Commit Graph

137 Commits

Author SHA1 Message Date
Joshua Tauberer a35fa12465 script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate 2014-06-04 11:38:20 +00:00
Joshua Tauberer ea62c2419d typo in updating DKIM, dont regenerate the DKIM private key each time setup is run 2014-06-03 21:42:33 +00:00
Joshua Tauberer 2a9349a64e show the SSL certificate's fingerprint during setup so the user can sort of pin it 2014-06-03 21:39:49 +00:00
Joshua Tauberer bb7905aefd on second and later runs of start.sh, recall the inputs the user entered the last time 2014-06-03 21:31:13 +00:00
Joshua Tauberer 24edd5ce91 the SSL CSR must be generated with a country code 2014-06-03 21:17:10 +00:00
Joshua Tauberer 89730bd643 new backup script, see #11 2014-06-03 21:16:38 +00:00
Joshua Tauberer 51dd2ed70b update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00
Joshua Tauberer c54b0cbefc move management into a daemon service running as root
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.

This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
Joshua Tauberer da15ae5375 rename the scripts directory to setup 2014-06-03 11:12:38 +00:00
Joshua Tauberer af03feb389 remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)
partially reverts 6d473f81ac
2014-05-23 09:01:03 +00:00
Joshua Tauberer 19aba091d7 test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation 2014-05-17 08:32:40 -04:00
Joshua Tauberer f91830f0e3 clean up README a bit; moving the bit Rationale into the github wiki 2014-05-15 08:57:44 -04:00
Joshua Tauberer 6d473f81ac add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client 2014-05-15 12:10:35 +00:00
Joshua Tauberer b646771517 redirect all HTTP to HTTPS and enable HSTS, closes #18 2014-05-14 12:15:11 +00:00
Joshua Tauberer 091a58ac94 dns_update needs to run with bash when run directly, see #39 2014-05-12 23:38:55 +00:00
Joshua Tauberer c722625041 test_dns: add ADSP and DMARC tests, see #14 2014-05-10 08:03:18 -04:00
Joshua Tauberer c403895f95 test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME) 2014-05-10 08:03:13 -04:00
Joshua Tauberer bdadf3017d test_dns: handle case where a DNS record is missing (vs incorrect) 2014-05-10 08:03:07 -04:00
Joshua Tauberer d5971e383b add ADSP and DMARC records; see #14 2014-05-10 11:58:27 +00:00
Joshua Tauberer a8938e107e DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain 2014-05-10 11:58:27 +00:00
Joshua Tauberer cfcb5f5bbd merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker
See http://phusion.github.io/baseimage-docker/ for why the stock Ubuntu
image from Docker is not good enough for a complex system.

Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.

