Commit Graph

520 Commits

Author SHA1 Message Date
Joshua Tauberer 39bca053ed add 2048 bits of DH params for nginx, postfix, dovecot
nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own.

ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.)

see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3
2014-09-26 22:09:22 +00:00
Joshua Tauberer c2eb8e5330 typo in roundcube download URL
see 8e0967dd8e (commitcomment-7940724)
2014-09-26 14:26:45 +00:00
Joshua Tauberer ab47144ae3 add strict SPF and DMARC records to any subdomains (including custom records) that do not have SPF/DMARC set
closes #208
2014-09-26 14:01:03 +00:00
Joshua Tauberer 9b6f9859d1 dns_update: assume DKIM is present 2014-09-26 14:01:03 +00:00
Joshua Tauberer 4e6d572de9 ensure Python operates in UTF-8 with a consistent locale for all users
fixes #206 (hopefully)
2014-09-26 08:26:09 -04:00
Joshua Tauberer 145186a6b6 link to Modoboa in README 2014-09-26 08:20:13 -04:00
Joshua Tauberer 5714b3c6b7 bump bootstrap.sh to incoming 0.03 tag 2014-09-24 12:48:15 +00:00
Joshua Tauberer 8e0967dd8e if an earlier version of roundcube had already been installed, update to our target version
fixes #195
2014-09-24 12:46:51 +00:00
Joshua Tauberer 5a89f3c633 don't allow catch-all addresses in the admin because they take precedence over mail users and that's counter-intuitive
For now use the command-line tools/mail.py if you need it.

see #200

Revert "Changed incomming-email-input to type text"

This reverts commit 9631fab7b2.
2014-09-24 12:36:47 +00:00
Joshua Tauberer ed8fb2d06d the latest z-push introduces a new/second USE_FULLEMAIL_FOR_LOGIN parameter
see http://discourse.mailinabox.email/t/activesync-z-push-not-working/94/3
2014-09-24 12:24:35 +00:00
Joshua Tauberer 8c8d9304ac lock z-push to a particular upstream version by fmbiete/Z-Push-contrib commit hash 2014-09-24 12:20:10 +00:00
Joshua Tauberer c1ccd22531 put a start script at /usr/local/bin/mailinabox 2014-09-22 16:37:12 -04:00
Joshua Tauberer 01c964bfe3 update bootstrap.sh for next tag 2014-09-22 16:35:07 -04:00
Joshua Tauberer 6c59294e7b more readable bash 2014-09-21 16:05:11 -04:00
Joshua Tauberer 9d40a12f44 first pass at making readable documentation by parsing the bash scripts 2014-09-21 13:43:31 -04:00
Joshua Tauberer c2ddabe683 fix ajax loading indicator positioning 2014-09-21 17:41:46 +00:00
Joshua Tauberer 846768efcb admin: update user's password from the admin 2014-09-21 17:24:01 +00:00
Joshua Tauberer 8dfbb90f3a admin: simplify the users table a bit 2014-09-21 17:10:23 +00:00
Joshua Tauberer c7c3bd33cf DNS API should reject qnames that aren't in a zone managed by the box
see https://discourse.mailinabox.email/t/set-www-a-and-other-dns-records-after-install/63/10
2014-09-21 13:37:30 +00:00
Joshua Tauberer 1637153566 make the DNS API a little clearer 2014-09-21 13:37:30 +00:00
Joshua Tauberer 05510f25a5 warn if a SSL cert is expiring in 30 days 2014-09-21 13:37:30 +00:00
Joshua Tauberer b8ea7282b0 don't run `apt-get update` when generating the status checks output because it is so slow and should be update daily by cron anyway 2014-09-21 13:37:30 +00:00
Joshua Tauberer dd91553689 open the firewall to an alternative SSH port if set
https://discourse.mailinabox.email/t/opening-up-a-custom-port-for-ssh-after-install/55/2
2014-09-20 08:26:10 -04:00
Joshua Tauberer 98651deea4 python3-dev is a dependency for many pip packages, including pyyaml, fixes #196 2014-09-17 21:56:09 +00:00
Joshua Tauberer ff0c85615b correct typo in comment 2014-09-15 10:02:25 +00:00
Joshua Tauberer 16e2350fef revise the description of A records on domains: the A record must be present for good deliverability so that the envelope domain resolves, but it doesn't have to resolve to this machine 2014-09-15 06:00:50 -04:00
Joshua Tauberer 52b2e27451 Merge pull request #193 from waldyrious/patch-1
add link to contributors, remove duplicate "to"s
2014-09-13 20:54:26 -04:00
Waldir Pimenta 48bb8a90d2 add link to contributors, remove duplicate "to"s 2014-09-14 01:45:10 +01:00
Joshua Tauberer 941684f4d9 Merge pull request #192 from ch000/patch-1
Changed incomming-email-input to type text
2014-09-12 12:15:24 -04:00
Christian 9631fab7b2 Changed incomming-email-input to type text
The input type="email" validation won't allow "@example.com", which is needed for catch-all-aliases.
2014-09-12 18:08:33 +02:00
Joshua Tauberer 4f4a8faa00 Merge pull request #188 from Bretos/master
update roundcube version
2014-09-10 09:04:27 -04:00
Bretos 467f04facb update roundcube version 2014-09-10 12:32:32 +02:00
Joshua Tauberer 196e42e8b5 don't automatically create an alias if a user account already exists by that name
In the event the first user is an address that we'd normally create as an alias,
we'd generate a loop from the alias to the administrative alias to the first user
account (which was the alias again).

