external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-31 19:00:54 +00:00
Code Issues Releases Wiki Activity
1,361 Commits 6 Branches 87 Tags 45 MiB
6556da1e65
Commit Graph

1361 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ChiefGyk
6556da1e65 removed geoblocks, made tor exit node blocking optional during setup via yes/no dialog which will comment out the appropriate line in /etc/cron.daily/blacklist. Rearranged some code, deleted some files and clutter. 2016-06-30 08:20:47 -04:00
ChiefGyk
52410106e9 replaced iptables-persistent with another iptables-persistent in /etc/init.d, this one also will save ipsets and allow persistence upon reboot. Cleaned up some code, changed debconf variables at iptables-persistent install to false. Still installs iptable-persistant through apt, just to get rid of all the foundation work for it to run, but is quickly replaced. 2016-06-29 21:35:37 -04:00
ChiefGyk
9b3a158b72 Added Dshield, to automatically block the top 20 malicious IP blocks each day. It is merged into blacklist which will run in cron.daily. So ipset blocks the majority of addresses from lists, and IPTables does the blocks. 2016-06-29 18:33:09 -04:00
ChiefGyk
61780b8ae7 added optional geoblock lists that update weekly for China, and Korea as they create a lot of spam. They are added via IPtables as they are added in blocks. 2016-06-29 15:39:41 -04:00
ChiefGyk
8efe6c933f added Malware Domain list and ZeusTracker 2016-06-29 14:18:43 -04:00
ChiefGyk
162f580e68 moved the comments around so it looked nicer on my other computer 2016-06-29 12:34:17 -04:00
ChiefGyk
324f5666f2 removed an unneeded line 2016-06-29 12:31:59 -04:00
ChiefGyk
02b014527b added link to original project 2016-06-29 11:48:26 -04:00
ChiefGyk
1edd94ba39 added persistence by adding a couple lines to /etc/network/interfaces. It will automatically load at start, save each time the cron.daily runs, so if you need to reboot the ipset is loaded again. 2016-06-29 11:14:03 -04:00
ChiefGyk
ef5f90e02c changed name from blocklist to blacklist to keep more uniform 2016-06-29 09:38:08 -04:00
ChiefGyk
39644bd29e Now using ipset, added more lists, resarched and looked around for how to script it better. Now all will be able to wget from wizcraft (blocked my VPS, but not local machine so I suspect IP blocks are blocked from them), however there seems to be a lot of overlap of the addresses so I don't think it will be an issue. Averages around ~47,000 IP addresses as opposed to the original couple thousand just from blocklist.de. Does not require Fail2Ban to work just iptables, and of course iptables-persistent to keep changes. 2016-06-29 09:32:16 -04:00
ChiefGyk
6c808a5654 fixed unneccessary sudo, added part to load global variables. 2016-06-29 07:26:34 -04:00
ChiefGyk
2bdae89d24 polished and finalized, removed two last lines in blocklist.sh. They were redundant. 2016-06-28 16:26:52 -04:00
ChiefGyk
d27cb57d0c moved blocklist installation to its own script, and moved it to the end of the installation, even after the first user so it can setup all the iptables after everything has been setup 2016-06-28 16:19:59 -04:00
ChiefGyk
d52f11710c fixed iptables-persistent saving in the cron.daily for sync-fail2ban 2016-06-28 16:02:43 -04:00
ChiefGyk
89274c6411 automated the iptables-persistent installation so it doesn't require user interaction 2016-06-28 15:57:04 -04:00
ChiefGyk
273078b03e added IPTables persistence and for it to save changes 2016-06-28 15:38:11 -04:00
ChiefGyk
484c9f2dbe blocklist added to upstream master of 0.18c 2016-06-28 13:00:21 -04:00
ChiefGyk
23f2b1688f reset 2016-06-28 12:31:21 -04:00
ChiefGyk
c05312664d Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
Cleaning up my git was learning how to use git, and didn't learn about branches until now
 2016-06-28 12:03:55 -04:00
ChiefGyk
3a1313144b moved blocklist script locally within installation 2016-06-27 09:38:14 -04:00
ChiefGyk
406f991be3 fixed error in my script copying nginx-badbots 2016-06-27 09:30:01 -04:00
ChiefGyk
20bf710b28 removed some more clutter from jail.local 2016-06-27 09:21:29 -04:00
Joshua Tauberer
82903cd09e Merge pull request #857 from biermeester/master 
Small extension to mail log management script
 2016-06-27 06:17:16 -04:00
ChiefGyk
7f89d7cb82 added line for rkhunter to first update when installed. 2016-06-27 04:32:06 -04:00
ChiefGyk
b76c9330c5 some fixes to fail2ban filters and jail.local 2016-06-27 04:13:56 -04:00
ChiefGyk
5265839681 made rkhunter create a local file per suggestions 2016-06-27 04:10:39 -04:00
ChiefGyk
3701676304 fixed miab-munin.conf 2016-06-27 04:01:51 -04:00
ChiefGyk
187b28dc51 committed a fix for owncloud filter. Lack of caffeine caused me to enter a wrong part of my script 2016-06-27 03:58:30 -04:00
ChiefGyk
cb35e6dd96 extended owncloud filter find time 2016-06-26 20:06:53 -04:00
ChiefGyk
fd457e187c fixed some issues with warnings due to there not being a variable set for PKGMG=DPKG 2016-06-26 19:53:30 -04:00
ChiefGyk
ab3fbad0b8 a couple minor changes to Fail2Ban #870 fixed a couple variables, copied owncloud.conf fail2ban from my own owncloud 9 server for my own business. Though it is commented out 2016-06-26 13:37:21 -04:00
ChiefGyk
933668f156 had rkhunter --propupd run before configs were changed. Fixed for #869, also added a crontab for RKHunter to automatically run daily at 4:15AM 2016-06-26 12:57:54 -04:00
ChiefGyk
e0b333843a had rkhunter --propupd run before configs were changed. Fixed for #869 2016-06-26 12:48:26 -04:00
ChiefGyk
4f4ec5436a added RKHunter to system.sh on lines 122-134 per #869 and made it run everytime apt launches to install or update. This should help prevent rootkits. I also added a config to whitelist certain things 2016-06-26 12:44:39 -04:00
ChiefGyk
994727d2cd added script which automatically adds IP addresses which have been reported to be attacking other servers. It will update the IPTables automatically everyday, as well as perform the initial run the first day. As mentioned in #864 on the origin 2016-06-26 11:06:40 -04:00
ChiefGyk
6f1315f93a added missing log location for jail.local 2016-06-26 11:03:30 -04:00
ChiefGyk
3b1b70ed16 added Fail2ban filters from #866, #767, and #798 on main branch 2016-06-26 10:57:59 -04:00
Joshua Tauberer
5f5f00af4a for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting) 2016-06-12 09:11:55 -04:00
Joshua Tauberer
6b73bb5d80 outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4 2016-06-12 09:11:54 -04:00
Joshua Tauberer
3055f9a79c drop SSLv3, RC4 ciphers from SMTP port 25 
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.

