jkaberg 
							
						 
					 
					
						
						
						
						
							
						
						
							a801bf2a30 
							
						 
					 
					
						
						
							
							white spaces argh.  
						
						
						
					 
					
						2014-08-11 16:30:39 +02:00 
						 
				 
			
				
					
						
							
							
								jkaberg 
							
						 
					 
					
						
						
						
						
							
						
						
							0899952fe1 
							
						 
					 
					
						
						
							
							initial owncloud port, untested and unfinished  
						
						
						
					 
					
						2014-08-11 16:24:29 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1312b0254b 
							
						 
					 
					
						
						
							
							backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old  
						
						
						
					 
					
						2014-08-11 11:45:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f66914d634 
							
						 
					 
					
						
						
							
							backup: automatically take a full backup when the sum of the increments get very large  
						
						
						
					 
					
						2014-08-11 11:38:32 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b6713d9a17 
							
						 
					 
					
						
						
							
							tools/mail.py should return a non-zero exit status when invalid command line args are given  
						
						
						
					 
					
						2014-08-11 11:17:30 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							58e300e113 
							
						 
					 
					
						
						
							
							backup must be full on the first run because incremental backup will fail,  fixes   #134  
						
						
						
					 
					
						2014-08-11 07:16:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							140c508ff6 
							
						 
					 
					
						
						
							
							increase dovecot imap_idle_notify_interval to 4 minutes  
						
						... 
						
						
						
						Doesn't seem like 2 minutes is a problem, but 4 minutes seems better. A little less bandwidth, possibly less battery usage (though we don't have evidence that's actually true), and the interval should be shorter than any peer timeouts that might occur due to inactivity
fixes  #129  
						
					 
					
						2014-08-10 11:39:29 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e294f7c181 
							
						 
					 
					
						
						
							
							create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see  #129  
						
						
						
					 
					
						2014-08-09 16:49:57 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b56f82cb92 
							
						 
					 
					
						
						
							
							make a privileges column in the users table and mark the first user as an admin  
						
						
						
					 
					
						2014-08-08 12:31:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							880ec44a0c 
							
						 
					 
					
						
						
							
							if the machine didn't have resolvconf before (my box didn't after an upgrade from Ubuntu 13.xx), make sure it has it now and archive any old resolv.conf since it should now only list 127.0.0.1 for bind9  
						
						
						
					 
					
						2014-08-07 14:00:16 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5db12be507 
							
						 
					 
					
						
						
							
							migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself  
						
						
						
					 
					
						2014-08-03 17:44:17 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							64cb00b9d6 
							
						 
					 
					
						
						
							
							add reject_unlisted_recipient before greylisting,  fixes   #127  
						
						
						
					 
					
						2014-08-03 00:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b86656243f 
							
						 
					 
					
						
						
							
							avoid mail.log warnings about untrusted certificates on outgoing mail,  fixes   #124  
						
						
						
					 
					
						2014-08-02 15:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6a512042dc 
							
						 
					 
					
						
						
							
							after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location  
						
						
						
					 
					
						2014-08-02 14:16:08 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6d4fab1e6a 
							
						 
					 
					
						
						
							
							whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using  
						
						... 
						
						
						
						fixes  #120  (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest
Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1  in which a user asks about the DS parameters that Gandi asks for. 
					
						2014-08-01 12:15:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							30178ef019 
							
						 
					 
					
						
						
							
							add a --force flag to dns_update  
						
						
						
					 
					
						2014-08-01 12:05:34 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cd59025979 
							
						 
					 
					
						
						
							
							dont ask the user for the machine's IP address if we can be sure our guess is right (trust icanhazip to give us the right answer)  
						
						
						
					 
					
						2014-07-29 20:07:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0be92d776e 
							
						 
					 
					
						
						
							
							put a 15-second timeout in asking icanhazip.com for our IP address, although this limit does not seem to actually work (i.e. if I set the limit to 5 seconds, curl still hangs 10+ when I turn off my network connection)  
						
						
						
					 
					
						2014-07-29 20:07:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							168c06939d 
							
						 
					 
					
						
						
							
							have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces  
						
						... 
						
