Joshua Tauberer
449a538e6b
if a CNAME is set for a domain, don't create a website for that domain (just like A/AAAA records)
2015-02-17 00:48:26 +00:00
Joshua Tauberer
3c50c9a18b
when serving a 'www.' domain, check if the parent domain's ssl certificate can be used besides checking PRIMARY_HOSTNAME
...
Removing buy_certificate.py which is not working and I don't want to update its call signatures.
2015-02-17 00:42:25 +00:00
Joshua Tauberer
3c10ec70a5
update comment
2015-02-17 00:08:04 +00:00
Joshua Tauberer
fba4d4702e
install opendmarc to add Authentication-Results headers for DMARC too
2015-02-16 23:17:44 +00:00
Joshua Tauberer
143bbf37f4
all mail domains, not just (top-level) zones, must have an entry in the opendkim key tables so that such outgoing mail gets signed
...
If you had both x.y.com and y.com configured here, x.y.com mail would not get DKIM-signed.
2015-02-16 18:13:51 -05:00
Joshua Tauberer
fd3ad267ba
if a domain has a catch-all or domain alias then we no longer force the creation of postmaster@ and so we should not be checking for its existence in the status checks
...
see 85a40da83c
2015-02-15 19:07:10 -05:00
Joshua Tauberer
330583f71d
status checks: if a service isn't available publicly, check if it is available on the loopback interface to distinguish not running from not accessible
2015-02-13 09:30:25 -05:00
Joshua Tauberer
e096144713
Outlook 2007 or later on Windows 7 and later
...
fixes #308
2015-02-13 13:29:01 +00:00
Joshua Tauberer
150611123a
typo/text tweak
2015-02-05 09:17:48 -05:00
Joshua Tauberer
abfc17ee62
web admin: simplify the instructions for creating a separate web directory for particular sites by moving it into a modal
2015-02-05 09:12:55 -05:00
Joshua Tauberer
97be9c94b9
if the user has set a http proxy or redirect on the root path of a domain, using custom.yaml, skip the domain from the static hosting panel because it wont be serving any static files
2015-02-05 08:55:57 -05:00
Joshua Tauberer
21b00e8fbb
if a custom A record is set, dont put in a default AAAA record pointing to the box because it will probably be wrong --- the user should either set an AAAA record or let the domain not resolve on IPv6
2015-02-03 21:51:19 -05:00
Ian Beringer
20d20df829
allow for non-standard ssh port in status check
...
closes #313
2015-02-01 23:06:56 +00:00
Joshua Tauberer
7e05d7478f
run status checks asynchronously so that they finish faster, since many checks are waiting on network replies and ought not to block the whole thing
2015-01-31 20:42:43 +00:00
Joshua Tauberer
8fd98d7db3
status checks: s/env['out']/output/
2015-01-31 20:42:43 +00:00
Joshua Tauberer
1039a08be6
/admin login now issues a user-specific key for future calls (rather than providing the system-wide API key or passing the password on each request)
2015-01-31 20:42:43 +00:00
Joshua Tauberer
023b38df50
split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism
...
This was done to pave the way for two-factor authentication, but that's still a ways off.
2015-01-31 20:41:41 +00:00
Joshua Tauberer
3187053b3a
dont save the CSR generated to make self-signed certificates for non-primary domains (it has no value and might be confusing)
2015-01-31 13:27:06 +00:00
David Piggott
63f2abd923
Fix typos in backup status template
2015-01-29 09:25:12 +00:00
Kurt Huwig
d3059c810f
Fix typo in mail-guide.html
...
Sercurity -> Security
2015-01-21 08:23:26 +01:00
Joshua Tauberer
85a40da83c
catch-all aiases and domain aliases should not require postmaster@ and admin@ aliases because they'll forward anyway
2015-01-19 23:32:36 +00:00
Joshua Tauberer
1bf8f1991f
internationalized domain names (DNS, web, CSRs, normalize to Unicode in database, prohibit non-ASCII characters in user account names)
...
* For non-ASCII domain names, we will keep the Unicode encoding in our users/aliases table. This is nice for the user and also simplifies things like sorting domain names (using Unicode lexicographic order is good, using ASCII lexicogrpahic order on IDNA is confusing).
* Write nsd config, nsd zone files, nginx config, and SSL CSRs with domains in IDNA-encoded ASCII.
* When checking SSL certificates, treat the CN and SANs as IDNA.
* Since Chrome has an interesting feature of converting Unicode to IDNA in <input type="email"> form fields, we'll also forcibly convert IDNA to Unicode in the domain part of email addresses before saving email addresses in the users/aliases tables so that the table is normalized to Unicode.
* Don't allow non-ASCII characters in user account email addresses. Dovecot gets confused when querying the Sqlite database (which we observed even for non-word ASCII characters too, so it may not be related to the character encoding).
2015-01-19 23:31:55 +00:00
Joshua Tauberer
d155aa8745
if all system services are running, say so in the status checks rather than being totally silent
2015-01-19 22:04:25 +00:00
Joshua Tauberer
24cc108147
if a custom CNAME record is set, don't add a default A/AAAA record, e.g. for 'www'
...
see https://discourse.mailinabox.email/t/multiple-domains-in-mail-in-a-box-with-the-domains-being-hosted-elsewhere/56/18
2015-01-19 22:04:21 +00:00
Joshua Tauberer
09713e8eab
status checks: check that system services are running
...
