external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-09 01:07:04 +00:00
Code Issues Releases Wiki Activity
2,057 Commits 6 Branches 85 Tags 43 MiB
4227fa2b42
Commit Graph

834 Commits

Author SHA1 Message Date
downtownallday
f6b04b314f Add totpMruTokenTime to upgrade 2020-09-30 11:50:49 -04:00
downtownallday
100acb119b Add a totpMruTokenTime value to record the time when the mru token was used 
Use the totpMruTokenTime as the id to uniquely identify a totp entry
 2020-09-30 11:00:58 -04:00
downtownallday
5deb88ab60 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/daemon.py
#	management/mfa.py
#	setup/mail-users.sh
 2020-09-29 22:20:15 -04:00
Felix Spöttel
00b3a3b0a9 Remove unique key constraint on foreign key user_id in mfa table 2020-09-29 19:39:40 +02:00
downtownallday
e2dea39e5b Advance the x-ordered counter 2020-09-29 08:55:32 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
 2020-09-28 23:25:16 -04:00
Joshua Tauberer
b80f225691 Reorganize MFA front-end and add label column 2020-09-27 08:31:23 -04:00
Joshua Tauberer
a8ea456b49 Reorganize the MFA backend methods 2020-09-26 09:58:25 -04:00
downtownallday
a79c7fce91 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	README.md
 2020-09-26 08:03:12 -04:00
Joshua Tauberer
03bff5292b v0.50 
v0.50 (September 25, 2020)
--------------------------

Setup:

* When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.

Mail:

* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.

DNS:

* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.

TLS:

* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.

Control Panel:

* The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
* User passwords can now have spaces.
* Status checks for automatic subdomains have been moved into the section for the parent domain.
* Typo fixed.

Web:

* The default web page served on fresh installations now adds the `noindex` meta tag.
* The HSTS header is revised to also be sent on non-success responses.
 2020-09-25 07:43:30 -04:00
b-k
853008ddcc
Be more forgiving of people who missed the train on upgrading NextCloud (#1813) 
Co-authored-by: B <ben@klemens.org>
 2020-09-21 15:45:58 -04:00
downtownallday
cf888d3f30 Set miab-ldap migration version during first-time setup 2020-09-16 09:39:49 -04:00
downtownallday
7c29628530 Separate miab and miab-ldap migrations 
Add tests for migrating from miab w/totp (migration 13) to miab-ldap
 2020-09-16 09:00:27 -04:00
downtownallday
b3e789a4e2 Migrate TOTP secrets 2020-09-15 07:51:27 -04:00
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
 2020-09-10 15:23:27 -04:00
Felix Spöttel
7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table 
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
 2020-09-03 19:07:21 +02:00
Felix Spöttel
f205c48564 Use pyotp for validating TOTP codes 
* also implements resynchronisation support via `pyotp`'s `valid_window option
 2020-09-02 19:12:15 +02:00
Felix Spöttel
a7a66929aa add user interface for managing 2fa 
* update user schema with 2fa columns
 2020-09-02 16:48:23 +02:00
downtownallday
da7468a6b3 Fix unbound variable 2020-08-28 18:14:14 -04:00
downtownallday
f49590d52a Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	README.md
 2020-08-26 16:17:28 -04:00
Joshua Tauberer
0d72566c99 Merge v0.48 point release branch 2020-08-26 14:11:56 -04:00
Joshua Tauberer
62db58eaaf v0.48 2020-08-26 14:11:01 -04:00
Joshua Tauberer
891de8d6c3 Upgrade Roundcube to 1.4.8 
Merges #1809
 2020-08-26 14:10:04 -04:00
downtownallday
5eb008cae9 Skip system updates if SKIP_SYSTEM_UPDATE environment variable is set to "1" 2020-08-25 16:34:56 -04:00
downtownallday
22bfef6f59 Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias". 2020-08-25 12:00:55 -04:00
downtownallday
2b981db1d9 Remove nextcloud cron job when miab nextcloud is disabled 2020-08-21 11:52:24 -04:00
downtownallday
ac35bdc544 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-29 10:34:47 -04:00
Joshua Tauberer
65983b8ac7 Merge v0.47 point release branch 2020-07-29 10:27:06 -04:00
hija
56d0289ed9 v0.47 2020-07-29 10:24:56 -04:00
Marcus Bointon
f253c40012 [backport] Add rate limiting of SSH in the firewall (#1770) 
See #1767. Backport of cfc8fb484c.
 2020-07-29 10:24:23 -04:00
Hilko
2c34a6df2b Update roundcube to 1.4.7 2020-07-29 10:15:12 -04:00
downtownallday
a24cf104e4 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-27 07:04:06 -04:00
Marcus Bointon
cd518e6820
Raise Dovecot per user connection limit (#1799) 2020-07-27 06:37:52 -04:00
downtownallday
39956afdc0 Rearrange some code and add a command line parameter to test the ldap connection 2020-06-27 17:58:22 -04:00
downtownallday
257b2ee6f6 Integrate encryption-at-rest support 2020-06-22 12:03:13 -04:00
downtownallday
38d0bcff22 Add support for non-interactive install 
Centralize all scripts into 'ehdd'
 2020-06-22 10:03:21 -04:00
downtownallday
7137fb6556 Merge branch 'master' into EHDD 2020-06-21 17:21:17 -04:00
downtownallday
a5ab29c83f Add Vagrant support for running automated tests 2020-06-21 09:13:54 -04:00
downtownallday
2d7cb869c5 Continue to make old ownCloud contacts available in Roundcube 2020-06-19 12:02:15 -04:00
downtownallday
582b12b33a Revert: does not fix the error message "warning: cannot change locale" during 'export LC_ALL'. This appears to only be fixable by restarting bash after the locale-gen call. 2020-06-16 06:44:14 -04:00
downtownallday
41188ad42c This fixes the warning about setting LC_ALL on Ubuntu server 2020-06-14 18:02:27 -04:00
downtownallday
6a93af9670 Fix upgrade job failure 2020-06-14 16:48:21 -04:00
downtownallday
b0090edd52 Test upgrade to LDAP from upstream Mail-in-a-Box/sqlite 2020-06-14 13:51:00 -04:00
downtownallday
1f35e9ef91 Move directory setup/mods.d to local 2020-06-11 21:18:05 -04:00
downtownallday
27c1b93bcf Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	README.md
#	management/mailconfig.py
#	management/web_update.py
 2020-06-11 15:13:40 -04:00
Joshua Tauberer
224242dfde Merge v0.46 point release branch 2020-06-11 12:25:49 -04:00
Joshua Tauberer
049bfb6f7f v0.46 2020-06-11 12:23:18 -04:00
Joshua Tauberer
12d60d102b Update Roundcube to 1.4.6 
Fixes #1776
 2020-06-11 12:21:17 -04:00
Faye Duxovni
41642f2f59 [backport] Fix roundcube error log file path in setup script (#1775) 2020-06-11 12:16:53 -04:00
downtownallday
7237f553a4 Revert: still get host not found from postfix (type=A vs type=AAAA) for PRIMARY_HOSTNAME 2020-06-10 22:37:24 -04:00
downtownallday
ae5fbffa40 Attempt at dealing with disabled ipv6 on interfaces 2020-06-10 21:56:49 -04:00
downtownallday
219c3fa020 Need a default value or boom 2020-06-10 11:41:26 -04:00
downtownallday
7a12b52f8f Back out prior change, did not fix delivery problem: 
"status=bounced (Host or domain name not found. Name service error for name=box.abc.com type=AAAA: Host not found"
 2020-06-10 07:50:23 -04:00
downtownallday
8be3011c19 Set smtp_address_preference to any in main.cf 2020-06-10 07:21:26 -04:00
downtownallday
a098992d1e fix path to nsd.conf 2020-06-09 23:35:13 -04:00
downtownallday
4d99e6021b Move nsd fix for Travis-CI into setup/dns.sh 2020-06-09 23:20:02 -04:00
downtownallday
844ea08845 Additional remote Nextcloud support for port and prefix plus z-push 2020-06-09 20:44:22 -04:00
downtownallday
8082b06bd2 Ensure owncloud directory is accessible 2020-06-09 20:37:08 -04:00
downtownallday
8f2e4d1247 Set miab_ldap.conf variables only if they don't already exist so that the file may be pre-populated 2020-06-09 20:26:40 -04:00
downtownallday
d2f418a363 Use sha1 hash of maildrop instead of a generated UUID 2020-06-09 20:24:46 -04:00
Faye Duxovni
339c330b4f
Fix roundcube error log file path in setup script (#1775) 2020-06-07 09:50:04 -04:00
Marcus Bointon
cfc8fb484c
Add rate limiting of SSH in the firewall (#1770) 
See #1767.
 2020-06-07 09:47:51 -04:00
downtownallday
81950592a7 Initial remote Nextcloud integration support 2020-06-06 14:06:15 -04:00
downtownallday
2f8029e983 Merge branch 'master' into EHDD 2020-06-05 12:03:58 -04:00
downtownallday
2867fbe8e4 Change git url 2020-06-05 11:57:23 -04:00
downtownallday
1d789dbe53 Don't apply apparmor configuration when apparmor is disabled (eg. travis-ci) 2020-06-02 11:21:59 -04:00
downtownallday
8d847ae9a9 Avoid loop device naming conflicts with snaps by optaining an available name from the system instead of using a static device name ("/dev/loop0"). 2020-06-02 09:22:24 -04:00
downtownallday
64e603611a Additional fix required for #1761 2020-05-29 19:39:10 -04:00
downtownallday
b727c87fd8 Merge branch 'master' into EHDD 2020-05-29 19:33:52 -04:00
downtownallday
640048db04 Merge branch 'master' into ldap 2020-05-29 17:11:39 -04:00
Joshua Tauberer
10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
A. Schippers
afc9f9686a
Publish MTA-STS policy for incoming mail (#1731) 
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
 2020-05-29 15:30:07 -04:00
downtownallday
4cf82ae36e Merge branch 'master' into EHDD 2020-05-17 10:18:03 -04:00
downtownallday
9d89c40ad7 Merge branch 'master' into ldap 2020-05-17 10:17:25 -04:00
Joshua Tauberer
7de8fc9bc0 v0.45 2020-05-16 06:45:23 -04:00
downtownallday
f37664439b Merge branch 'master' into EHDD 2020-05-11 13:45:50 -04:00
downtownallday
a30b721014 Merge branch 'master' into ldap 2020-05-11 13:45:12 -04:00
clonejo
8fe33da85d Run nightly tasks on a random minute after 03:00 to avoid overload (#1754) 
- The MIAB version check regularly fails at 03:00, presumably because a
  large portion of installations is checking mailinabox.email at the same
  time.
- At installation time, the time of the nightly clock is configured to
  run at a random minute after 03:00, but before 04:00.
- Users might expect the nightly tasks to be over at a certain time and
  run their own custom tasks afterwards. This could thus interfere with
  custom backup routines.
- This breaks reproducibility of the installation process.
- Users might also be surprised by the nightly task time changing after
  updating MIAB.
 2020-05-10 19:54:45 -04:00
Joshua Tauberer
1353949e42 Upgrade Roundcube to 1.4.4, Nextcloud to 17.0.6, Z-Push to 2.5.2 2020-05-10 19:44:12 -04:00
downtownallday
b70eb65e45 Merge branch 'master' into EHDD 2020-04-11 18:12:58 -04:00
downtownallday
53ba80daaf Merge branch 'master' into ldap 2020-04-11 18:12:32 -04:00
Stefan
f52749b403
Better return codes after errors in the setup scripts (#1741) 2020-04-11 14:18:44 -04:00
downtownallday
827d918c2b Merge branch 'master' into EHDD 2020-03-15 09:51:47 -04:00
downtownallday
b8cf7bc193 Merge branch 'master' into ldap 2020-03-15 09:51:10 -04:00
Daniel Davis
e224fc6656
Delete unused function apt_add_repository_to_unattended_upgrades (#1721) 
The function apt_add_repository_to_unattended_upgrades is defined
but never called anywhere. It appears that automatic apt updates
are handled in system.sh where the file /etc/apt/apt.conf.d/02periodic
is created. The last call was removed in bbfa01f33a.

