external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-11-03 19:30:54 +00:00
Code Issues Releases Wiki Activity
1,364 Commits 6 Branches 87 Tags 45 MiB
8f4941a3c5
Commit Graph

530 Commits

Author SHA1 Message Date
ChiefGyk
8f4941a3c5 removed optional GeoIP and Tor exit node blocking. Can be readded if need be later, or by using the root project 2016-07-02 18:34:34 -04:00
ChiefGyk
5abc9c3ec5 added MaxMind, StopForumSpam, and Greensnow addresses to ipset lists. 2016-07-02 18:29:07 -04:00
ChiefGyk
18cd0c6902 removed dialog.sh which had the geoblock options, and fixed typo in tor.sh for the optional tor exit node block 2016-06-30 08:57:35 -04:00
ChiefGyk
6556da1e65 removed geoblocks, made tor exit node blocking optional during setup via yes/no dialog which will comment out the appropriate line in /etc/cron.daily/blacklist. Rearranged some code, deleted some files and clutter. 2016-06-30 08:20:47 -04:00
ChiefGyk
52410106e9 replaced iptables-persistent with another iptables-persistent in /etc/init.d, this one also will save ipsets and allow persistence upon reboot. Cleaned up some code, changed debconf variables at iptables-persistent install to false. Still installs iptable-persistant through apt, just to get rid of all the foundation work for it to run, but is quickly replaced. 2016-06-29 21:35:37 -04:00
ChiefGyk
9b3a158b72 Added Dshield, to automatically block the top 20 malicious IP blocks each day. It is merged into blacklist which will run in cron.daily. So ipset blocks the majority of addresses from lists, and IPTables does the blocks. 2016-06-29 18:33:09 -04:00
ChiefGyk
61780b8ae7 added optional geoblock lists that update weekly for China, and Korea as they create a lot of spam. They are added via IPtables as they are added in blocks. 2016-06-29 15:39:41 -04:00
ChiefGyk
02b014527b added link to original project 2016-06-29 11:48:26 -04:00
ChiefGyk
1edd94ba39 added persistence by adding a couple lines to /etc/network/interfaces. It will automatically load at start, save each time the cron.daily runs, so if you need to reboot the ipset is loaded again. 2016-06-29 11:14:03 -04:00
ChiefGyk
ef5f90e02c changed name from blocklist to blacklist to keep more uniform 2016-06-29 09:38:08 -04:00
ChiefGyk
39644bd29e Now using ipset, added more lists, resarched and looked around for how to script it better. Now all will be able to wget from wizcraft (blocked my VPS, but not local machine so I suspect IP blocks are blocked from them), however there seems to be a lot of overlap of the addresses so I don't think it will be an issue. Averages around ~47,000 IP addresses as opposed to the original couple thousand just from blocklist.de. Does not require Fail2Ban to work just iptables, and of course iptables-persistent to keep changes. 2016-06-29 09:32:16 -04:00
ChiefGyk
6c808a5654 fixed unneccessary sudo, added part to load global variables. 2016-06-29 07:26:34 -04:00
ChiefGyk
2bdae89d24 polished and finalized, removed two last lines in blocklist.sh. They were redundant. 2016-06-28 16:26:52 -04:00
ChiefGyk
d27cb57d0c moved blocklist installation to its own script, and moved it to the end of the installation, even after the first user so it can setup all the iptables after everything has been setup 2016-06-28 16:19:59 -04:00
ChiefGyk
89274c6411 automated the iptables-persistent installation so it doesn't require user interaction 2016-06-28 15:57:04 -04:00
ChiefGyk
484c9f2dbe blocklist added to upstream master of 0.18c 2016-06-28 13:00:21 -04:00
ChiefGyk
23f2b1688f reset 2016-06-28 12:31:21 -04:00
ChiefGyk
3a1313144b moved blocklist script locally within installation 2016-06-27 09:38:14 -04:00
ChiefGyk
7f89d7cb82 added line for rkhunter to first update when installed. 2016-06-27 04:32:06 -04:00
ChiefGyk
b76c9330c5 some fixes to fail2ban filters and jail.local 2016-06-27 04:13:56 -04:00
ChiefGyk
5265839681 made rkhunter create a local file per suggestions 2016-06-27 04:10:39 -04:00
ChiefGyk
ab3fbad0b8 a couple minor changes to Fail2Ban #870 fixed a couple variables, copied owncloud.conf fail2ban from my own owncloud 9 server for my own business. Though it is commented out 2016-06-26 13:37:21 -04:00
ChiefGyk
933668f156 had rkhunter --propupd run before configs were changed. Fixed for #869, also added a crontab for RKHunter to automatically run daily at 4:15AM 2016-06-26 12:57:54 -04:00
ChiefGyk
e0b333843a had rkhunter --propupd run before configs were changed. Fixed for #869 2016-06-26 12:48:26 -04:00
ChiefGyk
4f4ec5436a added RKHunter to system.sh on lines 122-134 per #869 and made it run everytime apt launches to install or update. This should help prevent rootkits. I also added a config to whitelist certain things 2016-06-26 12:44:39 -04:00
ChiefGyk
994727d2cd added script which automatically adds IP addresses which have been reported to be attacking other servers. It will update the IPTables automatically everyday, as well as perform the initial run the first day. As mentioned in #864 on the origin 2016-06-26 11:06:40 -04:00
ChiefGyk
3b1b70ed16 added Fail2ban filters from #866, #767, and #798 on main branch 2016-06-26 10:57:59 -04:00
Joshua Tauberer
5f5f00af4a for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting) 2016-06-12 09:11:55 -04:00
Joshua Tauberer
6b73bb5d80 outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4 2016-06-12 09:11:54 -04:00
Joshua Tauberer
3055f9a79c drop SSLv3, RC4 ciphers from SMTP port 25 
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html, Google is about to do the same.

