Commit Graph

183 Commits

Author SHA1 Message Date
Joshua Tauberer 6e380ade17 owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME 2014-08-16 12:33:10 +00:00
Joshua Tauberer 8c9f278166 owncloud: support MOD_X_ACCEL_REDIRECT_ENABLED
This lets downloads from the file app work.
2014-08-15 23:16:54 +00:00
Joshua Tauberer e625a424fd whats_next: check that the TLSA record is correct, fixes #139 2014-08-13 19:42:49 +00:00
Joshua Tauberer 0eceb2012f use php5-fpm rather than our own custom launcher script for PHP+FastCGI 2014-08-12 11:00:54 +00:00
Joshua Tauberer 1312b0254b backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old 2014-08-11 11:45:40 +00:00
Joshua Tauberer f66914d634 backup: automatically take a full backup when the sum of the increments get very large 2014-08-11 11:38:32 +00:00
Joshua Tauberer 58e300e113 backup must be full on the first run because incremental backup will fail, fixes #134 2014-08-11 07:16:58 -04:00
Joshua Tauberer e294f7c181 create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129 2014-08-09 16:49:57 +00:00
Joshua Tauberer b56f82cb92 make a privileges column in the users table and mark the first user as an admin 2014-08-08 12:31:22 +00:00
Joshua Tauberer 6a512042dc after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location 2014-08-02 14:16:08 +00:00
Joshua Tauberer 6d4fab1e6a whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using
fixes #120 (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest

Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1 in which a user asks about the DS parameters that Gandi asks for.
2014-08-01 12:15:05 +00:00
Joshua Tauberer 30178ef019 add a --force flag to dns_update 2014-08-01 12:05:34 +00:00
Joshua Tauberer 168c06939d have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces
hopefully fixes #121; thanks for the help @sfPlayer1
2014-07-29 20:07:26 -04:00
Joshua Tauberer 8042ab66ac dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain 2014-07-20 15:23:17 +00:00
Joshua Tauberer 8354d9732a in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses 2014-07-20 14:53:55 +00:00
Joshua Tauberer 1ad9c70887 refactor custom DNS records 2014-07-20 14:48:20 +00:00
Joshua Tauberer 2e0680de4f the check for whether a custom DNS setting is valid was in the wrong place 2014-07-20 14:41:02 +00:00
sfPlayer1 89acbe4127 Update dns_update.py
Add new extra bool parameter.
2014-07-18 13:05:32 +02:00
sfPlayer1 0e893626c8 Add IPv6 glue records as well
The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.

This caused http://dnscheck.pingdom.com to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.

Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld

I'm not very familiar with Python and DNS, please verify ;)
2014-07-18 13:03:09 +02:00
Joshua Tauberer 42c891032d don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend 2014-07-17 13:08:05 +00:00
Joshua Tauberer d7a9e7cc17 run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box 2014-07-17 13:08:05 +00:00
Joshua Tauberer 7803ac9ca4 write explanatory text as we build DNS zones so we can help the user manage DNS off of the box 2014-07-17 13:08:05 +00:00
Joshua Tauberer eac349187d whats_next: move the admin alias check to the system section 2014-07-16 09:36:56 -04:00
Joshua Tauberer 9c7d476915 re-do catch-all aliases, fixes #107 (originally #104)
This reverts pull request #105 from jonessen96/master (84d2023f94) which was incorrect because it lost the "+" in DOT_ATOM_TEXT and so was not accepting any email addresses.

Am taking the opportunity to make the code cleaner while I'm here.
2014-07-13 12:29:43 +00:00
Jonas Platte c35252720f Prohibited usage of empty local part for validate_email(email, strict = true) 2014-07-12 22:57:38 +02:00
Jonas Platte 70e4e7f7be Fixed validate_email not accepting catchalls (empty local part of the address) 2014-07-12 03:22:55 +02:00
Joshua Tauberer 85bd2c8804 use the Dovecot managesieve service to manage sieve scripts
This lets roundcube's manageseive plugin do cool things like vacation responses.

Also:

* Run the spam filtering sieve script out of a global sieve file that we'll place in /etc/dovecot. It is no longer necessary to create per-user sieve files for this. Remove them with a new migration. Remove the code that created them.

