Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7fa4862f1a 
							
						 
					 
					
						
						
							
							refactor dns_update so that the zone is first generated in a file-format agnostic way  
						
						
						
					 
					
						2014-06-04 19:00:31 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8ed15168c0 
							
						 
					 
					
						
						
							
							the new dns_update totally forgot to write the OpenDKIM tables  
						
						
						
					 
					
						2014-06-04 18:44:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f0d036504 
							
						 
					 
					
						
						
							
							the bc package is no longer needed since redoing dns_update  
						
						
						
					 
					
						2014-06-04 17:27:01 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d6e6cfd3c9 
							
						 
					 
					
						
						
							
							mail test: catch typical connecting errors and display nicer output  
						
						
						
					 
					
						2014-06-04 17:13:06 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fff06f7d71 
							
						 
					 
					
						
						
							
							improve DNS test output  
						
						
						
					 
					
						2014-06-04 17:01:49 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2bbb7a5e7e 
							
						 
					 
					
						
						
							
							remove Docker stuff since it doesnt work  
						
						
						
					 
					
						2014-06-04 10:57:23 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a35fa12465 
							
						 
					 
					
						
						
							
							script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate  
						
						
						
					 
					
						2014-06-04 11:38:20 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ea62c2419d 
							
						 
					 
					
						
						
							
							typo in updating DKIM, dont regenerate the DKIM private key each time setup is run  
						
						
						
					 
					
						2014-06-03 21:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2a9349a64e 
							
						 
					 
					
						
						
							
							show the SSL certificate's fingerprint during setup so the user can sort of pin it  
						
						
						
					 
					
						2014-06-03 21:39:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bb7905aefd 
							
						 
					 
					
						
						
							
							on second and later runs of start.sh, recall the inputs the user entered the last time  
						
						
						
					 
					
						2014-06-03 21:31:13 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							24edd5ce91 
							
						 
					 
					
						
						
							
							the SSL CSR must be generated with a country code  
						
						
						
					 
					
						2014-06-03 21:17:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89730bd643 
							
						 
					 
					
						
						
							
							new backup script, see  #11  
						
						
						
					 
					
						2014-06-03 21:16:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							51dd2ed70b 
							
						 
					 
					
						
						
							
							update nginx SSL options,  fixes   #61  
						
						
						
					 
					
						2014-06-03 14:06:02 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c54b0cbefc 
							
						 
					 
					
						
						
							
							move management into a daemon service running as root  
						
						... 
						
						
						
						* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.
This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed. 
						
					 
					
						2014-06-03 13:56:40 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							da15ae5375 
							
						 
					 
					
						
						
							
							rename the scripts directory to setup  
						
						
						
					 
					
						2014-06-03 11:12:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							af03feb389 
							
						 
					 
					
						
						
							
							remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)  
						
						... 
						
						
						
						partially reverts 6d473f81ac 
						
					 
					
						2014-05-23 09:01:03 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							19aba091d7 
							
						 
					 
					
						
						
							
							test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation  
						
						
						
					 
					
						2014-05-17 08:32:40 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f91830f0e3 
							
						 
					 
					
						
						
							
							clean up README a bit; moving the bit Rationale into the github wiki  
						
						
						
					 
					
						2014-05-15 08:57:44 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6d473f81ac 
							
						 
					 
					
						
						
							
							add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client  
						
						
						
					 
					
						2014-05-15 12:10:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b646771517 
							
						 
					 
					
						
						
							
							redirect all HTTP to HTTPS and enable HSTS,  closes   #18  
						
						
						
					 
					
						2014-05-14 12:15:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							091a58ac94 
							
						 
					 
					
						
						
							
							dns_update needs to run with bash when run directly, see  #39  
						
						
						
					 
					
						2014-05-12 23:38:55 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c722625041 
							
						 
					 
					
						
						
							
							test_dns: add ADSP and DMARC tests, see  #14  
						
						
						
					 
					
						2014-05-10 08:03:18 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c403895f95 
							
						 
					 
					
						
						
							
							test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME)  
						
						
						
					 
					
						2014-05-10 08:03:13 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							bdadf3017d 
							
						 
					 
					
						
						
							
							test_dns: handle case where a DNS record is missing (vs incorrect)  
						
						
						
					 
					
						2014-05-10 08:03:07 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							d5971e383b 
							
						 
					 
					
						
						
							
							add ADSP and DMARC records; see  #14  
						
						
						
					 
					
						2014-05-10 11:58:27 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a8938e107e 
							
						 
					 
					
						
						
							
							DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain  
						
						
						
					 
					
						2014-05-10 11:58:27 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cfcb5f5bbd 
							
						 
					 
					
						
						
							
							merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker  
						
						... 
						
						
						
						See http://phusion.github.io/baseimage-docker/  for why the stock Ubuntu
image from Docker is not good enough for a complex system.
Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.
see #16 ; merges #49  
						
					 
					
						2014-05-06 10:05:14 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							80b367ab07 
							
						 
					 
					
						
						
							
							test_mail: gracefully handled when the server has no reverse DNS available  
						
						
						
					 
					
						2014-05-06 10:02:29 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							63ef8f7b04 
							
						 
					 
					
						
						
							
							missing wget dependency used by roundcube installation  
						
						
						
					 
					
						2014-05-06 10:02:06 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e247929386 
							
						 
					 
					
						
						
							
							docker: don't start services ourself  
						
						... 
						
