Joshua Tauberer
17331e7d82
adding a really slick ssl certificate installation form in the control panel
2014-10-10 15:49:14 +00:00
Joshua Tauberer
5130b279d8
management/mail_log.py also include the previously rotated log file
2014-10-10 13:59:50 +00:00
Joshua Tauberer
aac6e49b94
spelling typo
2014-10-10 13:50:44 +00:00
Joshua Tauberer
2f4eccd9a9
add 'source /etc/mailinabox.conf' to dns.sh so it can be run separately
2014-10-08 12:48:43 +00:00
Joshua Tauberer
ac49912b39
recommend DAVdroid
...
see http://discourse.mailinabox.email/t/recommend-a-different-android-carddav-and-caldav-android/102/1
2014-10-07 20:53:37 +00:00
Joshua Tauberer
0441a2e2e3
make a self-signed certificate on a non-primary domain a warning rather than an error, fixes #95
2014-10-07 20:41:07 +00:00
Joshua Tauberer
8566b78202
drop webfinger, see #95
2014-10-07 20:30:36 +00:00
Joshua Tauberer
06a8ce1c9d
in the admin, show user mailbox sizes, fixes #210
2014-10-07 20:24:11 +00:00
Joshua Tauberer
443b084a17
in the admin, group aliases by domain, fixes #211
2014-10-07 19:47:46 +00:00
Joshua Tauberer
990649af2d
in the admin, group users by domain, fixes 209
2014-10-07 19:47:43 +00:00
Joshua Tauberer
6f4d29a410
tweak the new web instructions
2014-10-07 16:17:45 +00:00
Joshua Tauberer
6ab29c3244
add instructions for static web hosting into the control panel
2014-10-07 16:05:42 +00:00
Joshua Tauberer
bf9b770255
sort SSHFP records so that DNS updates don't trigger spurrious zone changes
2014-10-07 15:15:22 +00:00
Joshua Tauberer
9210ebdb9f
control panel tweaks
2014-10-07 15:12:35 +00:00
Joshua Tauberer
a56bb984d6
handle catastrophically bad certificates rather than raising an exception
2014-10-07 14:58:21 +00:00
Joshua Tauberer
7d1c0b3834
show SSL certificate expiration info in the control panel even long before certificates expire
2014-10-07 14:49:36 +00:00
Joshua Tauberer
20892b5d5b
status check on ns records should now take into account that secondary dns may be customized, see #223
2014-10-05 18:42:52 +00:00
Joshua Tauberer
4cf53cd8ee
backup status relativedelta was displaying wrong for deltas greater than 1 month
2014-10-05 18:23:29 +00:00
Joshua Tauberer
711db9352c
bootstrap: apt was mangling stdin
...
When executed "cat bootstrap.sh | bash", apt-get mangled stdin. The script would terminate at the end of the if block containing apt-get (that seems to be as much as bash read from the pipe) and the remainder of the script was output to the console. This was very weird.
Ensuring that apt-get and git have their stdins redirected from /dev/null seems to fix the problem.
see #224
2014-10-05 13:40:12 -04:00
Joshua Tauberer
f42a1c5a74
allow overriding the second nameserver with a secondary/slave server
...
fixes #151
fixes #223
2014-10-05 14:53:42 +00:00
Joshua Tauberer
092c842a87
split external/custom dns into separate pages in the admin
2014-10-05 13:38:23 +00:00
Joshua Tauberer
d9ecc50119
since the management server binds to 127.0.0.1, must use that and not 'localhost' to connect to it because 'localhost' resolves to the IPv6 ::1 when it is available, see #224
2014-10-05 09:01:26 -04:00
Joshua Tauberer
7c2092d48f
remove apache before installing nginx, see #224
2014-10-05 09:01:20 -04:00
Joshua Tauberer
5fd107cae5
more work on making the bash scripts readable
2014-10-04 17:57:26 -04:00
Joshua Tauberer
db0967446b
remove unnecessary sudos
2014-10-04 14:06:08 -04:00
Joshua Tauberer
2ff5038c84
replace '.' with 'source'
2014-10-04 14:05:06 -04:00
Joshua Tauberer
4ae76aa2dd
dnssec: use RSASHA256 keys for .email domains
2014-10-04 17:29:42 +00:00
h8h
ba33669a62
generate the locales before change to it.
...
For my german box changing the locale failed:
´´´´/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
setup/functions.sh: line 6: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)´´´´
see #206 and 4e6d572de9
closes #220
commit modified by joshdata
2014-10-02 11:05:42 +00:00
Joshua Tauberer
779d921410
status checks: put DNSSEC tests in a better order w.r.t. other tests
...
