Commit Graph

157 Commits

Author SHA1 Message Date
John Supplee 38ac127344 v0.50 (September 25, 2020)
--------------------------
 
 Setup:
 
 * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.
 
 Mail:
 
 * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
 * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
 
 DNS:
 
 * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
 * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.
 
 TLS:
 
 * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
 
 Control Panel:
 
 * The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
 * User passwords can now have spaces.
 * Status checks for automatic subdomains have been moved into the section for the parent domain.
 * Typo fixed.
 
 Web:
 
 * The default web page served on fresh installations now adds the `noindex` meta tag.
 * The HSTS header is revised to also be sent on non-success responses.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9t2AgPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BZNkH/1jIGoWTz0xlS+e+TeXpHoCp/7zYAvQq/a/y
 vj9t1N1+bBg6Ywbd8UxyvOHwuL/UQU/5LTq6hk3gD+2ARfJUvDRbb047Xzlisg3N
 LhNoVhVbsxqKP1X2ZjeIBq9DgzMavuB64Bwd5UNdceM0Addi8KuCDOMF+FNY2t8k
 xytGjYdBi1/BG6SLBX+FAm5yrJghmkUJs2FnJjebSyyeV2HP3L1iBrk2N8UBd6PU
 fVjde534lgygFZK/8yXJpY2olfLMYJv7CaOMxvaW6RpbMI8VeLwDLfRt5LcrQZqq
 YXkuEnUI0eygbQYkeK/Vr1Vey6uQAWzIfbImEglHfvOXsZSYFXs=
 =SJNM
 -----END PGP SIGNATURE-----

Merge tag 'v0.50' of https://github.com/mail-in-a-box/mailinabox into master

v0.50 (September 25, 2020)
--------------------------

Setup:

* When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.

Mail:

* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.

DNS:

* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.

TLS:

* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.

Control Panel:

* The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
* User passwords can now have spaces.
* Status checks for automatic subdomains have been moved into the section for the parent domain.
* Typo fixed.

Web:

* The default web page served on fresh installations now adds the `noindex` meta tag.
* The HSTS header is revised to also be sent on non-success responses.

# gpg verification failed.

# Conflicts:
#	.gitignore
#	setup/bootstrap.sh
2020-10-11 18:16:36 +02:00
John R. Supplee c13343ec7f v0.48
Roundcube XSS vulnerability fixed.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9GpkcPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BoYAH/2NjdfN2d6f45uPq/X32bBAc6wfI7Cs9yCKp
 LOrAfPlmE0jRSm9ThATfZvaWci2r2IFhsFzQ9bWHpbIP5YD7mDD50I2uTnZa9BV4
 MsI40VXoh0BAgkWRqK60rTw0lQ9YGT+1TNLDEs1Y7vBjfTCOh4MMn4jUXkIEHDQg
 2pSHY1RUq7T0wRaHS+rTPDccotS/xCGg6uZJ+gSlvhRdxakAe9mo8139KD/4fjT8
 HK6igpwHsn3POg7mmJoSYXtScmWRYfnSV9kyfYyVyjhu5/uIowdICwFOzX7G7ruM
 yA/azBlyMs898e5jYFR1tQqQ1rVYVy/nqCQOiyJa34ngHGSi41U=
 =a9fn
 -----END PGP SIGNATURE-----

Merge tag 'v0.48' of https://github.com/mail-in-a-box/mailinabox

v0.48

Roundcube XSS vulnerability fixed.
2020-10-07 14:33:26 +02:00
Joshua Tauberer 03bff5292b v0.50
v0.50 (September 25, 2020)
--------------------------

Setup:

* When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.

Mail:

* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.

DNS:

* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.

TLS:

* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.

Control Panel:

* The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
* User passwords can now have spaces.
* Status checks for automatic subdomains have been moved into the section for the parent domain.
* Typo fixed.

Web:

* The default web page served on fresh installations now adds the `noindex` meta tag.
* The HSTS header is revised to also be sent on non-success responses.
2020-09-25 07:43:30 -04:00
Joshua Tauberer 0d72566c99 Merge v0.48 point release branch 2020-08-26 14:11:56 -04:00
Joshua Tauberer 62db58eaaf v0.48 2020-08-26 14:11:01 -04:00
Joshua Tauberer 65983b8ac7 Merge v0.47 point release branch 2020-07-29 10:27:06 -04:00
hija 56d0289ed9 v0.47 2020-07-29 10:24:56 -04:00
John R. Supplee e346ccfb02 v0.46
v0.46 (June 11, 2020)
 ---------------------
 
 Security fixes:
 
