Joshua Tauberer
299a2315c1
dkim 2048 bits - migration and zone file generation changes
...
* Add a migration to delete any existing DKIM key so that existing machines get a fresh 2048-bit key. (Sadly we don't support key rotation so the change is immediate.)
* Because the DNS record for a 2048-bit key is so much longer, the way we read OpenDKIM's DNS record text file had to be modified to combine an arbitrary number of TXT record quoted ("...") strings.
* When writing out the TXT record value, the string must be split into quoted ("...") strings with a maximum length of 255 bytes each, per the DNS spec.
* Added a changelog entry.
2015-06-25 13:06:29 +00:00
Joshua Tauberer
9a6aea6940
changelog entry for z-push autodiscover case insensitivity
2015-06-25 12:32:07 +00:00
Joshua Tauberer
98cd04cccf
Merge pull request #452 from m4rcs/master
...
Z-Push autoconfiguration fails due to URL case sensitivity
2015-06-25 08:28:44 -04:00
Marc Schiller
0cc20cbb97
Fixed a bug where autoconfiguration for Z-Push fails due to case of URL.
2015-06-25 11:56:33 +02:00
PortableTech
ef6a17d4a6
Increase DKIM key length to 2048
...
Currently MiaB creates 1024 bit keys which is seen as a minimum standard
by several providers such as Google who already uses a 2048 bit key.
Increasing the keysize beyond 2048 is an issue as it often goes beyond
supported DNS record sizes.
2015-06-24 18:49:19 -04:00
Joshua Tauberer
17a149947a
other CHANGELOG updates
2015-06-24 18:16:25 -04:00
Joshua Tauberer
a2c50ae967
note the new SMTP mail from restriction in the changelog and security guide
2015-06-24 18:12:41 -04:00
Joshua Tauberer
13958ba4df
Merge pull request #427 from pichak/add-sender-login-mismatch
...
Reject outgoing mail if MAIL FROM (envelope sender) does not match login name or is not an alias that directs mail (directly) to login name.
2015-06-24 18:03:03 -04:00
Joshua Tauberer
8eb71483f3
Merge pull request #450 from agriffaut/patch-1
...
ownCloud breaks if download fails (Issue #449 )
2015-06-24 08:11:30 -04:00
aLeX
d8e30883fa
Issue #449
...
If the downloaded file doesn't pass hash verification, the script exits and leaves a broken system
Just make hash verification before moving owncloud directory
2015-06-24 14:06:01 +02:00
Joshua Tauberer
47acbbf332
bump to latest version of my email_validator library
2015-06-23 16:43:35 -04:00
Joshua Tauberer
dece359c90
validate certificates using the cryptography python package as much as possible, shelling out to openssl just once instead of four times per certificate
...
* Use `cryptography` instead of parsing openssl's output.
* When checking if we can reuse the primary domain certificate or a www-parent-domain certificate for a domain, avoid shelling out to openssl entirely.
2015-06-21 14:53:37 +00:00
Joshua Tauberer
6a9eb4e367
improve inline documentation for the virtual-alias-maps query
2015-06-21 08:22:33 -04:00
Morteza Milani
fc03ce9b2f
Fix login map. Now includes both emails and aliases
2015-06-20 03:27:18 -07:00
Toilal
ce17c12ca2
Use netcat to check if mailinabox webservice is available
...
[JT added installing netcat-openbsd in system.sh]
2015-06-18 08:04:46 -04:00
Joshua Tauberer
5edaeb8c7b
add a new autoconfiguration option PRIMARY_HOSTNAME=auto to simply grab the hostname from reverse DNS
...
drawn from 5b23a06a74
.
2015-06-18 07:46:09 -04:00
Joshua Tauberer
3a28d1b073
showing the Mail-in-a-Box version using git describe was broken since dd6a8d99
2015-06-18 07:45:55 -04:00
Joshua Tauberer
6f2226bfcd
move more of start.sh into questions.sh to keep start.sh cleaner and encapsulate all of the variable setting in a single script
...
Based on 5b23a06a74
.
2015-06-18 07:38:18 -04:00
Joshua Tauberer
97cd4c64ad
don't expose PHP version in the X-Powered-By header, closes #439 , fixes #433
2015-06-18 11:12:03 +00:00
Joshua Tauberer
43d50d0667
Merge pull request #445 from bizonix/patch-1
...
fix wrong redirect for automatic www subdomain redirects
2015-06-18 07:05:01 -04:00
Joshua Tauberer
6258a7f311
status checks were broken if sshd was not present, fixes #444
2015-06-18 11:01:11 +00:00
Joshua Tauberer
ab36cc8968
whitespace=>tabs
2015-06-18 10:54:51 +00:00
bizonix
33b71c6b3c
fix wrong redirect
...
