Commit Graph

1320 Commits

Author SHA1 Message Date
Eric Mill 3f329bc1a8 fix typos 2015-05-29 01:38:42 -04:00
Joshua Tauberer 69de67b1c2 link security.md from the readme 2015-05-28 21:41:23 -04:00
Joshua Tauberer 7158f9a8d9 security.md: add links to appropriate source files in various places to make it easier to inspect the code to verify the statements; unfortunately line numbers will drift but it would be nice if we could link right to line numbers 2015-05-28 21:39:50 -04:00
Joshua Tauberer bb75bd7167 more security details 2015-05-28 21:39:50 -04:00
Joshua Tauberer 4fa58169f1 after installing an SSL certificate from the control panel the page wasn't being refreshed, broken in ec73c171c7 2015-05-28 18:45:53 +00:00
Joshua Tauberer 564040897f Merge pull request #420 from dhpiggott/increase-dmarc-and-spf-strictness
Make SPF forbid any outbound mail from non-mail domains
2015-05-28 13:17:14 -04:00
David Piggott f78bbab289 Make SPF forbid any outbound mail from non-mail domains 2015-05-28 18:11:44 +01:00
Joshua Tauberer d3c82d7363 Merge pull request #419 from dhpiggott/improve-dmarc-and-spf-descriptions
Improve DMARC and SPF record descriptions
2015-05-28 13:06:44 -04:00
David Piggott 7b9b978a6d Improve DMARC and SPF record descriptions 2015-05-28 16:34:58 +01:00
Joshua Tauberer 45d47818ca add changelog entry for 4f98d470a0 2015-05-28 13:12:57 +00:00
Joshua Tauberer 202c4a948b our users/aliases database is case sensitive - force new users/aliases to lowercase
Unfortunately our users/aliases database is case sensitive. (Perhaps I should have defined the columns with COLLATE NOCASE, see https://www.sqlite.org/datatype3.html.) Postfix always queries the tables in lowecase, so mail delivery would fail if a user or alias were defined with any capital letters. It would have also been possible to add multiple euqivalent addresses into the database with different case.

This commit rejects new mail users that have capital letters and forces new aliases to lowecase. I prefer to reject rather than casefold user accounts so that the login credentials the user gave are exactly what goes into the database.

https://discourse.mailinabox.email/t/recipient-address-rejected-user-unknown-in-virtual-mailbox-table/512/4
2015-05-28 13:11:30 +00:00
Joshua Tauberer b5269bb28e Merge pull request #418 from dhpiggott/aliases-template-tweak
Use lowercase h for consistency in aliases template - it reads better…
2015-05-28 08:56:44 -04:00
David Piggott d6c5f09a1a Use lowercase h for consistency in aliases template - it reads better (IMO!)
This also includes fixes for a typo and some whitespace inconsistencies in
mailconfig.py. In fact the capitalisation change and those fixes are the
remnants of a patch I had been running that changed the default aliases - it
was through developing it that I found the issues.