hopefully fixes #186
2014-09-09 11:41:47 +00:00
Joshua Tauberer f09da719f7 show the response from spamhaus.org in the status checks output 2014-09-08 20:27:26 +00:00
Joshua Tauberer e9e95cbed5 tweak backup explanatory text 2014-09-08 20:12:31 +00:00
Joshua Tauberer 98fc449b49 only hold onto backups for 14 days (not 31) and show when the backups will be deleted in the control panel 2014-09-08 20:09:18 +00:00
Joshua Tauberer bab8b515ea new logic for determining when to take a full backup 2014-09-08 19:42:54 +00:00
Joshua Tauberer cce6bc02a8 add links to IANA tables for DNSSEC algorithm/digest number assignemnts 2014-09-07 10:59:20 -04:00
Joshua Tauberer 85d4fad030 add Hacker News links to README 2014-09-07 10:59:20 -04:00
Joshua Tauberer 7ea956d3bc install network-checks's dependencies
Since it runs before the real setup begins, we must make sure that packages are installed.

Also removing bind9-host's installation from system.sh. In 189dd6000e I added this so we could use `host`
to aid Docker autoconfiguration. Docker support was since removed but this hadn't gotten removed, which lead me to think it was
normally installed by Ubuntu. It's now installed in `network-checks.sh`.

fixes #180
2014-09-07 12:29:23 +00:00
Joshua Tauberer 110e0f90d9 dns: move the quoting of TXT records to when we write the zone file so that we can display it unquoted in the External DNS instructions 2014-09-07 11:42:20 +00:00
Joshua Tauberer 954a234aa9 move website link to the top of README 2014-09-07 07:24:50 -04:00
Joshua Tauberer b5122770cc tweak admin template for external DNS 2014-09-07 07:22:39 -04:00
Joshua Tauberer 711b1128e3 Merge pull request #178 from jkaberg/master
Support more concurrent connections for PHP services
2014-09-04 10:42:19 -04:00
Joel Kåberg 6b13ac1ca9 Support more concurrent connections 2014-09-04 16:40:33 +02:00
Joel Kåberg 9fd6958dc2 Revert commit "Support more concurrent connections for z-push" 2014-09-04 16:39:38 +02:00
Joel Kåberg e434bf9fce Support more concurrent connections for z-push
My logs were showing lots of: 
[04-Sep-2014 15:52:41] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
2014-09-04 16:11:06 +02:00
Joshua Tauberer 03f9358de4 when checking SSL certs are OK, check for wildcard certificates
fixes #175 (hopefully)
2014-09-03 17:31:47 +00:00
Joshua Tauberer c7a2aad0f8 tweak readme to emphasize not being customizable 2014-09-03 11:10:30 -04:00
Joshua Tauberer c75a2c4ca0 add a warning not to use owncloud-unlockadmin.sh 2014-09-03 11:02:09 -04:00