 * Roundcube is updated to version 1.4.6 (https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12).
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl7iW4MPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92B8awIAITrRfkfOFIfk7mbHY1giz/CJWP6+5EOV7J/
 a/1JOwRTccEy9Pjs1Tf/3VdamFnG6A5dzTNI/tPtqvVCT5cwy84mdCHgPFuZaLCs
 xBGdW8lf98a4sIP21GOXNi2mJlDqKog5ocGjgNJBw5mhCtY4A2IkjJ9S2X/bs1q0
 vAa1aBcNxaniTjLdTr80jVrzGzz9K6JtRowGDLz3YoJBxYCgXo/9CUTk3tOK+My2
 OnKVQCGX/23XoF5dYNtDmQBB3AwUfortBA30WNeipJ4VzgikcUQCyhrR3/wPr6P9
 wmVYmzv4Qw1bv/9ygijM4XLvgXx86LZPaFv+M82V7+Z3eIDW6QY=
 =8Sy4
 -----END PGP SIGNATURE-----

Merge tag 'v0.46' of https://github.com/mail-in-a-box/mailinabox

v0.46

v0.46 (June 11, 2020)
---------------------

Security fixes:

* Roundcube is updated to version 1.4.6
(https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12).
2020-07-07 10:31:25 +02:00
Joshua Tauberer 224242dfde Merge v0.46 point release branch 2020-06-11 12:25:49 -04:00
Joshua Tauberer 049bfb6f7f v0.46 2020-06-11 12:23:18 -04:00
Joshua Tauberer bc1be9d70a readme fixes 2020-05-30 08:15:31 -04:00
Joshua Tauberer 10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
John R. Supplee 332d2c3feb Add changes for new version to README 2020-05-17 18:19:11 +02:00
John R. Supplee c152fe6312 v0.45 (May 16, 2020)
Security fixes:
 
 * Fix missing brute force login protection for Roundcube logins.
 
 Software updates:
 
 * Upgraded Roundcube from 1.4.2 to 1.4.4.
 * Upgraded Nextcloud from 17.0.2 to 17.0.6 (with Contacts from 3.1.6 to 3.3.0 and Calendar from 1.7.1 to v2.0.3)
 * Upgraded Z-Push to 2.5.2.
 
 System:
 
 * Nightly backups now occur on a random minute in the 3am hour (in the system time zone). The minute is chosen during Mail-in-a-Box installation/upgrade and remains the same until the next upgrade.
 * Fix for mail log statistics report on leap days.
 * Fix Mozilla autoconfig useGlobalPreferredServer setting.
 
 Web:
 
 * Add a new hidden feature to set nginx alias in www/custom.yaml.
 
 Setup:
 
 * Improved error handling.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl7AbCoPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BjbEIAIwmIpgNCT+age/SsUhDY8pjnFQWXBCl1nwa
 RFN40Ev73DoBXUP+za4RE0eyCLIw5/laCwCjaESobiBTuc6boC1QU4abFUV5NfJQ
 P3AnQ2qXkrtcmIQX42ge4AGsL3vMVRtjZWb+bvut2SmLB8BI5w/9XsQAS59lqSz0
 kK6ShlDmFaToMgTQqwl0CW8a0vdjRca5Mq011xUZrvqTAm7ACQIvS6np4UYBGSNy
 bU8O1xWMJb0HlO7f+bWCDYr1I+nRS1xXMW9pKsE08YFwcRLa+C42QkDXDuS/o/zj
 EXBLGwYcB0DEu4wLLbih8xdbED2ZiMO2t6IHtbXPcoLtHo3Tv6I=
 =RUkr
 -----END PGP SIGNATURE-----

Merge tag 'v0.45' of https://github.com/mail-in-a-box/mailinabox

v0.45 (May 16, 2020)

Security fixes:

* Fix missing brute force login protection for Roundcube logins.

Software updates:

* Upgraded Roundcube from 1.4.2 to 1.4.4.
* Upgraded Nextcloud from 17.0.2 to 17.0.6 (with Contacts from 3.1.6 to 3.3.0 and Calendar from 1.7.1 to v2.0.3)
* Upgraded Z-Push to 2.5.2.

System:

* Nightly backups now occur on a random minute in the 3am hour (in the system time zone). The minute is chosen during Mail-in-a-Box installation/upgrade and remains the same until the next upgrade.
* Fix for mail log statistics report on leap days.
* Fix Mozilla autoconfig useGlobalPreferredServer setting.

Web:

* Add a new hidden feature to set nginx alias in www/custom.yaml.

