1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-27 08:07:04 +00:00
Commit Graph

44 Commits

Author SHA1 Message Date
Joshua Tauberer
ddf8e857fd
Support Ubuntu 22.04 Jammy Jellyfish (#2083) 2022-10-11 21:18:34 -04:00
Sudheesh Singanamalla
d7244ed920
Fixes #2149 Append ; in policy strings for DMARC settings (#2151)
Signed-off-by: Sudheesh Singanamalla <sudheesh@cloudflare.com>
2022-08-19 13:23:42 -04:00
Rauno Moisto
78569e9a88 Fix DeprecationWarning in dnspython query vs resolve method
The resolve method disables resolving relative names by default. This change probably makes a7710e90 unnecessary. @JoshData added some additional changes from query to resolve.
2022-07-28 14:02:46 -04:00
Joshua Tauberer
e884c4774f Replace HMAC-based session API keys with tokens stored in memory in the daemon process
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
2021-09-06 09:23:58 -04:00
Joshua Tauberer
d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
Joshua Tauberer
5aeced5c2e add a test for fail2ban monitoring managesieve 2019-08-31 09:15:41 -04:00
Joshua Tauberer
8e0d9b9f21 update list of tls ciphers supported 2019-01-09 08:52:51 -05:00
Joshua Tauberer
870b82637a fix some wrong variable names, fixes #1353 2018-11-30 10:46:54 -05:00
Joshua Tauberer
e924459140 revert f25801e/#1233 - use Mozilla intermediate ciphers for IMAP/POP not modern ciphers
fixes #1300
2017-12-24 14:41:41 -05:00
Joshua Tauberer
5efdd72f41 update TLS test to record changes in the ciphers we offer on the open ports 2017-10-03 12:01:10 -04:00
Michael Kroes
2151d81453 update to ownCloud 9.1.1 (with intermediate upgrades) (#894)
[this is a squashed merge from-]

* Install owncoud 9.1 and provide an upgrade path from 8.2. This also disables memcached and goes with apc. The upgrade fails with memcached.

* Remove php apc setting

* Add dav migrations for each user

* Add some comments to the code

* When upgrading owncloud from 8.2.3 to 9.1.0 the backup of 8.2.3 was overwritten when going from 9.0 to 9.1

* Add upgrade path from 8.1.1. Only do an upgrade check if owncloud was previously installed.

* Stop php5-fpm before owncloud upgrade to prevent database locks

* Fix fail2ban tests for owncloud 9

* When upgrading owncloud copy the database to the user-data/owncloud-backup directory

* Remove not need unzip directives during owncloud extraction. Directory is removed beforehand so a normal extraction is fine

* Improve backup of owncloud installation and provide a post installation restore script. Update the owncloud version number to 9.1.1. Update the calendar and contacts apps to the latest versions

* Separate the ownCloud upgrades visually in the console output.
2016-10-18 06:04:13 -04:00
Joshua Tauberer
fc0abd5b4d confirm that fail2ban is protecting pop3s, closes #629 2016-08-22 19:18:23 -04:00
Joshua Tauberer
83d8dbca3e fail2ban won't start until the roundcube log file is created
fixes #911
2016-08-18 08:32:14 -04:00
Joshua Tauberer
8844a9185f Merge pull request #798 from mail-in-a-box/fail2banjails
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
2016-07-29 08:52:44 -04:00
Michael Kroes
d9ac321f25 Owncloud needs more time to detect blocks. It doesn't respond as fast as the other services. Also owncloud logs UTC (since latest update) even though the timezone is not UTC. Also to detect a block, we get a timeout instead of a refused) 2016-06-27 06:03:19 -04:00
Michael Kroes
bf5e9200f8 Update owncloud url to use webdav and increase http timeout 2016-06-27 06:03:14 -04:00
Joshua Tauberer
3055f9a79c drop SSLv3, RC4 ciphers from SMTP port 25
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.

fixes #611
2016-06-12 09:11:50 -04:00
Michael Kroes
01fa8cf72c add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
Joshua Tauberer
a0c7e63d78 best guess at what clients are supported by the tls settings used 2015-05-22 17:36:55 -04:00
Joshua Tauberer
2c44333679 compare tls ciphers against Mozilla's recommendations 2015-05-20 19:41:04 -04:00
Joshua Tauberer
610be9cf17 record current TLS settings from my box 2015-05-20 18:31:46 -04:00
Joshua Tauberer
d3cacd4a11 update test_dns
Don't check NS records for now because they will only appear on zones.
If a hostname is a subdomain on a zone and not itself a zone, it will
lack NS records.

Also stop testing for ADSP, which we dropped in 126ea94ccf.
2014-06-21 12:32:20 -04:00
Joshua Tauberer
87b0608f15 test_dns: DNSSEC signing inserts empty text string components 2014-06-21 12:32:20 -04:00
Joshua Tauberer
5b72e5419d fix shebang lines in the tests to take advantage of any activated python environment 2014-06-08 17:31:12 -04:00
Joshua Tauberer
3961e1aec3 test_dns: more error handling 2014-06-04 19:31:55 -04:00
Joshua Tauberer
d6e6cfd3c9 mail test: catch typical connecting errors and display nicer output 2014-06-04 17:13:06 -04:00
Joshua Tauberer
fff06f7d71 improve DNS test output 2014-06-04 17:01:49 -04:00
Joshua Tauberer
19aba091d7 test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation 2014-05-17 08:32:40 -04:00
Joshua Tauberer
c722625041 test_dns: add ADSP and DMARC tests, see #14 2014-05-10 08:03:18 -04:00
Joshua Tauberer
c403895f95 test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME) 2014-05-10 08:03:13 -04:00
Joshua Tauberer
bdadf3017d test_dns: handle case where a DNS record is missing (vs incorrect) 2014-05-10 08:03:07 -04:00
Joshua Tauberer
80b367ab07 test_mail: gracefully handled when the server has no reverse DNS available 2014-05-06 10:02:29 -04:00
Joshua Tauberer
0be47c414d in the DNS test, use dnspython3 rather than dig 2014-04-23 18:27:50 -04:00
Joshua Tauberer
1b4dd98270 test that the SMTP server's EHLO name matches its reverse DNS name 2014-04-23 18:02:30 -04:00
Joshua Tauberer
22ad668699 rename test modules to not conflict with global package names (e.g. dns) 2014-04-23 17:43:38 -04:00
Joshua Tauberer
ccbbc930e2 in the mail test script, forgot to remove the dkim import 2014-04-23 17:32:41 -04:00
Joshua Tauberer
ec11241a7a also test reverse DNS 2014-04-23 14:10:04 -04:00
Joshua Tauberer
95a17a00c0 DNS test: also check a public nameserver to verify that the registrar (or up-host) configuration is correct too 2014-04-20 12:26:35 -04:00
Joshua Tauberer
04d97a11e9 new tests for DNS and IMAP/SMTP 2014-04-17 20:18:10 -04:00
Joshua Tauberer
a50f30c411 smtp server test 2013-09-01 10:40:12 -04:00
Joshua Tauberer
a1260b75fb various fixes; rewrote test scripts 2013-08-31 10:50:27 -04:00
Joshua Tauberer
97b2105a1f spamassassin 2013-08-23 11:59:28 -04:00
Joshua Tauberer
5cef1bb63d DNS, SPF, and DKIM 2013-08-21 16:53:22 -04:00
Joshua Tauberer
eb47a1471b mail seems to work 2013-08-21 09:37:33 -04:00