Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4995cebc38 
							
						 
					 
					
						
						
							
							add additional comments explaining why the IMAP special folders are set up as they are  
						
						
						
					 
					
						2015-11-01 07:30:15 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							720157e8a3 
							
						 
					 
					
						
						
							
							update changelog  
						
						
						
					 
					
						2015-10-31 19:20:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8d9eb022d1 
							
						 
					 
					
						
						
							
							bump HTML5_Notifier version, include its version in the check for whether we need to update Roundcube  
						
						
						
					 
					
						2015-10-31 19:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5e2eb51879 
							
						 
					 
					
						
						
							
							merge: add roudcube html5_notifier plugin,  #550  
						
						... 
						
						
						
						Merge branch 'patch-1' of https://github.com/Hoekynl/mailinabox  
						
					 
					
						2015-10-31 18:59:53 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d0062b7de4 
							
						 
					 
					
						
						
							
							Merge pull request  #572  from OmgImAlexis/patch-1  
						
						... 
						
						
						
						Added wosign as a suggested free SSL provider. 
						
					 
					
						2015-10-31 14:57:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6307503cda 
							
						 
					 
					
						
						
							
							Merge pull request  #580  from yodax/z-push-update  
						
						... 
						
						
						
						Update z-push to latest version 
						
					 
					
						2015-10-31 14:52:46 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							9b1e04b1e8 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/master' into z-push-update  
						
						
						
					 
					
						2015-10-31 03:08:54 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							24f1dbc0bb 
							
						 
					 
					
						
						
							
							PHP version has a bug that needs a workaround in z-push  
						
						
						
					 
					
						2015-10-27 16:42:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5d158c524d 
							
						 
					 
					
						
						
							
							Merge pull request  #581  from yodax/default-archive-folder  
						
						... 
						
						
						
						For a new user create the archive folder 
						
					 
					
						2015-10-27 08:15:50 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							fd9287a0fd 
							
						 
					 
					
						
						
							
							Add Archive folder to comment in mail-dovecot.sh  
						
						
						
					 
					
						2015-10-27 07:58:07 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							90836eff5b 
							
						 
					 
					
						
						
							
							For a new user create the archive folder  
						
						
						
					 
					
						2015-10-27 02:20:00 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							914cf68651 
							
						 
					 
					
						
						
							
							Remove default comments from imap config  
						
						
						
					 
					
						2015-10-25 13:26:38 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							4db82d3d09 
							
						 
					 
					
						
						
							
							Caldav doesnt support sync tokens  
						
						
						
					 
					
						2015-10-25 13:19:22 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							5055ef060d 
							
						 
					 
					
						
						
							
							Change configuration options for new version of z-push  
						
						
						
					 
					
						2015-10-25 08:29:57 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							35088a7cac 
							
						 
					 
					
						
						
							
							Update Z-Push version to 80cbe53de4ab8dd598d1f2af6f0a23fa396c529a  
						
						
						
					 
					
						2015-10-25 07:25:24 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f046031b26 
							
						 
					 
					
						
						
							
							nginx-ssl.conf changes were partially incorrect, partial revert of  834c42bc50 
						
						... 
						
						
						
						My own /etc/nginx/nginx.conf was messed up, so what I thought were Ubuntu 14.04 defaults weren't, and we lost the ssl_protocols and ssl_prefer_server_ciphers settings. This puts those back.
https://discourse.mailinabox.email/t/dev-master-version-reported-as-poodle-attack-vulnerable-by-ssllabs/898  
						
					 
					
						2015-10-24 11:36:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3b91bc2c0a 
							
						 
					 
					
						
						
							
							if secondary nameservers are given, status checks now check they are serving the right info  
						
						
						
					 
					
						2015-10-22 10:58:36 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4c4babd9e7 
							
						 
					 
					
						
						
							
							experimentally scanning the mail log to see if we can infer a good time to take a backup  
						
						
						
					 
					
						2015-10-22 10:35:14 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							53dc53bf8f 
							
						 
					 
					
						
						
							
							changelog entries  
						
						
						
					 
					
						2015-10-18 12:10:57 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							274e5ca676 
							
						 
					 
					
						
						
							
							let dovecot automatically create mailbox folders rather than doing it manually in the management daemon,  fixes   #554  
						
						
						
					 
					
						2015-10-18 11:55:27 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5e7b7835b7 
							
						 
					 
					
						
						
							
							Merge pull request  #573  from ptimof/master  
						
						... 
						
