external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,382 Commits 6 Branches 83 Tags 38 MiB
Commit Graph

1382 Commits

Author SHA1 Message Date
Scott Bronson 7ac0323b8b Merge branches 'check_dkim', 'check_dav' and 'check_custom' into check_spf 2016-10-05 14:59:28 -07:00
Scott Bronson 3375ede034 factor out retrieve_dkim_record to reduce code duplication 2016-09-30 21:18:49 -07:00
Scott Bronson 00a3709b11 add custom DNS records to DNS status checks 2016-09-30 20:29:32 -07:00
Scott Bronson 1cab5a6d4b add caldav and carddav records to DNS status checks 2016-09-30 18:51:09 -07:00
Scott Bronson 424122e495 lack of SPF and DMARC only merits a warning 2016-09-30 18:21:10 -07:00
Scott Bronson 6150f91461 Ensure DKIM records are set properly 2016-09-30 18:11:34 -07:00
Scott Bronson 435a1552a9 verify DMARC in addtion to SPF in DNS status checks 2016-09-30 17:14:01 -07:00
Scott Bronson d4301bd424 add SPF records to the DNS status checks 2016-09-30 17:01:39 -07:00
yodax da5497cd1c Update changelog entries 2016-09-28 08:37:24 +02:00
Michael Kroes a27ec68467 Merge pull request #951 from MariusBluem/remove-certificate-providers 
Remove Certificate Providers / Fix #950
 2016-09-28 08:33:11 +02:00
Marius Blüm 3ac4b8aca8
Remove Certificate Providers / Fix #950 
Signed-off-by: Marius Blüm <marius@lineone.io>
 2016-09-27 15:06:50 +02:00
Michael Kroes 02feeafe6a change bayes_file_mode to world writable (merges #931) 
fixes #534, again, hopefully
 2016-09-23 15:14:21 -04:00
Marius Blüm 5f0376bfbf Fix typo in alias-page, fixes #943 (merges #949) 
Signed-off-by: Marius Blüm <marius@lineone.io>
 2016-09-23 15:11:37 -04:00
Joshua Tauberer 4e4fe90fc7 v0.20 2016-09-23 07:49:13 -04:00
Joshua Tauberer 3cd5a6eee7 changelog entries 2016-09-23 07:46:01 -04:00
Joshua Tauberer c26bc841a2 more for dnspython exception with IPv6 addresses 
fixes #945, corrects prev commit (#947) in case of multiple AAAA records, adds changelog
 2016-09-23 07:41:24 -04:00
Mathis Hoffmann 163daea41c dnspython exception with IPv6 addresses 
see #945, merges #947
 2016-09-23 07:35:53 -04:00
Scott Bronson 102b2d46ab typo fix: seconday -> secondary (#939) 2016-09-18 08:10:49 -04:00
Joshua Tauberer 58541c467f merge #936 - fix wonky free disk space messages - from cmsirbu/master 
fix status_checks.py free disk space reporting, fixes #932
 2016-09-16 07:31:57 -04:00
cs@twoflower 00bd23eb04 fix status_checks.py free disk space reporting #932 2016-09-15 17:01:21 +01:00
Joshua Tauberer d73d1c6900 changelog typos 2016-08-24 07:47:55 -04:00
Joshua Tauberer fc0abd5b4d confirm that fail2ban is protecting pop3s, closes #629 2016-08-22 19:18:23 -04:00
Joshua Tauberer 27b4edfc76 v0.19b 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXuHvJAAoJELkgQfTBC92B2IsIAJl+tQkkVp5cu4zuSLOpHj73
 LFGGCrGTSMwuyNbnklkLmLIfRxlmNfHNfQqHYhxJQq7JVLuDRJS2rTJnSWGg4PuE
 vyrjOEFNNqFp9cy00j6NMUUcJa4kte4cvMg3Sonz7JkVwS3fxp7hSgZknYOjlLvh
 R/FmrqVhpDtTZRtMjcQaCtCTWUEETYFLsJZ2iZkIlpGhoxPGEhKZquNrT0s3qrNv
 Rwf6O3i9RIS/bOu2lWI+ymdStPVJnn+deRTBWPpsxXdNC/NG9+gWiqGgRnjTBbMO
 uzH1hYct+J6TWeNpesECfMMjTOZ+T7yrRJc1s9ThuLokyAlo9yf4E5YFziZ0hi4=
 =JxNp
 -----END PGP SIGNATURE-----

merge v0.19b hot fix release
 2016-08-20 11:50:26 -04:00
Joshua Tauberer ba75ff7820 v0.19b 2016-08-20 11:48:08 -04:00
Joshua Tauberer a14b17794b simplify how munin-cgi-graph is called to reduce the attack surface area 
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.

Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.

The vulnerability was created by 6d6f3ea391.

See #914.

This is the v0.19b hotfix commit.
 2016-08-20 11:47:44 -04:00
Joshua Tauberer 35a360ef0b simplify how munin-cgi-graph is called to reduce the attack surface area 
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.

Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
 2016-08-19 12:42:43 -04:00
Joshua Tauberer 86457e5bc4 merge: fail2ban broke, released v0.19a 2016-08-18 08:39:31 -04:00
Joshua Tauberer 7c9f3e0b23 v0.19a 2016-08-18 08:36:28 -04:00
Joshua Tauberer 83d8dbca3e fail2ban won't start until the roundcube log file is created 
fixes #911
 2016-08-18 08:32:14 -04:00
Joshua Tauberer 8cf2e468bd [merge #900] Adding a Code of Conduct 
Merge pull request #900 from mail-in-a-box/code_of_conduct
 2016-08-15 20:10:37 -04:00
Joshua Tauberer 440a545010 some improvements suggested by the community 2016-08-15 20:09:05 -04:00
Marius Blüm 942bcfc7c5 Update Bootstrap to 3.3.7 (#909) 
Signed-off-by: Marius Blüm <marius@lineone.io>
 2016-08-15 18:06:12 -04:00
ReadmeCritic 4f2d16a31d Update README URLs based on HTTP redirects (#908) 2016-08-15 11:07:09 -04:00
Joshua Tauberer e9368de462 [merge #902] Upgrade ownCloud from 8.2.3 to 8.2.7 
Merge https://github.com/mar1u5/mailinabox

fixes #901
 2016-08-13 17:36:08 -04:00
Joshua Tauberer cdd0a821eb v0.19 
closes #898
 2016-08-13 17:27:10 -04:00
Marius Blüm 6f165d0aeb
Update Changelog 
Signed-off-by: Marius Blüm <marius@lineone.io>
 2016-08-09 00:58:10 +02:00
Marius Blüm 6c22c0533e
Upgrade ownCloud from 8.2.3 to 8.2.7 
Signed-off-by: Marius Blüm <marius@lineone.io>
 2016-08-09 00:53:15 +02:00
Joshua Tauberer d38b732b0a add a Code of Conduct 2016-08-08 08:19:42 -04:00
Joshua Tauberer 81b5af6b64 document fail2ban filters in security.md 2016-08-08 07:55:46 -04:00
Joshua Tauberer fc5cc9753b roundcube 1.2.1 2016-08-08 07:32:02 -04:00
Joshua Tauberer 1aca6fe08f some minor tweaks to the new users/aliases API documentation 2016-08-08 07:28:10 -04:00
Joshua Tauberer cf3e1cd595 add SRV records for CardDAV/CalDAV 
DavDroid's latest version's account configuration no longer just asked for a hostname. Its email address & password configuration mode did not work without a SRV record.
 2016-07-31 20:53:57 -04:00
Joshua Tauberer b044dda28f put the ufw status checks in the network section, add a punctuation mark, add changelog entry 2016-07-29 09:23:36 -04:00
Joshua Tauberer f66f39b61d Merge branch 'ufw_status_check' of https://github.com/yodax/mailinabox 2016-07-29 09:16:22 -04:00
Joshua Tauberer 6de7d59f14 changelog entries 2016-07-29 09:12:01 -04:00
Michael Kroes 9c8f2e75fc allow i686 as a supported architecture 
This is checked during preflight. See https://github.com/mail-in-a-box/mailinabox/issues/885 (#889)
 2016-07-29 09:07:16 -04:00
Joshua Tauberer cbc4bf553d Merge pull request #880 from schlypel/master 
Added information about API endpoints
 2016-07-29 09:04:27 -04:00
Michael Kroes 4e3cfead46 Add HSTS to the control panel headers (#879) 2016-07-29 09:01:40 -04:00
Joshua Tauberer 8844a9185f Merge pull request #798 from mail-in-a-box/fail2banjails 
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
 2016-07-29 08:52:44 -04:00
schlypel 3249a55f3a added API info to users page template 2016-06-29 13:35:42 +02:00