1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-24 17:50:54 +00:00
Commit Graph

909 Commits

Author SHA1 Message Date
Teal Dulcet
27cf11d8ec Fixed SC2005: Useless echo. 2024-04-03 09:22:50 -04:00
Teal Dulcet
44d9f6eebd Fixed SC2236: Use -n instead of ! -z. 2024-04-03 09:22:50 -04:00
Teal Dulcet
4b7d4ba0a6 Fixed SC2166: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. 2024-04-03 09:22:50 -04:00
Teal Dulcet
67bcaea71e Fixed SC2091: Remove surrounding $() to avoid executing output. 2024-04-03 09:22:50 -04:00
Teal Dulcet
bdf4155bed Fixed SC2046: Quote to prevent word splitting. 2024-04-03 09:21:34 -04:00
Teal Dulcet
f1888f2043 Fixed SC2148: Add a shebang. 2024-04-03 09:21:34 -04:00
Teal Dulcet
33559bb844 Fixed SC2164: Use 'cd ... || exit' in case cd fails. 2024-04-03 09:21:34 -04:00
Teal Dulcet
30c4681e80 Fixed SC2086: Double quote to prevent globbing and word splitting. 2024-04-03 09:20:20 -04:00
Joshua Tauberer
830c83daa1 v68 2024-04-01 10:55:52 -04:00
Joshua Tauberer
fa72e015ee Update SMTP Smuggling protection to the 'long-term fix'
* Revert "Guard against SMTP smuggling", commit faf23f150c, by restoring the setting to its default.
* Revert "[security] SMTP smuggling: update short term fix (#2346)", commmit e931e103fe, by restoring the setting to its default.
* Set smtpd_forbid_bare_newline=normalize.
2024-03-23 13:15:32 -04:00
jvolkenant
163b1a297e
Silence "wal" output on setup using hide_output (#2368) 2024-03-23 08:49:24 -04:00
Joshua Tauberer
18b8f9ab4b Revert "Allow customizations to Roundcube settings to persist between updates by including a configuration override file, if it exists (#2333)"
This reverts commit 1b8cdeb644.

It didn't execute. I should have tried it first.
2024-03-10 08:25:34 -04:00
KiekerJan
0b1d92388a
Take spamhaus return codes into account in status check and postfix config (#2332) 2024-03-10 08:09:36 -04:00
Crag-Monkey
1b8cdeb644
Allow customizations to Roundcube settings to persist between updates by including a configuration override file, if it exists (#2333) 2024-03-10 08:02:16 -04:00
Bastian Bittorf
1053340124
setup/preflight.sh: fix some minor shellcheck complaints (#2342)
This file passes shellcheck now without errors.
This paritally fixes #1457 - the former errors where:

$ shellcheck setup/preflight.sh

In setup/preflight.sh line 1:
^-- SC2148 (error): Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

In setup/preflight.sh line 29:
if [ $TOTAL_PHYSICAL_MEM -lt 490000 ]; then
     ^-----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean:
if [ "$TOTAL_PHYSICAL_MEM" -lt 490000 ]; then

In setup/preflight.sh line 31:
	TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000)
                             ^--^ SC2003 (style): expr is antiquated. Consider rewriting this using $((..)), ${} or [[ ]].
                                        ^-----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean:
	TOTAL_PHYSICAL_MEM=$(expr \( \( "$TOTAL_PHYSICAL_MEM" \* 1024 \) / 1000 \) / 1000)

In setup/preflight.sh line 38:
if [ $TOTAL_PHYSICAL_MEM -lt 750000 ]; then
     ^-----------------^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean:
if [ "$TOTAL_PHYSICAL_MEM" -lt 750000 ]; then

