Joshua Tauberer
7e62131fbc
a bootstrapping script to support a one-line install command
...
based on a script by @jkaberg in #141
2014-08-16 13:31:42 -04:00
Joshua Tauberer
647ab4abeb
remove old notes/dspam.sh file
2014-08-16 13:08:03 -04:00
Joshua Tauberer
73b2751dc4
credit myself since it's not apparent who runs the project once it's been forked
2014-08-16 10:20:57 -04:00
Joshua Tauberer
e1606df237
s/joshdata/mailinabox/ due to repo moving to the org account
2014-08-16 13:16:01 +00:00
Joshua Tauberer
e625a424fd
whats_next: check that the TLSA record is correct, fixes #139
2014-08-13 19:42:49 +00:00
Joshua Tauberer
0eceb2012f
use php5-fpm rather than our own custom launcher script for PHP+FastCGI
2014-08-12 11:00:54 +00:00
Joshua Tauberer
1312b0254b
backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old
2014-08-11 11:45:40 +00:00
Joshua Tauberer
f66914d634
backup: automatically take a full backup when the sum of the increments get very large
2014-08-11 11:38:32 +00:00
Joshua Tauberer
b6713d9a17
tools/mail.py should return a non-zero exit status when invalid command line args are given
2014-08-11 11:17:30 +00:00
Joshua Tauberer
58e300e113
backup must be full on the first run because incremental backup will fail, fixes #134
2014-08-11 07:16:58 -04:00
Joshua Tauberer
140c508ff6
increase dovecot imap_idle_notify_interval to 4 minutes
...
Doesn't seem like 2 minutes is a problem, but 4 minutes seems better. A little less bandwidth, possibly less battery usage (though we don't have evidence that's actually true), and the interval should be shorter than any peer timeouts that might occur due to inactivity
fixes #129
2014-08-10 11:39:29 +00:00
Joshua Tauberer
e294f7c181
create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129
2014-08-09 16:49:57 +00:00
Joshua Tauberer
b56f82cb92
make a privileges column in the users table and mark the first user as an admin
2014-08-08 12:31:22 +00:00
Joshua Tauberer
880ec44a0c
if the machine didn't have resolvconf before (my box didn't after an upgrade from Ubuntu 13.xx), make sure it has it now and archive any old resolv.conf since it should now only list 127.0.0.1 for bind9
2014-08-07 14:00:16 +00:00
Joshua Tauberer
5db12be507
migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself
2014-08-03 17:44:17 -04:00
Joshua Tauberer
64cb00b9d6
add reject_unlisted_recipient before greylisting, fixes #127
2014-08-03 00:06:54 +00:00
Joshua Tauberer
b86656243f
avoid mail.log warnings about untrusted certificates on outgoing mail, fixes #124
2014-08-02 15:39:47 +00:00
Joshua Tauberer
6a512042dc
after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location
2014-08-02 14:16:08 +00:00
Joshua Tauberer
6d4fab1e6a
whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using
...
fixes #120 (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest
Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1 in which a user asks about the DS parameters that Gandi asks for.
2014-08-01 12:15:05 +00:00
Joshua Tauberer
30178ef019
add a --force flag to dns_update
2014-08-01 12:05:34 +00:00
Joshua Tauberer
cd59025979
dont ask the user for the machine's IP address if we can be sure our guess is right (trust icanhazip to give us the right answer)
2014-07-29 20:07:26 -04:00
Joshua Tauberer
0be92d776e
put a 15-second timeout in asking icanhazip.com for our IP address, although this limit does not seem to actually work (i.e. if I set the limit to 5 seconds, curl still hangs 10+ when I turn off my network connection)
2014-07-29 20:07:26 -04:00
Joshua Tauberer
168c06939d
have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces
...
hopefully fixes #121 ; thanks for the help @sfPlayer1
2014-07-29 20:07:26 -04:00
Joshua Tauberer
c74bef12d2
allow for network checks to be skips in setup while testing using SKIP_NETWORK_CHECKS=1
2014-07-29 20:07:26 -04:00
Joshua Tauberer
6619239280
the SSL private key would be overwritten if ssl_certificate.pem file was deleted; maybe the cause of #98
2014-07-28 15:38:23 -04:00
Joshua Tauberer
834a7b9096
run network checks during setup and stop if there is a bad condition
...