Co-authored-by: ddavis32 <dan@nthdegreesoftware.com>
 2020-03-08 09:49:39 -04:00
downtownallday
18e376ea2b Merge branch 'master' into EHDD 2020-02-16 03:27:06 -05:00
downtownallday
86d2e78d61 Merge branch 'master' into ldap 2020-02-16 03:26:00 -05:00
Joshua Tauberer
30c2c60f59 v0.44 2020-02-15 07:15:09 -05:00
downtownallday
cf4d1105c1 Merge branch 'master' into EHDD 2020-01-22 10:11:46 -05:00
downtownallday
37183c79c8 Merge branch 'master' into ldap 2020-01-22 09:56:16 -05:00
Joshua Tauberer
ddadb6c28a Roundcube 1.4.2 2020-01-22 03:25:53 -05:00
Michael Kroes
faee29ba8b Bump Nextcloud to 17.0.2 (#1702) 2020-01-22 03:06:17 -05:00
jvolkenant
e6294049bc Update Roundcube persistent_login plugin (#1712) 2020-01-22 02:58:04 -05:00
Joshua Tauberer
30885bcc8a Downgrade TLS settings for port 25, partially reverting f53b18ebb9 
Port 25 now is aligned with Mozilla's "Old" recommendations at https://ssl-config.mozilla.org/#server=postfix&server-version=3.3.0&config=old&openssl-version=1.1.1.

