1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-23 17:40:54 +00:00
Commit Graph

245 Commits

Author SHA1 Message Date
downtownallday
8e58a78b94 Upgrade system packages during system-setup 2022-03-06 10:53:53 -05:00
downtownallday
a6c819eea0 Improve formatting of setup output 2022-03-06 10:53:00 -05:00
downtownallday
94f140d528 Prevent duplicate logging of mail-related output by configuring rsyslog to record only to mail.log and not also to syslog 2022-02-28 07:11:58 -05:00
downtownallday
2c6474385e Address issues with postgrey, nsd, and rsyslogd introduced with jammy
1. `systemctl reload postgrey` is broken, so use restart in that case
2. `systemctl restart nsd` succeeds once /var/log is writable by systemd. However, nsd still fails to write to /var/log/nsd.log if the file already exists
3. the default configuration for rsyslogd is to no longer create a /var/run/rsyslogd.pid file, so use /usr/bin/pidof in that case
2022-02-25 19:45:46 -05:00
downtownallday
ad5a647d36 Install latest roundcube (master) which supports php 8.1 2022-02-25 19:38:16 -05:00
downtownallday
15bcf678d9 Fixes to vagrant box creation for jammy 2022-02-25 19:35:25 -05:00
downtownallday
46e0e6ff39 Get rid of globals.sh 2022-01-29 10:59:02 -05:00
downtownallday
bdeb27c3f3 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
2022-01-20 06:58:40 -05:00
downtownallday
4e6550ed22 Merge branch 'jammyjellyfish2204' of https://github.com/mail-in-a-box/mailinabox into jammyjellyfish2204
# Conflicts:
#	README.md
#	setup/mail-dovecot.sh
#	setup/system.sh
#	setup/webmail.sh
#	setup/zpush.sh
#	tests/test_mail.py
2022-01-11 16:39:39 -05:00
downtownallday
d6cd4e826c Ensure pip3 is installed before installing email_validator 2022-01-11 09:53:07 -05:00
Rauno Moisto
22fc612a82 Fix DeprecationWarning in dnspython query vs resolve method
The resolve method disables resolving relative names by default. This change probably makes a7710e90 unnecessary. @JoshData added some additional changes from query to resolve.
2022-01-08 20:07:32 -05:00
downtownallday
1828538646 Refresh script for latest roundcube carddav plugin
Belongs with last commit...
2021-11-15 16:08:43 -05:00
downtownallday
06216876a2 Update roundcube carddav plugin to support roundcube 1.5 and close a security hole 2021-11-15 16:07:54 -05:00
downtownallday
3bb6f021a7 Fix tests that were broken by commit bb54370 2021-10-27 08:20:07 -04:00
downtownallday
db8e0fdf66 Remove /etc/ldap/ldap.conf creation as it's now created by the Nextcloud docker image 2021-10-27 08:19:32 -04:00
downtownallday
66ac35871e Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
Upstream is adding handling for utf8 domains by creating a domain alias @utf8 -> @idna. I'm deviating from this approach by setting multiple email address (idna and utf8) per user and alias where a domain contains non-ascii characters. The maildrop (mailbox) remains the same - all mail goes to the user's mailbox regardless of which email address was used. This is more in line with how other systems (eg. active directory), handle multiple email addresses for a single user.

# Conflicts:
#	README.md
#	management/mailconfig.py
#	management/templates/index.html
#	setup/dns.sh
#	setup/mail-users.sh
2021-10-01 17:43:48 -04:00
downtownallday
9ea03e18c9 automatically install avahi for systems with a .local tld 2021-09-14 09:56:19 -04:00
downtownallday
4b285c3201 Prepare for multiple base system support and automatically update and remove stale vagrant boxes 2021-09-14 08:20:37 -04:00
downtownallday
3d32dbab22 Explicitly create a /etc/ldap/ldap.conf in the docker image so ldap tools recognize the system's trusted root certificate list 2021-09-14 08:18:53 -04:00
downtownallday
402207714b Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/templates/index.html
#	setup/management.sh
2021-09-14 08:16:08 -04:00
Joshua Tauberer
e884c4774f Replace HMAC-based session API keys with tokens stored in memory in the daemon process
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
2021-09-06 09:23:58 -04:00
downtownallday
be932af813 git remote url does not contain .git extension in github actions 2021-08-23 16:17:07 -04:00
downtownallday
0876a9a7de non-standard git remotes in github actions 2021-08-23 16:01:16 -04:00
downtownallday
0c2c76a6dc Patch upstream to install php-xml instead of php-xsl 2021-08-23 15:17:33 -04:00
downtownallday
c29eb2fb23 add 127.0.1.1 if it does not exist 2021-08-23 14:31:31 -04:00
downtownallday
f8a679b9c2 ensure system hostname is resolvable locally 2021-08-23 14:15:18 -04:00
downtownallday
fc4ad70535 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	management/dns_update.py
#	management/web_update.py
#	tests/test_mail.py
2021-05-15 22:35:48 -04:00
Joshua Tauberer
d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
Downtown Allday
a697cd2f01 Reflect new upstream default branch 2021-04-13 00:12:27 -04:00
downtownallday
3be7ba7c86 Set the default interface for bridged networks to avoid interactive 'vagrant up'.
Thx to https://stackoverflow.com/questions/33250304/how-to-automatically-select-bridged-network-interfaces-in-vagrant
2021-04-07 09:24:12 -04:00
downtownallday
2a0e50c8d4 Initial commit of a log capture and reporting feature
This adds a new section to the admin panel called "Activity", that
supplies charts, graphs and details about messages entering and leaving
the host.