						
						
						hopefully fixes  #121 ; thanks for the help @sfPlayer1 
						
					 
					
						2014-07-29 20:07:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c74bef12d2 
							
						 
					 
					
						
						
							
							allow for network checks to be skips in setup while testing using SKIP_NETWORK_CHECKS=1  
						
						
						
					 
					
						2014-07-29 20:07:26 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6619239280 
							
						 
					 
					
						
						
							
							the SSL private key would be overwritten if ssl_certificate.pem file was deleted; maybe the cause of  #98  
						
						
						
					 
					
						2014-07-28 15:38:23 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							834a7b9096 
							
						 
					 
					
						
						
							
							run network checks during setup and stop if there is a bad condition  
						
						... 
						
						
						
						* check that the PUBLIC_IP is not listed in zen.spamhaus.org
* check that the PRIMARY_HOSTNAME is not listed in dbl.spamhaus.org
* check that a connection to Google's MTA is working (i.e. we're not on a residential network that blocks outbound port 25) 
						
					 
					
						2014-07-26 11:26:59 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3a7221a69a 
							
						 
					 
					
						
						
							
							handle errors in management API calls properly  
						
						... 
						
						
						
						see #118  
						
					 
					
						2014-07-25 13:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							86ec0f6da7 
							
						 
					 
					
						
						
							
							the cron job to re-sign DNSSEC zones was still not working because the script needed a hash-bang line; what I did in  65c3a44e63 didn't actually fix the problem  
						
						
						
					 
					
						2014-07-25 12:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f50cf10249 
							
						 
					 
					
						
						
							
							also accept Ubuntu 14.04.1 LTS, the point release that people are automatically pushed to  
						
						... 
						
						
						
						fixes  #116  
					
						2014-07-22 21:36:59 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							621fcc2233 
							
						 
					 
					
						
						
							
							use /dev/random for crypto-grade RNG with the help of haveged  
						
						... 
						
						
						
						Rather than pass `-r /dev/random` to ldns-keygen (it was `-r /dev/urandom`),
don't pass `-r` at all since /dev/random is the default.
Merges branch 'master' of github.com:pysiak/mailinabox 
						
					 
					
						2014-07-21 07:31:14 -04:00 
						 
				 
			
				
					
						
							
							
								solt 
							
						 
					 
					
						
						
						
						
							
						
						
							69f0e1d07a 
							
						 
					 
					
						
						
							
							Use /dev/random instead of /dev/urandom  
						
						... 
						
						
						
						/dev/random should be used for crypto-grade RNG.
To make sure use of /dev/random doesn't stall due to lack of entropy, install haveged which fills the entropy pool with sources such as network traffic, key strokes, etc.
On branch master
Your branch is up-to-date with 'origin/master'.
Changes to be committed:
	modified:   setup/dns.sh
	modified:   setup/system.sh
	modified:   setup/webmail.sh 
						
					 
					
						2014-07-20 23:14:13 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8042ab66ac 
							
						 
					 
					
						
						
							
							dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain  
						
						
						
					 
					
						2014-07-20 15:23:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8354d9732a 
							
						 
					 
					
						
						
							
							in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses  
						
						
						
					 
					
						2014-07-20 14:53:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1ad9c70887 
							
						 
					 
					
						
						
							
							refactor custom DNS records  
						
						
						
					 
					
						2014-07-20 14:48:20 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2e0680de4f 
							
						 
					 
					
						
						
							
							the check for whether a custom DNS setting is valid was in the wrong place  
						
						
						
					 
					
						2014-07-20 14:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							65c3a44e63 
							
						 
					 
					
						
						
							
							the cron job to re-sign DNSSEC zones wasnt working after adding the API key to the management daemon because the script relied on a bash-ism but cron runs it with (probably) sh  
						
						
						
					 
					
						2014-07-19 16:31:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							37fcc5b53d 
							
						 
					 
					
						
						
							
							Add AAAA records for ns1/ns2  
						
						... 
						
