933668f156
had rkhunter --propupd run before configs were changed. Fixed for #869 , also added a crontab for RKHunter to automatically run daily at 4:15AM
2016-06-26 12:57:54 -04:00
e0b333843a
had rkhunter --propupd run before configs were changed. Fixed for #869
2016-06-26 12:48:26 -04:00
4f4ec5436a
added RKHunter to system.sh on lines 122-134 per #869 and made it run everytime apt launches to install or update. This should help prevent rootkits. I also added a config to whitelist certain things
2016-06-26 12:44:39 -04:00
994727d2cd
added script which automatically adds IP addresses which have been reported to be attacking other servers. It will update the IPTables automatically everyday, as well as perform the initial run the first day. As mentioned in #864 on the origin
2016-06-26 11:06:40 -04:00
6f1315f93a
added missing log location for jail.local
2016-06-26 11:03:30 -04:00
3b1b70ed16
added Fail2ban filters from #866 , #767 , and #798 on main branch
2016-06-26 10:57:59 -04:00
5f5f00af4a
for DANE, the smtp_tls_mandatory_protocols setting seems like it also needs to be set (unlike the cipher settings, this isn't documented to be in addition to the non-mandatory setting)
2016-06-12 09:11:55 -04:00
6b73bb5d80
outbound SMTP connections should use the same TLS settings as inbound: drop SSLv2, SSLv3, anonymous ciphers, RC4
2016-06-12 09:11:54 -04:00
3055f9a79c
drop SSLv3, RC4 ciphers from SMTP port 25
...
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html , Google is about to do the same.
fixes #611
2016-06-12 09:11:50 -04:00
fac8477ba1
Configured Dovecot to log into its own logfile
2016-06-06 08:21:44 -04:00
61744095a8
Update Roundcube to 1.2.0
...
closes #840
2016-06-06 07:32:54 -04:00
d5b38a27e6
run roundcube's database migration script on every update
...
There hasn't been a sqlite migration yet, since Mail-in-a-Box's creation, but with Roundcube 1.2 there will be.
2016-06-06 07:28:12 -04:00
6666d28c44
v0.18c
2016-06-02 15:47:45 -04:00
66675ff2e9
Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852
...
In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users.
But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too.
2016-06-02 08:05:34 -04:00
9ee2d946b7
Merge pull request #821 from m4rcs/before-backup
...
Added a pre-backup script to complement post-backup script.
2016-05-17 19:48:14 -04:00
ff7d4196a6
target to blank for munin link in tempalte ( #822 )
...
adding :
target="_blank"
to
<li><a href="/admin/munin">Munin Monitoring</a></li> on line 96
Why ?
Because when you click on munin link, and follow links, you lose your index, or click back many times...
So i propose my pull request.
Et voilà ^^
2016-05-17 19:46:45 -04:00
490b36d86c
Fix #819 ( #823 )
2016-05-17 19:46:10 -04:00
867d9c4669
v0.18b
2016-05-16 07:17:20 -04:00
1ad5892acd
can't change roundcube's default_host setting, partially reverts 6d259a6e12
...
The default_host setting is a part of the internal username key. We can't change that without causing Roundcube to create new internal user accounts.
2016-05-16 07:14:45 -04:00
94b7c80792
v0.18
2016-05-15 20:41:31 -04:00
69bd137b4e
Added a pre-backup script to complement post-backup script.
2016-05-11 10:11:16 +02:00
ae8cd4efdf
support 'dovecot -A' iteration of all users
2016-05-06 09:16:48 -04:00
6d259a6e12
use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost"
...
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.
This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12 .)
I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.
Fixes #797
2016-05-06 09:10:38 -04:00
e7fffc66c7
changelog tweaks, fixes #805
2016-05-06 08:51:53 -04:00
8548ede638
Merge pull #806 - Update Roundcube to 1.1.5
2016-04-24 06:31:28 -04:00
6eeb107ee3
Merge #795 - Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-24 06:27:50 -04:00
31eefa18da
Merge #793 - Hostname as Roundcube Name
2016-04-23 13:45:09 -04:00
20adbb51cb
Merge #804 - Make clear that Let's Encrypt is reccomended!