fixes #611
 2016-06-12 09:11:50 -04:00
Rinze
1c84e0aeb6 Added received mail count to hourly activity overview in mail log management script 2016-06-10 13:08:57 +02:00
Rinze
ae1b56d23f Added POP3 support to mail log management script 2016-06-10 11:19:03 +02:00
Rinze
946cd63e8e Mail log management script cleanup 2016-06-10 10:32:32 +02:00
Chris Blankenship
fac8477ba1 Configured Dovecot to log into its own logfile 2016-06-06 08:21:44 -04:00
aspdye
61744095a8 Update Roundcube to 1.2.0 
closes #840
 2016-06-06 07:32:54 -04:00
Joshua Tauberer
d5b38a27e6 run roundcube's database migration script on every update 
There hasn't been a sqlite migration yet, since Mail-in-a-Box's creation, but with Roundcube 1.2 there will be.
 2016-06-06 07:28:12 -04:00
Joshua Tauberer
6666d28c44 v0.18c 2016-06-02 15:47:45 -04:00
Joshua Tauberer
66675ff2e9 Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852 
In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users.

But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too.
 2016-06-02 08:05:34 -04:00
Joshua Tauberer
9ee2d946b7 Merge pull request #821 from m4rcs/before-backup 
Added a pre-backup script to complement post-backup script.
 2016-05-17 19:48:14 -04:00