						
						
						Added 'Sent' folder when creating user. 
						
					 
					
						2015-10-12 10:05:52 -04:00 
						 
				 
			
				
					
						
							
							
								Peter Timofejew 
							
						 
					 
					
						
						
						
						
							
						
						
							1bdfdbee89 
							
						 
					 
					
						
						
							
							Added 'Sent' folder when creating user.  
						
						
						
					 
					
						2015-10-12 09:43:35 -04:00 
						 
				 
			
				
					
						
							
							
								X O 
							
						 
					 
					
						
						
						
						
							
						
						
							ebffaab16a 
							
						 
					 
					
						
						
							
							Added wosign as a suggest free SSL provider.  
						
						
						
					 
					
						2015-10-11 11:33:18 +10:30 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d6d4085809 
							
						 
					 
					
						
						
							
							munin setup may show '/bin/rm: missing operand',  fixes   #527  
						
						
						
					 
					
						2015-10-10 16:48:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2a44b0cafb 
							
						 
					 
					
						
						
							
							the new SSL certs routine requires cryptography>=1.0.2 to make RSAPublicNumbers hashable  
						
						... 
						
						
						
						an earlier problem about --upgrade (de34d0d337https://discourse.mailinabox.email/t/upgrade-to-v0-13b-broke-admin/876  
						
					 
					
						2015-10-08 12:24:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							834c42bc50 
							
						 
					 
					
						
						
							
							move nginx-ssl to be a global configuration file rather than including it into each server block  
						
						
						
					 
					
						2015-09-27 17:13:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6c8ee1862a 
							
						 
					 
					
						
						
							
							use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts);  fixes   #234  
						
						
						
					 
					
						2015-09-18 19:04:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							787beab63f 
							
						 
					 
					
						
						
							
							choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates  
						
						... 
						
						
						
						For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate. 
						
					 
					
						2015-09-18 13:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							58349a9410 
							
						 
					 
					
						
						
							
							when updating DNS, clear the local DNS cache  
						
						
						
					 
					
						2015-09-18 13:00:53 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							93c2258d23 
							
						 
					 
					
						
						
							
							let the HSTS header be controlled by the management daemon so some domains can choose to enable preload  
						
						
						
					 
					
						2015-09-08 21:20:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bd7a4dedc1 
							
						 
					 
					
						
						
							
							Merge pull request  #551  from anoma/master  
						
						... 
						
						
						
						Revert two FAIL2BAN SSH jail changes 
						
					 
					
						2015-09-07 06:49:48 -04:00 
						 
				 
			
				
					
						
							
							
								anoma 
							
						 
					 
					
						
						
						
						
							
						
						
							ae3ae0b5ba 
							
						 
					 
					
						
						
							
							Revert to default FAIL2BAN findtime for SSH jail  
						
						... 
						
						
						
						I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.
The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good. 
						
					 
					
						2015-09-07 08:36:59 +01:00 
						 
				 
			
				
					
						
							
							
								anoma 
							
						 
					 
					
						
						
						
						
							
						
						
							42d657eb54 
							
						 
					 
					
						
						
							
							Unnecessary config item, inherited from default jail.conf  
						
						
						
					 
					
						2015-09-07 08:28:54 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d60d73b7e0 
							
						 
					 
					
						
						
							
							status checks: dont error if there's a domain that dns_update hasn't been run yet on  
						
						
						
					 
					
						2015-09-06 13:27:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6704da1446 
							
						 
					 
					
						
						
							
							silence errors in the admin if there is an invalid domain name in the database  
						
						... 
						