* Corrects the spam script. Backslashes were double-escaped probably because this script started embedded within the bash script. Not sure how this was working until now.

this adapts work by @h8h in #103
2014-07-10 23:09:07 +00:00
Joshua Tauberer 41b3df6d78 manage hostmaster@ and postmaster@ automatically, create administrator@ during setup instead
closes #94
2014-07-09 19:30:17 +00:00
Joshua Tauberer 22a010ecb9 say that certificates are valid too in output 2014-07-09 16:38:56 +00:00
Joshua Tauberer 659b5c8aa3 if the server certificate can be used for a non-primary domain, use it 2014-07-09 16:38:42 +00:00
Joshua Tauberer 6c70b10c15 tell users to restart nginx after plugging in a new cert 2014-07-09 14:05:59 +00:00
Joshua Tauberer deebda06e1 utils.sort_domains wasn't right 2014-07-09 12:35:12 +00:00
Joshua Tauberer 1a74b81f44 new nginx configuration yaml file to allow proxying of whole domains elsewhere 2014-07-09 12:31:32 +00:00
Joshua Tauberer 04e30ffa78 check that the installed certificate corresponds to the private key 2014-07-08 15:47:54 +00:00
Joshua Tauberer 59a9d02fa5 check that installed certificates are for the domains we are using the certificates for 2014-07-07 12:06:11 +00:00
Joshua Tauberer 65fb65ada7 an mx record may be missing if the A record matches the A record of PRIMARY_HOSTNAME 2014-07-07 02:35:45 +00:00
Joshua Tauberer 28e254fb84 whats_next: Allow the PRIMARY_HOSTNAME to not have an MX because the default value means the domain itself, which is what we want anyway 2014-07-07 02:35:45 +00:00
Joshua Tauberer e898cd5d2a whats_next: wrap output to the actual width of the terminal 2014-07-07 02:35:45 +00:00
Joshua Tauberer 6a231d4409 clarify that an SSL cert can remain self-signed on the non-primary domains if the domain isn't being used for web 2014-07-07 02:35:45 +00:00
Joshua Tauberer 49d5561933 when adding/removing mail addresses also update nginx's config 2014-07-06 12:16:50 +00:00
Joshua Tauberer c8856f107d migrate the SSL certificates path for non-primary certs to a new layout using a new migration script 2014-06-30 20:41:29 +00:00
Joshua Tauberer 06ba25151f get_domain_ssl_files returned the wrong path for the CSR for PRIMARY_HOSTNAME 2014-06-30 19:49:41 +00:00
Joshua Tauberer b5aa1b0f31 walk the user through choosing the PRIMARY_HOSTNAME by first asking for their email address 2014-06-30 10:20:58 -04:00
Joshua Tauberer fed5959288 s/PUBLIC_HOSTNAME/PRIMARY_HOSTNAME/ throughout 2014-06-30 09:15:36 -04:00
Joshua Tauberer 87f001a5d5 some comments 2014-06-24 03:24:41 +00:00
Joshua Tauberer 1dec8c65ce move the SSH password login check into whats_next.py (it used to be in start.sh and then moved to an unused script when it became a problem for Vagrant) 2014-06-23 19:39:20 +00:00
Joshua Tauberer d4ce50de86 new tool to purchase and install a SSL certificate using Gandi.net's API 2014-06-23 10:53:29 +00:00
Joshua Tauberer 30c416ff6e rename the new checklist script to whats_next.py 2014-06-23 00:11:24 +00:00
Joshua Tauberer 5aa09c3f9b let the user override some DNS records in a different way
Moved the configuration to a single YAML file, rather than one per domain, to be clearer.

re-does 33f06f29c1
2014-06-22 19:33:30 +00:00
Joshua Tauberer 343886d818 add mail alias checks and other cleanup 2014-06-22 16:28:55 +00:00
Joshua Tauberer deab8974ec if we handle mail for both a domain and any subdomain, only create a zone for the domain and put the subdomain's DNS records in the main domain's zone file 2014-06-22 16:24:15 +00:00
Joshua Tauberer 4668367420 first pass at a management tool for checking what the user must do to finish his configuration: set NS records, DS records, sign his certificates, etc. 2014-06-22 15:54:22 +00:00
Michael Kropat 9e63ec62fb Cleanup: remove env dependency 2014-06-22 08:55:19 -04:00
Michael Kropat d100a790a0 Remove API_KEY_FILE setting 2014-06-22 08:45:29 -04:00
Michael Kropat 554a28479f Merge remote-tracking branch 'upstream/master' into mgmt-auth
Conflicts:
	management/daemon.py
2014-06-21 21:29:25 -04:00
Joshua Tauberer 064d75e261 Merge pull request #73 from mkropat/syslog-logging
Tell Flask to log to syslog
2014-06-21 21:22:27 -04:00
Michael Kropat 067052d4ea Add key-based authentication to management service
Intended to be the simplest auth possible: every time the service
starts, a random key is written to `/var/lib/mailinabox/api.key`. In
order to authenticate to the service, the client must pass the contents
of `api.key` in an HTTP basic auth header. In this way, users who do not
have read access to that file are not able to communicate with the
service.
2014-06-21 23:42:48 +00:00
Michael Kropat 53e15eae15 Tell Flask to log to syslog
- Writes Flask warnings and errors to `/var/log/syslog`
- Helps to debug issues when running in production
2014-06-21 23:25:35 +00:00
Joshua Tauberer 67d31ed998 move the SSL setup into its own bash script since it is used for much more than email now 2014-06-21 22:16:46 +00:00
Joshua Tauberer 5faa1cae71 manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:55:12 +00:00
Joshua Tauberer 126ea94ccf drop support for ADSP which since last November is no longer recommended per http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/ 2014-06-18 22:56:55 -04:00
Joshua Tauberer 95e61bc110 add DANE TLSA records to the PUBLIC_HOSTNAME's DNS
Postfix has a tls_security_level called "dane" which uses DNS-Based Authentication of Named Entities (DANE)
to require, if specified in the DNS of the MX host, an encrpyted connection with a known certificate.