						
						
						Merges branch 'patch-1' of https://github.com/sfPlayer1/mailinabox  
						
					 
					
						2014-07-18 11:12:13 +00:00 
						 
				 
			
				
					
						
							
							
								sfPlayer1 
							
						 
					 
					
						
						
						
						
							
						
						
							89acbe4127 
							
						 
					 
					
						
						
							
							Update dns_update.py  
						
						... 
						
						
						
						Add new extra bool parameter. 
						
					 
					
						2014-07-18 13:05:32 +02:00 
						 
				 
			
				
					
						
							
							
								sfPlayer1 
							
						 
					 
					
						
						
						
						
							
						
						
							0e893626c8 
							
						 
					 
					
						
						
							
							Add IPv6 glue records as well  
						
						... 
						
						
						
						The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.
This caused http://dnscheck.pingdom.com  to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.
Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld
I'm not very familiar with Python and DNS, please verify ;) 
						
					 
					
						2014-07-18 13:03:09 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							42c891032d 
							
						 
					 
					
						
						
							
							don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d7a9e7cc17 
							
						 
					 
					
						
						
							
							run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7803ac9ca4 
							
						 
					 
					
						
						
							
							write explanatory text as we build DNS zones so we can help the user manage DNS off of the box  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							91cf45c843 
							
						 
					 
					
						
						
							
							add a comment  
						
						
						
					 
					
						2014-07-16 09:39:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							eac349187d 
							
						 
					 
					
						
						
							
							whats_next: move the admin alias check to the system section  
						
						
						
					 
					
						2014-07-16 09:36:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							023cd12e1a 
							
						 
					 
					
						
						
							
							hide lots of unnecessary and scary output during setup  
						
						
						
					 
					
						2014-07-16 09:36:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							465aaf2d30 
							
						 
					 
					
						
						
							
							check that we're running as root before doing anything  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5a4f5b1874 
							
						 
					 
					
						
						
							
							move the welcome message to after the system checks  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c716fd27bf 
							
						 
					 
					
						
						
							
							refuse to start if the system has less than 768 MB of RAM, except when testing within Vagrant  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4e5b5f2852 
							
						 
					 
					
						
						
							
							Vagrant typo  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89376b10d0 
							
						 
					 
					
						
						
							
							Merge pull request  #111  from h8h/patch-1  
						
						... 
						
						
						
						Output SSL Cert Fingerprint can point to a wrong dir: Better to use $STORAGE_ROOT 
						
					 
					
						2014-07-16 09:36:22 -04:00 
						 
				 
			
				
					
						
							
							
								h8h 
							
						 
					 
					
						
						
						
						
							
						
						
							9b887d2e63 
							
						 
					 
					
						
						
							
							Use $STORAGE_ROOT  
						
						... 
						
						
						
						Better to use $STORAGE_ROOT instead of hardcoded /home/user-data/ 
						
					 
					
						2014-07-16 15:33:40 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9c7d476915 
							
						 
					 
					
						
						
							
							re-do catch-all aliases,  fixes   #107  (originally  #104 )  
						
						... 
						
						
						
						This reverts pull request #105  from jonessen96/master (84d2023f94 
						
					 
					
						2014-07-13 12:29:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							84d2023f94 
							
						 
					 
					
						
						
							
							Merge pull request  #105  from jonessen96/master  
						
						... 
						
						
						
						Fix validate_email not accepting catchalls (empty local part of the address) 
						
					 
					
						2014-07-12 17:05:07 -04:00 
						 
				 
			
				
					
						
							
							
								Jonas Platte 
							
						 
					 
					
						
						
						
						
							
						
						
							c35252720f 
							
						 
					 
					
						
						
							
							Prohibited usage of empty local part for validate_email(email, strict = true)  
						
						
						
					 
					
						2014-07-12 22:57:38 +02:00