Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6e3b04ce83 
							
						 
					 
					
						
						
							
							when generating SSL CSRs, using SHA256 as SHA1 is being phased out, per @konklone  
						
						
						
					 
					
						2014-08-23 17:49:33 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2d5097345a 
							
						 
					 
					
						
						
							
							move the package update check into the system status checks  
						
						
						
					 
					
						2014-08-21 11:24:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							294d19e0af 
							
						 
					 
					
						
						
							
							rename whats_next.py to status_checks.py  
						
						
						
					 
					
						2014-08-21 10:43:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							46f3d05034 
							
						 
					 
					
						
						
							
							add the network checks to whats_next  
						
						... 
						
						
						
						* zen.spamhaus.org
* dbl.spamhaus.org
* checks if a connection to Google's MTA on port 25 works 
						
					 
					
						2014-08-19 11:16:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							91821adfd7 
							
						 
					 
					
						
						
							
							nameserver checks should be case insensitive  
						
						
						
					 
					
						2014-08-18 22:41:27 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b30d7ad80a 
							
						 
					 
					
						
						
							
							web-based administrative UI  
						
						... 
						
						
						
						closes  #19  
					
						2014-08-17 22:46:06 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ba8e015795 
							
						 
					 
					
						
						
							
							dns_update: dont restart the opendkim process if nothing changed  
						
						
						
					 
					
						2014-08-17 20:42:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							919a5a8f0b 
							
						 
					 
					
						
						
							
							whats_next: when there are multiple responses like for NS records sort the responses so we can compare to a fixed order  
						
						
						
					 
					
						2014-08-17 19:55:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f299825a95 
							
						 
					 
					
						
						
							
							in the nginx override YAML file, change how proxies are specified into a mapping  
						
						
						
					 
					
						2014-08-17 19:40:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							04454b35c6 
							
						 
					 
					
						
						
							
							(merge) CardDAV, CalDAV via ownCloud and move to z-push fork fork  
						
						... 
						
						
						
						Merges branch 'owncloud' of github.com:jkaberg/mailinabox
which is pull request #135 , closes  #135 
thanks @jkaberg, @fmbiete, @owncloud 
						
					 
					
						2014-08-17 15:31:08 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f41ec93cbe 
							
						 
					 
					
						
						
							
							management: dont raise an exception on a poorly formatted authentication header  
						
						
						
					 
					
						2014-08-17 11:50:05 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6e380ade17 
							
						 
					 
					
						
						
							
							owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME  
						
						
						
					 
					
						2014-08-16 12:33:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8c9f278166 
							
						 
					 
					
						
						
							
							owncloud: support MOD_X_ACCEL_REDIRECT_ENABLED  
						
						... 
						
						
						
						This lets downloads from the file app work. 
						
					 
					
						2014-08-15 23:16:54 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e625a424fd 
							
						 
					 
					
						
						
							
							whats_next: check that the TLSA record is correct,  fixes   #139  
						
						
						
					 
					
						2014-08-13 19:42:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0eceb2012f 
							
						 
					 
					
						
						
							
							use php5-fpm rather than our own custom launcher script for PHP+FastCGI  
						
						
						
					 
					
						2014-08-12 11:00:54 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1312b0254b 
							
						 
					 
					
						
						
							
							backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old  
						
						
						
					 
					
						2014-08-11 11:45:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f66914d634 
							
						 
					 
					
						
						
							
							backup: automatically take a full backup when the sum of the increments get very large  
						
						
						
					 
					
						2014-08-11 11:38:32 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							58e300e113 
							
						 
					 
					
						
						
							
							backup must be full on the first run because incremental backup will fail,  fixes   #134  
						
						
						
					 
					
						2014-08-11 07:16:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e294f7c181 
							
						 
					 
					
						
						
							
							create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see  #129  
						
						
						
					 
					
						2014-08-09 16:49:57 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b56f82cb92 
							
						 
					 
					
						
						
							
							make a privileges column in the users table and mark the first user as an admin  
						
						
						
					 
					
						2014-08-08 12:31:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6a512042dc 
							
						 
					 
					
						
						
							
							after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location  
						
						
						
					 
					
						2014-08-02 14:16:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6d4fab1e6a 
							
						 
					 
					
						
						
							
							whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using  
						
						... 
						
						
						
						fixes  #120  (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest
Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1  in which a user asks about the DS parameters that Gandi asks for. 
					
						2014-08-01 12:15:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							30178ef019 
							
						 
					 
					
						
						
							
							add a --force flag to dns_update  
						
						
						
					 
					
						2014-08-01 12:05:34 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							168c06939d 
							
						 
					 
					
						
						
							
							have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces  
						
						... 
						
						
						
						hopefully fixes  #121 ; thanks for the help @sfPlayer1 
						
					 
					
						2014-07-29 20:07:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8042ab66ac 
							
						 
					 
					
						
						
							
							dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain  
						
						
						
					 
					
						2014-07-20 15:23:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8354d9732a 
							
						 
					 
					
						
						
							
							in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses  
						
						
						
					 
					
						2014-07-20 14:53:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1ad9c70887 
							
						 
					 
					
						
						
							
							refactor custom DNS records  
						
						
						
					 
					
						2014-07-20 14:48:20 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2e0680de4f 
							
						 
					 
					
						
						
							
							the check for whether a custom DNS setting is valid was in the wrong place  
						
						
						
					 
					
						2014-07-20 14:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								sfPlayer1 
							
						 
					 
					
						
						
						
						
							
						
						
							89acbe4127 
							
						 
					 
					
						
						
							
							Update dns_update.py  
						
						... 
						