* check that the PUBLIC_IP is not listed in zen.spamhaus.org
* check that the PRIMARY_HOSTNAME is not listed in dbl.spamhaus.org
* check that a connection to Google's MTA is working (i.e. we're not on a residential network that blocks outbound port 25)
2014-07-26 11:26:59 -04:00
Joshua Tauberer
3a7221a69a
handle errors in management API calls properly
...
see #118
2014-07-25 13:53:40 +00:00
Joshua Tauberer
86ec0f6da7
the cron job to re-sign DNSSEC zones was still not working because the script needed a hash-bang line; what I did in 65c3a44e63
didn't actually fix the problem
2014-07-25 12:15:30 +00:00
Joshua Tauberer
f50cf10249
also accept Ubuntu 14.04.1 LTS, the point release that people are automatically pushed to
...
fixes #116
2014-07-22 21:36:59 +00:00
Joshua Tauberer
621fcc2233
use /dev/random for crypto-grade RNG with the help of haveged
...
Rather than pass `-r /dev/random` to ldns-keygen (it was `-r /dev/urandom`),
don't pass `-r` at all since /dev/random is the default.
Merges branch 'master' of github.com:pysiak/mailinabox
2014-07-21 07:31:14 -04:00
solt
69f0e1d07a
Use /dev/random instead of /dev/urandom
...
/dev/random should be used for crypto-grade RNG.
To make sure use of /dev/random doesn't stall due to lack of entropy, install haveged which fills the entropy pool with sources such as network traffic, key strokes, etc.
On branch master
Your branch is up-to-date with 'origin/master'.
Changes to be committed:
modified: setup/dns.sh
modified: setup/system.sh
modified: setup/webmail.sh
2014-07-20 23:14:13 +02:00
Joshua Tauberer
8042ab66ac
dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain
2014-07-20 15:23:17 +00:00
Joshua Tauberer
8354d9732a
in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses
2014-07-20 14:53:55 +00:00
Joshua Tauberer
1ad9c70887
refactor custom DNS records
2014-07-20 14:48:20 +00:00
Joshua Tauberer
2e0680de4f
the check for whether a custom DNS setting is valid was in the wrong place
2014-07-20 14:41:02 +00:00
Joshua Tauberer
65c3a44e63
the cron job to re-sign DNSSEC zones wasnt working after adding the API key to the management daemon because the script relied on a bash-ism but cron runs it with (probably) sh
2014-07-19 16:31:05 +00:00
Joshua Tauberer
37fcc5b53d
Add AAAA records for ns1/ns2
...
Merges branch 'patch-1' of https://github.com/sfPlayer1/mailinabox
2014-07-18 11:12:13 +00:00
sfPlayer1
89acbe4127
Update dns_update.py
...
Add new extra bool parameter.
2014-07-18 13:05:32 +02:00
sfPlayer1
0e893626c8
Add IPv6 glue records as well
...
The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.
This caused http://dnscheck.pingdom.com to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.
Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld
I'm not very familiar with Python and DNS, please verify ;)
2014-07-18 13:03:09 +02:00
Joshua Tauberer
42c891032d
don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend
2014-07-17 13:08:05 +00:00
Joshua Tauberer
d7a9e7cc17
run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box
2014-07-17 13:08:05 +00:00
Joshua Tauberer
7803ac9ca4
write explanatory text as we build DNS zones so we can help the user manage DNS off of the box
2014-07-17 13:08:05 +00:00
Joshua Tauberer
91cf45c843
add a comment
2014-07-16 09:39:13 -04:00
Joshua Tauberer
eac349187d
whats_next: move the admin alias check to the system section
2014-07-16 09:36:56 -04:00
Joshua Tauberer
023cd12e1a
hide lots of unnecessary and scary output during setup
2014-07-16 09:36:56 -04:00
Joshua Tauberer
465aaf2d30
check that we're running as root before doing anything
2014-07-16 09:36:31 -04:00
Joshua Tauberer
5a4f5b1874
move the welcome message to after the system checks
2014-07-16 09:36:31 -04:00
Joshua Tauberer
c716fd27bf
refuse to start if the system has less than 768 MB of RAM, except when testing within Vagrant
2014-07-16 09:36:31 -04:00
Joshua Tauberer
4e5b5f2852
Vagrant typo
2014-07-16 09:36:31 -04:00
Joshua Tauberer
89376b10d0
Merge pull request #111 from h8h/patch-1
...
Output SSL Cert Fingerprint can point to a wrong dir: Better to use $STORAGE_ROOT
2014-07-16 09:36:22 -04:00