2016-04-23 09:51:44 -04:00
79a39d86f9
reseller -> provider
2016-04-23 15:18:21 +02:00
0ebf33e9df
Make clear that Let's Encrypt is reccomended!
2016-04-23 11:35:02 +02:00
d3818d1db6
changelog entries
2016-04-13 18:42:53 -04:00
f65d9d3196
Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-09 13:27:27 +02:00
74fea6b93e
Hostname as Roundcube Name
2016-04-09 10:23:20 +02:00
7a935d8385
Merge #791 - Add ownCloud 8.2.3 update to changelog
2016-04-08 08:20:06 -04:00
7e0f534aea
Add ownCloud update to changelog
2016-04-08 14:04:15 +02:00
5628f8eecb
Merge #773 - Set the hostname of the box during the setup
2016-04-07 09:44:39 -04:00
9cc5160c38
Merge #789 - Update to ownCloud v8.2.3
2016-04-07 09:32:24 -04:00
bc40134b7b
Remove comment about loopback interface
2016-04-07 10:55:20 +02:00
3649ba1ce9
Merge branch 'master' into hostname
2016-04-07 10:54:53 +02:00
22395bdb8b
Update to ownCloud v8.2.3
2016-04-06 17:31:59 -07:00
30c89be982
merge #771 - stop fail2ban recidive emails
...
The emails were not deliverable anyway.
2016-04-06 19:03:44 -04:00
853b641d1b
Merge #787 - Add SRV record to the Custom DNS page
2016-04-05 07:17:12 -04:00
703a963ae5
Add SRV record to the Custom DNS page
...
Add SRV to the drop-down to add a custom DNS zone. I made this change on my up-to-date install and it worked without any issues.
2016-04-05 00:54:26 -05:00
1a1d125b31
v0.17c
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJW/mJqAAoJELkgQfTBC92B/F8H/2s6wKhzzeoqkhLU2nvYJh0B
Q1d0SbtdQWIWrTQbcjIR3aGYwJzJ+HC7rylrwS4lB2ugpJBA0MnfD+ktwbe/EyDa
pN6WLlmnXyAw28//ubq0FQqC8Gawsj4WMfmSEw/XuDShik8XJmU7QUEnewClJ7So
ko4eVp9KL8MU3Rj/DebhyoW0EjpB/qrJvLSqtj4KCxKYES9J8nUVBFVRDL48yNx4
2KTIjqreGZmtW0/wxPnganMeV6DZn3B6vBmqOYYvw7bf6r/cY0ZkNK/ENlo+ntJD
3jFKki4TJChhGVWH5T4Tw2bys4Cua1+SA3cleNRH1rYSvRWyOCwK+LS4YBJHYp4=
=umMp
-----END PGP SIGNATURE-----
merge hotfix release tag 'v0.17c' into master
The hotfixes were all already applied to master in original PRs. This merge merely brings over the CHANGELOG and the updated install instructions (v0.17b=>v0.17c), including to bootstrap.sh which is what triggers v0.17c being the latest release.
2016-04-01 08:00:10 -04:00
86881c0107
v0.17c
2016-04-01 07:58:28 -04:00
e65c77588e
hotfix merge #776 - some owncloud paths were improperly exposed over http
2016-04-01 07:58:24 -04:00
3843f63416
hotfix merge #772 - yodax/generic-login-message
...
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
2016-03-31 10:46:38 -04:00
703e6795e8
hotfix merge #769 - update the Roundcube html5_notifier plugin from version 0.6 to 0.6.2
...
fixes Roundcube getting stuck for some people, hopefully fixes #693
2016-03-31 10:46:34 -04:00
b3223136f4
hotfix - install roundcube from our own mirror, hosted in Josh's AWS S3 account, because sourceforge is down all the time
...
fixes #750 , see #701 , see #370
was df92a10eba
2016-03-31 10:35:48 -04:00
aa1fdaddaf
hotfix merge #755 - Prevent click jacking of the management interface
2016-03-31 10:34:52 -04:00
ChiefGyk
Joshua Tauberer
Chris Blankenship
aspdye
Arnaud
Marc Schiller
Michael Kroes
kurt89523
msgerbs