A new daemon captures details of system mail activity by monitoring
the /var/log/mail.log file, summarizing it into a sqllite database
that's kept in user-data.
2021-01-11 18:02:07 -05:00
downtownallday
e7c5a841aa Merge branch 'jvolk-spf-opendd' 2020-12-26 07:55:30 -05:00
downtownallday
f5521b45b5 Add tests for dmarc reject and spf softfail 2020-12-21 08:46:12 -05:00
downtownallday
4c9bae5176 Create a default "pre-commit" set of virtual machines 2020-11-27 16:51:10 -05:00
downtownallday
f81e0d0a85 syncing up box creation with ciab (prepping for focal) 2020-11-05 21:07:50 -05:00
downtownallday
87142fb194 change comment 2020-11-05 16:33:44 -05:00
downtownallday
e43c01e6fe Enable caching of Nextcloud downloads as well as downloading Nextcloud from github instead of Nextcloud servers 2020-11-05 16:19:42 -05:00
downtownallday
aeb27f74e3 Break out MiaB-LDAP code from _init.sh so _init.sh can be shared with cloud-in-a-box 2020-11-02 12:59:59 -05:00
downtownallday
484ffd64ec do upgrade tests against maib master 2020-10-31 11:32:28 -04:00
downtownallday
a7370beae0 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/daemon.py
#	management/mfa.py
2020-10-29 16:56:36 -04:00
downtownallday
a78e6eb3fa Speed up vm creation 2020-09-30 13:33:40 -04:00
downtownallday
100acb119b Add a totpMruTokenTime value to record the time when the mru token was used
Use the totpMruTokenTime as the id to uniquely identify a totp entry
2020-09-30 11:00:58 -04:00
downtownallday
37777ae904 Add a vagrant vanilla install with port forwarding 2020-09-29 08:33:57 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
2020-09-28 23:25:16 -04:00
downtownallday
7c29628530 Separate miab and miab-ldap migrations
Add tests for migrating from miab w/totp (migration 13) to miab-ldap
2020-09-16 09:00:27 -04:00
downtownallday
b6ba3a054c Fix regexp: \d => [0-9] 2020-09-12 20:07:50 -04:00
downtownallday
14b6ab4262 Add a simple command-line "authenticator app" for testing 2020-09-10 18:20:31 -04:00
downtownallday
752da93a37 Refactor: move code for obtaining totp tokens to tests/lib/totp.sh 2020-09-10 18:19:29 -04:00
downtownallday
c0431474c9 Detect warning ahead of errors 2020-09-10 17:50:06 -04:00
downtownallday
445cd812e6 Check system logs for errors 2020-09-10 17:07:33 -04:00
downtownallday
ba85b6fd7b Ignore named connection reset error and reduce reported slapd log output 2020-09-10 16:35:19 -04:00
downtownallday
5852a7aabb Add QA tests for TOTP 2020-09-10 15:24:47 -04:00
downtownallday
b10f82152a Add message regarding errors during roundcube carddav refresh 2020-09-06 09:26:42 -04:00
downtownallday
07d83d1e5c Make installed state comparisons ignore new user and alias attributes when comparing MiaB to MiaB-LDAP 2020-08-25 16:36:01 -04:00
downtownallday
5eb008cae9 Skip system updates if SKIP_SYSTEM_UPDATE environment variable is set to "1" 2020-08-25 16:34:56 -04:00
downtownallday
22bfef6f59 Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias". 2020-08-25 12:00:55 -04:00
downtownallday
ebf9088c42 Treat spamhous warning as a warning 2020-07-05 18:41:47 -04:00
downtownallday
3a80acceee Remove unwanted script 2020-07-05 17:40:19 -04:00
downtownallday
62157fb554 Add a "vanilla" test setup along with a QA certificate authority cert 2020-06-27 17:59:51 -04:00
downtownallday
af4242fb0c Add an encryption-at-rest restart/remount test 2020-06-23 07:49:47 -04:00
downtownallday
a17d1b190c Remove unused function 2020-06-23 07:48:46 -04:00
downtownallday
257b2ee6f6 Integrate encryption-at-rest support 2020-06-22 12:03:13 -04:00
downtownallday
a5ab29c83f Add Vagrant support for running automated tests 2020-06-21 09:13:54 -04:00
downtownallday
25f5690655 Fix wording 2020-06-19 18:05:57 -04:00
downtownallday
