Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							17a149947a 
							
						 
					 
					
						
						
							
							other CHANGELOG updates  
						
						
						
					 
					
						2015-06-24 18:16:25 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a2c50ae967 
							
						 
					 
					
						
						
							
							note the new SMTP mail from restriction in the changelog and security guide  
						
						
						
					 
					
						2015-06-24 18:12:41 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							13958ba4df 
							
						 
					 
					
						
						
							
							Merge pull request  #427  from pichak/add-sender-login-mismatch  
						
						... 
						
						
						
						Reject outgoing mail if MAIL FROM (envelope sender) does not match login name or is not an alias that directs mail (directly) to login name. 
						
					 
					
						2015-06-24 18:03:03 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8eb71483f3 
							
						 
					 
					
						
						
							
							Merge pull request  #450  from agriffaut/patch-1  
						
						... 
						
						
						
						ownCloud breaks if download fails (Issue #449 ) 
						
					 
					
						2015-06-24 08:11:30 -04:00 
						 
				 
			
				
					
						
							
							
								aLeX 
							
						 
					 
					
						
						
						
						
							
						
						
							d8e30883fa 
							
						 
					 
					
						
						
							
							Issue  #449  
						
						... 
						
						
						
						If the downloaded file doesn't pass hash verification, the script exits and leaves a broken system
Just make hash verification before moving owncloud directory 
						
					 
					
						2015-06-24 14:06:01 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							47acbbf332 
							
						 
					 
					
						
						
							
							bump to latest version of my email_validator library  
						
						
						
					 
					
						2015-06-23 16:43:35 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							dece359c90 
							
						 
					 
					
						
						
							
							validate certificates using the cryptography python package as much as possible, shelling out to openssl just once instead of four times per certificate  
						
						... 
						
						
						
						* Use `cryptography` instead of parsing openssl's output.
* When checking if we can reuse the primary domain certificate or a www-parent-domain certificate for a domain, avoid shelling out to openssl entirely. 
						
					 
					
						2015-06-21 14:53:37 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6a9eb4e367 
							
						 
					 
					
						
						
							
							improve inline documentation for the virtual-alias-maps query  
						
						
						
					 
					
						2015-06-21 08:22:33 -04:00 
						 
				 
			
				
					
						
							
							
								Morteza Milani 
							
						 
					 
					
						
						
						
						
							
						
						
							fc03ce9b2f 
							
						 
					 
					
						
						
							
							Fix login map. Now includes both emails and aliases  
						
						
						
					 
					
						2015-06-20 03:27:18 -07:00 
						 
				 
			
				
					
						
							
							
								Toilal 
							
						 
					 
					
						
						
						
						
							
						
						
							ce17c12ca2 
							
						 
					 
					
						
						
							
							Use netcat to check if mailinabox webservice is available  
						
						... 
						
						
						
						[JT added installing netcat-openbsd in system.sh] 
						
					 
					
						2015-06-18 08:04:46 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5edaeb8c7b 
							
						 
					 
					
						
						
							
							add a new autoconfiguration option PRIMARY_HOSTNAME=auto to simply grab the hostname from reverse DNS  
						
						... 
						
						
						
						drawn from 5b23a06a74 
						
					 
					
						2015-06-18 07:46:09 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3a28d1b073 
							
						 
					 
					
						
						
							
							showing the Mail-in-a-Box version using git describe was broken since  dd6a8d99 
						
						
						
					 
					
						2015-06-18 07:45:55 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6f2226bfcd 
							
						 
					 
					
						
						
							
							move more of start.sh into questions.sh to keep start.sh cleaner and encapsulate all of the variable setting in a single script  
						
						... 
						
						
						
						Based on 5b23a06a74 
						
					 
					
						2015-06-18 07:38:18 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							97cd4c64ad 
							
						 
					 
					
						
						
							
							don't expose PHP version in the X-Powered-By header,  closes   #439 ,  fixes   #433  
						
						
						
					 
					
						2015-06-18 11:12:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							43d50d0667 
							
						 
					 
					
						
						
							
							Merge pull request  #445  from bizonix/patch-1  
						
						... 
						
