Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							17331e7d82 
							
						 
					 
					
						
						
							
							adding a really slick ssl certificate installation form in the control panel  
						
						
						
					 
					
						2014-10-10 15:49:14 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5130b279d8 
							
						 
					 
					
						
						
							
							management/mail_log.py also include the previously rotated log file  
						
						
						
					 
					
						2014-10-10 13:59:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							aac6e49b94 
							
						 
					 
					
						
						
							
							spelling typo  
						
						
						
					 
					
						2014-10-10 13:50:44 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f4eccd9a9 
							
						 
					 
					
						
						
							
							add 'source /etc/mailinabox.conf' to dns.sh so it can be run separately  
						
						
						
					 
					
						2014-10-08 12:48:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ac49912b39 
							
						 
					 
					
						
						
							
							recommend DAVdroid  
						
						... 
						
						
						
						see http://discourse.mailinabox.email/t/recommend-a-different-android-carddav-and-caldav-android/102/1  
						
					 
					
						2014-10-07 20:53:37 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0441a2e2e3 
							
						 
					 
					
						
						
							
							make a self-signed certificate on a non-primary domain a warning rather than an error,  fixes   #95  
						
						
						
					 
					
						2014-10-07 20:41:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8566b78202 
							
						 
					 
					
						
						
							
							drop webfinger, see  #95  
						
						
						
					 
					
						2014-10-07 20:30:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							06a8ce1c9d 
							
						 
					 
					
						
						
							
							in the admin, show user mailbox sizes,  fixes   #210  
						
						
						
					 
					
						2014-10-07 20:24:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							443b084a17 
							
						 
					 
					
						
						
							
							in the admin, group aliases by domain,  fixes   #211  
						
						
						
					 
					
						2014-10-07 19:47:46 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							990649af2d 
							
						 
					 
					
						
						
							
							in the admin, group users by domain, fixes 209  
						
						
						
					 
					
						2014-10-07 19:47:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6f4d29a410 
							
						 
					 
					
						
						
							
							tweak the new web instructions  
						
						
						
					 
					
						2014-10-07 16:17:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6ab29c3244 
							
						 
					 
					
						
						
							
							add instructions for static web hosting into the control panel  
						
						
						
					 
					
						2014-10-07 16:05:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bf9b770255 
							
						 
					 
					
						
						
							
							sort SSHFP records so that DNS updates don't trigger spurrious zone changes  
						
						
						
					 
					
						2014-10-07 15:15:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9210ebdb9f 
							
						 
					 
					
						
						
							
							control panel tweaks  
						
						
						
					 
					
						2014-10-07 15:12:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a56bb984d6 
							
						 
					 
					
						
						
							
							handle catastrophically bad certificates rather than raising an exception  
						
						
						
					 
					
						2014-10-07 14:58:21 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7d1c0b3834 
							
						 
					 
					
						
						
							
							show SSL certificate expiration info in the control panel even long before certificates expire  
						
						
						
					 
					
						2014-10-07 14:49:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							20892b5d5b 
							
						 
					 
					
						
						
							
							status check on ns records should now take into account that secondary dns may be customized, see  #223  
						
						
						
					 
					
						2014-10-05 18:42:52 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4cf53cd8ee 
							
						 
					 
					
						
						
							
							backup status relativedelta was displaying wrong for deltas greater than 1 month  
						
						
						
					 
					
						2014-10-05 18:23:29 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							711db9352c 
							
						 
					 
					
						
						
							
							bootstrap: apt was mangling stdin  
						
						... 
						
						
						
						When executed "cat bootstrap.sh | bash", apt-get mangled stdin. The script would terminate at the end of the if block containing apt-get (that seems to be as much as bash read from the pipe) and the remainder of the script was output to the console. This was very weird.
Ensuring that apt-get and git have their stdins redirected from /dev/null seems to fix the problem.
see #224  
						
					 
					
						2014-10-05 13:40:12 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f42a1c5a74 
							
						 
					 
					
						
						
							
							allow overriding the second nameserver with a secondary/slave server  
						
						... 
						