For more information:
  https://www.shellcheck.net/wiki/SC2148 -- Tips depend on target shell and y...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
  https://www.shellcheck.net/wiki/SC2003 -- expr is antiquated. Consider rewr...
2024-03-10 08:01:13 -04:00
Teal Dulcet
775a4223de Fixed F821 (undefined-name): Undefined name e 2024-03-10 07:56:49 -04:00
Teal Dulcet
f0377dd59e Fixed SIM105 (suppressible-exception) 2024-03-10 07:56:49 -04:00
Teal Dulcet
0e9193651d Fixed PLW1514 (unspecified-encoding): open in text mode without explicit encoding argument 2024-03-10 07:56:49 -04:00
Teal Dulcet
c719fce40a Fixed UP032 (f-string): Use f-string instead of format call 2024-03-10 07:56:49 -04:00
Teal Dulcet
ec32e1d578 Fixed E703 (useless-semicolon): Statement ends with an unnecessary semicolon 2024-03-10 07:56:49 -04:00
Teal Dulcet
14a5613dc8 Fixed UP031 (printf-string-formatting): Use format specifiers instead of percent format 2024-03-10 07:54:51 -04:00
KiekerJan
293d56c781
Update javascript libraries used by control panel (#2351) 2024-03-10 07:26:33 -04:00
KiekerJan
040d0cbb7c
Update roundcube to 1.6.6 (#2360) 2024-03-10 07:24:29 -04:00
Michael Heuberger
111468efb9
Bump Nextcloud to v26.0.12 (#2310)
Also
- bumps calendar and contacts apps
- reformats some comments (line-breaking)
- adds extra comments for the next developer
2024-03-10 07:22:51 -04:00
John James Jacoby
4ad679da47
Issue-2354: Silence "wal" output on setup (#2356)
Silence "wal" output from RoundCube Sqlite customization, inside of webmail.sh.

Co-authored-by: solomon-s-b

Fixes #2354.
2024-03-10 07:16:03 -04:00
KiekerJan
e931e103fe
[security] SMTP smuggling: update short term fix (#2346)
Update short term fix according to postfix advisory at https://www.postfix.org/smtp-smuggling.html.
2024-01-10 09:34:06 -05:00
Joshua Tauberer
7646095b94 v67 2023-12-22 08:56:43 -05:00
Joshua Tauberer
faf23f150c Guard against SMTP smuggling
This short-term workaround is recommended at https://www.postfix.org/smtp-smuggling.html:

    smtpd_data_restrictions=reject_unauth_pipelining
2023-12-22 08:54:15 -05:00
Joshua Tauberer
8e4e9add78 Version 66 2023-12-17 16:31:18 -05:00
KiekerJan
fa8c7ddef5
Upgrade roundcube to 1.6.5 (#2329) 2023-12-04 09:23:36 -05:00
bilogic
6d6ce25e03
Allow specifying another repo to install from in bootstrap.sh (#2334) 2023-12-04 09:22:54 -05:00
Joshua Tauberer
371f5bc1b2 Fix virtualenv creation reported in #2335 2023-11-28 07:25:50 -05:00
Joshua Tauberer
0314554207 Version 65 2023-10-27 06:02:22 -04:00
matidau
46d55f7866
Update zpush.sh to version 2.7.1 (#2315)
Updating to latest release, bugfixes no new features.
2023-10-26 09:04:13 -04:00
KiekerJan
2bbc317873
Update Roundcube to 1.6.4 (#2317) 2023-10-26 09:03:29 -04:00
Joshua Tauberer
e419b62034 Version 64 2023-09-02 19:46:24 -04:00
Aaron Ten Clay
62efe985f1
Disable OpenDMARC sending reports (#2299)
OpenDMARC report messages, while potentially useful for peer operators of mail servers, are abusable and should not be enabled by default. This change prioritizes the safety of the Box's reputation.
2023-09-02 07:10:04 -04:00
Alex
df44056bae
Fix checksums in nextcloud.sh (#2293) 2023-09-02 07:07:12 -04:00
Michael Heuberger
81866de229
Amend --always option to all git describe commands (#2275) 2023-09-02 06:59:39 -04:00
matidau
674ce92e92
Fix z-push-admin broken in v60 (#2263)
Update zpush.sh to create two sbin bash scripts for z-push-admin and z-push-top using PHP_VER.
2023-09-02 06:55:15 -04:00
Joshua Tauberer
cd45d08409 Version 63 2023-07-29 12:11:29 -04:00
Michael Heuberger
98628622c7
Bump Nextcloud to v25.0.7 (#2268)
Also
- bumps calendar and contacts apps
- adds extra migration steps between these versions
- adds cron job for Calendar updates
- rotates nextloud log file after upgrading
- adds primary key indices migrations
- adjusts configs slightly
- adds more well-known entries in nginx to improve service discovery
- reformats some comments (line-breaking)
2023-06-16 11:49:55 -04:00
Joshua Tauberer
8b19d15735 Version 62 2023-05-20 08:57:32 -04:00
matidau
93380b243f
Update zpush.sh to version 2.7.0 (#2236) 2023-05-13 10:27:42 -04:00
Joshua Tauberer
fb0a3b0489
Restore Roundcube's password reset tool by removing PRAGMA journal_mode = WAL from Roundcube source (#2199) 2023-05-13 10:26:41 -04:00
Joshua Tauberer
3bc9d07aeb Roundcube 1.6.1 2023-05-13 07:00:54 -04:00
Michael Heuberger
95530affbf
Bump Nextcloud to v23.0.12 and its apps (#2244) 2023-05-13 06:37:24 -04:00
KiekerJan
8aa98b25b5 Update configuration of Roundcube password plugin for Roundcube 1.6 2023-05-13 06:22:28 -04:00
KiekerJan
3c15081673 Remove journal PRAGMA from Roundcube source which broke the database for postfix
See #2185.
2023-05-13 06:20:13 -04:00
Joshua Tauberer
01d8e9f3b4 Revert "Disable Roundcube password plugin since it was corrupting the user database (#2198)"
This reverts commit 1587248762.