Setup:

* Improved error handling.
2020-05-17 18:17:44 +02:00
Joshua Tauberer 7de8fc9bc0 v0.45 2020-05-16 06:45:23 -04:00
John R. Supplee 9b96b93260 Merge v0.44
# Conflicts:
#	setup/bootstrap.sh
2020-03-02 21:54:27 +02:00
Joshua Tauberer 30c2c60f59 v0.44 2020-02-15 07:15:09 -05:00
Bart a67f90593d Replace dead link with archive.org link (#1698) 2019-12-19 18:33:36 -05:00
John Supplee 8e94402282 Fix bug in displaying users when there is an archived user 2019-11-22 17:13:57 +02:00
John Supplee 0860a93e84 New release to remove extra features from the master branch 2019-10-11 12:43:32 +02:00
John Supplee 473d4616f2 update README for new release 2019-10-10 17:09:33 +02:00
John Supplee a05a33051e Increment quota version to 0.19-beta 2019-10-04 17:46:10 +02:00
John R. Supplee 105a07e276 Update README 2019-09-02 18:40:52 -04:00
John R. Supplee 4686c8cd25 v0.43 (September 1, 2019)
-------------------------
 
 Security fixes:
 
 * A security issue was discovered in rsync backups. If you have enabled rsync backups, the file `id_rsa_miab` may have been copied to your backup destination. This file can be used to access your backup destination. If the file was copied to your backup destination, we recommend that you delete the file on your backup destination, delete `/root/.ssh/id_rsa_miab` on your Mail-in-a-Box, then re-run Mail-in-a-Box setup, and re-configure your SSH public key at your backup destination according to the instructions in the Mail-in-a-Box control panel.
 * Brute force attack prevention was missing for the managesieve service.
 
 Setup:
 
 * Nextcloud was not upgraded properly after restoring Mail-in-a-Box from a backup from v0.40 or earlier.
 
 Mail:
 
 * Upgraded Roundcube to 1.3.10.
 * Fetch an updated whitelist for greylisting on a monthly basis to reduce the number of delayed incoming emails.
 
 Control panel:
 
 * When using secondary DNS, it is now possible to specify a subnet range with the `xfr:` option.
 * Fixed an issue when the secondary DNS option is used and the secondary DNS hostname resolves to multiple IP addresses.
 * Fix a bug in how a backup configuration error is shown.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl1rrwIPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BgckIALFnDFxhQ18MtClpi79+rnl1aA5DqbToCuI2
 MHIAOmxIVSavnd5MZZ3efXWAzIniEpbq0X+6Rlzas5lkreT1mHoJsKdkt0bOqy1a
 ZF2vT5UnUM9cwPHkU1ak/TaD9v97wbHpWWGwAK+/zTL6w1ReCVfQ2QzCzoDaY7xh
 OZFXE+YsaI7qZeG3Q4jfFr0IYDowLgjgBpdWvO71QKzWjIIvBNX1ZGt2r+cuKmQ5
 JOXIAR4fdri0p8dMd2sqq0FatBBCfjHDBykA/+GzJJDBX7MNoZsQT3bowrhj8XPS
 f5cKUKm7zlDsm02bfCtDD6nvYYUxvOdQx7yfdL8RYSdy71Chs20=
 =7M/i
 -----END PGP SIGNATURE-----

Merge tag 'v0.43' of https://github.com/mail-in-a-box/mailinabox

v0.43 (September 1, 2019)
-------------------------

Security fixes:

* A security issue was discovered in rsync backups. If you have enabled rsync backups, the file `id_rsa_miab` may have been copied to your backup destination. This file can be used to access your backup destination. If the file was copied to your backup destination, we recommend that you delete the file on your backup destination, delete `/root/.ssh/id_rsa_miab` on your Mail-in-a-Box, then re-run Mail-in-a-Box setup, and re-configure your SSH public key at your backup destination according to the instructions in the Mail-in-a-Box control panel.
* Brute force attack prevention was missing for the managesieve service.

Setup:

* Nextcloud was not upgraded properly after restoring Mail-in-a-Box from a backup from v0.40 or earlier.

Mail:

* Upgraded Roundcube to 1.3.10.
* Fetch an updated whitelist for greylisting on a monthly basis to reduce the number of delayed incoming emails.

Control panel:

* When using secondary DNS, it is now possible to specify a subnet range with the `xfr:` option.
* Fixed an issue when the secondary DNS option is used and the secondary DNS hostname resolves to multiple IP addresses.
* Fix a bug in how a backup configuration error is shown.
2019-09-02 18:39:23 -04:00
Joshua Tauberer 9e29564f48 v0.43 2019-09-01 07:43:47 -04:00
John R. Supplee 7636a7b40b Update README for v0.42b 2019-08-28 17:50:38 -04:00
John R. Supplee 32a0b0467f v0.42b (August 3, 2019)
-----------------------
 
 Changes:
 
 * Decreased the minimum supported RAM to 502 Mb.
 * Improved mail client autoconfiguration.
 * Added support for S3-compatible backup services besides Amazon S3.
 * Fixed the control panel login page to let LastPass save passwords.
 * Fixed an error in the user privileges API.
 * Silenced some spurrious messages.
 