						
						
						fixes  #151 
fixes  #223  
					
						2014-10-05 14:53:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							092c842a87 
							
						 
					 
					
						
						
							
							split external/custom dns into separate pages in the admin  
						
						
						
					 
					
						2014-10-05 13:38:23 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d9ecc50119 
							
						 
					 
					
						
						
							
							since the management server binds to 127.0.0.1, must use that and not 'localhost' to connect to it because 'localhost' resolves to the IPv6 ::1 when it is available, see  #224  
						
						
						
					 
					
						2014-10-05 09:01:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7c2092d48f 
							
						 
					 
					
						
						
							
							remove apache before installing nginx, see  #224  
						
						
						
					 
					
						2014-10-05 09:01:20 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5fd107cae5 
							
						 
					 
					
						
						
							
							more work on making the bash scripts readable  
						
						
						
					 
					
						2014-10-04 17:57:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							db0967446b 
							
						 
					 
					
						
						
							
							remove unnecessary sudos  
						
						
						
					 
					
						2014-10-04 14:06:08 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2ff5038c84 
							
						 
					 
					
						
						
							
							replace '.' with 'source'  
						
						
						
					 
					
						2014-10-04 14:05:06 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4ae76aa2dd 
							
						 
					 
					
						
						
							
							dnssec: use RSASHA256 keys for .email domains  
						
						
						
					 
					
						2014-10-04 17:29:42 +00:00 
						 
				 
			
				
					
						
							
							
								h8h 
							
						 
					 
					
						
						
						
						
							
						
						
							ba33669a62 
							
						 
					 
					
						
						
							
							generate the locales before change to it.  
						
						... 
						
						
						
						For my german box changing the locale failed:
´´´´/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
setup/functions.sh: line 6: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)´´´´
see #206  and 4e6d572de9closes  #220 
commit modified by joshdata 
						
					 
					
						2014-10-02 11:05:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							779d921410 
							
						 
					 
					
						
						
							
							status checks: put DNSSEC tests in a better order w.r.t. other tests  
						
						... 
						
						
						
						* If the PRIMARY_HOSTNAME is in a zone with a DS record set at the registrar, show any DNSSEC failure (but only a failure) immediately since it is probably the cause of other DNS errors displayed later.
* For zones, if a DS record is set at the register, do the DNSSEC test first because even the NS test will fail if DNSSEC is improperly configure.
* But if a DS record is not set, the this is just a suggestion to configure DNSSEC so offer the suggestion last --- after mail and web checks.
see https://discourse.mailinabox.email/t/dns-nameserver-gandi-glue-records-issues/105/3  
						
					 
					
						2014-10-01 12:13:11 +00:00 
						 
				 
			
				
					
						
							
							
								jkaberg 
							
						 
					 
					
						
						
						
						
							
						
						
							68efef1164 
							
						 
					 
					
						
						
							
							dont log robots.txt and favicon.ico. we should REALLY consider creating seperate include files for *all* of our "apps", this is getting messy..  
						
						
						
					 
					
						2014-09-27 17:04:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6ecada7eed 
							
						 
					 
					
						
						
							
							Merge commit '93a722f'  
						
						
						
					 
					
						2014-09-27 16:56:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							94c4352f45 
							
						 
					 
					
						
						
							
							Merge branch 'jmar71n-master' - site-wide bayesean spam filtering  
						
						
						
					 
					
						2014-09-27 16:18:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6dd6353d41 
							
						 
					 
					
						
						
							
							move sa-learn-pipe.sh from /usr to /usr/local  
						
						
						
					 
					
						2014-09-27 16:18:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d06bfa6c1b 
							
						 
					 
					
						
						
							
							tweak the site-wide bayesian spam filtering config  
						
						
						
					 
					