						
						
						Add new extra bool parameter. 
						
					 
					
						2014-07-18 13:05:32 +02:00 
						 
				 
			
				
					
						
							
							
								sfPlayer1 
							
						 
					 
					
						
						
						
						
							
						
						
							0e893626c8 
							
						 
					 
					
						
						
							
							Add IPv6 glue records as well  
						
						... 
						
						
						
						The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.
This caused http://dnscheck.pingdom.com  to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.
Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld
I'm not very familiar with Python and DNS, please verify ;) 
						
					 
					
						2014-07-18 13:03:09 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							42c891032d 
							
						 
					 
					
						
						
							
							don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d7a9e7cc17 
							
						 
					 
					
						
						
							
							run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7803ac9ca4 
							
						 
					 
					
						
						
							
							write explanatory text as we build DNS zones so we can help the user manage DNS off of the box  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							eac349187d 
							
						 
					 
					
						
						
							
							whats_next: move the admin alias check to the system section  
						
						
						
					 
					
						2014-07-16 09:36:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9c7d476915 
							
						 
					 
					
						
						
							
							re-do catch-all aliases,  fixes   #107  (originally  #104 )  
						
						... 
						
						
						
						This reverts pull request #105  from jonessen96/master (84d2023f94 
						
					 
					
						2014-07-13 12:29:43 +00:00 
						 
				 
			
				
					
						
							
							
								Jonas Platte 
							
						 
					 
					
						
						
						
						
							
						
						
							c35252720f 
							
						 
					 
					
						
						
							
							Prohibited usage of empty local part for validate_email(email, strict = true)  
						
						
						
					 
					
						2014-07-12 22:57:38 +02:00 
						 
				 
			
				
					
						
							
							
								Jonas Platte 
							
						 
					 
					
						
						
						
						
							
						
						
							70e4e7f7be 
							
						 
					 
					
						
						
							
							Fixed validate_email not accepting catchalls (empty local part of the address)  
						
						
						
					 
					
						2014-07-12 03:22:55 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							85bd2c8804 
							
						 
					 
					
						
						
							
							use the Dovecot managesieve service to manage sieve scripts  
						
						... 
						
						
						
						This lets roundcube's manageseive plugin do cool things like vacation responses.
Also:
* Run the spam filtering sieve script out of a global sieve file that we'll place in /etc/dovecot. It is no longer necessary to create per-user sieve files for this. Remove them with a new migration. Remove the code that created them.
* Corrects the spam script. Backslashes were double-escaped probably because this script started embedded within the bash script. Not sure how this was working until now.
this adapts work by @h8h in #103  
						
					 
					
						2014-07-10 23:09:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							41b3df6d78 
							
						 
					 
					
						
						
							
							manage hostmaster@ and postmaster@ automatically, create administrator@ during setup instead  
						
						... 
						
						
						
						closes  #94  
					
						2014-07-09 19:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							22a010ecb9 
							
						 
					 
					
						
						
							
							say that certificates are valid too in output  
						
						
						
					 
					
						2014-07-09 16:38:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							659b5c8aa3 
							
						 
					 
					
						
						
							
							if the server certificate can be used for a non-primary domain, use it  
						
						
						
					 
					
						2014-07-09 16:38:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6c70b10c15 
							
						 
					 
					
						
						
							
							tell users to restart nginx after plugging in a new cert  
						
						
						
					 
					
						2014-07-09 14:05:59 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							deebda06e1 
							
						 
					 
					
						
						
							
							utils.sort_domains wasn't right  
						
						
						
					 
					
						2014-07-09 12:35:12 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1a74b81f44 
							
						 
					 
					
						
						
							
							new nginx configuration yaml file to allow proxying of whole domains elsewhere  
						
						
						
					 
					
						2014-07-09 12:31:32 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							04e30ffa78 
							
						 
					 
					
						
						
							
							check that the installed certificate corresponds to the private key  
						
						
						
					 
					
						2014-07-08 15:47:54 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							59a9d02fa5 
							
						 
					 
					
						
						
							
							check that installed certificates are for the domains we are using the certificates for  
						
						
						
					 
					
						2014-07-07 12:06:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							65fb65ada7 
							
						 
					 
					
						
						
							
							an mx record may be missing if the A record matches the A record of PRIMARY_HOSTNAME  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							28e254fb84 
							
						 
					 
					
						
						
							
							whats_next: Allow the PRIMARY_HOSTNAME to not have an MX because the default value means the domain itself, which is what we want anyway  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e898cd5d2a 
							
						 
					 
					
						
						
							
							whats_next: wrap output to the actual width of the terminal  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6a231d4409 
							
						 
					 
					
						
						
							
							clarify that an SSL cert can remain self-signed on the non-primary domains if the domain isn't being used for web  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00