Joshua Tauberer
2f467556bd
new ssl cert provisioning broke if a domain doesnt yet have a cert, fixes #1392
2018-07-19 11:40:49 -04:00
Joshua Tauberer
2a72c800f6
replace free_tls_certificates with certbot
2018-06-29 16:46:21 -04:00
Joshua Tauberer
8be23d5ef6
ssl_certificates: reuse query_dns function in status_checks and simplify calls by calling normalize_ip within query_dns
2018-06-29 16:46:21 -04:00
Joshua Tauberer
1eba7b0616
send the mail_log.py report to the box admin every Monday
2018-02-25 11:55:06 -05:00
Joshua Tauberer
9c7820f422
mail_log.py: include sent mail in the logins report in a new smtp column
2018-02-24 09:24:15 -05:00
Joshua Tauberer
87ec4e9f82
mail_log.py: refactor the dovecot login collector
2018-02-24 09:24:14 -05:00
Joshua Tauberer
08becf7fa3
the hidden feature for proxying web requests now sets X-Forwarded-For
2018-02-24 09:24:14 -05:00
NatCC
fe597da7aa
Update users.html ( #1345 )
...
Passwords must be eight characters long; when passwords are changed via the users page the dialog states that passwords need to be at least four characters but only eight or more are acceptable.
2018-02-03 17:49:11 -05:00
Joshua Tauberer
61e9888a85
Cdon't try to generate a CSR in the control panel until both the domain and country are selected
...
Fixes #1338 .
See 0e9680fda63c33ace3f34ca7126617fb0efe8ffc, a52c56e571
.
2018-01-28 09:08:24 -05:00
Joshua Tauberer
ef6f121491
when generating a CSR in the control panel, don't set empty attributes
...
Same as in a52c56e571
.
Fixes #1338 .
2018-01-28 09:07:54 -05:00
Joshua Tauberer
8d6d84d87f
run mailconfig.py's email address validator outside of the virtualenv during questions.sh
...
We don't have the virtualenv this early in setup.
Broken by 0088fb4553
.
Fixes #1326 .
See https://discourse.mailinabox.email/t/that-is-not-a-valid-email-error-during-mailinabox-installation/2793 .
2018-01-20 10:59:37 -05:00
Joshua Tauberer
0088fb4553
install Python 3 packages in a virtualenv
...
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.
See #1298 , see #1264 .
2018-01-15 13:27:04 -05:00
Joshua Tauberer
5f14eca67f
merge v0.25 security release
2017-11-15 11:27:30 -05:00
John Olten
544f155948
Add support for DNS wildcard [merges #1281 ]
2017-11-15 11:10:59 -05:00
Jānis (Yannis)
7bf377eed1
use RSASHA256 for .lv domains DNSSEC ( #1277 )
2017-10-31 18:01:47 -04:00
Nicolas North
cd554cf480
document the "local" alias pointing to this box in Custom DNS ( #1261 )
2017-10-20 17:20:21 -04:00
Fabian Bucher
341aa8695a
update F-Droid DAVdroid link ( #1253 )
...
the information about the invalid link comes from here -> https://discourse.mailinabox.email/t/admin-sync-guide-contacts-and-calendar-davdroid-3-69-free-here/2528
2017-10-04 17:47:15 -04:00
Joshua Tauberer
cc7be13098
update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months
...
* The Mozilla recommendations must have been updated in the last few years.
* The HSTS header must have >=6 months to get an A+ at ssllabs.com/ssltest.
2017-10-03 11:47:32 -04:00
Joshua Tauberer
35b8a149d8
fix dns regex: underscores are allowed in domain names even though they are not allowed in hostnames
2017-09-22 12:31:49 -04:00
Marius Blüm
48ff664ee9
Remove the ? from "Log out" ( #1231 )
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2017-08-23 19:46:45 -04:00
Git Repository
19a928e4ec
[Issue #1159 ] Remove any +tag name in email alias before checking privileges ( #1181 )
...