 Software updates:
 
 * Upgraded Roundcube from 1.3.8 to 1.3.9.
 * Upgraded Nextcloud from 14.0.6 to 15.0.8 (with Contacts from 2.1.8 to 3.1.1 and Calendar from 1.6.4 to 1.6.5).
 * Upgraded Z-Push from 2.4.4 to 2.5.0.
 
 Note that v0.42 (July 4, 2019) was pulled shortly after it was released to fix a Nextcloud upgrade issue.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl1FrScPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BCvgH/AieqUcy/ujFML4YeIKY/ThQNFdI6VUO0b4b
 QBzR9ixc9ctp6qV+wVfnL22xO4V2rcO/eMAKMc6AzOw6E97iWHtK/4L2fmRYXclw
 arln7LokFTczSp1J29ldRjCYMn3dOS1IvBRJe8JWvFNdQY6gGaGrhqV/nCIECOWP
 sJsJ/sPv2d4ZapbQtfqBh2WiLADNf1CSmDpkCXwS9Va+XstVeprIk1Kbsy8z5L8K
 0cFZWxiWTB/hgHD/BqUNxrzB5mS4fCyr9c9g+OIjZFeoF/olYPp4SsEFHPQ604YG
 qRupfjdG1bWHUpTT5lvG1AVIIPJPnvFk/Ctk1iQiYSU5BzbvKz8=
 =4QdN
 -----END PGP SIGNATURE-----

Merge tag 'v0.42b' of https://github.com/mail-in-a-box/mailinabox

v0.42b (August 3, 2019)
-----------------------

Changes:

* Decreased the minimum supported RAM to 502 Mb.
* Improved mail client autoconfiguration.
* Added support for S3-compatible backup services besides Amazon S3.
* Fixed the control panel login page to let LastPass save passwords.
* Fixed an error in the user privileges API.
* Silenced some spurrious messages.

Software updates:

* Upgraded Roundcube from 1.3.8 to 1.3.9.
* Upgraded Nextcloud from 14.0.6 to 15.0.8 (with Contacts from 2.1.8 to
3.1.1 and Calendar from 1.6.4 to 1.6.5).
* Upgraded Z-Push from 2.4.4 to 2.5.0.

Note that v0.42 (July 4, 2019) was pulled shortly after it was released
to fix a Nextcloud upgrade issue.

5F4C0E7313CCD744693B2AEAB92041F4C10BDD81
2019-08-28 17:26:00 -04:00
Joshua Tauberer e37768ca86 v0.42b 2019-08-03 11:49:32 -04:00
Joshua Tauberer 39fd4ce16c v0.42 2019-07-04 21:34:55 -04:00
John Supplee 0f7bbe0dde
Update README.md 2019-04-15 16:34:56 +02:00
John Supplee e64595fc67 New version to tag with annotated tag 2019-03-30 14:23:38 +02:00
John Supplee 4c9548edaa change project status to beta 2019-03-30 13:58:54 +02:00
John Supplee adf7a31866 Update README and bump the version 2019-02-27 15:02:11 +02:00
John Supplee 4cbf05187c Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox into devel 2019-02-27 12:52:41 +02:00
Joshua Tauberer dd7a2aa8a6 v0.41 2019-02-26 18:17:50 -05:00
John Supplee 2b70277a35 Update README instructions for installing and upgrading 2019-02-15 16:08:06 +02:00
John Supplee 7f8336e459 Fix bug with quota input that prevented adding users 2019-02-11 16:10:09 +02:00
John Supplee 53d1c1e4e9 Release new version v0.40-quota-0.15-alpha 2019-02-06 12:58:05 +02:00
John Supplee 44a31733ac update latest version and update README 2019-02-05 13:36:53 +02:00
John Supplee 937ef47c2a Remove default quota support from the TODOs 2019-02-01 21:51:49 +02:00
John Supplee 6964ed238a Show correct reference for updating versions 2019-02-01 19:01:59 +02:00
John Supplee 2c6aea24cb Update README to reflect the latest changes 2019-02-01 18:38:00 +02:00
John Supplee 7874683618 Add percentage used and update tools/mail.py to set quotas 2019-02-01 15:36:27 +02:00
John Supplee 6de34b0464 Update README to have section for installation and upgrading 2019-01-31 12:28:32 +02:00
John Supplee 9a9e0116a1 Update to version v0.40-quota-0.12-alpha 2019-01-31 10:23:42 +02:00
John Supplee 863e8895a0 Add the quota column to the users table 2019-01-30 17:14:48 +02:00
John Supplee 98e04bb11f Update README for first alpha release 2019-01-30 12:52:02 +02:00
John Supplee 2bebd727c2 Fix README 2019-01-30 10:47:07 +02:00
John Supplee fbf990092c Add progress to README 2019-01-30 09:44:23 +02:00
John Supplee a8f02c1eb0 Fix problems with users that do not have maildirsize file 2019-01-30 00:01:16 +02:00