Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8042ab66ac 
							
						 
					 
					
						
						
							
							dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain  
						
						
						
					 
					
						2014-07-20 15:23:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8354d9732a 
							
						 
					 
					
						
						
							
							in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses  
						
						
						
					 
					
						2014-07-20 14:53:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1ad9c70887 
							
						 
					 
					
						
						
							
							refactor custom DNS records  
						
						
						
					 
					
						2014-07-20 14:48:20 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2e0680de4f 
							
						 
					 
					
						
						
							
							the check for whether a custom DNS setting is valid was in the wrong place  
						
						
						
					 
					
						2014-07-20 14:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							65c3a44e63 
							
						 
					 
					
						
						
							
							the cron job to re-sign DNSSEC zones wasnt working after adding the API key to the management daemon because the script relied on a bash-ism but cron runs it with (probably) sh  
						
						
						
					 
					
						2014-07-19 16:31:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							37fcc5b53d 
							
						 
					 
					
						
						
							
							Add AAAA records for ns1/ns2  
						
						... 
						
						
						
						Merges branch 'patch-1' of https://github.com/sfPlayer1/mailinabox  
						
					 
					
						2014-07-18 11:12:13 +00:00 
						 
				 
			
				
					
						
							
							
								sfPlayer1 
							
						 
					 
					
						
						
						
						
							
						
						
							89acbe4127 
							
						 
					 
					
						
						
							
							Update dns_update.py  
						
						... 
						
						
						
						Add new extra bool parameter. 
						
					 
					
						2014-07-18 13:05:32 +02:00 
						 
				 
			
				
					
						
							
							
								sfPlayer1 
							
						 
					 
					
						
						
						
						
							
						
						
							0e893626c8 
							
						 
					 
					
						
						
							
							Add IPv6 glue records as well  
						
						... 
						
						
						
						The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.
This caused http://dnscheck.pingdom.com  to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.
Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld
I'm not very familiar with Python and DNS, please verify ;) 
						
					 
					
						2014-07-18 13:03:09 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							42c891032d 
							
						 
					 
					
						
						
							
							don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d7a9e7cc17 
							
						 
					 
					
						
						
							
							run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7803ac9ca4 
							
						 
					 
					
						
						
							
							write explanatory text as we build DNS zones so we can help the user manage DNS off of the box  
						
						
						
					 
					
						2014-07-17 13:08:05 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							91cf45c843 
							
						 
					 
					
						
						
							
							add a comment  
						
						
						
					 
					
						2014-07-16 09:39:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							eac349187d 
							
						 
					 
					
						
						
							
							whats_next: move the admin alias check to the system section  
						
						
						
					 
					
						2014-07-16 09:36:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							023cd12e1a 
							
						 
					 
					
						
						
							
							hide lots of unnecessary and scary output during setup  
						
						
						
					 
					
						2014-07-16 09:36:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							465aaf2d30 
							
						 
					 
					
						
						
							
							check that we're running as root before doing anything  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							5a4f5b1874 
							
						 
					 
					
						
						
							
							move the welcome message to after the system checks  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c716fd27bf 
							
						 
					 
					
						
						
							
							refuse to start if the system has less than 768 MB of RAM, except when testing within Vagrant  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4e5b5f2852 
							
						 
					 
					
						
						
							
							Vagrant typo  
						
						
						
					 
					
						2014-07-16 09:36:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89376b10d0 
							
						 
					 
					
						
						
							
							Merge pull request  #111  from h8h/patch-1  
						
						... 
						
						
						
						Output SSL Cert Fingerprint can point to a wrong dir: Better to use $STORAGE_ROOT 
						
					 
					
						2014-07-16 09:36:22 -04:00 
						 
				 
			
				
					
						
							
							
								h8h 
							
						 
					 
					
						
						
						
						
							
						
						
							9b887d2e63 
							
						 
					 
					
						
						
							
							Use $STORAGE_ROOT  
						
						... 
						
						
						
						Better to use $STORAGE_ROOT instead of hardcoded /home/user-data/ 
						
					 
					
						2014-07-16 15:33:40 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9c7d476915 
							
						 
					 
					
						
						
							
							re-do catch-all aliases,  fixes   #107  (originally  #104 )  
						
						... 
						
						
						
						This reverts pull request #105  from jonessen96/master (84d2023f94 
						
					 
					
						2014-07-13 12:29:43 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							84d2023f94 
							
						 
					 
					
						
						
							
							Merge pull request  #105  from jonessen96/master  
						
						... 
						
						
						
						Fix validate_email not accepting catchalls (empty local part of the address) 
						
					 
					
						2014-07-12 17:05:07 -04:00 
						 
				 
			
				
					
						
							
							
								Jonas Platte 
							
						 
					 
					
						
						
						
						
							
						
						
							c35252720f 
							
						 
					 
					
						
						
							
							Prohibited usage of empty local part for validate_email(email, strict = true)  
						
						
						
					 
					
						2014-07-12 22:57:38 +02:00 
						 
				 
			
				
					
						
							
							
								Jonas Platte 
							
						 
					 
					
						
						
						
						
							
						
						
							70e4e7f7be 
							
						 
					 
					
						
						
							
							Fixed validate_email not accepting catchalls (empty local part of the address)  
						
						
						
					 
					
						2014-07-12 03:22:55 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fb357dee33 
							
						 
					 
					
						
						
							
							add z-push to the start script  
						
						
						
					 
					
						2014-07-12 00:04:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2a7669a0d3 
							
						 
					 
					
						
						
							
							z-push: an Exchange ActiveSync server  
						
						
						
					 
					
						2014-07-12 00:02:32 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							67c7391546 
							
						 
					 
					
						
						
							
							Roundcube's classic skin is nicer  
						
						
						
					 
					
						2014-07-11 21:52:46 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							85bd2c8804 
							
						 
					 
					
						
						
							
							use the Dovecot managesieve service to manage sieve scripts  
						
						... 
						
