Commit Graph

1485 Commits

Author SHA1 Message Date
Joshua Tauberer b25ce67fe1 bring the postgrey patches into this repository rather than maintaining them in a separate postgrey fork repository 2015-06-03 15:50:25 -04:00
Joshua Tauberer b23ba6f75e simplify build/setup of dovecot-lucene package 2015-06-03 15:48:35 -04:00
Morteza Milani cf904a05cc Reject outgoing mail if FROM does not match Login 2015-06-01 21:26:01 -07:00
Joshua Tauberer 47a5a44b9e v0.10
* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version.
* Roundcube now allows persistent logins using Roundcube-Persistent-Login-Plugin.
* ownCloud is updated to version 8.0.3.
* SPF records for non-mail domains were tightened.
* The minimum greylisting delay has been reduced from 5 minutes to 3 minutes.
* Users and aliases weren't working if they were entered with any uppercase letters. Now only lowercase is allowed.
* After installing an SSL certificate from the control panel, the page wasn't being refreshed.
* Backups broke if the box's hostname was changed after installation.
* Dotfiles (i.e. .svn) stored in ownCloud Files were not accessible from ownCloud's mobile/desktop clients.
* Fix broken install on OVH VPS's.
2015-06-01 18:05:41 -04:00
Joshua Tauberer a0e6c7ceb6 fix downloading dotfiles through ownCloud's webdav
fixes #414
2015-05-30 18:03:37 +00:00
Joshua Tauberer 49aa367ffa merge #422 - Add persistent login functionality to roundcube 2015-05-30 14:07:50 +00:00
Joshua Tauberer 83b36f2c3a simplify the roundcube updating logic, changelog entry for roundcube persistent login 2015-05-30 14:07:36 +00:00
Joshua Tauberer 2b341d884f merge #396 - allow the backup process to work after a hostname change 2015-05-30 13:55:08 +00:00
Joshua Tauberer 141a09b31e changelog, comments for duplicity --allow-source-mismatch 2015-05-30 13:46:39 +00:00
Joshua Tauberer 6378ec4bbd Merge pull request #423 from BrianZachary/master
Update README.md
2015-05-29 16:53:38 -04:00
BrianZachary 603fb1c698 Update README.md
Added latest front page appearance of Mail-In-A-Box to README.md
2015-05-29 16:43:14 -04:00
Joaquin Bravo 67b4ea947b Add persistent login functionality to roundcube 2015-05-29 14:49:40 -05:00
Joshua Tauberer 4075b7c78a Merge pull request #421 from samrobotmesh/patch-1
Echange -> Exchange
2015-05-29 10:59:25 -04:00
Sam 6499eba0cb Echange -> Exchange 2015-05-29 07:36:53 -07:00
Joshua Tauberer 980626aa40 Merge branch 'postgrey/delay/clean' of https://github.com/Xoib/mailinabox
Closes #413.
2015-05-29 13:00:51 +00:00
Eric Mill 3f329bc1a8 fix typos 2015-05-29 01:38:42 -04:00
Joshua Tauberer 69de67b1c2 link security.md from the readme 2015-05-28 21:41:23 -04:00
Joshua Tauberer 7158f9a8d9 security.md: add links to appropriate source files in various places to make it easier to inspect the code to verify the statements; unfortunately line numbers will drift but it would be nice if we could link right to line numbers 2015-05-28 21:39:50 -04:00
Joshua Tauberer bb75bd7167 more security details 2015-05-28 21:39:50 -04:00
Joshua Tauberer 4fa58169f1 after installing an SSL certificate from the control panel the page wasn't being refreshed, broken in ec73c171c7 2015-05-28 18:45:53 +00:00
Joshua Tauberer 564040897f Merge pull request #420 from dhpiggott/increase-dmarc-and-spf-strictness
Make SPF forbid any outbound mail from non-mail domains
2015-05-28 13:17:14 -04:00
David Piggott f78bbab289 Make SPF forbid any outbound mail from non-mail domains 2015-05-28 18:11:44 +01:00
Joshua Tauberer d3c82d7363 Merge pull request #419 from dhpiggott/improve-dmarc-and-spf-descriptions
Improve DMARC and SPF record descriptions
2015-05-28 13:06:44 -04:00
David Piggott 7b9b978a6d Improve DMARC and SPF record descriptions 2015-05-28 16:34:58 +01:00
Joshua Tauberer 45d47818ca add changelog entry for 4f98d470a0 2015-05-28 13:12:57 +00:00
Joshua Tauberer 202c4a948b our users/aliases database is case sensitive - force new users/aliases to lowercase
Unfortunately our users/aliases database is case sensitive. (Perhaps I should have defined the columns with COLLATE NOCASE, see https://www.sqlite.org/datatype3.html.) Postfix always queries the tables in lowecase, so mail delivery would fail if a user or alias were defined with any capital letters. It would have also been possible to add multiple euqivalent addresses into the database with different case.