See subsequent commits.
2023-05-13 06:20:13 -04:00
Joshua Tauberer
6f94412204 v61.1 2023-01-28 11:25:21 -05:00
Hugh Secker-Walker
31bbef3401
chore(setup): Make sed fingerprint patterns in start.sh be case insensitive (#2201) 2023-01-28 11:12:40 -05:00
Joshua Tauberer
5e3e4a2161 v61 2023-01-21 08:20:48 -05:00
Hugh Secker-Walker
57047d96e9
chore(setup): Update obsolete chown group syntax (#2202)
Co-authored-by: Hugh Secker-Walker <hsw+miac@hodain.net>
2023-01-15 08:25:36 -05:00
KiekerJan
1587248762
Disable Roundcube password plugin since it was corrupting the user database (#2198) 2023-01-15 08:22:43 -05:00
KiekerJan
c29593b5ef
explicitly enable fail2ban which didn't start (#2190) 2023-01-15 08:10:04 -05:00
Joshua Tauberer
3314c4f7de v60.1 2022-10-30 08:18:13 -04:00
Joshua Tauberer
1f60236985 Upgrade Nextcloud to 23.0.4 (contacts to 4.2.0, calendar to 3.5.0)
This fixes the monthly view calendar items being in random order.
2022-10-30 08:16:54 -04:00
Joshua Tauberer
286a4bd9e7 Remove stray quote in bootstrap.sh
Reported at https://discourse.mailinabox.email/t/version-60-for-ubuntu-22-04-is-released/9558/4.
2022-10-12 06:11:02 -04:00
Joshua Tauberer
89cd9fb611 Increase gunicorn's worker timeout since some /admin commands take a long time 2022-10-08 08:23:48 -04:00
Joshua Tauberer
22a6270657 Remove old setup step to uninstall acme library 2022-10-08 08:23:48 -04:00
Joshua Tauberer
9b111e2493 Update to Nextcloud 23.0.8 (contacts 4.2.0, calendar 3.5.0) 2022-10-08 07:23:21 -04:00
jvolkenant
b8feb77ef4
Move postgrey database under $STORAGE_ROOT (#2077) 2022-09-24 13:17:55 -04:00
Joshua Tauberer
3c44604316 Install 'file' package
The command is used in mailinabox-postgrey-whitelist. Reported missing (on systems that don't install it by default) in #2083.
2022-09-24 10:10:50 -04:00
kiekerjan
d584a41e60
Update Roundcube to 1.6.0 (#2153) 2022-09-17 09:20:20 -04:00
downtownallday
56074ae035 Tighten roundcube session config (#2138)
Merges #2138.
2022-09-17 09:09:00 -04:00
Steve Hay
84da4e6000 Update dovecot to use same DH parameters file as the other services
Originally from #2157.
2022-09-17 09:07:54 -04:00
Steve Hay
3fd2e3efa9
Replace Flask built-in WSGI server with gunicorn (#2158) 2022-09-17 08:03:16 -04:00
Joshua Tauberer
91fc74b408 Setup fixes for Ubuntu 22.04
Nextcloud:
* The Nextcloud user_external 1.0.0 package for Nextcloud 21.0.7 isn't available from Nextcloud's releases page, but it's not needed in an intermediate upgrade step (hopefully), so we can skip it.
* Nextcloud updgrade steps should not be elifs because multiple intermediate upgrades may be needed.
* Continue if the user_external backend migration fails. Maybe it's not necessary. It gives a scary error message though.
* Remove a line that removes an old file that hasn't been in use since 2019 and the expectation is that Ubuntu 22.04 installations are on fresh machines.

