Joshua Tauberer
ec039719de
prevent caching of ajax responses in the control panel
...
GET requests might be cached. Definitely happens on Internet Explorer. Makes it look like the user is getting unauthorized access.
See https://discourse.mailinabox.email/t/fresh-install-can-login-to-webmail-but-not-admin/394/4 .
2015-03-31 14:52:11 +00:00
Sascha Reynolds
6989df0af3
fix(read_password): regex check for spaces, quotes
...
* Passwords must be at least four characters. So we need to check them
here to ensure that first user creation works during initial setup
* Change quotes to match rest of code
2015-03-30 19:59:07 +02:00
Joshua Tauberer
14b16b2f36
allow custom DNS TXT records for SPF, DKIM, and DMARC to override the ones we want to set
...
fixes #323
fixes #324
2015-03-30 01:20:03 +00:00
Joshua Tauberer
cbc7e280d6
set the SPF record after custom DNS records so that the SPF record doesn't prevent all custom TXT records from coming in
2015-03-30 01:18:05 +00:00
Joshua Tauberer
f4fa9c93a0
Merge pull request #366 from hnk/hnk-patch-read_password
...
Change read_password() logic to catch short passwords
2015-03-29 14:12:07 -04:00
Hnk Reno
6c64723d7c
Change read_password() logic to better catch improper passwords
...
Currently read_password does not verify password length. But further down the chain, passwords are checked to make sure they are longer than four characters.
If during initial setup, the user enters a password that is shorter than four characters, this will not be caught here, but when the script actually calls management/mailconfig.py to add the user, it will fail without a chance to correct the short password.
The setup script will then continue without an inital user being created and this will confuse users.
2015-03-29 18:54:37 +02:00
Joshua Tauberer
3d21f2223e
status checks: turn missing DNSSEC into a warning instead of an error; omit an error about missing TLSA if DNSSEC isn't in use; if DNSSEC is in use, make a missing TLSA record a warning instead of an error
2015-03-28 11:24:05 -04:00
Joshua Tauberer
710a69b812
turn some nameserver status check errors into warnings if the domain resolves correctly since the user might be using External DNS, closes #330
2015-03-28 11:23:59 -04:00
Joshua Tauberer
dd6a8d9998
upgrade to ownCloud 8.0.2
...
The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly.
2015-03-28 11:08:57 -04:00
Joshua Tauberer
9f32e5af0a
the install of roundcube vacation_sieve requires that we install git
...
see a8669197dd
2015-03-28 09:54:52 -04:00
Joshua Tauberer
298e19598b
small bug in the new system status checks show-changes command
...
see 4d22fb9b2a
fixes #360
2015-03-22 14:03:12 +00:00
Joshua Tauberer
680191d7cb
drop the list of aliases from the users control panel page because with more than 50 aliases it seems to be so slow it times out
...
see https://discourse.mailinabox.email/t/small-bug-in-admin-panel-when-49-aliases/378
2015-03-22 13:59:05 +00:00
Joshua Tauberer
81d6d69b85
update CHANGELOG
2015-03-22 13:58:24 +00:00
Joshua Tauberer
6df72bf4ac
create the Trash folder on new user creation ( fixes #359 )
2015-03-22 13:33:17 +00:00
Joshua Tauberer
01f2451349
provide a better error message when creating a user account with non-ASCII characters
2015-03-22 12:33:06 +00:00
Joshua Tauberer
dcd971d079
the opendmarc miter should run on incoming mail only
...
I added OpenDMARC's milter in fba4d4702e
. But this started
setting Authentication-Results headers on outbound mail with failures. Not sure why it
fails at that point, but it shouldn't be set at all. The failure might cause recipients
to junk the mail. See #358 .
This commit removes the milter from the SMTP submission (port 587) listener.
2015-03-21 16:14:01 +00:00
Joshua Tauberer
4d22fb9b2a
run status checks each night and email the administrator with the changes from the previous day's results
2015-03-21 16:02:42 +00:00
Joshua Tauberer
c18d58b13f
backups: predict when the next backup will occur
2015-03-21 15:22:45 +00:00
Joshua Tauberer
b539c2df70
Merge pull request #347 from Toilal/feat/start-enhancements
...
If the migration file is missing but the storage directory exists, assume this is a fresh directory -- don't bother trying to migrate, and do write the migration file with the current migration ID.
2015-03-19 11:57:24 -04:00
Toilal
64fdb4ddc1
Behave nicely when mailinabox.version file is missing
2015-03-09 08:54:32 +01:00
Joshua Tauberer
a8669197dd
added Roundcube plugin vacation_sieve
...
Merge branch 'master' of https://github.com/zealot128-os/mailinabox
Closes #334
2015-03-08 19:15:20 +00:00
Joshua Tauberer
2412c92772
enable fail2ban for ssh and dovecot
...