This commit rejects new mail users that have capital letters and forces new aliases to lowecase. I prefer to reject rather than casefold user accounts so that the login credentials the user gave are exactly what goes into the database.

https://discourse.mailinabox.email/t/recipient-address-rejected-user-unknown-in-virtual-mailbox-table/512/4
2015-05-28 13:11:30 +00:00
Joshua Tauberer b5269bb28e Merge pull request #418 from dhpiggott/aliases-template-tweak
Use lowercase h for consistency in aliases template - it reads better…
2015-05-28 08:56:44 -04:00
David Piggott d6c5f09a1a Use lowercase h for consistency in aliases template - it reads better (IMO!)
This also includes fixes for a typo and some whitespace inconsistencies in
mailconfig.py. In fact the capitalisation change and those fixes are the
remnants of a patch I had been running that changed the default aliases - it
was through developing it that I found the issues.

(I wanted to bring the number of patches I apply before deploying to zero and
in the case of this one I've come to view the way MIAB already is as superior,
so I've undone the core of my patch and these tiny issues are all that remain).
2015-05-28 13:46:15 +01:00
Xoib 11546b97bb softer the greylisting delay restriction
A lot of legit mail servers try again between 200 and 285 seconds, then
3 hours later. Why? RFC is not strict about retry timer so postfix and
other MTA have their own intervals. To fix the problem of receiving
these e-mail really latter, I reduced the delay of postgrey to
180 seconds (default is 300 seconds).
2015-05-26 16:10:14 +02:00
Joshua Tauberer cac6a251cc Merge pull request #411 from nstanke/munin
remove unnecessary source call
2015-05-26 07:12:54 -04:00
Norman Stanke 31d26a7bad remove unnecessary source call 2015-05-26 13:06:50 +02:00
Joshua Tauberer a9ed9ae936 more work on munin
* install the munin-node package
* don't install munin-plugins-extra (if the user wants it they can add it)
* expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file
2015-05-25 17:03:52 +00:00
Joshua Tauberer a9892efe38 Merge branch 'master' of https://github.com/nstanke/mailinabox into munin 2015-05-25 16:03:45 +00:00
Brock Tice f02e0a3ccb Fixed comment that still referenced solr. 2015-05-25 08:50:41 -06:00
Joshua Tauberer d6f26609fc Merge pull request #410 from stevesbrain/master
Fixing minor misspelling of the word: encrypted
2015-05-24 22:12:16 -04:00
StevesMonkey 05438d047d Fixing minor misspelling of the word: encrypted 2015-05-25 10:15:57 +09:30
Brock Tice 32f5632620 Switch to official PPA 2015-05-23 20:09:50 -04:00
Brock Tice 005cc08b40 Modified makefile to work with updated debian-lucene patch, use official locations.
Fixed conflicting edits to ppa/Makefile due to cherry-pick.
2015-05-23 20:09:06 -04:00
Brock Tice 6a659fe10d Fixed patches for pull request.
Resolved conflict between two patches.
2015-05-23 20:07:33 -04:00
Brock Tice 6941ca2f63 Added apt-get update before installing dovecot-lucene 2015-05-23 20:01:58 -04:00
Brock Tice e4eba49c1b Added lucene.sh to start script. 2015-05-23 20:01:45 -04:00
Brock Tice f289439d1d Adapted Jonty's original solr.sh script to instead set up lucene full-text search in dovecot. 2015-05-23 20:01:32 -04:00
Joshua Tauberer a5ef64919a ppa: build the dovecot-lucene package 2015-05-23 14:03:14 -04:00
Joshua Tauberer e132125cf3 ppa: move build to /tmp 2015-05-23 12:55:55 -04:00
Joshua Tauberer 01b5512ac7 add @Jonty's .deb patch for building dovecot lucene 2015-05-23 12:14:31 -04:00
Joshua Tauberer a0c7e63d78 best guess at what clients are supported by the tls settings used 2015-05-22 17:36:55 -04:00
Joshua Tauberer 8ba5f2ffa7 add security.md and clean up README 2015-05-22 16:53:13 -04:00
Joshua Tauberer 2c44333679 compare tls ciphers against Mozilla's recommendations 2015-05-20 19:41:04 -04:00
Joshua Tauberer 610be9cf17 record current TLS settings from my box 2015-05-20 18:31:46 -04:00
Joshua Tauberer eb5e8fe388 the switch of smtpd_tls_security_level may to encrypt for submission broke smtpd_tls_protocols
The submission port began offering SSLv3.

With `encrypt`, the smtpd_tls_protocols option is ignored and smtpd_tls_mandatory_protocols must be set instead.

see e39b777abc
2015-05-20 22:27:11 +00:00