						
						
						fix wrong redirect for automatic www subdomain redirects 
						
					 
					
						2015-06-18 07:05:01 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6258a7f311 
							
						 
					 
					
						
						
							
							status checks were broken if sshd was not present,  fixes   #444  
						
						
						
					 
					
						2015-06-18 11:01:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ab36cc8968 
							
						 
					 
					
						
						
							
							whitespace=>tabs  
						
						
						
					 
					
						2015-06-18 10:54:51 +00:00 
						 
				 
			
				
					
						
							
							
								bizonix 
							
						 
					 
					
						
						
						
						
							
						
						
							33b71c6b3c 
							
						 
					 
					
						
						
							
							fix wrong redirect  
						
						... 
						
						
						
						$ curl -I https://www.site.co.il/static/images/1.png?a=b  | grep Location
Location: https://site.co.il?a=b 
but should be something like 
Location: https://site.co.il/static/images/1.png?a=b  
						
					 
					
						2015-06-18 01:48:15 +03:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							34e821c102 
							
						 
					 
					
						
						
							
							Roundcube 1.1.2  
						
						
						
					 
					
						2015-06-17 11:00:15 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2af557139d 
							
						 
					 
					
						
						
							
							default IPv6 AAAA records were missing  
						
						... 
						
						
						
						This was broken by the ability to have multiple TXT records in 9f1d633ae4 
						
					 
					
						2015-06-17 06:47:22 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9e0dcd8718 
							
						 
					 
					
						
						
							
							security.md: add a section on DNSSEC specifically  
						
						
						
					 
					
						2015-06-15 10:24:16 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							be2b5a62de 
							
						 
					 
					
						
						
							
							ownCloud updated to version 8.0.4  
						
						
						
					 
					
						2015-06-14 16:04:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0cbba71c72 
							
						 
					 
					
						
						
							
							merge  #429  - Move OwnCloud's config to Storage Root  
						
						
						
					 
					
						2015-06-14 15:48:09 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d28563fb45 
							
						 
					 
					
						
						
							
							tweak the ownCloud config location migration (no need for third ln)  
						
						
						
					 
					
						2015-06-14 15:42:32 +00:00 
						 
				 
			
				
					
						
							
							
								Norman Stanke 
							
						 
					 
					
						
						
						
						
							
						
						
							38632f0f90 
							
						 
					 
					
						
						
							
							Move OwnCloud's config to Storage Root  
						
						
						
					 
					
						2015-06-12 14:53:02 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0754ce01b1 
							
						 
					 
					
						
						
							
							questions.sh needs to apt-get update before it does an apt-get install, see  #431 , see  #438  
						
						
						
					 
					
						2015-06-10 09:43:22 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1ef455d37d 
							
						 
					 
					
						
						
							
							bootstrap.sh needs to apt-get update before it does an apt-get install,  fixes   #431  
						
						
						
					 
					
						2015-06-10 09:33:47 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d152603abd 
							
						 
					 
					
						
						
							
							changelog entries and mention our forks of postgrey and dovecot in the README  
						
						
						
					 
					
						2015-06-10 09:27:29 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9e125aec00 
							
						 
					 
					
						
						
							
							Merge pull request  #436  from bizonix/patch-1  
						
						... 
						
						
						
						fix loop redirecting 
						
					 
					
						2015-06-07 16:30:58 -04:00 
						 
				 
			
				
					
						
							
							
								bizonix 
							
						 
					 
					
						
						
						
						
							
						
						
							2c90c267bd 
							
						 
					 
					
						
						
							
							fix loop redirecting  
						
						... 
						
						
						
						server is redirecting the request for this address in a way that will never complete 
						
					 
					
						2015-06-07 21:50:41 +03:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							47de93961e 
							
						 
					 
					
						
						
							
							OCSP improvements  
						
						... 
						
						
						
						* Set ssl_stapling_verify to off per https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx  ('on' has no security benefits).
* Set resolver to 127.0.0.1, instead of Google Public DNS, because we might as well use our local nameserver anyway.
* Remove the commented line which per the link above would never be necessary anyway.
OCSP seems to work just fine after these changes. 
						