* [Issue #1159 ] Remove any +tag name in email alias before checking privileges
* Move priprivileged email check after the conversion to unicode so only IDNA serves as input
2017-07-21 11:10:16 -04:00
Michael Kroes
78f2fe213e
Secondary name server could not be set ( #1209 )
2017-07-21 08:20:37 -04:00
Michael Kroes
a16855ecf0
Backup script should now stop php7.0-fpm instead of php5-fpm ( #1206 )
2017-07-17 09:45:40 -04:00
Michael Kroes
2c324d0bc9
web_domains should also normalize ipv6 addresses ( #1201 )
2017-07-13 07:16:12 -04:00
François Deppierraz
46ba62b7b1
Add support for NS records in custom domains ( #1177 )
2017-06-11 07:56:30 -04:00
Michael Kroes
e49c99890b
fetch whole bootstrap - fixes missing icons in admin ( #1185 )
2017-05-31 07:36:17 -04:00
Git Repository
18f1689f45
changed the location we store the web-assets for the admin pages to /usr/local/mailinabox ( #1179 )
2017-05-23 19:22:53 -04:00
Git Repository
8234a5a9f4
download jQuery and Bootstrap during setup and serve locally so that we don't rely on a CDN which is blocked in some parts of the world ( #1167 ) ( #1171 )
2017-05-08 07:25:16 -04:00
Michael Kroes
d2b7204319
Add support for adding a custom "CAA" DNS record ( #1155 )
2017-04-30 08:58:00 -04:00
Joshua Tauberer
add985ce5d
letencrypt now supports idna, remove the check/block
2017-04-17 07:45:08 -04:00
yodax
b66f12dd4c
Fix rsync backup. The path was not append properly
2017-04-17 07:25:47 -04:00
yodax
6e04eb490f
Add check to prevent division by zero during backup status
2017-04-17 07:25:47 -04:00
Michael Kroes
a072730fb8
Wrap normalize_ip in try..except ( #1139 )
...
closes #1134
2017-04-03 16:53:53 -04:00
Rinze de Laat
9c9cae2096
Added an alternative mail log scanning script for use from the command line (and monitoring, at a later stage)
...
merges #970
2017-03-26 09:13:35 -04:00
Théo Segonds
423f1907d0
Fix zpush compatibility list link ( #1076 )
2017-03-26 09:09:00 -04:00
Sean Watson
86621392f6
support SSHFP records for custom domains ( #1114 )
2017-03-09 09:05:52 -05:00
Sean Watson
368b9c50d0
add DSA and ED25519 SSHFP records if those keys are present ( #1078 )
2017-03-01 08:02:41 -05:00
Ian Beringer
89222d519a
Fix date delta display for deltas greater than 1 year ( #1099 )
2017-02-15 18:24:32 -05:00
Dominik Murzynowski
36bef2ee16
Change password min-length to 8 characters ( #1098 )
2017-02-14 14:24:59 -05:00
Joshua Tauberer
a24977a96e
normalize_ip for ipv6 still not correct, was broken if box has no IPv6 address
2017-01-18 07:51:59 -05:00
Joshua Tauberer
a081d04082
move the custom exclusive process code from utils.py into a new python package named exclusiveprocess
2017-01-15 11:02:23 -05:00
Jonathan Chun
584cfe42c4
compare IPv6 addresses correctly with normalization ( #1052 )
2017-01-15 10:41:12 -05:00
Michael Kroes
41601a592f
Improve error handling when doing update checks ( #1065 )
...
* Added an error message to handle exceptions when the setup script is trying to determine the latest Miab version
2017-01-15 10:35:33 -05:00
guyzmo
34d58fb720
Fix/rsync issues ( #1036 )
...
* Fixed issue with relative path for rsync relative names
Actually using the parsed URL `path` part, instead of doing a lousy split().
Renamed the `p` variable into something more sensible (`target`).
Fixes : #1019
* Added more verbose error messages upon rsync failures
fixes #1033
* Added command to test file listing
2016-12-17 09:29:48 -05:00
Joshua Tauberer
99d0afd650
secondary nameserver check fails if domain has custom DNS (round-robin) multiple A records
...
fixes #834
2016-12-07 07:02:52 -05:00
Joshua Tauberer
cd717ec94e
nightly TLS certificate provisioning should omit warnings about domains it cant provision for
2016-12-07 07:02:52 -05:00
Joshua Tauberer
96b3a29800
rsync backup broke other things
2016-11-12 09:59:06 -05:00
guyzmo
041b5f883f
Support for rsync+ssh backup target ( #678 )
...
