Commit Graph

1345 Commits

Author SHA1 Message Date
ChiefGyk 41ecc4aab8 Adds Fail2ban jails for nginx-http-auth, nginx-badbots, and owncloud, also needed to add original author credit to nginxjails 2016-06-28 13:32:53 -04:00
ChiefGyk d46176a3c3 forgot to switch branches before submitting commits 2016-06-28 13:30:38 -04:00
ChiefGyk 23f2b1688f reset 2016-06-28 12:31:21 -04:00
ChiefGyk c05312664d Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
Cleaning up my git was learning how to use git, and didn't learn about branches until now
2016-06-28 12:03:55 -04:00
ChiefGyk 3a1313144b moved blocklist script locally within installation 2016-06-27 09:38:14 -04:00
ChiefGyk 406f991be3 fixed error in my script copying nginx-badbots 2016-06-27 09:30:01 -04:00
ChiefGyk 20bf710b28 removed some more clutter from jail.local 2016-06-27 09:21:29 -04:00
Joshua Tauberer 82903cd09e Merge pull request #857 from biermeester/master
Small extension to mail log management script
2016-06-27 06:17:16 -04:00
ChiefGyk 7f89d7cb82 added line for rkhunter to first update when installed. 2016-06-27 04:32:06 -04:00
ChiefGyk b76c9330c5 some fixes to fail2ban filters and jail.local 2016-06-27 04:13:56 -04:00
ChiefGyk 5265839681 made rkhunter create a local file per suggestions 2016-06-27 04:10:39 -04:00
ChiefGyk 3701676304 fixed miab-munin.conf 2016-06-27 04:01:51 -04:00
ChiefGyk 187b28dc51 committed a fix for owncloud filter. Lack of caffeine caused me to enter a wrong part of my script 2016-06-27 03:58:30 -04:00
ChiefGyk cb35e6dd96 extended owncloud filter find time 2016-06-26 20:06:53 -04:00
ChiefGyk fd457e187c fixed some issues with warnings due to there not being a variable set for PKGMG=DPKG 2016-06-26 19:53:30 -04:00
ChiefGyk ab3fbad0b8 a couple minor changes to Fail2Ban #870 fixed a couple variables, copied owncloud.conf fail2ban from my own owncloud 9 server for my own business. Though it is commented out 2016-06-26 13:37:21 -04:00
ChiefGyk 933668f156 had rkhunter --propupd run before configs were changed. Fixed for #869, also added a crontab for RKHunter to automatically run daily at 4:15AM 2016-06-26 12:57:54 -04:00
ChiefGyk e0b333843a had rkhunter --propupd run before configs were changed. Fixed for #869 2016-06-26 12:48:26 -04:00
ChiefGyk 4f4ec5436a added RKHunter to system.sh on lines 122-134 per #869 and made it run everytime apt launches to install or update. This should help prevent rootkits. I also added a config to whitelist certain things 2016-06-26 12:44:39 -04:00
ChiefGyk 994727d2cd added script which automatically adds IP addresses which have been reported to be attacking other servers. It will update the IPTables automatically everyday, as well as perform the initial run the first day. As mentioned in #864 on the origin 2016-06-26 11:06:40 -04:00
ChiefGyk 6f1315f93a added missing log location for jail.local 2016-06-26 11:03:30 -04:00
ChiefGyk 3b1b70ed16 added Fail2ban filters from #866, #767, and #798 on main branch 2016-06-26 10:57:59 -04:00
Joshua Tauberer 5f5f00af4a for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting) 2016-06-12 09:11:55 -04:00
Joshua Tauberer 6b73bb5d80 outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4 2016-06-12 09:11:54 -04:00
Joshua Tauberer 3055f9a79c drop SSLv3, RC4 ciphers from SMTP port 25
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.

fixes #611
2016-06-12 09:11:50 -04:00
Rinze 1c84e0aeb6 Added received mail count to hourly activity overview in mail log management script 2016-06-10 13:08:57 +02:00
Rinze ae1b56d23f Added POP3 support to mail log management script 2016-06-10 11:19:03 +02:00
Rinze 946cd63e8e Mail log management script cleanup 2016-06-10 10:32:32 +02:00
Chris Blankenship fac8477ba1 Configured Dovecot to log into its own logfile 2016-06-06 08:21:44 -04:00
aspdye 61744095a8 Update Roundcube to 1.2.0
closes #840
2016-06-06 07:32:54 -04:00
Joshua Tauberer d5b38a27e6 run roundcube's database migration script on every update
There hasn't been a sqlite migration yet, since Mail-in-a-Box's creation, but with Roundcube 1.2 there will be.
2016-06-06 07:28:12 -04:00
Joshua Tauberer 6666d28c44 v0.18c 2016-06-02 15:47:45 -04:00
Joshua Tauberer 66675ff2e9 Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852
In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users.

But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too.
2016-06-02 08:05:34 -04:00
Joshua Tauberer 9ee2d946b7 Merge pull request #821 from m4rcs/before-backup
Added a pre-backup script to complement post-backup script.
2016-05-17 19:48:14 -04:00
Arnaud ff7d4196a6 target to blank for munin link in tempalte (#822)
adding :
target="_blank"
to 
<li><a href="/admin/munin">Munin Monitoring</a></li> on line 96
Why ?
Because when you click on munin link, and follow links, you lose your index, or click back many times...
So i propose my pull request.
Et voilà ^^
2016-05-17 19:46:45 -04:00
aspdye 490b36d86c Fix #819 (#823) 2016-05-17 19:46:10 -04:00
Joshua Tauberer 867d9c4669 v0.18b 2016-05-16 07:17:20 -04:00
Joshua Tauberer 1ad5892acd can't change roundcube's default_host setting, partially reverts 6d259a6e12
The default_host setting is a part of the internal username key. We can't change that without causing Roundcube to create new internal user accounts.
2016-05-16 07:14:45 -04:00
Joshua Tauberer 94b7c80792 v0.18 2016-05-15 20:41:31 -04:00
Marc Schiller 69bd137b4e Added a pre-backup script to complement post-backup script. 2016-05-11 10:11:16 +02:00
Joshua Tauberer ae8cd4efdf support 'dovecot -A' iteration of all users 2016-05-06 09:16:48 -04:00
Joshua Tauberer 6d259a6e12 use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost"
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.

This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12.)

I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.

Fixes #797
2016-05-06 09:10:38 -04:00
Joshua Tauberer e7fffc66c7 changelog tweaks, fixes #805 2016-05-06 08:51:53 -04:00
aspdye 8548ede638 Merge pull #806 - Update Roundcube to 1.1.5 2016-04-24 06:31:28 -04:00
Joshua Tauberer 6eeb107ee3 Merge #795 - Upgrade Bootstrap 3.3.5 to 3.3.6 2016-04-24 06:27:50 -04:00
Joshua Tauberer 31eefa18da Merge #793 - Hostname as Roundcube Name 2016-04-23 13:45:09 -04:00
Joshua Tauberer 20adbb51cb Merge #804 - Make clear that Let's Encrypt is reccomended! 2016-04-23 09:51:44 -04:00
aspdye 79a39d86f9 reseller -> provider 2016-04-23 15:18:21 +02:00
aspdye 0ebf33e9df Make clear that Let's Encrypt is reccomended! 2016-04-23 11:35:02 +02:00
Joshua Tauberer d3818d1db6 changelog entries 2016-04-13 18:42:53 -04:00