					 
					
						2015-06-06 23:24:09 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1990f32ca4 
							
						 
					 
					
						
						
							
							typo,  fixes   #435  
						
						
						
					 
					
						2015-06-06 13:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							807939c0e4 
							
						 
					 
					
						
						
							
							make the +tag address tips clearer  
						
						
						
					 
					
						2015-06-06 13:02:23 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a1c7bf0883 
							
						 
					 
					
						
						
							
							add munin to readme  
						
						
						
					 
					
						2015-06-06 12:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5008cc603e 
							
						 
					 
					
						
						
							
							merge - munin system monitoring  
						
						
						
					 
					
						2015-06-06 12:52:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9857db96cd 
							
						 
					 
					
						
						
							
							add a link to the /admin/munin page from the control panel nav bar  
						
						
						
					 
					
						2015-06-06 12:52:16 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e9e6d94e3b 
							
						 
					 
					
						
						
							
							the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac  
						
						
						
					 
					
						2015-06-06 12:38:19 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							462a79cf47 
							
						 
					 
					
						
						
							
							fix what counts as a required alias,  fixes   #434  
						
						
						
					 
					
						2015-06-06 12:12:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f792deeebd 
							
						 
					 
					
						
						
							
							when the undocumented custom web settings has a redirect or proxy at the root of a domain, use a minimal nginx config template (same as the new default www redirects)  
						
						
						
					 
					
						2015-06-04 12:32:00 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							95173bb327 
							
						 
					 
					
						
						
							
							provide redirects from www subdomains of zones to their parent domain  
						
						... 
						
						
						
						* Split the nginx templates again so we have just the part needed to make a domain do a redirect separate from the rest.
* Add server blocks to the nginx config for these domains.
* List these domains in the SSL certificate install admin panel.
* Generate default 'www' records just for domains we provide default redirects for.
Fixes  #321 . 
						
					 
					
						2015-06-04 12:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1d09e2406b 
							
						 
					 
					
						
						
							
							refactor how the nginx config file is assembled  
						
						... 
						
						
						
						This doesn't change anything. Just preparation for the next commit. 
						
					 
					
						2015-06-04 12:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c9add7a8bf 
							
						 
					 
					
						
						
							
							if a user sets a custom A record on PRIMARY_HOSTNAME, which is ignored anyway, don't let that cause PRIMARY_HOSTNAME from being dropped from nginx.conf  
						
						... 
						
						
						
						Could be related to https://discourse.mailinabox.email/t/nginx-lost-admin-record-after-install-ssl-cert-problem/528 . 
						
					 
					
						2015-06-04 12:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e4caed9277 
							
						 
					 
					
						
						
							
							add a note in the setup script about the use of our postgrey fork and dnswl's license terms  
						
						
						
					 
					
						2015-06-03 16:28:20 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1760eaa601 
							
						 
					 
					
						
						
							
							merge  #406  - dovecot-lucene & packaging  
						
						
						
					 
					
						2015-06-03 15:51:16 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b25ce67fe1 
							
						 
					 
					
						
						
							
							bring the postgrey patches into this repository rather than maintaining them in a separate postgrey fork repository  
						
						
						
					 
					
						2015-06-03 15:50:25 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b23ba6f75e 
							
						 
					 
					
						
						
							
							simplify build/setup of dovecot-lucene package  
						
						
						
					 
					
						2015-06-03 15:48:35 -04:00 
						 
				 
			
				
					
						
							
							
								Morteza Milani 
							
						 
					 
					
						
						
						
						
							
						
						
							cf904a05cc 
							
						 
					 
					
						
						
							
							Reject outgoing mail if FROM does not match Login  
						
						
						
					 
					
						2015-06-01 21:26:01 -07:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							47a5a44b9e 
							
						 
					 
					
						
						
							
							v0.10  
						
						... 
						
						
						
						* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version.
* Roundcube now allows persistent logins using Roundcube-Persistent-Login-Plugin.
* ownCloud is updated to version 8.0.3.
* SPF records for non-mail domains were tightened.
* The minimum greylisting delay has been reduced from 5 minutes to 3 minutes.
* Users and aliases weren't working if they were entered with any uppercase letters. Now only lowercase is allowed.
* After installing an SSL certificate from the control panel, the page wasn't being refreshed.
* Backups broke if the box's hostname was changed after installation.
* Dotfiles (i.e. .svn) stored in ownCloud Files were not accessible from ownCloud's mobile/desktop clients.
* Fix broken install on OVH VPS's. 
						
					 
					
						2015-06-01 18:05:41 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a0e6c7ceb6 
							
						 
					 
					
						
						
							
							fix downloading dotfiles through ownCloud's webdav  
						
						... 
						
						
						
						fixes  #414  
					
						2015-05-30 18:03:37 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							49aa367ffa 
							
						 
					 
					
						
						
							
							merge  #422  - Add persistent login functionality to roundcube  
						
						
						
					 
					
						2015-05-30 14:07:50 +00:00