1bd7b2c4c7 1. Better code organization & simplify
2. Add "populate" data for upgrades - enabled in both system-setup scripts
3. Add "upgrade" test runner suite
2020-06-19 12:12:49 -04:00
downtownallday
144aa6e5d6 1. Catch connection errors and report them
2. Limit address book updates to just the user given
2020-06-19 12:03:29 -04:00
downtownallday
7de362a168 Wording changes 2020-06-14 20:22:14 -04:00
downtownallday
a6f54a9bd3 Minor code issues 2020-06-14 18:23:11 -04:00
downtownallday
bce1cd41ff Apply a patch to setup/dns.sh on Travis so nsd will start during upstream install 2020-06-14 18:00:54 -04:00
downtownallday
071c89c420 Tail /var/log/messages if upstream setup fails 2020-06-14 17:19:30 -04:00
downtownallday
6a93af9670 Fix upgrade job failure 2020-06-14 16:48:21 -04:00
downtownallday
b0090edd52 Test upgrade to LDAP from upstream Mail-in-a-Box/sqlite 2020-06-14 13:51:00 -04:00
downtownallday
1f35e9ef91 Move directory setup/mods.d to local 2020-06-11 21:18:05 -04:00
downtownallday
0e857916eb Update wording 2020-06-11 08:08:31 -04:00
downtownallday
6baf4993db Ensure root user has a mailbox for sendmail -bv delivery report 2020-06-11 06:45:49 -04:00
downtownallday
4113ed8501 Look at resolv.conf this time 2020-06-10 23:16:35 -04:00
downtownallday
f1ba09a066 Dump nsswitch 2020-06-10 12:18:10 -04:00
downtownallday
ab087365c4 Move system-setup directory to tests
Set the hosts FQDN instead of adding hosts entry for private ip
2020-06-10 11:40:44 -04:00
downtownallday
96da15ad27 Add ipv6 address to /etc/hosts 2020-06-10 08:21:45 -04:00
downtownallday
64d24566b2 Dump /etc/hosts on travis 2020-06-10 07:49:17 -04:00
downtownallday
f4fda41705 Output formatting changes 2020-06-10 07:21:47 -04:00
downtownallday
2f1082a290 More debug output 2020-06-10 00:19:59 -04:00
downtownallday
6ed1a2ad20 add foreground color 2020-06-09 23:35:46 -04:00
downtownallday
74b2926586 dump nsd.conf 2020-06-09 23:27:20 -04:00
downtownallday
4d99e6021b Move nsd fix for Travis-CI into setup/dns.sh 2020-06-09 23:20:02 -04:00
downtownallday
38319c90d5 More Travis nsd startup failure issues 2020-06-09 22:52:46 -04:00
downtownallday
0cd9e92566 Try to deal with nsd failure under Travis 2020-06-09 22:45:12 -04:00
downtownallday
e498b47d53 Dump /var/log/syslog when start.sh fails 2020-06-09 22:06:25 -04:00
downtownallday
ca33614cbf Run apt-get update before installing anything 2020-06-09 21:51:01 -04:00
downtownallday
46e0d7a070 Don't overwrite PRIMARY_HOSTNAME if already set 2020-06-09 21:33:30 -04:00
downtownallday
29fad6106e Update comment 2020-06-09 21:32:49 -04:00
downtownallday
83cb7cbcbe Automated QA tests for remote nextcloud 2020-06-09 20:46:59 -04:00
downtownallday
44f7392e9e Last commit fixed things, so just cleaning up with this commit 2020-06-03 09:41:27 -04:00
downtownallday
ceca4a3cff again 2020-06-02 23:27:24 -04:00
downtownallday
500d8cfaa7 again 2020-06-02 22:21:56 -04:00
downtownallday
677fe42566 again 2020-06-02 19:35:06 -04:00
downtownallday
bb66a7c32b again 2020-06-02 18:18:35 -04:00
downtownallday
773ae77cf3 again 2020-06-02 17:54:02 -04:00
downtownallday
5e1c60f5a2 again 2020-06-02 17:27:53 -04:00
downtownallday
8d033a4bdd again 2020-06-02 17:11:58 -04:00
downtownallday
c0a2e048b3 again 2020-06-02 16:58:05 -04:00
downtownallday
504de9874f More systemctl reset attempts for travis 2020-06-02 15:37:42 -04:00
downtownallday
c91012a338 Add option to skip tests requiring remote smtp 2020-06-02 15:18:56 -04:00
downtownallday
e56084d682 Try resetting nsd restart count to avoid errors in mgmt tests 2020-06-02 14:48:26 -04:00
downtownallday
f2e970fe38 Dump the output from failed tests 2020-06-02 13:04:16 -04:00
downtownallday
1f0d2ddb92 Issue #1340 - LDAP backend for accounts
This commit will:

1. Change the user account database from sqlite to OpenLDAP
2. Add policyd-spf to postfix for SPF validation
3. Add a test runner with some automated test suites

Notes:

User account password hashes are preserved.

There is a new Roundcube contact list called "Directory" that lists the users in LDAP (MiaB users), similar to what Google Suite does.

Users can still change their password in Roundcube.

OpenLDAP is configured with TLS, but all remote access is blocked by firewall rules. Manual changes are required to open it for remote access (eg. "ufw allow proto tcp from <HOST> to any port ldaps").

The test runner is started by executing tests/runner.sh. Be aware that it will make changes to your system, including adding new users, domains, mailboxes, start/stop services, etc. It is highly unadvised to run it on a production system!

The LDAP schema that supports mail delivery with postfix and dovecot is located in conf/postfix.schema. This file is copied verbatim from the LdapAdmin project (GPL, ldapadmin.org). Instead of including the file in git, it could be referenced by URL and downloaded by the setup script if GPL is an issue or apply for a PEN from IANA.

Mangement console and other services should not appear or behave any differently than before.
2020-01-17 17:03:21 -05:00
Joshua Tauberer
5aeced5c2e add a test for fail2ban monitoring managesieve 2019-08-31 09:15:41 -04:00
Joshua Tauberer
8e0d9b9f21 update list of tls ciphers supported 2019-01-09 08:52:51 -05:00
Joshua Tauberer
870b82637a fix some wrong variable names, fixes #1353 2018-11-30 10:46:54 -05:00
Joshua Tauberer
e924459140 revert f25801e/#1233 - use Mozilla intermediate ciphers for IMAP/POP not modern ciphers
fixes #1300
2017-12-24 14:41:41 -05:00
Joshua Tauberer
5efdd72f41 update TLS test to record changes in the ciphers we offer on the open ports 2017-10-03 12:01:10 -04:00
Michael Kroes
2151d81453 update to ownCloud 9.1.1 (with intermediate upgrades) (#894)
[this is a squashed merge from-]

* Install owncoud 9.1 and provide an upgrade path from 8.2. This also disables memcached and goes with apc. The upgrade fails with memcached.

* Remove php apc setting

* Add dav migrations for each user

* Add some comments to the code

* When upgrading owncloud from 8.2.3 to 9.1.0 the backup of 8.2.3 was overwritten when going from 9.0 to 9.1

* Add upgrade path from 8.1.1. Only do an upgrade check if owncloud was previously installed.

* Stop php5-fpm before owncloud upgrade to prevent database locks

* Fix fail2ban tests for owncloud 9

* When upgrading owncloud copy the database to the user-data/owncloud-backup directory

* Remove not need unzip directives during owncloud extraction. Directory is removed beforehand so a normal extraction is fine

* Improve backup of owncloud installation and provide a post installation restore script. Update the owncloud version number to 9.1.1. Update the calendar and contacts apps to the latest versions