see #16; merges #49
2014-05-06 10:05:14 -04:00
Joshua Tauberer 80b367ab07 test_mail: gracefully handled when the server has no reverse DNS available 2014-05-06 10:02:29 -04:00
Joshua Tauberer 63ef8f7b04 missing wget dependency used by roundcube installation 2014-05-06 10:02:06 -04:00
Joshua Tauberer e247929386 docker: don't start services ourself
* let the base image's system services manager handle it
* move our container start script to occur before system services are started
2014-05-06 10:00:30 -04:00
Joshua Tauberer 1db0dd3092 system.sh: make apt-get upgrade quieter 2014-05-06 09:57:11 -04:00
Joshua Tauberer fbd7d731e8 docker: fix startup scripts for nsd and dovecot to run them in the foreground 2014-05-06 09:56:20 -04:00
Joshua Tauberer 0659a0bb16 Merge branch 'better_docker' of https://github.com/pjz/mailinabox into pjz-better_docker
our trees had diverged, various conflicts resolved
2014-05-02 14:54:21 -04:00
Joshua Tauberer 189dd6000e docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then 2014-05-02 14:23:56 -04:00
Joshua Tauberer 3fdcbe542f don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name 2014-05-02 14:22:59 -04:00
Joshua Tauberer 89bb5da986 dns: missing dependency on bc 2014-05-02 14:18:26 -04:00
Paul Jimenez 5ceec760b9 Better Dockerfile support 2014-05-02 13:03:37 -04:00
Joshua Tauberer acec82950b docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e and setting an environment variable) 2014-05-01 22:39:45 -04:00
Joshua Tauberer 2f6e0ded7a docker: cleanup comments and make the installation of sshd quieter 2014-05-01 22:36:14 -04:00
Joshua Tauberer f0afa7e8dc docker: add some example run commands for debugging a container or having it take over host ports 2014-05-01 22:29:00 -04:00
Joshua Tauberer 89240a4fab docker: do ADD container/docker later on so that the Dockerfile can be updated and still reuse a cached image after the major setup steps are done 2014-05-01 22:18:45 -04:00
Joshua Tauberer 16c0a9d342 docker: if container was launched with a tty start bash otherwise loop forever to keep the container going 2014-05-01 22:16:14 -04:00
Joshua Tauberer 7999eae857 Merge pull request #47 from randallsquared/master
don't reject mail to domains that only have aliases and not users
2014-05-01 18:21:19 -04:00
Randall Randall 8fcb10cc0a don't reject alias-only domains 2014-05-01 22:14:04 +00:00
Joshua Tauberer 74ec3d9696 ssl: there is no need to use -des3 in key generation if we're just going to remove the passphrase
thanks @konklone for discussion
2014-05-01 16:47:24 -04:00
Joshua Tauberer 532c9aa7fd move the Dockerfile to the root to allow the working directory of the repo to be pushed inside the image (rather than inside the container getting a fresh mailinabox from github) so changes in the working copy can be tested in Docker quickly / without pushing to github 2014-05-01 16:39:12 -04:00
Joshua Tauberer 19f5f144ae installing roundcube from debian would cause update from ubuntu later, now install from Ubuntu debs
We were installing .deb's from Debian. The next apt-get upgrade would cause roundcube to be upgraded.
Maybe that also triggered the installation of apache. Now install roundcube from Ubuntu. So long as
Ubuntu doesn't post an update to roundcube, at least it won't trigger an upgrade on the next
apt-get upgrade. This should also mean we don't need to purge the installation of apache2.

Also try using apt-mark hold to prevent roundcube from being updated, in case that will trigger
dependencies.
2014-05-01 20:34:41 +00:00
Joshua Tauberer e413680f62 add a bash function ufw_allow which calls 'ufw allow' but hides its totally useless output 2014-05-01 19:35:18 +00:00
Joshua Tauberer 66269f910f make a bash function to use everywhere we apt-get-install (`DEBIAN_FRONTEND=noninteractive apt-get -qq -y `)
ensures the output is quiet
2014-05-01 19:24:16 +00:00
Joshua Tauberer 80bf60715e Merge pull request #45 from randallsquared/master
enable roundcube's password-change plugin
2014-04-30 15:11:23 -04:00
Randall Randall abe277e393 Use STORAGE_ROOT in DSN 2014-04-30 14:52:23 -04:00
Randall Randall 410a91504e Use STORAGE_ROOT where appropriate 2014-04-30 14:50:11 -04:00
Randall Randall 43461fc14b enable and configure password-change plugin for roundcube 2014-04-30 13:07:15 -04:00
Joshua Tauberer 52fe6922ee add warnings about using a fresh machine because I wont support installing this on an existing machine 2014-04-26 12:08:17 +00:00
Joshua Tauberer ef40f9247d Merge pull request #40 from jmedding/master
List a DKIM and SPF testing tool in the documentation.
2014-04-26 07:50:31 -04:00
Joshua Tauberer 296d2941db 'service nsd rebuild' is no longer a thing
Seems like it was removed in nsd4 (since Ubuntu 14.04). It now
silently does nothing.

Fixes #41.
2014-04-26 11:47:31 +00:00