external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity
1,357 Commits 6 Branches 85 Tags 43 MiB
8efe6c933f
Commit Graph

158 Commits

Author SHA1 Message Date
ChiefGyk
8efe6c933f added Malware Domain list and ZeusTracker 2016-06-29 14:18:43 -04:00
ChiefGyk
162f580e68 moved the comments around so it looked nicer on my other computer 2016-06-29 12:34:17 -04:00
ChiefGyk
324f5666f2 removed an unneeded line 2016-06-29 12:31:59 -04:00
ChiefGyk
1edd94ba39 added persistence by adding a couple lines to /etc/network/interfaces. It will automatically load at start, save each time the cron.daily runs, so if you need to reboot the ipset is loaded again. 2016-06-29 11:14:03 -04:00
ChiefGyk
ef5f90e02c changed name from blocklist to blacklist to keep more uniform 2016-06-29 09:38:08 -04:00
ChiefGyk
39644bd29e Now using ipset, added more lists, resarched and looked around for how to script it better. Now all will be able to wget from wizcraft (blocked my VPS, but not local machine so I suspect IP blocks are blocked from them), however there seems to be a lot of overlap of the addresses so I don't think it will be an issue. Averages around ~47,000 IP addresses as opposed to the original couple thousand just from blocklist.de. Does not require Fail2Ban to work just iptables, and of course iptables-persistent to keep changes. 2016-06-29 09:32:16 -04:00
ChiefGyk
d52f11710c fixed iptables-persistent saving in the cron.daily for sync-fail2ban 2016-06-28 16:02:43 -04:00
ChiefGyk
273078b03e added IPTables persistence and for it to save changes 2016-06-28 15:38:11 -04:00
ChiefGyk
484c9f2dbe blocklist added to upstream master of 0.18c 2016-06-28 13:00:21 -04:00
ChiefGyk
23f2b1688f reset 2016-06-28 12:31:21 -04:00
ChiefGyk
3a1313144b moved blocklist script locally within installation 2016-06-27 09:38:14 -04:00
ChiefGyk
406f991be3 fixed error in my script copying nginx-badbots 2016-06-27 09:30:01 -04:00
ChiefGyk
20bf710b28 removed some more clutter from jail.local 2016-06-27 09:21:29 -04:00
ChiefGyk
b76c9330c5 some fixes to fail2ban filters and jail.local 2016-06-27 04:13:56 -04:00
ChiefGyk
3701676304 fixed miab-munin.conf 2016-06-27 04:01:51 -04:00
ChiefGyk
187b28dc51 committed a fix for owncloud filter. Lack of caffeine caused me to enter a wrong part of my script 2016-06-27 03:58:30 -04:00
ChiefGyk
cb35e6dd96 extended owncloud filter find time 2016-06-26 20:06:53 -04:00
ChiefGyk
fd457e187c fixed some issues with warnings due to there not being a variable set for PKGMG=DPKG 2016-06-26 19:53:30 -04:00
ChiefGyk
ab3fbad0b8 a couple minor changes to Fail2Ban #870 fixed a couple variables, copied owncloud.conf fail2ban from my own owncloud 9 server for my own business. Though it is commented out 2016-06-26 13:37:21 -04:00
ChiefGyk
4f4ec5436a added RKHunter to system.sh on lines 122-134 per #869 and made it run everytime apt launches to install or update. This should help prevent rootkits. I also added a config to whitelist certain things 2016-06-26 12:44:39 -04:00
ChiefGyk
6f1315f93a added missing log location for jail.local 2016-06-26 11:03:30 -04:00
ChiefGyk
3b1b70ed16 added Fail2ban filters from #866, #767, and #798 on main branch 2016-06-26 10:57:59 -04:00
Chris Blankenship
fac8477ba1 Configured Dovecot to log into its own logfile 2016-06-06 08:21:44 -04:00
Joshua Tauberer
6d259a6e12 use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost" 
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.

This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12.)

I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.

