Joshua Tauberer
6307503cda
Merge pull request #580 from yodax/z-push-update
...
Update z-push to latest version
2015-10-31 14:52:46 -04:00
Michael Kroes
9b1e04b1e8
Merge remote-tracking branch 'upstream/master' into z-push-update
2015-10-31 03:08:54 -04:00
Michael Kroes
24f1dbc0bb
PHP version has a bug that needs a workaround in z-push
2015-10-27 16:42:58 -04:00
Joshua Tauberer
5d158c524d
Merge pull request #581 from yodax/default-archive-folder
...
For a new user create the archive folder
2015-10-27 08:15:50 -04:00
Michael Kroes
fd9287a0fd
Add Archive folder to comment in mail-dovecot.sh
2015-10-27 07:58:07 -04:00
Michael Kroes
90836eff5b
For a new user create the archive folder
2015-10-27 02:20:00 -04:00
Michael Kroes
914cf68651
Remove default comments from imap config
2015-10-25 13:26:38 -04:00
Michael Kroes
4db82d3d09
Caldav doesnt support sync tokens
2015-10-25 13:19:22 -04:00
Michael Kroes
5055ef060d
Change configuration options for new version of z-push
2015-10-25 08:29:57 -04:00
Michael Kroes
35088a7cac
Update Z-Push version to 80cbe53de4ab8dd598d1f2af6f0a23fa396c529a
2015-10-25 07:25:24 -04:00
Joshua Tauberer
f046031b26
nginx-ssl.conf changes were partially incorrect, partial revert of 834c42bc50
...
My own /etc/nginx/nginx.conf was messed up, so what I thought were Ubuntu 14.04 defaults weren't, and we lost the ssl_protocols and ssl_prefer_server_ciphers settings. This puts those back.
https://discourse.mailinabox.email/t/dev-master-version-reported-as-poodle-attack-vulnerable-by-ssllabs/898
2015-10-24 11:36:18 +00:00
Joshua Tauberer
3b91bc2c0a
if secondary nameservers are given, status checks now check they are serving the right info
2015-10-22 10:58:36 +00:00
Joshua Tauberer
4c4babd9e7
experimentally scanning the mail log to see if we can infer a good time to take a backup
2015-10-22 10:35:14 +00:00
Joshua Tauberer
53dc53bf8f
changelog entries
2015-10-18 12:10:57 +00:00
Joshua Tauberer
274e5ca676
let dovecot automatically create mailbox folders rather than doing it manually in the management daemon, fixes #554
2015-10-18 11:55:27 +00:00
Joshua Tauberer
5e7b7835b7
Merge pull request #573 from ptimof/master
...
Added 'Sent' folder when creating user.
2015-10-12 10:05:52 -04:00
Peter Timofejew
1bdfdbee89
Added 'Sent' folder when creating user.
2015-10-12 09:43:35 -04:00
X O
ebffaab16a
Added wosign as a suggest free SSL provider.
2015-10-11 11:33:18 +10:30
Joshua Tauberer
d6d4085809
munin setup may show '/bin/rm: missing operand', fixes #527
2015-10-10 16:48:49 +00:00
Joshua Tauberer
2a44b0cafb
the new SSL certs routine requires cryptography>=1.0.2 to make RSAPublicNumbers hashable
...
an earlier problem about --upgrade (de34d0d337
) seemed to be just a local problem on my box, so going back to unpinned >= requirement specs
https://discourse.mailinabox.email/t/upgrade-to-v0-13b-broke-admin/876
2015-10-08 12:24:22 +00:00
Joshua Tauberer
834c42bc50
move nginx-ssl to be a global configuration file rather than including it into each server block
2015-09-27 17:13:11 +00:00
Joshua Tauberer
6c8ee1862a
use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts); fixes #234
2015-09-18 19:04:28 +00:00
Joshua Tauberer
787beab63f
choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates
...
For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate.
2015-09-18 13:25:18 +00:00
Joshua Tauberer
58349a9410
when updating DNS, clear the local DNS cache
2015-09-18 13:00:53 +00:00
Joshua Tauberer
93c2258d23
let the HSTS header be controlled by the management daemon so some domains can choose to enable preload
2015-09-08 21:20:50 +00:00
Joshua Tauberer
bd7a4dedc1
Merge pull request #551 from anoma/master
...
