Commit Graph

1320 Commits

Author SHA1 Message Date
Joshua Tauberer 6307503cda Merge pull request #580 from yodax/z-push-update
Update z-push to latest version
2015-10-31 14:52:46 -04:00
Michael Kroes 9b1e04b1e8 Merge remote-tracking branch 'upstream/master' into z-push-update 2015-10-31 03:08:54 -04:00
Michael Kroes 24f1dbc0bb PHP version has a bug that needs a workaround in z-push 2015-10-27 16:42:58 -04:00
Joshua Tauberer 5d158c524d Merge pull request #581 from yodax/default-archive-folder
For a new user create the archive folder
2015-10-27 08:15:50 -04:00
Michael Kroes fd9287a0fd Add Archive folder to comment in mail-dovecot.sh 2015-10-27 07:58:07 -04:00
Michael Kroes 90836eff5b For a new user create the archive folder 2015-10-27 02:20:00 -04:00
Michael Kroes 914cf68651 Remove default comments from imap config 2015-10-25 13:26:38 -04:00
Michael Kroes 4db82d3d09 Caldav doesnt support sync tokens 2015-10-25 13:19:22 -04:00
Michael Kroes 5055ef060d Change configuration options for new version of z-push 2015-10-25 08:29:57 -04:00
Michael Kroes 35088a7cac Update Z-Push version to 80cbe53de4ab8dd598d1f2af6f0a23fa396c529a 2015-10-25 07:25:24 -04:00
Joshua Tauberer f046031b26 nginx-ssl.conf changes were partially incorrect, partial revert of 834c42bc50
My own /etc/nginx/nginx.conf was messed up, so what I thought were Ubuntu 14.04 defaults weren't, and we lost the ssl_protocols and ssl_prefer_server_ciphers settings. This puts those back.

https://discourse.mailinabox.email/t/dev-master-version-reported-as-poodle-attack-vulnerable-by-ssllabs/898
2015-10-24 11:36:18 +00:00
Joshua Tauberer 3b91bc2c0a if secondary nameservers are given, status checks now check they are serving the right info 2015-10-22 10:58:36 +00:00
Joshua Tauberer 4c4babd9e7 experimentally scanning the mail log to see if we can infer a good time to take a backup 2015-10-22 10:35:14 +00:00
Joshua Tauberer 53dc53bf8f changelog entries 2015-10-18 12:10:57 +00:00
Joshua Tauberer 274e5ca676 let dovecot automatically create mailbox folders rather than doing it manually in the management daemon, fixes #554 2015-10-18 11:55:27 +00:00
Joshua Tauberer 5e7b7835b7 Merge pull request #573 from ptimof/master
Added 'Sent' folder when creating user.
2015-10-12 10:05:52 -04:00
Peter Timofejew 1bdfdbee89 Added 'Sent' folder when creating user. 2015-10-12 09:43:35 -04:00
X O ebffaab16a Added wosign as a suggest free SSL provider. 2015-10-11 11:33:18 +10:30
Joshua Tauberer d6d4085809 munin setup may show '/bin/rm: missing operand', fixes #527 2015-10-10 16:48:49 +00:00
Joshua Tauberer 2a44b0cafb the new SSL certs routine requires cryptography>=1.0.2 to make RSAPublicNumbers hashable
an earlier problem about --upgrade (de34d0d337) seemed to be just a local problem on my box, so going back to unpinned >= requirement specs

https://discourse.mailinabox.email/t/upgrade-to-v0-13b-broke-admin/876
2015-10-08 12:24:22 +00:00
Joshua Tauberer 834c42bc50 move nginx-ssl to be a global configuration file rather than including it into each server block 2015-09-27 17:13:11 +00:00
Joshua Tauberer 6c8ee1862a use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts); fixes #234 2015-09-18 19:04:28 +00:00
Joshua Tauberer 787beab63f choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates
For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.

