baltoche 
							
						 
					 
					
						
						
						
						
							
						
						
							36e5772a8e 
							
						 
					 
					
						
						
							
							Update dns_update.py  
						
						
						
					 
					
						2016-01-05 16:56:16 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5033042b8c 
							
						 
					 
					
						
						
							
							backups: email the administrator when there's a problem  
						
						... 
						
						
						
						Refactor by moving the email-the-admin code out of the status checks and into a new separate tool.
This is why I suppressed non-error output of the backups last commit - so it doesn't send a daily email. 
						
					 
					
						2016-01-04 18:43:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89a46089ee 
							
						 
					 
					
						
						
							
							backups: suppress all output except errors  
						
						
						
					 
					
						2016-01-04 18:43:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e288d7730b 
							
						 
					 
					
						
						
							
							backups: trap an error that occurs as early as getting the current backup status  
						
						
						
					 
					
						2016-01-04 18:43:02 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							06a0e7f3fe 
							
						 
					 
					
						
						
							
							merge  #584  - Add checks to the management interface to report memory usage  
						
						
						
					 
					
						2016-01-01 18:13:21 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a9cd72bbf9 
							
						 
					 
					
						
						
							
							tighten the status text strings for free memory, add changelog entry  
						
						
						
					 
					
						2016-01-01 18:12:36 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							682b1dea5e 
							
						 
					 
					
						
						
							
							changelog/status checks updated for opening the sieve port  
						
						
						
					 
					
						2016-01-01 17:53:05 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8d19eade85 
							
						 
					 
					
						
						
							
							clarify the backup days option,  fixes   #570  
						
						
						
					 
					
						2015-12-26 12:04:26 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d53332b7cf 
							
						 
					 
					
						
						
							
							drop the CSR_COUNTRY setting and ask within the control panel  
						
						
						
					 
					
						2015-12-26 11:48:23 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							392d33b902 
							
						 
					 
					
						
						
							
							change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key  
						
						... 
						
						
						
						Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268  
						
					 
					
						2015-12-26 11:01:46 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4305a71916 
							
						 
					 
					
						
						
							
							merge  #587  - move backup and nightly status checks to 3am in system time  
						
						... 
						
						
						
						previously these were run in a cron.daily script which per crontab is run at 6:25 am local time 
						
					 
					
						2015-12-26 08:42:58 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a4d8e12fd7 
							
						 
					 
					
						
						
							
							clean up the backup time patch: dont choose timezone here, move status checks into the same 3am script  
						
						
						
					 
					
						2015-12-26 08:41:37 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							dbf4729109 
							
						 
					 
					
						
						
							
							add management/backup.py --restore  
						
						
						
					 
					
						2015-12-23 12:53:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6e6c993724 
							
						 
					 
					
						
						
							
							reword POP documentation, add to changelog/readme  
						
						
						
					 
					
						2015-12-12 08:46:18 -05:00 
						 
				 
			
				
					
						
							
							
								Marius 
							
						 
					 
					
						
						
						
						
							
						
						
							f8b4e3775d 
							
						 
					 
					
						
						
							
							Update mail-guide.html (POP3)  
						
						
						
					 
					
						2015-12-12 08:41:13 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fad69f85fa 
							
						 
					 
					
						
						
							
							Merge pull request  #605  from ariejan/feature/604-add-rfc2142-mail-aliases  
						
						... 
						
						
						
						Add alias for abuse@ 
						
					 
					
						2015-12-07 15:56:51 -05:00 
						 
				 
			
				
					
						
							
							
								Ariejan de Vroom 
							
						 
					 
					
						
						
						
						
							
						
						
							aedfe62bb0 
							
						 
					 
					
						
						
							
							Add alias for abuse@  
						
						
						
					 
					
						2015-12-07 16:31:58 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c4f00626ef 
							
						 
					 
					
						
						
							
							status checks: check that PRIMARY_HOSTNAME's AAAA record is working  
						
						
						
					 
					
						2015-12-07 09:08:00 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fdad83a1bb 
							
						 
					 
					
						
						
							
							status checks: check IPv6 reverse DNS  
						
						
						
					 
					
						2015-12-07 08:58:48 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5bbe9f9a04 
							
						 
					 
					
						
						
							
							status checks: when ipv6 is enabled, check that services are accessible over ipv6 too  
						
						
						
					 
					
						2015-12-07 08:37:04 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7a93d219ef 
							
						 
					 
					
						
						
							
							some cleanup in dns_update.py  
						
						
						
					 
					
						2015-11-29 14:59:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							808522d895 
							
						 
					 
					
						
						
							
							merge functions get_web_domains and get_default_www_redirects  
						
						
						
					 
					
						2015-11-29 14:46:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							be9efe0273 
							
						 
					 
					
						
						
							
							ensure malformed ssl certificate can't cause it to be written to an arbitrary path  
						
						
						
					 
					
						2015-11-29 14:04:37 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							766b98c4ad 
							
						 
					 
					
						
						
							
							refactor: move SSL-related management functions into a new module ssl_certificates.py  
						
						
						
					 
					
						2015-11-29 13:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c422543fdd 
							
						 
					 
					
						
						
							
							make the system SSL certificate a symlink so we never have to replace a certificate file, and flatten the directory structure of user-installed certificates  
						
						
						
					 
					
						2015-11-29 02:02:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cf33be4596 
							
						 
					 
					
						
						
							
							fix boto 2 conflict on Google Compute Engine instances  
						
						... 
						