						
						
						see #531  
						
					 
					
						2015-09-06 13:27:28 +00:00 
						 
				 
			
				
					
						
							
							
								Hoekynl 
							
						 
					 
					
						
						
						
						
							
						
						
							d24a2f7cab 
							
						 
					 
					
						
						
							
							Updated, mistype.  
						
						... 
						
						
						
						Removed :$HTML5_NOTIFIER_VERSION, which breaks it 
						
					 
					
						2015-09-06 10:22:08 +02:00 
						 
				 
			
				
					
						
							
							
								Hoekynl 
							
						 
					 
					
						
						
						
						
							
						
						
							ed31002cc6 
							
						 
					 
					
						
						
							
							Added commit version hash. Working now.  
						
						... 
						
						
						
						Added HTML5_NOTIFIER_VERSION
Updated git_clone to work.
Tested and working. 
						
					 
					
						2015-09-06 10:20:36 +02:00 
						 
				 
			
				
					
						
							
							
								Hoekynl 
							
						 
					 
					
						
						
						
						
							
						
						
							f8ac896795 
							
						 
					 
					
						
						
							
							Include html5_notifier by default  
						
						... 
						
						
						
						Include the roundcube plugin html_notifier by default 
						
					 
					
						2015-09-05 23:33:19 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3e96de26dd 
							
						 
					 
					
						
						
							
							server_names_hash_bucket_size=128 now, see  #93  
						
						
						
					 
					
						2015-09-05 20:24:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4f6fa40dbd 
							
						 
					 
					
						
						
							
							warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web  
						
						
						
					 
					
						2015-09-05 20:07:51 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							104b804059 
							
						 
					 
					
						
						
							
							if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web  
						
						
						
					 
					
						2015-09-05 20:07:51 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c545e46ebe 
							
						 
					 
					
						
						
							
							Merge pull request  #548  from NurdTurd/patch-1  
						
						... 
						
						
						
						Typo 
						
					 
					
						2015-09-05 15:30:25 -04:00 
						 
				 
			
				
					
						
							
							
								Sheldon Rupp 
							
						 
					 
					
						
						
						
						
							
						
						
							52a216fbcb 
							
						 
					 
					
						
						
							
							Typo  
						
						... 
						
						
						
						Change KB to MB due to typo. 
						
					 
					
						2015-09-05 21:29:24 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2c29d59895 
							
						 
					 
					
						
						
							
							Merge pull request  #478  from kri3v/patch-1  
						
						... 
						
						
						
						Added more bantime and lowered max retry attempts 
						
					 
					
						2015-09-05 11:42:36 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							de34d0d337 
							
						 
					 
					
						
						
							
							pin pip versions of email_validator and cryptography so pip doesn't keep reinstalling them each upgrade even if nothing changed (and the ceffi depedency installation can be very slow and is prone to break under low memory)  
						
						
						
					 
					
						2015-09-05 12:35:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2bb7a6fc27 
							
						 
					 
					
						
						
							
							changelog entries  
						
						
						
					 
					
						2015-09-05 08:01:59 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1b84292c56 
							
						 
					 
					
						
						
							
							Merge pull request  #544  from 0xFelix/master  
						
						... 
						
						
						
						Fix DKIM validation and spamassassin DNS/Pyzor checks 
						
					 
					
						2015-09-05 06:59:00 -04:00 
						 
				 
			
				
					
						
							
							
								Felix 
							
						 
					 
					
						
						
						
						
							
						
						
							18efae9703 
							
						 
					 
					
						
						
							
							Remove direct dependencies as they get installed automatically  
						
						
						
					 
					
						2015-09-05 09:08:47 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4b6d86ef89 
							
						 
					 
					
						
						
							
							trim the instructions at the end of an upgrade about the DNS-broken control panel login  
						
						
						
					 
					
						2015-09-04 18:49:32 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							75a75a6f84 
							
						 
					 
					
						
						
							
							admin: rename my ajax javascript function to ajax_with_indicator; see  79c57c2303 
						
						
						
					 
					
						2015-09-04 18:40:56 -04:00