If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate.
2015-09-18 13:25:18 +00:00
Joshua Tauberer 58349a9410 when updating DNS, clear the local DNS cache 2015-09-18 13:00:53 +00:00
Joshua Tauberer 93c2258d23 let the HSTS header be controlled by the management daemon so some domains can choose to enable preload 2015-09-08 21:20:50 +00:00
Joshua Tauberer bd7a4dedc1 Merge pull request #551 from anoma/master
Revert two FAIL2BAN SSH jail changes
2015-09-07 06:49:48 -04:00
anoma ae3ae0b5ba Revert to default FAIL2BAN findtime for SSH jail
I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.

The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good.
2015-09-07 08:36:59 +01:00
anoma 42d657eb54 Unnecessary config item, inherited from default jail.conf 2015-09-07 08:28:54 +01:00
Joshua Tauberer d60d73b7e0 status checks: dont error if there's a domain that dns_update hasn't been run yet on 2015-09-06 13:27:35 +00:00
Joshua Tauberer 6704da1446 silence errors in the admin if there is an invalid domain name in the database
see #531
2015-09-06 13:27:28 +00:00
Hoekynl d24a2f7cab Updated, mistype.
Removed :$HTML5_NOTIFIER_VERSION, which breaks it
2015-09-06 10:22:08 +02:00
Hoekynl ed31002cc6 Added commit version hash. Working now.
Added HTML5_NOTIFIER_VERSION
Updated git_clone to work.

Tested and working.
2015-09-06 10:20:36 +02:00
Hoekynl f8ac896795 Include html5_notifier by default
Include the roundcube plugin html_notifier by default
2015-09-05 23:33:19 +02:00
Joshua Tauberer 3e96de26dd server_names_hash_bucket_size=128 now, see #93 2015-09-05 20:24:17 +00:00
Joshua Tauberer 4f6fa40dbd warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web 2015-09-05 20:07:51 +00:00
Joshua Tauberer 104b804059 if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web 2015-09-05 20:07:51 +00:00
Joshua Tauberer c545e46ebe Merge pull request #548 from NurdTurd/patch-1
Typo
2015-09-05 15:30:25 -04:00
Sheldon Rupp 52a216fbcb Typo
Change KB to MB due to typo.
2015-09-05 21:29:24 +02:00
Joshua Tauberer 2c29d59895 Merge pull request #478 from kri3v/patch-1
Added more bantime and lowered max retry attempts
2015-09-05 11:42:36 -04:00
Joshua Tauberer de34d0d337 pin pip versions of email_validator and cryptography so pip doesn't keep reinstalling them each upgrade even if nothing changed (and the ceffi depedency installation can be very slow and is prone to break under low memory) 2015-09-05 12:35:01 +00:00
Joshua Tauberer 2bb7a6fc27 changelog entries 2015-09-05 08:01:59 -04:00
Joshua Tauberer 1b84292c56 Merge pull request #544 from 0xFelix/master
Fix DKIM validation and spamassassin DNS/Pyzor checks
2015-09-05 06:59:00 -04:00
Felix 18efae9703 Remove direct dependencies as they get installed automatically 2015-09-05 09:08:47 +02:00
Joshua Tauberer 4b6d86ef89 trim the instructions at the end of an upgrade about the DNS-broken control panel login 2015-09-04 18:49:32 -04:00
Joshua Tauberer 75a75a6f84 admin: rename my ajax javascript function to ajax_with_indicator; see 79c57c2303 2015-09-04 18:40:56 -04:00
Joshua Tauberer 2e99589336 admin: fix jumpyness when a modal is shown (move overflow-y to body; make the navbar not fixed to top) 2015-09-04 22:21:10 +00:00
Joshua Tauberer 188b21dd36 bump bootstrap to 3.3.5 and jquery to 1.11.3 on the admin 2015-09-04 22:13:56 +00:00
Joshua Tauberer 0cf56e0aad add a random password generator to the users page of the admin 2015-09-04 22:12:07 +00:00
Felix bd7728ac94 Add documentation for additional packages, remove unneeded package libcrypt-openssl-random-perl 2015-09-04 15:45:47 +02:00
Felix b6f7a10569 Add missing dependencies for DKIM validation 2015-09-04 09:25:49 +02:00