Fixes #797
 2016-05-06 09:10:38 -04:00
Joshua Tauberer
30c89be982 merge #771 - stop fail2ban recidive emails 
The emails were not deliverable anyway.
 2016-04-06 19:03:44 -04:00
Tibor Blaho
c5e8a975cd Fix denied ownCloud nginx locations 2016-03-31 00:07:48 +02:00
Michael Kroes
4d7229ccb0 Add documentation on why the notification was removed from the recidive jail 2016-03-26 13:37:33 +01:00
Michael Kroes
454a2b167b Stop fail2ban recidive from sending emails, like all other jails 2016-03-26 09:04:51 +01:00
Michael Kroes
44705a32b7 Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing 2016-03-13 18:40:02 +01:00
Michael Kroes
e343061cf4 Prevent clickjacking of management interface 2016-03-13 18:23:10 +01:00
Joshua Tauberer
8ea42847da nightly status checks could fail if any domains had non-ASCII characters 
https://discourse.mailinabox.email/t/status-check-emails-empty-after-upgrading-to-v0-16/1082/3

A user on that thread suggests an alternate solution, adding `PYTHONIOENCODING=utf-8` to `/etc/environment`. Python docs say that affects stdin/out/err. But we also use these environment variables elsewhere to ensure that config files we read/write are opened with UTF8 too. Maybe all that can be simplified too.
 2016-02-13 11:51:06 -05:00
Joshua Tauberer
07f9228694 Merge branch 'letsencrypt' for automatic provisioning of TLS certificates from Let's Encrypt 2016-01-09 08:58:35 -05:00
Bernard `Guyzmo` Pratz
b09cbb0ca4 Fixing issue making it impossible to send mail from Z-Push 
* added IMAP_SMTP_METHOD to z_push/backend_imap
 * reverting that line accidentally deleted in commit 5055ef
 * cf pull request GH-580 that commit is part of

Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
 2016-01-08 16:43:09 +00:00
Joshua Tauberer
4b4f670adf s/SSL/TLS/ in user-visible text throughout the project 2016-01-04 18:43:16 -05:00
Joshua Tauberer
b6933a73fa provision and install free SSL certificates from Let's Encrypt 2016-01-04 18:43:16 -05:00
Joshua Tauberer
bc79319864 Merge pull request #494 from anoma/fail2ban-recidive 
Activate FAIL2BAN recidive jail
 2015-12-22 08:11:19 -05:00
Joshua Tauberer
20e11bbab3 fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself 2015-12-07 08:45:59 -05:00
Joshua Tauberer
4995cebc38 add additional comments explaining why the IMAP special folders are set up as they are 2015-11-01 07:30:15 -05:00
Michael Kroes
9b1e04b1e8 Merge remote-tracking branch 'upstream/master' into z-push-update 2015-10-31 03:08:54 -04:00
Michael Kroes
90836eff5b For a new user create the archive folder 2015-10-27 02:20:00 -04:00
Michael Kroes
914cf68651 Remove default comments from imap config 2015-10-25 13:26:38 -04:00
Michael Kroes
4db82d3d09 Caldav doesnt support sync tokens 2015-10-25 13:19:22 -04:00
Michael Kroes
5055ef060d Change configuration options for new version of z-push 2015-10-25 08:29:57 -04:00
Joshua Tauberer
f046031b26 nginx-ssl.conf changes were partially incorrect, partial revert of 834c42bc50 
My own /etc/nginx/nginx.conf was messed up, so what I thought were Ubuntu 14.04 defaults weren't, and we lost the ssl_protocols and ssl_prefer_server_ciphers settings. This puts those back.

https://discourse.mailinabox.email/t/dev-master-version-reported-as-poodle-attack-vulnerable-by-ssllabs/898
 2015-10-24 11:36:18 +00:00
Joshua Tauberer
274e5ca676 let dovecot automatically create mailbox folders rather than doing it manually in the management daemon, fixes #554 2015-10-18 11:55:27 +00:00
Joshua Tauberer
834c42bc50 move nginx-ssl to be a global configuration file rather than including it into each server block 2015-09-27 17:13:11 +00:00
Joshua Tauberer
93c2258d23 let the HSTS header be controlled by the management daemon so some domains can choose to enable preload 2015-09-08 21:20:50 +00:00
anoma
ae3ae0b5ba Revert to default FAIL2BAN findtime for SSH jail 
I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.

The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good.
 2015-09-07 08:36:59 +01:00
anoma
42d657eb54 Unnecessary config item, inherited from default jail.conf 2015-09-07 08:28:54 +01:00
Joshua Tauberer
2c29d59895 Merge pull request #478 from kri3v/patch-1 
Added more bantime and lowered max retry attempts
 2015-09-05 11:42:36 -04:00