93c2258d23
let the HSTS header be controlled by the management daemon so some domains can choose to enable preload
2015-09-08 21:20:50 +00:00
bd7a4dedc1
Merge pull request #551 from anoma/master
...
Revert two FAIL2BAN SSH jail changes
2015-09-07 06:49:48 -04:00
ae3ae0b5ba
Revert to default FAIL2BAN findtime for SSH jail
...
I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.
The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good.
2015-09-07 08:36:59 +01:00
42d657eb54
Unnecessary config item, inherited from default jail.conf
2015-09-07 08:28:54 +01:00
d60d73b7e0
status checks: dont error if there's a domain that dns_update hasn't been run yet on
2015-09-06 13:27:35 +00:00
6704da1446
silence errors in the admin if there is an invalid domain name in the database
...
see #531
2015-09-06 13:27:28 +00:00
d24a2f7cab
Updated, mistype.
...
Removed :$HTML5_NOTIFIER_VERSION, which breaks it
2015-09-06 10:22:08 +02:00
ed31002cc6
Added commit version hash. Working now.
...
Added HTML5_NOTIFIER_VERSION
Updated git_clone to work.
Tested and working.
2015-09-06 10:20:36 +02:00
f8ac896795
Include html5_notifier by default
...
Include the roundcube plugin html_notifier by default
2015-09-05 23:33:19 +02:00
3e96de26dd
server_names_hash_bucket_size=128 now, see #93
2015-09-05 20:24:17 +00:00
4f6fa40dbd
warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web
2015-09-05 20:07:51 +00:00
104b804059
if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web
2015-09-05 20:07:51 +00:00
c545e46ebe
Merge pull request #548 from NurdTurd/patch-1
...
Typo
2015-09-05 15:30:25 -04:00
52a216fbcb
Typo
...
Change KB to MB due to typo.
2015-09-05 21:29:24 +02:00
2c29d59895
Merge pull request #478 from kri3v/patch-1
...
Added more bantime and lowered max retry attempts
2015-09-05 11:42:36 -04:00
de34d0d337
pin pip versions of email_validator and cryptography so pip doesn't keep reinstalling them each upgrade even if nothing changed (and the ceffi depedency installation can be very slow and is prone to break under low memory)
2015-09-05 12:35:01 +00:00
2bb7a6fc27
changelog entries
2015-09-05 08:01:59 -04:00
1b84292c56
Merge pull request #544 from 0xFelix/master
...
Fix DKIM validation and spamassassin DNS/Pyzor checks
2015-09-05 06:59:00 -04:00
18efae9703
Remove direct dependencies as they get installed automatically
2015-09-05 09:08:47 +02:00
4b6d86ef89
trim the instructions at the end of an upgrade about the DNS-broken control panel login
2015-09-04 18:49:32 -04:00
75a75a6f84
admin: rename my ajax javascript function to ajax_with_indicator; see 79c57c2303
2015-09-04 18:40:56 -04:00
2e99589336
admin: fix jumpyness when a modal is shown (move overflow-y to body; make the navbar not fixed to top)
2015-09-04 22:21:10 +00:00
188b21dd36
bump bootstrap to 3.3.5 and jquery to 1.11.3 on the admin
2015-09-04 22:13:56 +00:00
0cf56e0aad
add a random password generator to the users page of the admin
2015-09-04 22:12:07 +00:00
bd7728ac94
Add documentation for additional packages, remove unneeded package libcrypt-openssl-random-perl
2015-09-04 15:45:47 +02:00
b6f7a10569
Add missing dependencies for DKIM validation
2015-09-04 09:25:49 +02:00
53a9fc0e48
Set 'LOCALONLY' to 0 in /etc/default/spampd
2015-09-04 09:18:12 +02:00
b05af6eecb
v0.13b
...
ownCloud 8.1.1 trusted_domains autoconfiguration fix.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJV43ODAAoJELkgQfTBC92BAMEH/3DbsticgFhbPzMsCcmcjxkg
1Dxw4e8YRgMPp3xuq4/5we6bL/KXSxioFc1488jfiLhAe6fHZGmSi4p6L8twnsxD
exUd/pHZ8L1SC953JhBXLUWYfAQ/ozEZ8bNPVJ4NLx5T58FPWBSRouQHHZTMc/z1
Pduc6RjZQ3o1dmTzbwt5hB/ZS61CFV2V9cr+aKmFSDKh7/qzBSaqGfiTOsWI43GE
JfCN6hwnCUvvkGfaYmxJSY/emgiJETLkQCv0e1kZs5MfojkFUspqvmTQViE2HI4f
y5FWmPXvhoHuMIgH0q0Rrw0xchXW44fJbK4SnT50z7do8F7KmSX6ztw5oxux/U0=
=kcFy
-----END PGP SIGNATURE-----
v0.13b - release & merge side-branch
ownCloud 8.1.1 trusted_domains autoconfiguration fix.
2015-08-30 17:21:36 -04:00
571171a0c6
ownCloud 8.1.1's autoconfig resets trusted_domains / update trusted_domains if PRIMARY_HOSTNAME changes
...
Seems like ownCloud 8.1.1 now doesn't play nice with trusted_domains. Whatever is put in ahead of time gets reset to an array containing 'localhost' only, probably because we invoke autoconfiguration from the command line where it doesn't know the hostname it's being accessed from. We now set this value after running autoconfig.