						2014-09-27 16:18:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7ba2a4c7 
							
						 
					 
					
						
						
							
							preliminary work on a mail.log scanner to report things in the control panel  
						
						
						
					 
					
						2014-09-27 13:33:13 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e9cc3fdaab 
							
						 
					 
					
						
						
							
							make mail instructions clearer and describe greylisting, DMARC policy  
						
						
						
					 
					
						2014-09-27 13:32:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8bd37ea53c 
							
						 
					 
					
						
						
							
							add catch-alls to the admin again with nicer instructions  
						
						
						
					 
					
						2014-09-27 13:32:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							698ae03505 
							
						 
					 
					
						
						
							
							catch-all addresses should not have precedence over mail users  
						
						... 
						
						
						
						Aliases have precedence over mail users. A catch-all address would grab mail intended for a mail user and send it elsewhere. This adds some SQL hackery to create dummy aliases for all mail users.
fixes  #200 
closes  #214  another way 
						
					 
					
						2014-09-27 13:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a4c70f7a92 
							
						 
					 
					
						
						
							
							revert dovecot part of  39bca053ed because dovecot started behaving weird and I don't have time to debug it  
						
						
						
					 
					
						2014-09-26 22:41:59 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							39bca053ed 
							
						 
					 
					
						
						
							
							add 2048 bits of DH params for nginx, postfix, dovecot  
						
						... 
						
						
						
						nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own.
ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.)
see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3  
						
					 
					
						2014-09-26 22:09:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c2eb8e5330 
							
						 
					 
					
						
						
							
							typo in roundcube download URL  
						
						... 
						
						
						
						see 8e0967dd8e (commitcomment-7940724) 
						
					 
					
						2014-09-26 14:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ab47144ae3 
							
						 
					 
					
						
						
							
							add strict SPF and DMARC records to any subdomains (including custom records) that do not have SPF/DMARC set  
						
						... 
						
						
						
						closes  #208  
					
						2014-09-26 14:01:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9b6f9859d1 
							
						 
					 
					
						
						
							
							dns_update: assume DKIM is present  
						
						
						
					 
					
						2014-09-26 14:01:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4e6d572de9 
							
						 
					 
					
						
						
							
							ensure Python operates in UTF-8 with a consistent locale for all users  
						
						... 
						
						
						
						fixes  #206  (hopefully) 
					
						2014-09-26 08:26:09 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							145186a6b6 
							
						 
					 
					
						
						
							
							link to Modoboa in README  
						
						
						
					 
					
						2014-09-26 08:20:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5714b3c6b7 
							
						 
					 
					
						
						
							
							bump bootstrap.sh to incoming 0.03 tag  
						
						
						
					 
					
						2014-09-24 12:48:15 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8e0967dd8e 
							
						 
					 
					
						
						
							
							if an earlier version of roundcube had already been installed, update to our target version  
						
						... 
						
						
						
						fixes  #195  
					
						2014-09-24 12:46:51 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5a89f3c633 
							
						 
					 
					
						
						
							
							don't allow catch-all addresses in the admin because they take precedence over mail users and that's counter-intuitive  
						
						... 
						
						
						
						For now use the command-line tools/mail.py if you need it.
see #200 
Revert "Changed incomming-email-input to type text"
This reverts commit 9631fab7b2 
						
					 
					
						2014-09-24 12:36:47 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ed8fb2d06d 
							
						 
					 
					
						
						
							
							the latest z-push introduces a new/second USE_FULLEMAIL_FOR_LOGIN parameter  
						
						... 
						
						
						
						see http://discourse.mailinabox.email/t/activesync-z-push-not-working/94/3  
						
					 
					
						2014-09-24 12:24:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8c8d9304ac 
							
						 
					 
					
						
						
							
							lock z-push to a particular upstream version by fmbiete/Z-Push-contrib commit hash  
						
						
						
					 
					
						2014-09-24 12:20:10 +00:00