						
						
						GCE installs some Python-2-only boto plugin that conflicts with boto running under Python 3. It gives a SyntaxError in /usr/share/google/boto/boto_plugins/compute_auth.py (https://github.com/GoogleCloudPlatform/compute-image-packages ).
Disabling boto's default configuration file prior to importing boto so that GCE's plugin is not loaded.
See https://discourse.mailinabox.email/t/500-internal-server-error-for-admin/942 . 
						
					 
					
						2015-11-26 14:51:44 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							161d096139 
							
						 
					 
					
						
						
							
							add a way to dump backup status from the command line  
						
						
						
					 
					
						2015-11-26 14:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							59f8aa1c31 
							
						 
					 
					
						
						
							
							Add checks to the management interface to report memory usage  
						
						
						
					 
					
						2015-11-20 01:48:59 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							59e9952a61 
							
						 
					 
					
						
						
							
							the explanatory text for setting up secondary nameservers was hidden until a secondary nameserver is added, so that wasn't helpful  
						
						
						
					 
					
						2015-11-19 07:00:32 -05:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							280de022cb 
							
						 
					 
					
						
						
							
							Change order in which service stop  
						
						
						
					 
					
						2015-11-17 05:22:42 -05:00 
						 
				 
			
				
					
						
							
							
								yodax 
							
						 
					 
					
						
						
						
						
							
						
						
							fa1cad7fb2 
							
						 
					 
					
						
						
							
							During the backup you will get login failures which will confuse iOS, so it is better to stop php-fpm as well  
						
						
						
					 
					
						2015-11-17 02:57:14 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1926bfa1c5 
							
						 
					 
					
						
						
							
							all DNS queries should have a timeout,  fixes   #591  
						
						
						
					 
					
						2015-11-11 12:25:55 +00:00 
						 
				 
			
				
					
						
							
							
								Sheldon Rupp 
							
						 
					 
					
						
						
						
						
							
						
						
							96b02e68ee 
							
						 
					 
					
						
						
							
							Change 'Wosign' to 'WoSign'  
						
						
						
					 
					
						2015-11-08 21:31:43 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ac238b9d28 
							
						 
					 
					
						
						
							
							dont run secondary nameserver checks if the zone's nameservers aren't correct to begin with, possibly because the user is using external DNS, see  #582  
						
						
						
					 
					
						2015-11-05 11:09:15 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3fd1279e7d 
							
						 
					 
					
						
						
							
							...but then also have to compare against the intended IP address, which might have a custom override, see  #582  
						
						
						
					 
					
						2015-11-03 12:06:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3bc38c89ab 
							
						 
					 
					
						
						
							
							secondary NS status checks in  3b91bc2c0a should not be skipped if the target IP address has been modified by a custom record  
						
						... 
						
						
						
						see #582  
						
					 
					
						2015-11-03 06:48:04 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d0062b7de4 
							
						 
					 
					
						
						
							
							Merge pull request  #572  from OmgImAlexis/patch-1  
						
						... 
						
						
						
						Added wosign as a suggested free SSL provider. 
						
					 
					
						2015-10-31 14:57:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3b91bc2c0a 
							
						 
					 
					
						
						
							
							if secondary nameservers are given, status checks now check they are serving the right info  
						
						
						
					 
					
						2015-10-22 10:58:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4c4babd9e7 
							
						 
					 
					
						
						
							
							experimentally scanning the mail log to see if we can infer a good time to take a backup  
						
						
						
					 
					
						2015-10-22 10:35:14 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							274e5ca676 
							
						 
					 
					
						
						
							
							let dovecot automatically create mailbox folders rather than doing it manually in the management daemon,  fixes   #554  
						
						
						
					 
					
						2015-10-18 11:55:27 +00:00 
						 
				 
			
				
					
						
							
							
								Peter Timofejew 
							
						 
					 
					
						
						
						
						
							
						
						
							1bdfdbee89 
							
						 
					 
					
						
						
							
							Added 'Sent' folder when creating user.  
						
						
						
					 
					
						2015-10-12 09:43:35 -04:00 
						 
				 
			
				
					
						
							
							
								X O 
							
						 
					 
					
						
						
						
						
							
						
						
							ebffaab16a 
							
						 
					 
					
						
						
							
							Added wosign as a suggest free SSL provider.  
						
						
						
					 
					
						2015-10-11 11:33:18 +10:30 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6c8ee1862a 
							
						 
					 
					
						
						
							
							use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts);  fixes   #234  
						
						
						
					 
					
						2015-09-18 19:04:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							787beab63f 
							
						 
					 
					
						
						
							
							choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates  
						
						... 
						
						
						
						For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate. 
						
					 
					
						2015-09-18 13:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							58349a9410 
							
						 
					 
					
						
						
							
							when updating DNS, clear the local DNS cache  
						
						
						
					 
					
						2015-09-18 13:00:53 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							93c2258d23 
							
						 
					 
					
						
						
							
							let the HSTS header be controlled by the management daemon so some domains can choose to enable preload  
						
						
						
					 
					
						2015-09-08 21:20:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d60d73b7e0 
							
						 
					 
					
						
						
							
							status checks: dont error if there's a domain that dns_update hasn't been run yet on  
						
						
						
					 
					
						2015-09-06 13:27:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6704da1446 
							
						 
					 
					
						
						
							
							silence errors in the admin if there is an invalid domain name in the database  
						
						... 
						
						
						
						see #531  
						
					 
					
						2015-09-06 13:27:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4f6fa40dbd 
							
						 
					 
					
						
						
							
							warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web  
						
						
						
					 
					
						2015-09-05 20:07:51 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							104b804059 
							
						 
					 
					
						
						
							
							if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web  
						
						
						
					 
					
						2015-09-05 20:07:51 +00:00