* Added support for backup to a remote server using rsync
* updated web interface to get data from user
* added way to list files from server
It’s not using the “username” field of the yaml configuration
file to minimise the amount of patches needed. So the username
is actually sorted within the rsync URL.
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* Added ssh key generation upon installation for root user.
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* Removed stale blank lines, and fixed typo
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* fix backup-location lines, by switching it from id to class
* Various web UI fixes
- fixed user field being shadowed ;
- fixed settings reading comparaison ;
- fixed forgotten min-age field.
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* Added SSH Public Key shown on the web interface UI
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* trailing spaces.
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* fixed the extraneous environment
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* Updated key setup
- made key lower in bits, but stronger (using -a option),
- made ssh-keygen run in background using nohup,
- added independent key file, as id_rsa_miab,
- added ssh-options to all duplicity calls to use the id_rsa_miab keyfile,
- changed path to the public key display
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* added rsync options for ssh identity support
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* removed strict host checking for all backup operations
Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>
* Remove nohup from ssh-keygen so errors aren't hidden. Also only generate a key if none exists yet
* Add trailing slash when checking a remote backup. Also check if we actually can read the remote size
* Factorisation of the repeated rsync/ssh options
cf https://github.com/mail-in-a-box/mailinabox/pull/678#discussion_r81478919
* Updated message SSH key creation
https://github.com/mail-in-a-box/mailinabox/pull/678#discussion_r81478886
2016-11-12 09:28:55 -05:00
yodax
3b78a8d9d6
If ufw isn't installed on the machine the status checks shouldn't fail
2016-11-12 09:25:34 -05:00
rxcomm
bbe27df413
SSHFP record creation should scan nonstandard SSH port if necessary ( #974 )
...
* sshfp records from nonstandard ports
If port 22 is not open, dns_update.py will not create SSHFP records
because it only scans port 22 for keys. This commit modifies
dns_update.py to parse the sshd_config file for open ports, and
then obtains keys from one of them (even if port 22 is not open).
* modified test of s per JoshData request
* edit CHANGELOG per JoshData
* fix typo
2016-10-15 15:36:13 -04:00
Michael Kroes
a658abc95f
Fix status checks for ufw when the system doesn't support iptables ( #961 )
2016-10-08 14:35:19 -04:00
Steve Gregg
8b5eba21c0
Correct typo of "PRIORITY" in the template ( #965 )
2016-10-05 18:43:50 -04:00
Marius Blüm
3ac4b8aca8
Remove Certificate Providers / Fix #950
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-09-27 15:06:50 +02:00
Marius Blüm
5f0376bfbf
Fix typo in alias-page, fixes #943 (merges #949 )
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-09-23 15:11:37 -04:00
Joshua Tauberer
c26bc841a2
more for dnspython exception with IPv6 addresses
...
fixes #945 , corrects prev commit (#947 ) in case of multiple AAAA records, adds changelog
2016-09-23 07:41:24 -04:00
Mathis Hoffmann
163daea41c
dnspython exception with IPv6 addresses
...
see #945 , merges #947
2016-09-23 07:35:53 -04:00
Scott Bronson
102b2d46ab
typo fix: seconday -> secondary ( #939 )
2016-09-18 08:10:49 -04:00
cs@twoflower
00bd23eb04
fix status_checks.py free disk space reporting #932
2016-09-15 17:01:21 +01:00
Joshua Tauberer
35a360ef0b
simplify how munin-cgi-graph is called to reduce the attack surface area
...
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
2016-08-19 12:42:43 -04:00
Marius Blüm
942bcfc7c5
Update Bootstrap to 3.3.7 ( #909 )
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-08-15 18:06:12 -04:00
Joshua Tauberer
1aca6fe08f
some minor tweaks to the new users/aliases API documentation
2016-08-08 07:28:10 -04:00
Joshua Tauberer
cf3e1cd595
add SRV records for CardDAV/CalDAV
...
DavDroid's latest version's account configuration no longer just asked for a hostname. Its email address & password configuration mode did not work without a SRV record.
2016-07-31 20:53:57 -04:00
Joshua Tauberer
b044dda28f
put the ufw status checks in the network section, add a punctuation mark, add changelog entry
2016-07-29 09:23:36 -04:00
Joshua Tauberer
f66f39b61d
Merge branch 'ufw_status_check' of https://github.com/yodax/mailinabox
2016-07-29 09:16:22 -04:00
Joshua Tauberer
cbc4bf553d
Merge pull request #880 from schlypel/master
...