This has the added benefit of also fixing the problem that if PRIMARY_HOSTNAME changes, trusted_domains wasn't updated. Now it is. Fixes #503 .
See #514 .
2015-08-30 17:19:38 -04:00
c5082498ab
utils.py can't import non-standard modules because it is imported by migrate.py, which is run before anything is installed
...
closes #540
2015-08-30 13:50:34 -04:00
d19c215bf1
Merge pull request #537 from elwebmaster/patch-1
...
Update nginx-primaryonly.conf
2015-08-28 15:10:49 -04:00
42dd46e305
Update nginx-primaryonly.conf
...
Nginx should be connecting over the local interface, not to the IP the resolver gives it. Elsewhere in this file proxy_pass uses 127.0.0.1 as it should.
2015-08-28 15:07:47 -04:00
a6496949f8
Merge pull request #536 from badsyntax/external-dns-txt-record-limit-info
...
Added a note about TXT record length limitations and how to construct the records to bypass the limitation
2015-08-28 15:00:23 -04:00
ab59323813
Added a note about TXT record length limitations and how to construct the records to bypass the limitation
2015-08-28 15:50:02 +02:00
a56a9dc6a1
add Mail-in-a-Box version check to status checks
...
closes #502
2015-08-28 12:34:02 +00:00
bc790ea581
backups: make the instructions about the backup password file more prominent
2015-08-28 12:33:07 +00:00
dbfd158388
dont refresh the backup page when there's an error saving the config
2015-08-28 12:33:07 +00:00
2b1f7da654
S3 credentials for backup should not be displayed in the control panel, fixes #529
2015-08-28 12:33:07 +00:00
0c9d431a3f
major cleanup to adding new version check to the status checks
2015-08-28 12:29:55 +00:00
1a525df8ad
Add Mail-in-a-Box version status check.
2015-08-28 11:55:21 +00:00
ef1779ba80
Merge pull request #523 from derekrspencer/master
...
Fix antispam-plugin config problem in #520
2015-08-28 07:51:02 -04:00
d4e9938e3f
Merge pull request #533 from badsyntax/login-form-focus
...
Focus on fields in the login form
2015-08-27 16:20:23 -04:00
f26c0b71d2
Focus on fields in the login form
...
This just makes life a little easier...
Squashed the following commits:
* Use $.trim() for better browser support
2015-08-27 22:17:13 +02:00
b2dfdc386a
Merge pull request #528 from phareous/master
...
Allow global sieve scripts for before or after user sieve scripts. Th…
2015-08-26 18:03:47 -04:00
732a6922de
Allow global sieve scripts for before or after user sieve scripts. This allows defining custom system-wide sieve rules.
2015-08-24 19:55:34 -04:00
9501a2209e
Merge pull request #526 from nstanke/v0.13_readme
...
v0.13a README
2015-08-24 15:27:15 -04:00
8c83171a28
v0.13a
2015-08-24 21:21:52 +02:00
289936db7a
0.13a (August 23, 2015)
...
Work-around for ownCloud 8.1.1 upgrade bug and tweaking munin's setup.
v0.13a (August 23, 2015)
------------------------
Note: v0.13 (no 'a', August 19, 2015) was pulled immediately due to an ownCloud bug that prevented upgrades. v0.13a works around that problem.
Mail:
* Outbound mail headers (the Recieved: header) are tweaked to possibly improve deliverability.
* Some MIME messages would hang Roundcube due to a missing package.
* The users permitted to send as an alias can now be different from where an alias forwards to.
DNS:
* The secondary nameservers option in the control panel now accepts more than one nameserver and a special xfr:IP format to specify zone-transfer-only IP addresses.
* A TLSA record is added for HTTPS for DNSSEC-aware clients that support it.
System:
* Backups can now be turned off, or stored in Amazon S3, through new control panel options.
* Munin was not working on machines confused about their hostname and had lots of errors related to PANGO, NTP peers and network interfaces that were not up.
* ownCloud updated to version 8.1.1 (with upgrade work-around), its memcached caching enabled.
* When upgrading, network checks like blocked port 25 are now skipped.
* Tweaks to the intrusion detection rules for IMAP.
* Mail-in-a-Box's setup is a lot quieter, hiding lots of irrelevant messages.
Control panel:
* SSL certificate checks were failing on OVH/OpenVZ servers due to missing /dev/stdin.
* Improve the sort order of the domains in the status checks.
* Some links in the control panel were only working in Chrome.
2015-08-23 12:52:43 -04:00
6c71abbb09
suppress PANGO warning when running munin during setup
2015-08-23 12:42:39 -04:00
841181ed55
ownCloud 8.1.1 broke upgrades: do "occ upgrade" twice
...
Per https://github.com/owncloud/core/issues/18224 and https://discourse.mailinabox.email/t/v13-upgrade-issue-with-calendar/757/10 , upgrades from anything to ownCloud 8.1.1 were broken. But the workaround is to run the upgrade step twice.
2015-08-23 12:37:25 -04:00
Joshua Tauberer
anoma
Hoekynl
Sheldon Rupp
Felix
Stefan Dimitrov
Richard Willis
Norman Stanke
Michael Long