Merge branch 'master' of https://github.com/h8h/mailinabox
see #353 , #319
2015-03-08 18:40:17 +00:00
Joshua Tauberer
7c0ca42145
status checks: don't check that dovecot-sieve is publicly accessible
2015-03-08 18:35:33 +00:00
H8H
c443524ee2
Configure fail2ban jails to prevent dumb brute-force attacks against postfix, dovecot and ssh. See #319
2015-03-08 01:13:55 +01:00
Joshua Tauberer
e2fa01e0cf
Merge pull request #348 from benschumacher/master
...
Update MX records using DNS Update API / Management UI
2015-03-04 13:42:02 -05:00
Ben Schumacher
6558f05d1d
Give the DNS update tool the ability to customize MX records. Useful if you want a subdomain to send mail to another host.
2015-03-04 13:32:35 -05:00
Joshua Tauberer
1be0f39be0
prep for v0.07 tag
2015-02-28 17:09:12 -05:00
Joshua Tauberer
d01001f2a5
some more CHANGELOG entries
2015-02-28 17:06:09 -05:00
Joshua Tauberer
7c85694d60
Merge pull request #332 from mathuin/better-mx-check
...
Changed MX check to respect priorities other than 10.
2015-02-23 07:56:24 -05:00
Jack Twilley
b2fcd4c9e5
Now supports domains with multiple MX records.
...
The status check on MX records now correctly handles domains with
multiple MX records.
2015-02-22 17:05:09 -08:00
Stefan Wienert
ba8123f08a
reduced diff noise
2015-02-21 16:06:56 +01:00
Stefan Wienert
e2879a8eb1
made the setup repeatable
2015-02-21 16:05:47 +01:00
Stefan Wienert
eab8652225
added vacation_sieve plugin for Roundcube
2015-02-21 16:01:27 +01:00
Jack Twilley
ead6f96513
Changed MX check to respect priorities other than 10.
...
Reordered the if a little, added some string parsing, and modified the
OK text to include a warning.
2015-02-20 11:29:28 -08:00
Joshua Tauberer
7ec662c83f
status checks: use a worker pool that lives across flask requests, see #327
2015-02-18 16:42:33 +00:00
Joshua Tauberer
348d2b8701
Merge pull request #326 from dhpiggott/custom-dns-filter-secondary-nameserver
...
Do not show '_secondary_nameserver' in Custom DNS table
2015-02-17 08:31:34 -05:00
David Piggott
12f0dcb23b
Do not show '_secondary_nameserver' in Custom DNS table
...
It's redundant and potentially confusing, as any secondary NS shows in "Using a
Secondary Nameserver".
2015-02-17 13:28:48 +00:00
Joshua Tauberer
449a538e6b
if a CNAME is set for a domain, don't create a website for that domain (just like A/AAAA records)
2015-02-17 00:48:26 +00:00
Joshua Tauberer
3c50c9a18b
when serving a 'www.' domain, check if the parent domain's ssl certificate can be used besides checking PRIMARY_HOSTNAME
...
Removing buy_certificate.py which is not working and I don't want to update its call signatures.
2015-02-17 00:42:25 +00:00
Joshua Tauberer
3c10ec70a5
update comment
2015-02-17 00:08:04 +00:00
Joshua Tauberer
1a59f343c0
adding entries to the CHANGELOG
2015-02-16 23:58:17 +00:00
Joshua Tauberer
fba4d4702e
install opendmarc to add Authentication-Results headers for DMARC too
2015-02-16 23:17:44 +00:00
Joshua Tauberer
143bbf37f4
all mail domains, not just (top-level) zones, must have an entry in the opendkim key tables so that such outgoing mail gets signed
...
If you had both x.y.com and y.com configured here, x.y.com mail would not get DKIM-signed.
2015-02-16 18:13:51 -05:00
Joshua Tauberer
fd3ad267ba
if a domain has a catch-all or domain alias then we no longer force the creation of postmaster@ and so we should not be checking for its existence in the status checks
...
see 85a40da83c
2015-02-15 19:07:10 -05:00
Joshua Tauberer
330583f71d
status checks: if a service isn't available publicly, check if it is available on the loopback interface to distinguish not running from not accessible
2015-02-13 09:30:25 -05:00
Joshua Tauberer
d775f90f0c
prevent apt from asking the user any questions
...
Add additional options to really prevent apt from asking questions, which causes setup to hang because stdin/out have been redirected.
fixes #270 , #291
2015-02-13 13:41:52 +00:00
Joshua Tauberer
e096144713
Outlook 2007 or later on Windows 7 and later
...
fixes #308
2015-02-13 13:29:01 +00:00
Joshua Tauberer
7ce30ba888
roundcube 1.1.0
2015-02-13 13:22:46 +00:00
Joshua Tauberer
6a3ec1d874
updating CHANGELOG
2015-02-13 13:20:55 +00:00
Joshua Tauberer
575d3a66c6
more on being smarter about waiting for the management daemon to start
...
cc333b3965
worked for fresh systems, but if the system already had the daemon running the api.key file would already exist and the test would pass to early. Now removing the file first.
fixes #322
2015-02-13 13:11:03 +00:00