fixes #611
 2016-06-12 09:11:50 -04:00
Chris Blankenship
fac8477ba1 Configured Dovecot to log into its own logfile 2016-06-06 08:21:44 -04:00
aspdye
61744095a8 Update Roundcube to 1.2.0 
closes #840
 2016-06-06 07:32:54 -04:00
Joshua Tauberer
d5b38a27e6 run roundcube's database migration script on every update 
There hasn't been a sqlite migration yet, since Mail-in-a-Box's creation, but with Roundcube 1.2 there will be.
 2016-06-06 07:28:12 -04:00
Joshua Tauberer
6666d28c44 v0.18c 2016-06-02 15:47:45 -04:00
Joshua Tauberer
66675ff2e9 Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852 
In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users.

But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too.
 2016-06-02 08:05:34 -04:00
Joshua Tauberer
867d9c4669 v0.18b 2016-05-16 07:17:20 -04:00
Joshua Tauberer
1ad5892acd can't change roundcube's default_host setting, partially reverts 6d259a6e12 
The default_host setting is a part of the internal username key. We can't change that without causing Roundcube to create new internal user accounts.
 2016-05-16 07:14:45 -04:00
Joshua Tauberer
94b7c80792 v0.18 2016-05-15 20:41:31 -04:00
Joshua Tauberer
ae8cd4efdf support 'dovecot -A' iteration of all users 2016-05-06 09:16:48 -04:00
Joshua Tauberer
6d259a6e12 use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost" 
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.

This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12.)

I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.

Fixes #797
 2016-05-06 09:10:38 -04:00
aspdye
8548ede638 Merge pull #806 - Update Roundcube to 1.1.5 2016-04-24 06:31:28 -04:00
aspdye
74fea6b93e Hostname as Roundcube Name 2016-04-09 10:23:20 +02:00
Joshua Tauberer
5628f8eecb Merge #773 - Set the hostname of the box during the setup 2016-04-07 09:44:39 -04:00
Michael Kroes
bc40134b7b Remove comment about loopback interface 2016-04-07 10:55:20 +02:00
Michael Kroes
3649ba1ce9 Merge branch 'master' into hostname 2016-04-07 10:54:53 +02:00
kurt89523
22395bdb8b Update to ownCloud v8.2.3 2016-04-06 17:31:59 -07:00
Joshua Tauberer
1a1d125b31 v0.17c 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJW/mJqAAoJELkgQfTBC92B/F8H/2s6wKhzzeoqkhLU2nvYJh0B
 Q1d0SbtdQWIWrTQbcjIR3aGYwJzJ+HC7rylrwS4lB2ugpJBA0MnfD+ktwbe/EyDa
 pN6WLlmnXyAw28//ubq0FQqC8Gawsj4WMfmSEw/XuDShik8XJmU7QUEnewClJ7So
 ko4eVp9KL8MU3Rj/DebhyoW0EjpB/qrJvLSqtj4KCxKYES9J8nUVBFVRDL48yNx4
 2KTIjqreGZmtW0/wxPnganMeV6DZn3B6vBmqOYYvw7bf6r/cY0ZkNK/ENlo+ntJD
 3jFKki4TJChhGVWH5T4Tw2bys4Cua1+SA3cleNRH1rYSvRWyOCwK+LS4YBJHYp4=
 =umMp
 -----END PGP SIGNATURE-----

merge hotfix release tag 'v0.17c' into master

The hotfixes were all already applied to master in original PRs. This merge merely brings over the CHANGELOG and the updated install instructions (v0.17b=>v0.17c), including to bootstrap.sh which is what triggers v0.17c being the latest release.
 2016-04-01 08:00:10 -04:00
Joshua Tauberer
86881c0107 v0.17c 2016-04-01 07:58:28 -04:00
Joshua Tauberer
703e6795e8 hotfix merge #769 - update the Roundcube html5_notifier plugin from version 0.6 to 0.6.2 
fixes Roundcube getting stuck for some people, hopefully fixes #693
 2016-03-31 10:46:34 -04:00
Joshua Tauberer
b3223136f4 hotfix - install roundcube from our own mirror, hosted in Josh's AWS S3 account, because sourceforge is down all the time 
fixes #750, see #701, see #370

was df92a10eba
 2016-03-31 10:35:48 -04:00