Revert two FAIL2BAN SSH jail changes
2015-09-07 06:49:48 -04:00
anoma
ae3ae0b5ba
Revert to default FAIL2BAN findtime for SSH jail
...
I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.
The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good.
2015-09-07 08:36:59 +01:00
anoma
42d657eb54
Unnecessary config item, inherited from default jail.conf
2015-09-07 08:28:54 +01:00
Joshua Tauberer
d60d73b7e0
status checks: dont error if there's a domain that dns_update hasn't been run yet on
2015-09-06 13:27:35 +00:00
Joshua Tauberer
6704da1446
silence errors in the admin if there is an invalid domain name in the database
...
see #531
2015-09-06 13:27:28 +00:00
Hoekynl
d24a2f7cab
Updated, mistype.
...
Removed :$HTML5_NOTIFIER_VERSION, which breaks it
2015-09-06 10:22:08 +02:00
Hoekynl
ed31002cc6
Added commit version hash. Working now.
...
Added HTML5_NOTIFIER_VERSION
Updated git_clone to work.
Tested and working.
2015-09-06 10:20:36 +02:00
Hoekynl
f8ac896795
Include html5_notifier by default
...
Include the roundcube plugin html_notifier by default
2015-09-05 23:33:19 +02:00
Joshua Tauberer
3e96de26dd
server_names_hash_bucket_size=128 now, see #93
2015-09-05 20:24:17 +00:00
Joshua Tauberer
4f6fa40dbd
warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web
2015-09-05 20:07:51 +00:00
Joshua Tauberer
104b804059
if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web
2015-09-05 20:07:51 +00:00
Joshua Tauberer
c545e46ebe
Merge pull request #548 from NurdTurd/patch-1
...
Typo
2015-09-05 15:30:25 -04:00
Sheldon Rupp
52a216fbcb
Typo
...
Change KB to MB due to typo.
2015-09-05 21:29:24 +02:00
Joshua Tauberer
2c29d59895
Merge pull request #478 from kri3v/patch-1
...
Added more bantime and lowered max retry attempts
2015-09-05 11:42:36 -04:00
Joshua Tauberer
de34d0d337
pin pip versions of email_validator and cryptography so pip doesn't keep reinstalling them each upgrade even if nothing changed (and the ceffi depedency installation can be very slow and is prone to break under low memory)
2015-09-05 12:35:01 +00:00
Joshua Tauberer
2bb7a6fc27
changelog entries
2015-09-05 08:01:59 -04:00
Joshua Tauberer
1b84292c56
Merge pull request #544 from 0xFelix/master
...
Fix DKIM validation and spamassassin DNS/Pyzor checks
2015-09-05 06:59:00 -04:00
Felix
18efae9703
Remove direct dependencies as they get installed automatically
2015-09-05 09:08:47 +02:00
Joshua Tauberer
4b6d86ef89
trim the instructions at the end of an upgrade about the DNS-broken control panel login
2015-09-04 18:49:32 -04:00
Joshua Tauberer
75a75a6f84
admin: rename my ajax javascript function to ajax_with_indicator; see 79c57c2303
2015-09-04 18:40:56 -04:00
Joshua Tauberer
2e99589336
admin: fix jumpyness when a modal is shown (move overflow-y to body; make the navbar not fixed to top)
2015-09-04 22:21:10 +00:00
Joshua Tauberer
188b21dd36
bump bootstrap to 3.3.5 and jquery to 1.11.3 on the admin
2015-09-04 22:13:56 +00:00
Joshua Tauberer
0cf56e0aad
add a random password generator to the users page of the admin
2015-09-04 22:12:07 +00:00
Felix
bd7728ac94
Add documentation for additional packages, remove unneeded package libcrypt-openssl-random-perl
2015-09-04 15:45:47 +02:00
Felix
b6f7a10569
Add missing dependencies for DKIM validation
2015-09-04 09:25:49 +02:00