If bind9 isn't running, dont proceed with other checks because we can't do DNS checks. Even though we skip, add error handling so that a failed call to rndc doesn't crash and that a timeout in a DNS check doesn't crash the status checks.
2015-01-11 14:13:35 +00:00
Francisco de Juan
6499c82d7f
explain how to add SRV records to DNS zonefile using the API
2015-01-04 10:23:34 +01:00
Joshua Tauberer
fddab5d432
allow the dns api to set srv records
...
see https://discourse.mailinabox.email/t/create-srv-record-at-the-dns-server/225
2015-01-02 23:39:09 +00:00
Joshua Tauberer
f141af4b61
status checks: dont die if openssh-server isn't installed
...
see https://discourse.mailinabox.email/t/local-dns-is-not-working-was-unable-to-check-system-status/165/39
2015-01-02 22:59:29 +00:00
Joshua Tauberer
3d8ea0e6ed
mail log scanner: dont assume lines are utf8
2015-01-02 22:49:25 +00:00
Joshua Tauberer
399f9d9bdf
in status checks, clear bind9 cache using rndc rather than restarting bind9
2014-12-26 13:22:14 +00:00
Joshua Tauberer
2b76fd299e
admin: ensure multiple concurrent api calls dont confuse the ajax loading indicator (track number of open requets, stop fade animation when it is time to hide)
2014-12-21 22:47:11 +00:00
Joshua Tauberer
90592bb157
add a control panel for setting custom dns records so that we dont have to use the api manually
2014-12-21 11:31:24 -05:00
Marc Schiller
c3a7e3413b
Fixed a small status check bug, where secondary dns server check fails misleadingly.
2014-12-09 12:40:32 +01:00
Joshua Tauberer
d390bfb215
indicate in the admin when a multi-domain or wildcard certificate is in use
2014-12-05 14:43:52 -05:00
Joshua Tauberer
ceba53f1c4
explain how to install a multi-domain or wildcard ssl cert; if one is installed, the Replace Cert button in the admin for non-primary domains should not replace the cert on the primary domain
2014-12-05 14:25:14 -05:00
Joshua Tauberer
be59bcd47d
for .fund domains use RSASHA256 DNSSEC keys
2014-12-05 12:03:21 -05:00
Joshua Tauberer
cfe0fa912a
add a 'redirects' feature in web/custom.yaml
2014-12-05 12:03:21 -05:00
Joshua Tauberer
82cf5b72e4
simplify some output in the work-in-progress mail log scanner
2014-11-30 14:41:30 +00:00
Joshua Tauberer
a7710e9058
dns.resolver.query treats hostnames as relative names if they don't end in a period
...
Relative hostnames have a fall-back lookup with the machine's hostname appended, which makes no sense. Add a period, e.g. "my.hostname.com" => "my.hostname.com.", to prevent that.
This caused false positive Spamhaus checks. Fixes #185 .
2014-11-21 15:16:59 +00:00
Joshua Tauberer
057c1dd913
recommend IMAP/SMTP for everyone
2014-11-18 16:47:42 +00:00
Joshua Tauberer
06f2477cfd
the new iOS configuration profile also is used on OS X 10.10.1, see #261
2014-11-18 16:32:37 +00:00
Joshua Tauberer
cdaa2c847d
[merge] iOS Mobile Configuration Profile
2014-11-14 13:56:18 +00:00
Joshua Tauberer
7e7abf3b53
support "domain aliases" (@domain => @domain aliases)
...
This seemed to already be technically supported but the validation is now stricter and the admin is more helpful:
* Postfix seems to allow @domain.tld as an alias destination address but only if it is the only destination address (see the virtual man page).
* Allow @domain.tld if it is the whole destination address string.
* Otherwise, do not allow email addresses without local parts in the destination.
* In the admin, add a third tab for making it clear how to add a domain alias.
closes #265
2014-11-14 13:35:58 +00:00
Norman
c872e6a9f0
iOS Configuration Profile
...
change name
removed .vagrant
fix guide layout
2014-11-05 18:42:04 +01:00
Joshua Tauberer
ec73c171c7
when installing a ssl cert for the primary hostname, dns, postfix, and dovecot all need to be updated/kicked
...
see https://discourse.mailinabox.email/t/there-is-a-problem-with-the-ssl-certificate/144/4
2014-10-28 11:38:04 +00:00
Joshua Tauberer
f9acf0adec
better errors for ssl certificates
2014-10-24 21:30:33 +00:00
Joshua Tauberer
8b65c11cdf
the namecheap link was bad
2014-10-23 17:17:26 +00:00
Joshua Tauberer
34fca29dd3
fix the animated scroll target on the ssl panel to scroll so that the header is actually visible and not covered by the nav bar
2014-10-23 17:10:21 +00:00
Joshua Tauberer
b75fbf22ca
clear the local dns cache each time the status checks are run by restarting bind9
2014-10-23 17:06:33 +00:00
Joshua Tauberer
d790cae0e2
DNSSEC: use RSASHA256 for the .guide tld too
2014-10-23 17:03:23 +00:00