See #1705
 2020-01-20 14:52:23 -05:00
downtownallday
42d471ba7f Initial commit to support a luks formatted partition holding user-data. 
See #1340.

Run setup/start-encrypted.sh instead of setup/start.sh.

After reboots, login to your box and run tools/startup.sh.
 2020-01-20 12:26:50 -05:00
downtownallday
1f0d2ddb92 Issue #1340 - LDAP backend for accounts 
This commit will:

1. Change the user account database from sqlite to OpenLDAP
2. Add policyd-spf to postfix for SPF validation
3. Add a test runner with some automated test suites

Notes:

User account password hashes are preserved.

There is a new Roundcube contact list called "Directory" that lists the users in LDAP (MiaB users), similar to what Google Suite does.

Users can still change their password in Roundcube.

OpenLDAP is configured with TLS, but all remote access is blocked by firewall rules. Manual changes are required to open it for remote access (eg. "ufw allow proto tcp from <HOST> to any port ldaps").

The test runner is started by executing tests/runner.sh. Be aware that it will make changes to your system, including adding new users, domains, mailboxes, start/stop services, etc. It is highly unadvised to run it on a production system!

The LDAP schema that supports mail delivery with postfix and dovecot is located in conf/postfix.schema. This file is copied verbatim from the LdapAdmin project (GPL, ldapadmin.org). Instead of including the file in git, it could be referenced by URL and downloaded by the setup script if GPL is an issue or apply for a PEN from IANA.

Mangement console and other services should not appear or behave any differently than before.
 2020-01-17 17:03:21 -05:00
Joshua Tauberer
385340da46 install openssh-client which provides ssh-keygen and is not present on desktop Ubuntu by default 2019-12-12 11:27:39 -05:00
jvolkenant
0271e549bb Fix typo in InstallNextcloud calls (#1693) 2019-12-10 19:01:09 -05:00
Joshua Tauberer
f53b18ebb9 Upgrade TLS settings 2019-12-01 17:49:36 -05:00