						
						
						This lets roundcube's manageseive plugin do cool things like vacation responses.
Also:
* Run the spam filtering sieve script out of a global sieve file that we'll place in /etc/dovecot. It is no longer necessary to create per-user sieve files for this. Remove them with a new migration. Remove the code that created them.
* Corrects the spam script. Backslashes were double-escaped probably because this script started embedded within the bash script. Not sure how this was working until now.
this adapts work by @h8h in #103  
						
					 
					
						2014-07-10 23:09:07 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e713af5f5a 
							
						 
					 
					
						
						
							
							refactor the mail setup scripts  
						
						... 
						
						
						
						As the scripts keep growing, it's time to split them up to
keep them understandable.
This splits mail.sh into mail-postfix.sh, mail-dovecot.sh,
and mail-users.sh, which has all of the user database-related
configurations shared by Dovecot and Postfix. Also from
spamassassin.sh the core sieve configuration is moved into
mail-dovecot.sh and the virtual transport setting is moved
into mail-postfix.sh.
Also revising one of the sed scripts in mail-dovecot to
not insert a new additional # at the start of a line each
time the script is run. 
						
					 
					
						2014-07-10 12:49:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6f51b49671 
							
						 
					 
					
						
						
							
							remove the hard-coded migration ID from setup.sh  
						
						
						
					 
					
						2014-07-10 12:49:19 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							41b3df6d78 
							
						 
					 
					
						
						
							
							manage hostmaster@ and postmaster@ automatically, create administrator@ during setup instead  
						
						... 
						
						
						
						closes  #94  
					
						2014-07-09 19:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							22a010ecb9 
							
						 
					 
					
						
						
							
							say that certificates are valid too in output  
						
						
						
					 
					
						2014-07-09 16:38:56 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							659b5c8aa3 
							
						 
					 
					
						
						
							
							if the server certificate can be used for a non-primary domain, use it  
						
						
						
					 
					
						2014-07-09 16:38:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6c70b10c15 
							
						 
					 
					
						
						
							
							tell users to restart nginx after plugging in a new cert  
						
						
						
					 
					
						2014-07-09 14:05:59 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							deebda06e1 
							
						 
					 
					
						
						
							
							utils.sort_domains wasn't right  
						
						
						
					 
					
						2014-07-09 12:35:12 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1a74b81f44 
							
						 
					 
					
						
						
							
							new nginx configuration yaml file to allow proxying of whole domains elsewhere  
						
						
						
					 
					
						2014-07-09 12:31:32 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							04e30ffa78 
							
						 
					 
					
						
						
							
							check that the installed certificate corresponds to the private key  
						
						
						
					 
					
						2014-07-08 15:47:54 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							10fbb2b293 
							
						 
					 
					
						
						
							
							in  cf7053c124 I allowed editconf.py to insert a setting where we find it already commented-out in order to get an nginx configuration line in the right place, but it wasn't quite right because when run again we would insert the setting a second time  
						
						
						
					 
					
						2014-07-08 00:48:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3bab63d4ce 
							
						 
					 
					
						
						
							
							update to Roundcube 1.0.1  
						
						
						
					 
					
						2014-07-08 00:37:53 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7339bf080a 
							
						 
					 
					
						
						
							
							add a web_update script to trigger writing nginx config  
						
						
						
					 
					
						2014-07-08 00:34:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							59a9d02fa5 
							
						 
					 
					
						
						
							
							check that installed certificates are for the domains we are using the certificates for  
						
						
						
					 
					
						2014-07-07 12:06:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3d4eadd436 
							
						 
					 
					
						
						
							
							the new migration management in  c8856f107d left out the part where we actually keep the system's current MIGRATIONID... it was being lost when setup/start.sh was re-run  
						
						
						
					 
					
						2014-07-07 11:29:21 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cf7053c124 
							
						 
					 
					
						
						
							
							set nginx server_names_hash_bucket_size to 64,  fixes   #93  
						
						
						
					 
					
						2014-07-07 11:23:41 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							430b2dec11 
							
						 
					 
					
						
						
							
							update default www page to link to the website,  fixes   #96  
						
						
						
					 
					
						2014-07-07 07:07:54 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ad3f6f8424 
							
						 
					 
					
						
						
							
							adding externals and .env to gitignore  
						
						
						
					 
					
						2014-07-07 07:06:36 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							65fb65ada7 
							
						 
					 
					
						
						
							
							an mx record may be missing if the A record matches the A record of PRIMARY_HOSTNAME  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							28e254fb84 
							
						 
					 
					
						
						
							
							whats_next: Allow the PRIMARY_HOSTNAME to not have an MX because the default value means the domain itself, which is what we want anyway  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e898cd5d2a 
							
						 
					 
					
						
						
							
							whats_next: wrap output to the actual width of the terminal  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6a231d4409 
							
						 
					 
					
						
						
							
							clarify that an SSL cert can remain self-signed on the non-primary domains if the domain isn't being used for web  
						
						
						
					 
					
						2014-07-07 02:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							dcce98f84b 
							
						 
					 
					
						
						
							
							and remove the old documentation now that there is documentation on the website  
						
						
						
					 
					
						2014-07-06 11:57:57 -04:00