Added information about API endpoints
2016-07-29 09:04:27 -04:00
Joshua Tauberer
8844a9185f
Merge pull request #798 from mail-in-a-box/fail2banjails
...
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
2016-07-29 08:52:44 -04:00
schlypel
3249a55f3a
added API info to users page template
2016-06-29 13:35:42 +02:00
schlypel
b58fb54725
added API info to aliases page template
2016-06-29 13:34:54 +02:00
Rinze
1c84e0aeb6
Added received mail count to hourly activity overview in mail log management script
2016-06-10 13:08:57 +02:00
Rinze
ae1b56d23f
Added POP3 support to mail log management script
2016-06-10 11:19:03 +02:00
Rinze
946cd63e8e
Mail log management script cleanup
2016-06-10 10:32:32 +02:00
Michael Kroes
01fa8cf72c
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
...
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
Joshua Tauberer
9ee2d946b7
Merge pull request #821 from m4rcs/before-backup
...
Added a pre-backup script to complement post-backup script.
2016-05-17 19:48:14 -04:00
Arnaud
ff7d4196a6
target to blank for munin link in tempalte ( #822 )
...
adding :
target="_blank"
to
<li><a href="/admin/munin">Munin Monitoring</a></li> on line 96
Why ?
Because when you click on munin link, and follow links, you lose your index, or click back many times...
So i propose my pull request.
Et voilà ^^
2016-05-17 19:46:45 -04:00
aspdye
490b36d86c
Fix #819 ( #823 )
2016-05-17 19:46:10 -04:00
Marc Schiller
69bd137b4e
Added a pre-backup script to complement post-backup script.
2016-05-11 10:11:16 +02:00
Joshua Tauberer
6d259a6e12
use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost"
...
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.
This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12 .)
I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.
Fixes #797
2016-05-06 09:10:38 -04:00
Joshua Tauberer
6eeb107ee3
Merge #795 - Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-24 06:27:50 -04:00
aspdye
79a39d86f9
reseller -> provider
2016-04-23 15:18:21 +02:00
aspdye
0ebf33e9df
Make clear that Let's Encrypt is reccomended!
2016-04-23 11:35:02 +02:00
aspdye
f65d9d3196
Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-09 13:27:27 +02:00
Michael Kroes
736b3de221
Improve matching of ufw output. Reuse network service list. Improve messages
2016-04-07 16:03:28 +02:00
Michael Kroes
42f2e983e5
Merge branch 'master' into ufw_status_check
2016-04-07 15:13:59 +02:00
msgerbs
703a963ae5
Add SRV record to the Custom DNS page
...
Add SRV to the drop-down to add a custom DNS zone. I made this change on my up-to-date install and it worked without any issues.
2016-04-05 00:54:26 -05:00
Michael Kroes
c9f30e8059
Add status checks for ufw
2016-04-02 13:41:16 +02:00
Joshua Tauberer
252c35c66e
Merge pull request #772 from yodax/generic-login-message
...
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
2016-03-26 09:22:02 -04:00
Michael Kroes
f292e8fc5b
Add generic login failed message
2016-03-26 14:06:43 +01:00
Michael Kroes
d7d8bda0a4
Instructions on how to create a web site for a domain weren't rendered. Users would miss the step about manually creating the directory to put files in there and wouldn't see anything happen
2016-03-25 13:37:55 +01:00
Joshua Tauberer
74a0359cec
Merge pull request #763 from Neopallium/master
...
Fix creation of custom MX records.
2016-03-23 17:22:42 -04:00
Joshua Tauberer
5edefbec27
merge #735 - Allow a server to be rebooted when a reboot is required
2016-03-23 16:39:40 -04:00
Joshua Tauberer
67555679bd
move the reboot button, fix grammar, refactor check for DRY, add changelog entry
2016-03-23 16:37:15 -04:00
Joshua Tauberer
546d6f0026
merge #674 - Support munin's cgi dynazoom
2016-03-23 16:10:30 -04:00
Joshua Tauberer
bd86d44c8b
simplify the munin_cgi wrapper / add changelog entry
2016-03-23 16:09:19 -04:00
Robert G. Jakabosky
72fcb005b2
Check MX priority.