This commit adds TLSA records.
2014-06-19 01:39:27 +00:00
Joshua Tauberer 699bccad80 missing spaces in nsd.conf (has no effect but looks proper) 2014-06-18 23:53:52 +00:00
Joshua Tauberer afb6c26c8b run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server
see #71
2014-06-18 19:45:47 -04:00
Joshua Tauberer 761fac729b nsd.conf wasn't properly using the signed zone files 2014-06-18 23:30:35 +00:00
Joshua Tauberer dd15bf4384 use a better sort order for records in DNS zone files 2014-06-17 23:34:06 +00:00
Joshua Tauberer 14396e58f8 dont create a separate zone for PUBLIC_HOSTNAME if it is a subdomain of another zone (hmm, this is a general principle that could apply to any two domains the box is serving) 2014-06-17 23:30:00 +00:00
Joshua Tauberer 33f06f29c1 let the user override some DNS records 2014-06-17 22:21:51 +00:00
Joshua Tauberer 88709506f8 add DNSSEC
* sign zones
* in a cron job, periodically re-sign zones because they expire (not tested)
2014-06-17 22:21:12 +00:00
Joshua Tauberer aaa735dbfe write nsd.conf zones in a predictable order so that we don't keep rewriting it 2014-06-12 22:28:37 -04:00
Joshua Tauberer e9cde52a48 two more cases of shelling out external programs in a more secure way, see cecda9cec5 2014-06-12 21:06:04 -04:00
Joshua Tauberer 8bd62aa3bc increase duplicity's volume size from the default of 25MB to 100MB so we create fewer files 2014-06-09 13:47:41 +00:00
Joshua Tauberer 5490142df5 re-do the backup script to use the duplicity program
Duplicity will manage the process of creating incremental backups for us.
Although duplicity can both encrypt & copy files to a remote host, I really
don't like PGP and so I don't want to use that.

Instead, we'll back up to a local directory unencrypted, then manually
encrypt the full & incremental backup files. Synchronizing the encrypted
backup directory to a remote host is a TODO.
2014-06-09 09:34:52 -04:00
Joshua Tauberer cecda9cec5 management: shell out external programs in a more secure way 2014-06-09 08:09:45 -04:00
Michael Kropat ae67409603 Support dual-stack IPv4/IPv6 mail servers
Addresses #3

Added support by adding parallel code wherever `$PUBLIC_IP` was used.
Providing an IPv6 address is completely optional.

Playing around on my IPv6-enabled mail server revealed that — before
this change — mailinabox might try to use an IPv6 address as the value
for `$PUBLIC_IP`, which wouldn't work out well.
2014-06-08 18:32:52 -04:00
Joshua Tauberer 242cadebc8 allow dashes in emails during validation, and for aliases allow a much wider range of characters, fixes #64
* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822
2014-06-06 10:51:36 -04:00
Joshua Tauberer f1dac1fe13 show less output when updating DNS configuration 2014-06-06 10:51:36 -04:00
Joshua Tauberer 6194c63f76 add management comments for checking for updated Ubuntu packages and applying updates 2014-06-05 20:57:30 +00:00
Joshua Tauberer 295981828f Vagrantize
* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started
2014-06-04 19:39:58 -04:00
Joshua Tauberer 7fa4862f1a refactor dns_update so that the zone is first generated in a file-format agnostic way 2014-06-04 19:00:31 -04:00
Joshua Tauberer 8ed15168c0 the new dns_update totally forgot to write the OpenDKIM tables 2014-06-04 18:44:13 -04:00
Joshua Tauberer 89730bd643 new backup script, see #11 2014-06-03 21:16:38 +00:00
Joshua Tauberer c54b0cbefc move management into a daemon service running as root
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.

This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00