Joshua Tauberer
df20d447a9
add an api for setting custom DNS records
...
Works like this:
```curl -d "" --user email:password https://.../admin/dns/set/qname/rtype/value ```
where the rtype and value default to "A" and the remote IP address of the request, so that a simple, empty POST to
```https://.../admin/dns/set/desktop.mydomain.com ```
will point desktop.mydomain.com to the caller's IPv4 address.
closes #140
2014-08-23 23:03:45 +00:00
Joshua Tauberer
6e3b04ce83
when generating SSL CSRs, using SHA256 as SHA1 is being phased out, per @konklone
2014-08-23 17:49:33 -04:00
Joshua Tauberer
2d5097345a
move the package update check into the system status checks
2014-08-21 11:24:40 +00:00
Joshua Tauberer
294d19e0af
rename whats_next.py to status_checks.py
2014-08-21 10:43:55 +00:00
Joshua Tauberer
46f3d05034
add the network checks to whats_next
...
* zen.spamhaus.org
* dbl.spamhaus.org
* checks if a connection to Google's MTA on port 25 works
2014-08-19 11:16:49 +00:00
Joshua Tauberer
91821adfd7
nameserver checks should be case insensitive
2014-08-18 22:41:27 +00:00
Joshua Tauberer
b30d7ad80a
web-based administrative UI
...
closes #19
2014-08-17 22:46:06 +00:00
Joshua Tauberer
ba8e015795
dns_update: dont restart the opendkim process if nothing changed
2014-08-17 20:42:17 +00:00
Joshua Tauberer
919a5a8f0b
whats_next: when there are multiple responses like for NS records sort the responses so we can compare to a fixed order
2014-08-17 19:55:03 +00:00
Joshua Tauberer
f299825a95
in the nginx override YAML file, change how proxies are specified into a mapping
2014-08-17 19:40:45 +00:00
Joshua Tauberer
04454b35c6
(merge) CardDAV, CalDAV via ownCloud and move to z-push fork fork
...
Merges branch 'owncloud' of github.com:jkaberg/mailinabox
which is pull request #135 , closes #135
thanks @jkaberg, @fmbiete, @owncloud
2014-08-17 15:31:08 -04:00
Joshua Tauberer
f41ec93cbe
management: dont raise an exception on a poorly formatted authentication header
2014-08-17 11:50:05 -04:00
Joshua Tauberer
6e380ade17
owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME
2014-08-16 12:33:10 +00:00
Joshua Tauberer
8c9f278166
owncloud: support MOD_X_ACCEL_REDIRECT_ENABLED
...
This lets downloads from the file app work.
2014-08-15 23:16:54 +00:00
Joshua Tauberer
e625a424fd
whats_next: check that the TLSA record is correct, fixes #139
2014-08-13 19:42:49 +00:00
Joshua Tauberer
0eceb2012f
use php5-fpm rather than our own custom launcher script for PHP+FastCGI
2014-08-12 11:00:54 +00:00
Joshua Tauberer
1312b0254b
backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old
2014-08-11 11:45:40 +00:00
Joshua Tauberer
f66914d634
backup: automatically take a full backup when the sum of the increments get very large
2014-08-11 11:38:32 +00:00
Joshua Tauberer
58e300e113
backup must be full on the first run because incremental backup will fail, fixes #134
2014-08-11 07:16:58 -04:00
Joshua Tauberer
e294f7c181
create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129
2014-08-09 16:49:57 +00:00
Joshua Tauberer
b56f82cb92
make a privileges column in the users table and mark the first user as an admin
2014-08-08 12:31:22 +00:00
Joshua Tauberer
6a512042dc
after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location
2014-08-02 14:16:08 +00:00
Joshua Tauberer
6d4fab1e6a
whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using
...
fixes #120 (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest
Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1 in which a user asks about the DS parameters that Gandi asks for.