2016-03-22 03:07:14 +08:00
Robert G. Jakabosky
84638ab11e
Fix creation of custom MX records.
2016-03-21 21:12:08 +08:00
Joshua Tauberer
49ea9cddd1
ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited
2016-03-06 14:39:34 -05:00
Joshua Tauberer
3bbec18ac6
Merge pull request #734 from yodax/dynamicpool
...
Create a temporary multiprocessing pool
2016-02-28 12:39:11 -05:00
Joshua Tauberer
2be373fd06
Merge pull request #727 from yodax/userlist
...
Allow files in /home/user-data/mail/mailboxes
2016-02-28 12:33:38 -05:00
Michael Kroes
b71ad85e9f
Restore an empty line
2016-02-26 09:51:22 +01:00
Michael Kroes
8ea2f5a766
Allow a server to be rebooted when a reboot is required
2016-02-25 21:56:27 +01:00
yodax
6c1357e16c
Merge branch 'master' into dynamicpool
2016-02-23 17:01:13 +01:00
Joshua Tauberer
5cabfd591b
(re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly
...
This was originally fixed in 143bbf37f4
(February 16, 2015). Then I broke it in 7a93d219ef
(November 2015) while doing some refactoring ahead of v0.15.
2016-02-23 10:16:04 -05:00
yodax
721730f0e8
Create a temporary multiprocessing pool
2016-02-23 06:32:01 +01:00
Joshua Tauberer
af80849857
Merge pull request #732 from yodax/memory
...
Reduce percentages for required free memory checks
2016-02-22 15:02:50 -05:00
Joshua Tauberer
4b2e48f2c0
Merge pull request #726 from yodax/login
...
When previous panel was login, move to system_status
2016-02-22 14:44:23 -05:00
yodax
1b24e2cbaf
Reduce percentages for required memory checks
2016-02-22 17:49:19 +01:00
yodax
0843159fb4
Reduce number of processes in the pool to 5
2016-02-22 17:38:30 +01:00
yodax
057903a303
Allow files in /home/user-data/mail/mailboxes
2016-02-21 13:49:07 +01:00
yodax
b8e99c30a2
When previous panel was login, move to system_status
2016-02-20 18:42:28 +01:00
Joshua Tauberer
23ecff04b8
the logic in 4ed23f44e6
for taking backups more often was partly backward
2016-02-18 07:50:59 -05:00
Joshua Tauberer
36cb2ef41d
missing elif
2016-02-16 09:11:54 -05:00
Joshua Tauberer
1ba44b02d4
forgot to catch free_tls_certificates.client.ChallengeFailed
...
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it
2016-02-15 18:22:16 -05:00
Joshua Tauberer
2f24328608
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
...
Made a mistake refactoring the headless variable earlier.
fixes #696
2016-02-13 12:38:16 -05:00
Joshua Tauberer
8ea42847da
nightly status checks could fail if any domains had non-ASCII characters
...
https://discourse.mailinabox.email/t/status-check-emails-empty-after-upgrading-to-v0-16/1082/3
A user on that thread suggests an alternate solution, adding `PYTHONIOENCODING=utf-8` to `/etc/environment`. Python docs say that affects stdin/out/err. But we also use these environment variables elsewhere to ensure that config files we read/write are opened with UTF8 too. Maybe all that can be simplified too.
2016-02-13 11:51:06 -05:00
Joshua Tauberer
4ed23f44e6
take a full backup more often so we don't keep backups around for so long
2016-02-05 11:08:33 -05:00
Joshua Tauberer
178527dab1
convert the backup increment time to the local timezone, fixes #700
...
Duplicity gives times in UTC. We were assuming times were in local time.
2016-02-05 08:58:07 -05:00
Wolf-Bastian Pöttner
239eac662c
Fix: Correct IP is reported when using custom DNS
...
