						
					 
					
						2014-05-06 09:57:11 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fbd7d731e8 
							
						 
					 
					
						
						
							
							docker: fix startup scripts for nsd and dovecot to run them in the foreground  
						
						
						
					 
					
						2014-05-06 09:56:20 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0659a0bb16 
							
						 
					 
					
						
						
							
							Merge branch 'better_docker' of  https://github.com/pjz/mailinabox  into pjz-better_docker  
						
						... 
						
						
						
						our trees had diverged, various conflicts resolved 
						
					 
					
						2014-05-02 14:54:21 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							189dd6000e 
							
						 
					 
					
						
						
							
							docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then  
						
						
						
					 
					
						2014-05-02 14:23:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3fdcbe542f 
							
						 
					 
					
						
						
							
							don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name  
						
						
						
					 
					
						2014-05-02 14:22:59 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89bb5da986 
							
						 
					 
					
						
						
							
							dns: missing dependency on bc  
						
						
						
					 
					
						2014-05-02 14:18:26 -04:00 
						 
				 
			
				
					
						
							
							
								Paul Jimenez 
							
						 
					 
					
						
						
						
						
							
						
						
							5ceec760b9 
							
						 
					 
					
						
						
							
							Better Dockerfile support  
						
						
						
					 
					
						2014-05-02 13:03:37 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							acec82950b 
							
						 
					 
					
						
						
							
							docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting  a510e08f9e and setting an environment variable)  
						
						
						
					 
					
						2014-05-01 22:39:45 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f6e0ded7a 
							
						 
					 
					
						
						
							
							docker: cleanup comments and make the installation of sshd quieter  
						
						
						
					 
					
						2014-05-01 22:36:14 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f0afa7e8dc 
							
						 
					 
					
						
						
							
							docker: add some example run commands for debugging a container or having it take over host ports  
						
						
						
					 
					
						2014-05-01 22:29:00 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89240a4fab 
							
						 
					 
					
						
						
							
							docker: do ADD container/docker later on so that the Dockerfile can be updated and still reuse a cached image after the major setup steps are done  
						
						
						
					 
					
						2014-05-01 22:18:45 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							16c0a9d342 
							
						 
					 
					
						
						
							
							docker: if container was launched with a tty start bash otherwise loop forever to keep the container going  
						
						
						
					 
					
						2014-05-01 22:16:14 -04:00