(I wanted to bring the number of patches I apply before deploying to zero and
in the case of this one I've come to view the way MIAB already is as superior,
so I've undone the core of my patch and these tiny issues are all that remain).
2015-05-28 13:46:15 +01:00
Xoib 11546b97bb softer the greylisting delay restriction
A lot of legit mail servers try again between 200 and 285 seconds, then
3 hours later. Why? RFC is not strict about retry timer so postfix and
other MTA have their own intervals. To fix the problem of receiving
these e-mail really latter, I reduced the delay of postgrey to
180 seconds (default is 300 seconds).
2015-05-26 16:10:14 +02:00
Joshua Tauberer cac6a251cc Merge pull request #411 from nstanke/munin
remove unnecessary source call
2015-05-26 07:12:54 -04:00
Norman Stanke 31d26a7bad remove unnecessary source call 2015-05-26 13:06:50 +02:00
Joshua Tauberer a9ed9ae936 more work on munin
* install the munin-node package
* don't install munin-plugins-extra (if the user wants it they can add it)
* expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file
2015-05-25 17:03:52 +00:00
Joshua Tauberer a9892efe38 Merge branch 'master' of https://github.com/nstanke/mailinabox into munin 2015-05-25 16:03:45 +00:00
Brock Tice f02e0a3ccb Fixed comment that still referenced solr. 2015-05-25 08:50:41 -06:00
Joshua Tauberer d6f26609fc Merge pull request #410 from stevesbrain/master
Fixing minor misspelling of the word: encrypted
2015-05-24 22:12:16 -04:00
StevesMonkey 05438d047d Fixing minor misspelling of the word: encrypted 2015-05-25 10:15:57 +09:30
Brock Tice 32f5632620 Switch to official PPA 2015-05-23 20:09:50 -04:00
Brock Tice 005cc08b40 Modified makefile to work with updated debian-lucene patch, use official locations.
Fixed conflicting edits to ppa/Makefile due to cherry-pick.
2015-05-23 20:09:06 -04:00
Brock Tice 6a659fe10d Fixed patches for pull request.
Resolved conflict between two patches.
2015-05-23 20:07:33 -04:00
Brock Tice 6941ca2f63 Added apt-get update before installing dovecot-lucene 2015-05-23 20:01:58 -04:00
Brock Tice e4eba49c1b Added lucene.sh to start script. 2015-05-23 20:01:45 -04:00
Brock Tice f289439d1d Adapted Jonty's original solr.sh script to instead set up lucene full-text search in dovecot. 2015-05-23 20:01:32 -04:00
Joshua Tauberer a5ef64919a ppa: build the dovecot-lucene package 2015-05-23 14:03:14 -04:00
Joshua Tauberer e132125cf3 ppa: move build to /tmp 2015-05-23 12:55:55 -04:00
Joshua Tauberer 01b5512ac7 add @Jonty's .deb patch for building dovecot lucene 2015-05-23 12:14:31 -04:00
Joshua Tauberer a0c7e63d78 best guess at what clients are supported by the tls settings used 2015-05-22 17:36:55 -04:00
Joshua Tauberer 8ba5f2ffa7 add security.md and clean up README 2015-05-22 16:53:13 -04:00
Joshua Tauberer 2c44333679 compare tls ciphers against Mozilla's recommendations 2015-05-20 19:41:04 -04:00
Joshua Tauberer 610be9cf17 record current TLS settings from my box 2015-05-20 18:31:46 -04:00
Joshua Tauberer eb5e8fe388 the switch of smtpd_tls_security_level may to encrypt for submission broke smtpd_tls_protocols
The submission port began offering SSLv3.

With `encrypt`, the smtpd_tls_protocols option is ignored and smtpd_tls_mandatory_protocols must be set instead.

see e39b777abc
2015-05-20 22:27:11 +00:00
Joshua Tauberer c999c6082f tweak unhackable language, see #402 2015-05-19 11:18:53 -04:00
Joshua Tauberer 3b86b3fe66 bump to email_validator 0.1.0-rc5 2015-05-19 08:37:17 -04:00
Joshua Tauberer 0a71dca825 add preliminary build tools for a Mail-in-a-Box PPA
Starting with my dnswl.org modifications to postgrey.
2015-05-18 22:15:09 -04:00
Joshua Tauberer 4f98d470a0 '/dev/stdout' does not exist on some systems (!)
The OVH VPS provider creates systems without /dev/stdout. I have never seen that before. But fine. We were passing it as a command line option to `openssl req`, but outputting to stdout is the default so it's not necessary to specify /dev/stdout.

Fixes #277. Also https://discourse.mailinabox.email/t/500-internal-server-error/475/10.
2015-05-16 13:34:47 +00:00
Joshua Tauberer 57abae3999 if the main ssl cert is expiring soon, the end of setup would display the control panel instructions as if the cert were self-signed 2015-05-14 19:16:31 +00:00
Xoib 202e49a897 allow the backup process to work after a hostname change 2015-05-13 13:52:23 +02:00
Joshua Tauberer 13093f1732 update to ownCloud 8.0.3
see #375
2015-05-11 13:00:40 +00:00
Joshua Tauberer 837d327c1e v0.09
=====

May 8, 2015

Mail:

* Spam checking is now performed on messages larger than the previous limit of 64KB.
* POP3S is now enabled (port 995).
* Roundcube is updated to version 1.1.1.
* Minor security improvements (more mail headers with user agent info are anonymized; crypto settings were tightened).

ownCloud:

* Downloading files you uploaded to ownCloud broke because of a change in ownCloud 8.