Backups:
* For duplicity, we now need boto3 for AWS.
2022-09-03 07:50:36 -04:00
David Duque
e0c0b5053c Upgrade Nextcloud External User Backend to v3.0.0
Co-Authored-By: Joshua Tauberer <jt@occams.info>
2022-07-28 14:42:51 -04:00
Joshua Tauberer
268b31685d Ensure STORAGE_ROOT has a+rx permission since processes run by different system users need to access files within it 2022-07-28 14:42:51 -04:00
Joshua Tauberer
ab71abbc7c Update to latest cryptography Python package, add missing source at top of management.sh so it can run standalone (needs STORAGE_ROOT) 2022-07-28 14:42:51 -04:00
Joshua Tauberer
87e6df9e28 Fix roundcube dependency missing imap and unneeded ldap 2022-07-28 14:42:51 -04:00
Felix Matouschek
558f2db31f system.sh: Remove no longer needed haveged (#2090)
Starting from kernels 5.6 haveged is obsolete. Therefore remove it in
Ubuntu 22.04.

See https://github.com/jirka-h/haveged/issues/57
2022-07-28 14:42:51 -04:00
Joshua Tauberer
0a7b9d5089 Update dovecot, spampd settings for Ubuntu 22.04
* dovecot's ssl_protocols became ssl_min_protocol in 2.3
* spampd fixed a bug so we can remove lmtp_destination_recipient_limit=1 in postfix
2022-07-28 14:34:45 -04:00
Joshua Tauberer
1eddf9a220 Upgrade to Nextcloud 23.0.4
The first version supporting PHP 8.0 is Nextcloud 21. Therefore we can add migrations only to Nextcloud 21 forward, and so we only support migrating from Nextcloud 20 (Mail-in-a-Box versions v0.51+). Migration steps through Nextcloud 21 and 22 are added.

Also:

* Fix PHP APUc settings to be before Nextcloud tools are run.
2022-07-28 14:34:45 -04:00
Joshua Tauberer
78d71498fa Upgrade from PHP 7.2 to 8.0 for Ubuntu 22.04
* Add the PHP PPA.
* Specify the version when invoking the php CLI.
* Specify the version in package names.
* Update paths to 8.0 (using a variable in the setup scripts).
* Update z-push's php-xsl dependency to php8.0-xml.
* php-json is now built-into PHP.

Although PHP 8.1 is the stock version in Ubuntu 22.04, it's not supported by Nextcloud yet, and it likely will never be supported by the the version of Nextcloud that succeeds the last version of Nextcloud that supports PHP 7.2, and we have to install the next version so that an upgrade is permitted, so skipping to PHP 8.1 may not be easily possible.
2022-07-28 14:02:46 -04:00
Joshua Tauberer
b41a0ad80e Drop some hacks that we needed for Ubuntu 18.04
* certbot's PPA is no longer needed because a recent version is now included in the Ubuntu respository.
* Un-pin b2sdk (reverts 69d8fdef99 and d829d74048).
* Revert boto+s3 workaround for duplicity (partial revert of 99474b348f).
* Revert old "fix boto 2 conflict on Google Compute Engine instances" (cf33be4596) which is probably no longer needed.
2022-07-28 14:02:46 -04:00
Daniel Mabbett
8cb360fe36 Configure nsd listening interfaces before installing nsd so that it does not interfere with bind9 2022-07-28 14:02:46 -04:00
Joshua Tauberer
f534a530d4 Update and drop some package and file names for Ubuntu 22.04
* Fix path to bind9 startup options file in Ubuntu 22.04.
* tinymce has not been a Roundcube requirement recently and is no longer a package in Ubuntu 22.04
* Upgrade Vagrant box to Ubuntu 22.04
2022-07-28 14:02:46 -04:00
Joshua Tauberer
2abcafd670 Update Ubuntu version checks from 18.04 to 22.04 2022-07-28 14:02:44 -04:00
Joshua Tauberer
3c3d62ac27 Version 57a 2022-06-19 08:58:09 -04:00
Joshua Tauberer
d829d74048 Pin b2sdk to version 1.14.1 in the virtualenv also
We install b2sdk in two places: Once globally for duplicity (see
9d8fdef9915127f016eb6424322a149cdff25d7 for #2125) and once in
a virtualenv used by our control panel. The latter wasn't pinned
when the former was but should be to fix new Python compatibility
issues.

Anyone who updated Python packages recently (so anyone who upgraded
Mail-in-a-Box) started encountering these issues.

Fixes #2131.