2014-08-01 12:15:05 +00:00
Joshua Tauberer
30178ef019
add a --force flag to dns_update
2014-08-01 12:05:34 +00:00
Joshua Tauberer
168c06939d
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces
...
hopefully fixes #121 ; thanks for the help @sfPlayer1
2014-07-29 20:07:26 -04:00
Joshua Tauberer
8042ab66ac
dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain
2014-07-20 15:23:17 +00:00
Joshua Tauberer
8354d9732a
in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses
2014-07-20 14:53:55 +00:00
Joshua Tauberer
1ad9c70887
refactor custom DNS records
2014-07-20 14:48:20 +00:00
Joshua Tauberer
2e0680de4f
the check for whether a custom DNS setting is valid was in the wrong place
2014-07-20 14:41:02 +00:00
sfPlayer1
89acbe4127
Update dns_update.py
...
Add new extra bool parameter.
2014-07-18 13:05:32 +02:00
sfPlayer1
0e893626c8
Add IPv6 glue records as well
...
The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.
This caused http://dnscheck.pingdom.com to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.
Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld
I'm not very familiar with Python and DNS, please verify ;)
2014-07-18 13:03:09 +02:00
Joshua Tauberer
42c891032d
don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend
2014-07-17 13:08:05 +00:00
Joshua Tauberer
d7a9e7cc17
run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box
2014-07-17 13:08:05 +00:00
Joshua Tauberer
7803ac9ca4
write explanatory text as we build DNS zones so we can help the user manage DNS off of the box
2014-07-17 13:08:05 +00:00
Joshua Tauberer
eac349187d
whats_next: move the admin alias check to the system section
2014-07-16 09:36:56 -04:00
Joshua Tauberer
9c7d476915
re-do catch-all aliases, fixes #107 (originally #104 )
...
This reverts pull request #105 from jonessen96/master (84d2023f94
) which was incorrect because it lost the "+" in DOT_ATOM_TEXT and so was not accepting any email addresses.
Am taking the opportunity to make the code cleaner while I'm here.
2014-07-13 12:29:43 +00:00
Jonas Platte
c35252720f
Prohibited usage of empty local part for validate_email(email, strict = true)
2014-07-12 22:57:38 +02:00
Jonas Platte
70e4e7f7be
Fixed validate_email not accepting catchalls (empty local part of the address)
2014-07-12 03:22:55 +02:00
Joshua Tauberer
85bd2c8804
use the Dovecot managesieve service to manage sieve scripts
...
This lets roundcube's manageseive plugin do cool things like vacation responses.
Also:
* Run the spam filtering sieve script out of a global sieve file that we'll place in /etc/dovecot. It is no longer necessary to create per-user sieve files for this. Remove them with a new migration. Remove the code that created them.
* Corrects the spam script. Backslashes were double-escaped probably because this script started embedded within the bash script. Not sure how this was working until now.
this adapts work by @h8h in #103
2014-07-10 23:09:07 +00:00
Joshua Tauberer
41b3df6d78
manage hostmaster@ and postmaster@ automatically, create administrator@ during setup instead
...
closes #94
2014-07-09 19:30:17 +00:00
Joshua Tauberer
22a010ecb9
say that certificates are valid too in output
2014-07-09 16:38:56 +00:00
Joshua Tauberer
659b5c8aa3
if the server certificate can be used for a non-primary domain, use it
2014-07-09 16:38:42 +00:00
Joshua Tauberer
6c70b10c15
tell users to restart nginx after plugging in a new cert
2014-07-09 14:05:59 +00:00
Joshua Tauberer
deebda06e1
utils.sort_domains wasn't right
2014-07-09 12:35:12 +00:00
Joshua Tauberer
1a74b81f44
new nginx configuration yaml file to allow proxying of whole domains elsewhere
2014-07-09 12:31:32 +00:00
Joshua Tauberer
04e30ffa78
check that the installed certificate corresponds to the private key
2014-07-08 15:47:54 +00:00
Joshua Tauberer
59a9d02fa5
check that installed certificates are for the domains we are using the certificates for
2014-07-07 12:06:11 +00:00
Joshua Tauberer
65fb65ada7
an mx record may be missing if the A record matches the A record of PRIMARY_HOSTNAME
2014-07-07 02:35:45 +00:00
Joshua Tauberer
28e254fb84
whats_next: Allow the PRIMARY_HOSTNAME to not have an MX because the default value means the domain itself, which is what we want anyway
2014-07-07 02:35:45 +00:00
Joshua Tauberer
e898cd5d2a
whats_next: wrap output to the actual width of the terminal
2014-07-07 02:35:45 +00:00