$ curl -I https://www.site.co.il/static/images/1.png?a=b | grep Location
Location: https://site.co.il?a=b
but should be something like
Location: https://site.co.il/static/images/1.png?a=b
2015-06-18 01:48:15 +03:00
Joshua Tauberer
34e821c102
Roundcube 1.1.2
2015-06-17 11:00:15 +00:00
Joshua Tauberer
2af557139d
default IPv6 AAAA records were missing
...
This was broken by the ability to have multiple TXT records in 9f1d633ae4
.
2015-06-17 06:47:22 -04:00
Joshua Tauberer
9e0dcd8718
security.md: add a section on DNSSEC specifically
2015-06-15 10:24:16 -04:00
Joshua Tauberer
be2b5a62de
ownCloud updated to version 8.0.4
2015-06-14 16:04:07 +00:00
Joshua Tauberer
0cbba71c72
merge #429 - Move OwnCloud's config to Storage Root
2015-06-14 15:48:09 +00:00
Joshua Tauberer
d28563fb45
tweak the ownCloud config location migration (no need for third ln)
2015-06-14 15:42:32 +00:00
Norman Stanke
38632f0f90
Move OwnCloud's config to Storage Root
2015-06-12 14:53:02 +02:00
Joshua Tauberer
0754ce01b1
questions.sh needs to apt-get update before it does an apt-get install, see #431 , see #438
2015-06-10 09:43:22 -04:00
Joshua Tauberer
1ef455d37d
bootstrap.sh needs to apt-get update before it does an apt-get install, fixes #431
2015-06-10 09:33:47 -04:00
Joshua Tauberer
d152603abd
changelog entries and mention our forks of postgrey and dovecot in the README
2015-06-10 09:27:29 -04:00
Joshua Tauberer
9e125aec00
Merge pull request #436 from bizonix/patch-1
...
fix loop redirecting
2015-06-07 16:30:58 -04:00
bizonix
2c90c267bd
fix loop redirecting
...
server is redirecting the request for this address in a way that will never complete
2015-06-07 21:50:41 +03:00
Joshua Tauberer
47de93961e
OCSP improvements
...
* Set ssl_stapling_verify to off per https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx ('on' has no security benefits).
* Set resolver to 127.0.0.1, instead of Google Public DNS, because we might as well use our local nameserver anyway.
* Remove the commented line which per the link above would never be necessary anyway.
OCSP seems to work just fine after these changes.
2015-06-06 23:24:09 +00:00
Joshua Tauberer
1990f32ca4
typo, fixes #435
2015-06-06 13:22:50 +00:00
Joshua Tauberer
807939c0e4
make the +tag address tips clearer
2015-06-06 13:02:23 +00:00
Joshua Tauberer
a1c7bf0883
add munin to readme
2015-06-06 12:55:13 +00:00
Joshua Tauberer
5008cc603e
merge - munin system monitoring
2015-06-06 12:52:22 +00:00
Joshua Tauberer
9857db96cd
add a link to the /admin/munin page from the control panel nav bar
2015-06-06 12:52:16 +00:00
Joshua Tauberer
e9e6d94e3b
the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac
2015-06-06 12:38:19 +00:00
Joshua Tauberer
462a79cf47
fix what counts as a required alias, fixes #434
2015-06-06 12:12:10 +00:00
Joshua Tauberer
f792deeebd
when the undocumented custom web settings has a redirect or proxy at the root of a domain, use a minimal nginx config template (same as the new default www redirects)
2015-06-04 12:32:00 +00:00
Joshua Tauberer
95173bb327
provide redirects from www subdomains of zones to their parent domain
...
* Split the nginx templates again so we have just the part needed to make a domain do a redirect separate from the rest.
* Add server blocks to the nginx config for these domains.
* List these domains in the SSL certificate install admin panel.
* Generate default 'www' records just for domains we provide default redirects for.
Fixes #321 .
2015-06-04 12:19:01 +00:00
Joshua Tauberer
1d09e2406b
refactor how the nginx config file is assembled
...
This doesn't change anything. Just preparation for the next commit.
2015-06-04 12:19:01 +00:00
Joshua Tauberer
c9add7a8bf
if a user sets a custom A record on PRIMARY_HOSTNAME, which is ignored anyway, don't let that cause PRIMARY_HOSTNAME from being dropped from nginx.conf
...
Could be related to https://discourse.mailinabox.email/t/nginx-lost-admin-record-after-install-ssl-cert-problem/528 .
2015-06-04 12:19:01 +00:00
Joshua Tauberer
e4caed9277
add a note in the setup script about the use of our postgrey fork and dnswl's license terms
2015-06-03 16:28:20 -04:00
Joshua Tauberer
1760eaa601
merge #406 - dovecot-lucene & packaging
2015-06-03 15:51:16 -04:00
Joshua Tauberer
b25ce67fe1
bring the postgrey patches into this repository rather than maintaining them in a separate postgrey fork repository
2015-06-03 15:50:25 -04:00