See https://discourse.mailinabox.email/t/backblaze-b2-backup-not-working-since-v57/9231.
2022-06-18 13:15:59 -04:00
Joshua Tauberer
2aca421415 Version 57 2022-06-12 08:18:42 -04:00
jbandholz
9004bb6e8e
Add IPV6 addresses to fail2ban ignoreip (#2069)
Update jails.conf to include IPV6 localhost and external ip to ignoreip line.  Update system.sh to include IPV6 address in replacement.  See mail-in-a-box#2066 for details.
2022-06-05 09:40:54 -04:00
m-picc
69d8fdef99
Specify b2sdk version 1.14.1 (#2125)
pin b2sdk version to 1.14.1 to resolve exception that occurs when attempting to use backblaze backups. See https://github.com/mail-in-a-box/mailinabox/issues/2124 for details.
2022-06-05 09:24:32 -04:00
Austin Ewens
eeee712cf3
Switched to using tags over releases for NextCloud contacts/calendar (#2105)
See [mailinabox issue #2088](https://github.com/mail-in-a-box/mailinabox/issues/2088). This also updates the commit hashes to for anyone updating from NextCloud version 17 (as shown in the related issue) since a different hash is used for tags vs releases.

This was tested and verified to work on a setup previously running v0.44 and then updating to the latest version (v56).
2022-05-04 17:09:53 -04:00
Joshua Tauberer
3a7de051ee Version 56 (January 19, 2022) 2022-01-19 16:59:34 -05:00
Joshua Tauberer
d1d6318862 Set systemd journald log retention to 10 days (from no limit) to reduce disk usage 2022-01-08 09:11:48 -05:00
Joshua Tauberer
34b7a02f4f Update Roundcube to 1.5.2 2022-01-08 09:00:12 -05:00
Joshua Tauberer
a312acc3bc Update to Nextcloud 20.0.8 and update apps 2022-01-08 09:00:12 -05:00
jvolkenant
c92fd02262
Don't die if column already exists on Nextcloud 18 upgrade (#2078) 2021-12-25 10:17:34 -05:00
Ilnahro
50a5cb90bc
Include rsync to the installed basic packages (#2067)
Some VPS providers strip this package from their Ubuntu 18.04 VM images. This will help avoid errors.
2021-11-30 19:50:01 -05:00
jvolkenant
58b0323b36
Update persistent_login for Roundcube 1.5 (#2055) 2021-11-04 18:59:10 -04:00
Joshua Tauberer
65861c68b7 Version 55 2021-10-18 20:40:51 -04:00
Joshua Tauberer
71a7a3e201 Upgrade to Roundcube 1.5 2021-10-18 20:40:51 -04:00
Joshua Tauberer
113b7bd827 Disable SMTPUTF8 in Postfix because Dovecot LMTP doesn't support it and bounces messages that require SMTPUTF8
By not advertising SMTPUTF8 support at the start, senders may opt to transmit recipient internationalized domain names in IDNA form instead, which will be deliverable.

Incoming mail with internationalized domains was probably working prior to our move to Ubuntu 18.04 when postfix's SMTPUTF8 support became enabled by default.

The previous commit is retained because Mail-in-a-Box users might prefer to keep SMTPUTF8 on for outbound mail, if they are not using internationalized domains for email, in which case the previous commit fixes the 'relay access denied' error even if the emails aren't deliverable.
2021-09-24 08:11:36 -04:00
Joshua Tauberer
3e19f85fad Add domain maps from Unicode forms of internationalized domains to their ASCII forms
When an email is received by Postfix using SMTPUTF8 and the recipient domain is a Unicode internationalized domain, it was failing to be delivered (bouncing with 'relay access denied') because our users and aliases tables only store ASCII (IDNA) forms of internationalized domains. In this commit, domain maps are added to the auto_aliases table from the Unicode form of each mail domain to its IDNA form, if those forms are different. The Postfix domains query is updated to look at the auto_aliases table now as well, since it is the only table with Unicode forms of the mail domains.

However, mail delivery is still not working since the Dovecot LMTP server does not support SMTPUTF8, and mail still bounces but with an error that SMTPUTF8 is not supported.
2021-09-24 08:11:36 -04:00
Joshua Tauberer
11e84d0d40 Move automatically generated aliases to a separate database table
They really should never have been conflated with the user-provided aliases.

Update the postfix alias map to query the automatically generated aliases with lowest priority.
2021-09-24 08:11:36 -04:00
drpixie
df46e1311b
Include NSD config files from /etc/nsd/nsd.conf.d/*.conf (#2035)
And write MIAB dns zone config into /etc/nsd/nsd.conf.d/zones.conf. Delete lingering old zones.conf file.

Co-authored-by: Joshua Tauberer <jt@occams.info>
2021-09-24 08:07:40 -04:00