Fix bug that reports wrong ip, when custom DNS is enabled
2016-02-04 21:32:11 +01:00
Joshua Tauberer
4e18f66db6
tls control panel: only show integral seconds while waiting the requested time from Lets Encrypt, in case we got back a non-integral number of seconds to wait
2016-02-03 08:21:22 -05:00
Joshua Tauberer
83ffc99b9c
change the public URL of bootstrap.sh to setup.sh
2016-01-30 11:19:51 -05:00
mike
6b408ef824
Use utils.shell instead of subprocess.Popen
2016-01-14 10:24:04 -05:00
Jeroen Jacobs
70111dafbc
Removes border and rounded corners from navbar
2016-01-14 15:48:39 +01:00
Joshua Tauberer
faaa74c3a7
tls: hide extra reasons why domains aren't getting a new certificate during setup
2016-01-14 07:21:08 -05:00
mike
8932aaf4ef
needed libcgi-fast-perl and chown log files
2016-01-13 23:55:45 -05:00
mike
6d6f3ea391
Added ability to use munin's dynazoom
2016-01-13 22:20:33 -05:00
Joshua Tauberer
2ad7d0830e
add exception handling for what_version_is_this, fixes #659
2016-01-09 09:23:07 -05:00
Joshua Tauberer
07f9228694
Merge branch 'letsencrypt' for automatic provisioning of TLS certificates from Let's Encrypt
2016-01-09 08:58:35 -05:00
baltoche
36e5772a8e
Update dns_update.py
2016-01-05 16:56:16 +01:00
Joshua Tauberer
2882e63dd8
second part of provisioning tls certificates from the control panel
2016-01-04 18:43:17 -05:00
Joshua Tauberer
812ef024ef
status checks: check that the non-primary domains also resolve over IPv6, if configured
2016-01-04 18:43:17 -05:00
Joshua Tauberer
40cdc5aa30
status checks: if a domain's DNS isnt working dont check the TLS certificate because we cant automatically provision one now anyway
2016-01-04 18:43:17 -05:00
Joshua Tauberer
b8d6226a9a
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
2016-01-04 18:43:17 -05:00
Joshua Tauberer
bac15d3919
provision tls certificates from the control panel
2016-01-04 18:43:16 -05:00
Joshua Tauberer
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b1b57f9bfd
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
...
fixes #646
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b6933a73fa
provision and install free SSL certificates from Let's Encrypt
2016-01-04 18:43:16 -05:00
Joshua Tauberer
5033042b8c
backups: email the administrator when there's a problem
...
Refactor by moving the email-the-admin code out of the status checks and into a new separate tool.
This is why I suppressed non-error output of the backups last commit - so it doesn't send a daily email.
2016-01-04 18:43:02 -05:00
Joshua Tauberer
89a46089ee
backups: suppress all output except errors
2016-01-04 18:43:02 -05:00
Joshua Tauberer
e288d7730b
backups: trap an error that occurs as early as getting the current backup status
2016-01-04 18:43:02 -05:00
Joshua Tauberer
06a0e7f3fe
merge #584 - Add checks to the management interface to report memory usage
2016-01-01 18:13:21 -05:00
Joshua Tauberer
a9cd72bbf9
tighten the status text strings for free memory, add changelog entry
2016-01-01 18:12:36 -05:00
Joshua Tauberer
682b1dea5e
changelog/status checks updated for opening the sieve port
2016-01-01 17:53:05 -05:00
Joshua Tauberer
8d19eade85
clarify the backup days option, fixes #570
2015-12-26 12:04:26 -05:00
Joshua Tauberer
d53332b7cf
drop the CSR_COUNTRY setting and ask within the control panel
2015-12-26 11:48:23 -05:00
Joshua Tauberer
392d33b902
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
...
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
2015-12-26 11:01:46 -05:00
Joshua Tauberer
4305a71916
merge #587 - move backup and nightly status checks to 3am in system time
...
previously these were run in a cron.daily script which per crontab is run at 6:25 am local time
2015-12-26 08:42:58 -05:00
Joshua Tauberer
a4d8e12fd7
clean up the backup time patch: dont choose timezone here, move status checks into the same 3am script
2015-12-26 08:41:37 -05:00
Joshua Tauberer
dbf4729109
add management/backup.py --restore
2015-12-23 12:53:38 +00:00
Joshua Tauberer
6e6c993724
reword POP documentation, add to changelog/readme
2015-12-12 08:46:18 -05:00
Marius
f8b4e3775d
Update mail-guide.html (POP3)
2015-12-12 08:41:13 -05:00
Joshua Tauberer
fad69f85fa
Merge pull request #605 from ariejan/feature/604-add-rfc2142-mail-aliases
...
Add alias for abuse@
2015-12-07 15:56:51 -05:00