						
						
						* let the base image's system services manager handle it
* move our container start script to occur before system services are started 
						
					 
					
						2014-05-06 10:00:30 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1db0dd3092 
							
						 
					 
					
						
						
							
							system.sh: make apt-get upgrade quieter  
						
						
						
					 
					
						2014-05-06 09:57:11 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							fbd7d731e8 
							
						 
					 
					
						
						
							
							docker: fix startup scripts for nsd and dovecot to run them in the foreground  
						
						
						
					 
					
						2014-05-06 09:56:20 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0659a0bb16 
							
						 
					 
					
						
						
							
							Merge branch 'better_docker' of  https://github.com/pjz/mailinabox  into pjz-better_docker  
						
						... 
						
						
						
						our trees had diverged, various conflicts resolved 
						
					 
					
						2014-05-02 14:54:21 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							189dd6000e 
							
						 
					 
					
						
						
							
							docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then  
						
						
						
					 
					
						2014-05-02 14:23:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3fdcbe542f 
							
						 
					 
					
						
						
							
							don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name  
						
						
						
					 
					
						2014-05-02 14:22:59 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89bb5da986 
							
						 
					 
					
						
						
							
							dns: missing dependency on bc  
						
						
						
					 
					
						2014-05-02 14:18:26 -04:00 
						 
				 
			
				
					
						
							
							
								Paul Jimenez 
							
						 
					 
					
						
						
						
						
							
						
						
							5ceec760b9 
							
						 
					 
					
						
						
							
							Better Dockerfile support  
						
						
						
					 
					
						2014-05-02 13:03:37 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							acec82950b 
							
						 
					 
					
						
						
							
							docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting  a510e08f9e and setting an environment variable)  
						
						
						
					 
					
						2014-05-01 22:39:45 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2f6e0ded7a 
							
						 
					 
					
						
						
							
							docker: cleanup comments and make the installation of sshd quieter  
						
						
						
					 
					
						2014-05-01 22:36:14 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f0afa7e8dc 
							
						 
					 
					
						
						
							
							docker: add some example run commands for debugging a container or having it take over host ports  
						
						
						
					 
					
						2014-05-01 22:29:00 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							89240a4fab 
							
						 
					 
					
						
						
							
							docker: do ADD container/docker later on so that the Dockerfile can be updated and still reuse a cached image after the major setup steps are done  
						
						
						
					 
					
						2014-05-01 22:18:45 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							16c0a9d342 
							
						 
					 
					
						
						
							
							docker: if container was launched with a tty start bash otherwise loop forever to keep the container going  
						
						
						
					 
					
						2014-05-01 22:16:14 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7999eae857 
							
						 
					 
					
						
						
							
							Merge pull request  #47  from randallsquared/master  
						
						... 
						
						
						
						don't reject mail to domains that only have aliases and not users 
						
					 
					
						2014-05-01 18:21:19 -04:00 
						 
				 
			
				
					
						
							
							
								Randall Randall 
							
						 
					 
					
						
						
						
						
							
						
						
							8fcb10cc0a 
							
						 
					 
					
						
						
							
							don't reject alias-only domains  
						
						
						
					 
					
						2014-05-01 22:14:04 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							74ec3d9696 
							
						 
					 
					
						
						
							
							ssl: there is no need to use -des3 in key generation if we're just going to remove the passphrase  
						
						... 
						
						
						
						thanks @konklone for discussion 
						
					 
					
						2014-05-01 16:47:24 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							532c9aa7fd 
							
						 
					 
					
						
						
							
							move the Dockerfile to the root to allow the working directory of the repo to be pushed inside the image (rather than inside the container getting a fresh mailinabox from github) so changes in the working copy can be tested in Docker quickly / without pushing to github  
						
						
						
					 
					
						2014-05-01 16:39:12 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							19f5f144ae 
							
						 
					 
					
						
						
							
							installing roundcube from debian would cause update from ubuntu later, now install from Ubuntu debs  
						
						... 
						
						
						
						We were installing .deb's from Debian. The next apt-get upgrade would cause roundcube to be upgraded.
Maybe that also triggered the installation of apache. Now install roundcube from Ubuntu. So long as
Ubuntu doesn't post an update to roundcube, at least it won't trigger an upgrade on the next
apt-get upgrade. This should also mean we don't need to purge the installation of apache2.
Also try using apt-mark hold to prevent roundcube from being updated, in case that will trigger
dependencies. 
						
					 
					
						2014-05-01 20:34:41 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e413680f62 
							
						 
					 
					
						
						
							
							add a bash function ufw_allow which calls 'ufw allow' but hides its totally useless output  
						
						
						
					 
					
						2014-05-01 19:35:18 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							66269f910f 
							
						 
					 
					
						
						
							
							make a bash function to use everywhere we apt-get-install (DEBIAN_FRONTEND=noninteractive apt-get -qq -y )  
						
						... 
						
						
						
						ensures the output is quiet 
						
					 
					
						2014-05-01 19:24:16 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							80bf60715e 
							
						 
					 
					
						
						
							
							Merge pull request  #45  from randallsquared/master  
						
						... 
						
						
						
						enable roundcube's password-change plugin 
						
					 
					
						2014-04-30 15:11:23 -04:00