Commit Graph

1313 Commits

Author SHA1 Message Date
Joshua Tauberer ab36cc8968 whitespace=>tabs 2015-06-18 10:54:51 +00:00
bizonix 33b71c6b3c fix wrong redirect
$ curl -I https://www.site.co.il/static/images/1.png?a=b | grep Location
Location: https://site.co.il?a=b
but should be something like 
Location: https://site.co.il/static/images/1.png?a=b
2015-06-18 01:48:15 +03:00
Joshua Tauberer 34e821c102 Roundcube 1.1.2 2015-06-17 11:00:15 +00:00
Joshua Tauberer 2af557139d default IPv6 AAAA records were missing
This was broken by the ability to have multiple TXT records in 9f1d633ae4.
2015-06-17 06:47:22 -04:00
Joshua Tauberer 9e0dcd8718 security.md: add a section on DNSSEC specifically 2015-06-15 10:24:16 -04:00
Joshua Tauberer be2b5a62de ownCloud updated to version 8.0.4 2015-06-14 16:04:07 +00:00
Joshua Tauberer 0cbba71c72 merge #429 - Move OwnCloud's config to Storage Root 2015-06-14 15:48:09 +00:00
Joshua Tauberer d28563fb45 tweak the ownCloud config location migration (no need for third ln) 2015-06-14 15:42:32 +00:00
Norman Stanke 38632f0f90 Move OwnCloud's config to Storage Root 2015-06-12 14:53:02 +02:00
Joshua Tauberer 0754ce01b1 questions.sh needs to apt-get update before it does an apt-get install, see #431, see #438 2015-06-10 09:43:22 -04:00
Joshua Tauberer 1ef455d37d bootstrap.sh needs to apt-get update before it does an apt-get install, fixes #431 2015-06-10 09:33:47 -04:00
Joshua Tauberer d152603abd changelog entries and mention our forks of postgrey and dovecot in the README 2015-06-10 09:27:29 -04:00
Joshua Tauberer 9e125aec00 Merge pull request #436 from bizonix/patch-1
fix loop redirecting
2015-06-07 16:30:58 -04:00
bizonix 2c90c267bd fix loop redirecting
server is redirecting the request for this address in a way that will never complete
2015-06-07 21:50:41 +03:00
Joshua Tauberer 47de93961e OCSP improvements
* Set ssl_stapling_verify to off per https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx ('on' has no security benefits).
* Set resolver to 127.0.0.1, instead of Google Public DNS, because we might as well use our local nameserver anyway.
* Remove the commented line which per the link above would never be necessary anyway.

OCSP seems to work just fine after these changes.
2015-06-06 23:24:09 +00:00
Joshua Tauberer 1990f32ca4 typo, fixes #435 2015-06-06 13:22:50 +00:00
Joshua Tauberer 807939c0e4 make the +tag address tips clearer 2015-06-06 13:02:23 +00:00
Joshua Tauberer a1c7bf0883 add munin to readme 2015-06-06 12:55:13 +00:00
Joshua Tauberer 5008cc603e merge - munin system monitoring 2015-06-06 12:52:22 +00:00
Joshua Tauberer 9857db96cd add a link to the /admin/munin page from the control panel nav bar 2015-06-06 12:52:16 +00:00
Joshua Tauberer e9e6d94e3b the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac 2015-06-06 12:38:19 +00:00
Joshua Tauberer 462a79cf47 fix what counts as a required alias, fixes #434 2015-06-06 12:12:10 +00:00
Joshua Tauberer f792deeebd when the undocumented custom web settings has a redirect or proxy at the root of a domain, use a minimal nginx config template (same as the new default www redirects) 2015-06-04 12:32:00 +00:00
Joshua Tauberer 95173bb327 provide redirects from www subdomains of zones to their parent domain
* Split the nginx templates again so we have just the part needed to make a domain do a redirect separate from the rest.
* Add server blocks to the nginx config for these domains.
* List these domains in the SSL certificate install admin panel.
* Generate default 'www' records just for domains we provide default redirects for.