DNS:

* Internationalized Domain Names (IDNs) should now work in email. If you had custom DNS or custom web settings for internationalized domains, check that they are still working.
* It is now possible to set multiple TXT and other types of records on the same domain in the control panel.
* The custom DNS API was completely rewritten to support setting multiple records of the same type on a domain. Any existing client code using the DNS API will have to be rewritten. (Existing code will just get 404s back.)
* On some systems the `nsd` service failed to start if network inferfaces were not ready.

System / Control Panel:

* In order to guard against misconfiguration that can lead to domain control validation hijacking, email addresses that begin with admin, administrator, postmaster, hostmaster, and webmaster can no longer be used for (new) mail user accounts, and aliases for these addresses may direct mail only to the box's administrator(s).
* Backups now use duplicity's built-in gpg symmetric AES256 encryption rather than my home-brewed encryption. Old backups will be incorporated inside the first backup after this update but then deleted from disk (i.e. your backups from the previous few days will be backed up).
* There was a race condition between backups and the new nightly status checks.
* The control panel would sometimes lock up with an unnecessary loading indicator.
* You can no longer delete your own account from the control panel.

Setup:

* All Mail-in-a-Box release tags are now signed on github, instructions for verifying the signature are added to the README, and the integrity of some packages downloaded during setup is now verified against a SHA1 hash stored in the tag itself.
* Bugs in first user account creation were fixed.
2015-05-08 08:10:39 -04:00
Joshua Tauberer e39b777abc require TLS on SMTP submission (port 587) to prevent accidental client misconfiguration, although this has no other practical consequences since without TLS clients couldn't authenticate anyway 2015-05-06 00:25:03 +00:00
Joshua Tauberer 7ca42489ae drop legacy, export-grade, and anonymous ciphers from SMTP (port 25, opportunistic)
Even though SMTP (on port 25) is typically opportunistic and a MitM attack can't be prevented, we may as well only offer ciphers that provide some level of security. If a client is so old or misconfigured that it doesn't support newer ciphers, it should hopefully fall back to a non-TLS connection.

Postfix's default was basically anything goes (anonymous and 40-bit ciphers!). Google's MTA's only offer ciphers at 112 bits at greater, and this change approximates that with Postfix's "medium" setting.

Fixes #371
2015-05-05 23:50:07 +00:00
Joshua Tauberer 8c6363f792 bad ciphers were allowed in smtp submssion
This disallows aNULL and other bad ciphers in the Postfix submission server.

I missed an option in 45e93f7dcc recommended by the blog post I was reading.

Fixes #389.
2015-05-05 23:14:59 +00:00
Joshua Tauberer cbb7f29f96 add 'ip-transparent: yes' to nsd.conf
https://discourse.mailinabox.email/t/nsd-service-not-started-at-startup-dns-not-working/449
2015-05-04 11:24:40 +00:00
Joshua Tauberer 8886c9b6bc move the server: block of nsd.conf out of the management daemon and into the setup scripts 2015-05-04 11:24:40 +00:00
Joshua Tauberer a07de38e80 remove workaround for buggy nsd installation
Prior to nsd 4.0.1-1ubuntu0.1, we had to create the nsd user before installing the nsd package.

This was our issue #25 (see 4e6037c0e1, c7e1e29d) and I reported it upstream at https://bugs.launchpad.net/ubuntu/+source/nsd/+bug/1311886. The new package was published by Ubuntu on 2015-01-15 so this work-around is no longer needed.
2015-05-04 11:24:40 +00:00
Joshua Tauberer 1f08997a9e need my new email_validator library during questions 2015-05-03 11:02:23 -04:00