* If the PRIMARY_HOSTNAME is in a zone with a DS record set at the registrar, show any DNSSEC failure (but only a failure) immediately since it is probably the cause of other DNS errors displayed later.
* For zones, if a DS record is set at the register, do the DNSSEC test first because even the NS test will fail if DNSSEC is improperly configure.
* But if a DS record is not set, the this is just a suggestion to configure DNSSEC so offer the suggestion last --- after mail and web checks.
see https://discourse.mailinabox.email/t/dns-nameserver-gandi-glue-records-issues/105/3
2014-10-01 12:13:11 +00:00
jkaberg
68efef1164
dont log robots.txt and favicon.ico. we should REALLY consider creating seperate include files for *all* of our "apps", this is getting messy..
2014-09-27 17:04:05 +00:00
Joshua Tauberer
6ecada7eed
Merge commit '93a722f'
2014-09-27 16:56:38 +00:00
Joshua Tauberer
94c4352f45
Merge branch 'jmar71n-master' - site-wide bayesean spam filtering
2014-09-27 16:18:55 +00:00
Joshua Tauberer
6dd6353d41
move sa-learn-pipe.sh from /usr to /usr/local
2014-09-27 16:18:40 +00:00
Joshua Tauberer
d06bfa6c1b
tweak the site-wide bayesian spam filtering config
2014-09-27 16:18:36 +00:00
Joshua Tauberer
5c7ba2a4c7
preliminary work on a mail.log scanner to report things in the control panel
2014-09-27 13:33:13 +00:00
Joshua Tauberer
e9cc3fdaab
make mail instructions clearer and describe greylisting, DMARC policy
2014-09-27 13:32:22 +00:00
Joshua Tauberer
8bd37ea53c
add catch-alls to the admin again with nicer instructions
2014-09-27 13:32:22 +00:00
Joshua Tauberer
698ae03505
catch-all addresses should not have precedence over mail users
...
Aliases have precedence over mail users. A catch-all address would grab mail intended for a mail user and send it elsewhere. This adds some SQL hackery to create dummy aliases for all mail users.
fixes #200
closes #214 another way
2014-09-27 13:32:10 +00:00
Joshua Tauberer
a4c70f7a92
revert dovecot part of 39bca053ed
because dovecot started behaving weird and I don't have time to debug it
2014-09-26 22:41:59 +00:00
Joshua Tauberer
39bca053ed
add 2048 bits of DH params for nginx, postfix, dovecot
...
nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own.
ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.)
see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3
2014-09-26 22:09:22 +00:00
Joshua Tauberer
c2eb8e5330
typo in roundcube download URL
...
see 8e0967dd8e (commitcomment-7940724)
2014-09-26 14:26:45 +00:00
Joshua Tauberer
ab47144ae3
add strict SPF and DMARC records to any subdomains (including custom records) that do not have SPF/DMARC set
...
closes #208
2014-09-26 14:01:03 +00:00
Joshua Tauberer
9b6f9859d1
dns_update: assume DKIM is present
2014-09-26 14:01:03 +00:00
Joshua Tauberer
4e6d572de9
ensure Python operates in UTF-8 with a consistent locale for all users
...
fixes #206 (hopefully)
2014-09-26 08:26:09 -04:00
Joshua Tauberer
145186a6b6
link to Modoboa in README
2014-09-26 08:20:13 -04:00
Joshua Tauberer
5714b3c6b7
bump bootstrap.sh to incoming 0.03 tag
2014-09-24 12:48:15 +00:00
Joshua Tauberer
8e0967dd8e
if an earlier version of roundcube had already been installed, update to our target version
...
fixes #195
2014-09-24 12:46:51 +00:00
Joshua Tauberer
5a89f3c633
don't allow catch-all addresses in the admin because they take precedence over mail users and that's counter-intuitive
...
For now use the command-line tools/mail.py if you need it.
see #200
Revert "Changed incomming-email-input to type text"
This reverts commit 9631fab7b2
.
2014-09-24 12:36:47 +00:00
Joshua Tauberer
ed8fb2d06d
the latest z-push introduces a new/second USE_FULLEMAIL_FOR_LOGIN parameter
...
see http://discourse.mailinabox.email/t/activesync-z-push-not-working/94/3
2014-09-24 12:24:35 +00:00
Joshua Tauberer
8c8d9304ac
lock z-push to a particular upstream version by fmbiete/Z-Push-contrib commit hash
2014-09-24 12:20:10 +00:00