Fixes #321.
2015-06-04 12:19:01 +00:00
Joshua Tauberer 1d09e2406b refactor how the nginx config file is assembled
This doesn't change anything. Just preparation for the next commit.
2015-06-04 12:19:01 +00:00
Joshua Tauberer c9add7a8bf if a user sets a custom A record on PRIMARY_HOSTNAME, which is ignored anyway, don't let that cause PRIMARY_HOSTNAME from being dropped from nginx.conf
Could be related to https://discourse.mailinabox.email/t/nginx-lost-admin-record-after-install-ssl-cert-problem/528.
2015-06-04 12:19:01 +00:00
Joshua Tauberer e4caed9277 add a note in the setup script about the use of our postgrey fork and dnswl's license terms 2015-06-03 16:28:20 -04:00
Joshua Tauberer 1760eaa601 merge #406 - dovecot-lucene & packaging 2015-06-03 15:51:16 -04:00
Joshua Tauberer b25ce67fe1 bring the postgrey patches into this repository rather than maintaining them in a separate postgrey fork repository 2015-06-03 15:50:25 -04:00
Joshua Tauberer b23ba6f75e simplify build/setup of dovecot-lucene package 2015-06-03 15:48:35 -04:00
Morteza Milani cf904a05cc Reject outgoing mail if FROM does not match Login 2015-06-01 21:26:01 -07:00
Joshua Tauberer 47a5a44b9e v0.10
* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version.
* Roundcube now allows persistent logins using Roundcube-Persistent-Login-Plugin.
* ownCloud is updated to version 8.0.3.
* SPF records for non-mail domains were tightened.
* The minimum greylisting delay has been reduced from 5 minutes to 3 minutes.
* Users and aliases weren't working if they were entered with any uppercase letters. Now only lowercase is allowed.
* After installing an SSL certificate from the control panel, the page wasn't being refreshed.
* Backups broke if the box's hostname was changed after installation.
* Dotfiles (i.e. .svn) stored in ownCloud Files were not accessible from ownCloud's mobile/desktop clients.
* Fix broken install on OVH VPS's.
2015-06-01 18:05:41 -04:00
Joshua Tauberer a0e6c7ceb6 fix downloading dotfiles through ownCloud's webdav
fixes #414
2015-05-30 18:03:37 +00:00
Joshua Tauberer 49aa367ffa merge #422 - Add persistent login functionality to roundcube 2015-05-30 14:07:50 +00:00
Joshua Tauberer 83b36f2c3a simplify the roundcube updating logic, changelog entry for roundcube persistent login 2015-05-30 14:07:36 +00:00
Joshua Tauberer 2b341d884f merge #396 - allow the backup process to work after a hostname change 2015-05-30 13:55:08 +00:00
Joshua Tauberer 141a09b31e changelog, comments for duplicity --allow-source-mismatch 2015-05-30 13:46:39 +00:00
Joshua Tauberer 6378ec4bbd Merge pull request #423 from BrianZachary/master
Update README.md
2015-05-29 16:53:38 -04:00
BrianZachary 603fb1c698 Update README.md
Added latest front page appearance of Mail-In-A-Box to README.md
2015-05-29 16:43:14 -04:00
Joaquin Bravo 67b4ea947b Add persistent login functionality to roundcube 2015-05-29 14:49:40 -05:00
Joshua Tauberer 4075b7c78a Merge pull request #421 from samrobotmesh/patch-1
Echange -> Exchange
2015-05-29 10:59:25 -04:00
Sam 6499eba0cb Echange -> Exchange 2015-05-29 07:36:53 -07:00
Joshua Tauberer 980626aa40 Merge branch 'postgrey/delay/clean' of https://github.com/Xoib/mailinabox
Closes #413.
2015-05-29 13:00:51 +00:00
Eric Mill 3f329bc1a8 fix typos 2015-05-29 01:38:42 -04:00
Joshua Tauberer 69de67b1c2 link security.md from the readme 2015-05-28 21:41:23 -04:00
Joshua Tauberer 7158f9a8d9 security.md: add links to appropriate source files in various places to make it easier to inspect the code to verify the statements; unfortunately line numbers will drift but it would be nice if we could link right to line numbers 2015-05-28 21:39:50 -04:00
Joshua Tauberer bb75bd7167 more security details 2015-05-28 21:39:50 -04:00
Joshua Tauberer 4fa58169f1 after installing an SSL certificate from the control panel the page wasn't being refreshed, broken in ec73c171c7 2015-05-28 18:45:53 +00:00
Joshua Tauberer 564040897f Merge pull request #420 from dhpiggott/increase-dmarc-and-spf-strictness
Make SPF forbid any outbound mail from non-mail domains
2015-05-28 13:17:14 -04:00
David Piggott f78bbab289 Make SPF forbid any outbound mail from non-mail domains 2015-05-28 18:11:44 +01:00