* Separate the ownCloud upgrades visually in the console output.
2016-10-18 06:04:13 -04:00
Joshua Tauberer
fc0abd5b4d confirm that fail2ban is protecting pop3s, closes #629 2016-08-22 19:18:23 -04:00
Joshua Tauberer
83d8dbca3e fail2ban won't start until the roundcube log file is created
fixes #911
2016-08-18 08:32:14 -04:00
Joshua Tauberer
8844a9185f Merge pull request #798 from mail-in-a-box/fail2banjails
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
2016-07-29 08:52:44 -04:00
Michael Kroes
d9ac321f25 Owncloud needs more time to detect blocks. It doesn't respond as fast as the other services. Also owncloud logs UTC (since latest update) even though the timezone is not UTC. Also to detect a block, we get a timeout instead of a refused) 2016-06-27 06:03:19 -04:00
Michael Kroes
bf5e9200f8 Update owncloud url to use webdav and increase http timeout 2016-06-27 06:03:14 -04:00
Joshua Tauberer
3055f9a79c drop SSLv3, RC4 ciphers from SMTP port 25
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.

fixes #611
2016-06-12 09:11:50 -04:00
Michael Kroes
01fa8cf72c add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
Joshua Tauberer
a0c7e63d78 best guess at what clients are supported by the tls settings used 2015-05-22 17:36:55 -04:00
Joshua Tauberer
2c44333679 compare tls ciphers against Mozilla's recommendations 2015-05-20 19:41:04 -04:00
Joshua Tauberer
610be9cf17 record current TLS settings from my box 2015-05-20 18:31:46 -04:00
Joshua Tauberer
d3cacd4a11 update test_dns
Don't check NS records for now because they will only appear on zones.
If a hostname is a subdomain on a zone and not itself a zone, it will
lack NS records.

Also stop testing for ADSP, which we dropped in 126ea94ccf.
2014-06-21 12:32:20 -04:00
Joshua Tauberer
87b0608f15 test_dns: DNSSEC signing inserts empty text string components 2014-06-21 12:32:20 -04:00
Joshua Tauberer
5b72e5419d fix shebang lines in the tests to take advantage of any activated python environment 2014-06-08 17:31:12 -04:00
Joshua Tauberer
3961e1aec3 test_dns: more error handling 2014-06-04 19:31:55 -04:00
Joshua Tauberer
d6e6cfd3c9 mail test: catch typical connecting errors and display nicer output 2014-06-04 17:13:06 -04:00
Joshua Tauberer
fff06f7d71 improve DNS test output 2014-06-04 17:01:49 -04:00
Joshua Tauberer
19aba091d7 test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation 2014-05-17 08:32:40 -04:00
Joshua Tauberer
c722625041 test_dns: add ADSP and DMARC tests, see #14 2014-05-10 08:03:18 -04:00
Joshua Tauberer
c403895f95 test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME) 2014-05-10 08:03:13 -04:00
Joshua Tauberer
bdadf3017d test_dns: handle case where a DNS record is missing (vs incorrect) 2014-05-10 08:03:07 -04:00
Joshua Tauberer
80b367ab07 test_mail: gracefully handled when the server has no reverse DNS available 2014-05-06 10:02:29 -04:00
Joshua Tauberer
0be47c414d in the DNS test, use dnspython3 rather than dig 2014-04-23 18:27:50 -04:00
Joshua Tauberer
1b4dd98270 test that the SMTP server's EHLO name matches its reverse DNS name 2014-04-23 18:02:30 -04:00
Joshua Tauberer
22ad668699 rename test modules to not conflict with global package names (e.g. dns) 2014-04-23 17:43:38 -04:00
Joshua Tauberer
ccbbc930e2 in the mail test script, forgot to remove the dkim import 2014-04-23 17:32:41 -04:00
Joshua Tauberer
ec11241a7a also test reverse DNS 2014-04-23 14:10:04 -04:00
Joshua Tauberer
95a17a00c0 DNS test: also check a public nameserver to verify that the registrar (or up-host) configuration is correct too 2014-04-20 12:26:35 -04:00
Joshua Tauberer
04d97a11e9 new tests for DNS and IMAP/SMTP 2014-04-17 20:18:10 -04:00
Joshua Tauberer
a50f30c411 smtp server test 2013-09-01 10:40:12 -04:00
Joshua Tauberer
a1260b75fb various fixes; rewrote test scripts 2013-08-31 10:50:27 -04:00
Joshua Tauberer
97b2105a1f spamassassin 2013-08-23 11:59:28 -04:00
Joshua Tauberer
5cef1bb63d DNS, SPF, and DKIM 2013-08-21 16:53:22 -04:00
Joshua Tauberer
eb47a1471b mail seems to work 2013-08-21 09:37:33 -04:00