Commit Graph

364 Commits

Author SHA1 Message Date
jkaberg 54fe92615b include php-libawl and cleanup 2014-08-11 23:43:16 +02:00
jkaberg 64b1db4c30 include_path to include php-libawl and use php-fpm instead of cgi 2014-08-11 23:41:38 +02:00
jkaberg f287ca3b6c dont replace owncloud config if it exists (we dont want this as it will contain vital data) 2014-08-11 23:01:18 +02:00
jkaberg 44fcdc2066 owncloud properly working, but not in sub dir anymore 2014-08-11 20:17:38 +02:00
jkaberg b5928de740 use subdir 2014-08-11 19:43:27 +02:00
jkaberg a80c076d8f safe apphroach, sid dosnt like special characters like % 2014-08-11 19:42:52 +02:00
jkaberg 1621a2940f use sub dir 2014-08-11 19:31:05 +02:00
jkaberg cc8e1fa7b7 set working dir for composer 2014-08-11 19:09:42 +02:00
jkaberg d53cb88a92 update z-push with carddav and caldav support 2014-08-11 19:08:02 +02:00
jkaberg 20b494c3ac attempting to fix broken static files etc 2014-08-11 18:46:39 +02:00
jkaberg 3540a1677d install php5-imap, restart php service 2014-08-11 17:59:04 +02:00
jkaberg bc0c0bf0fb owncloud config.php markup 2014-08-11 17:53:01 +02:00
jkaberg 51bb781ffd fix composer.phar not finding the composer.json file 2014-08-11 17:44:30 +02:00
jkaberg d324f0981a cleanup owncloud.sh 2014-08-11 17:08:13 +02:00
jkaberg a801bf2a30 white spaces argh. 2014-08-11 16:30:39 +02:00
jkaberg 0899952fe1 initial owncloud port, untested and unfinished 2014-08-11 16:24:29 +02:00
Joshua Tauberer 1312b0254b backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old 2014-08-11 11:45:40 +00:00
Joshua Tauberer f66914d634 backup: automatically take a full backup when the sum of the increments get very large 2014-08-11 11:38:32 +00:00
Joshua Tauberer b6713d9a17 tools/mail.py should return a non-zero exit status when invalid command line args are given 2014-08-11 11:17:30 +00:00
Joshua Tauberer 58e300e113 backup must be full on the first run because incremental backup will fail, fixes #134 2014-08-11 07:16:58 -04:00
Joshua Tauberer 140c508ff6 increase dovecot imap_idle_notify_interval to 4 minutes
Doesn't seem like 2 minutes is a problem, but 4 minutes seems better. A little less bandwidth, possibly less battery usage (though we don't have evidence that's actually true), and the interval should be shorter than any peer timeouts that might occur due to inactivity

fixes #129
2014-08-10 11:39:29 +00:00
Joshua Tauberer e294f7c181 create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129 2014-08-09 16:49:57 +00:00
Joshua Tauberer b56f82cb92 make a privileges column in the users table and mark the first user as an admin 2014-08-08 12:31:22 +00:00
Joshua Tauberer 880ec44a0c if the machine didn't have resolvconf before (my box didn't after an upgrade from Ubuntu 13.xx), make sure it has it now and archive any old resolv.conf since it should now only list 127.0.0.1 for bind9 2014-08-07 14:00:16 +00:00
Joshua Tauberer 5db12be507 migrate the migration state from MIGRATIONID in /etc/mailinabox.conf to STORAGE_ROOT/mailinabox.version so that the data format of STORAGE_ROOT is stored in the directory itself 2014-08-03 17:44:17 -04:00
Joshua Tauberer 64cb00b9d6 add reject_unlisted_recipient before greylisting, fixes #127 2014-08-03 00:06:54 +00:00
Joshua Tauberer b86656243f avoid mail.log warnings about untrusted certificates on outgoing mail, fixes #124 2014-08-02 15:39:47 +00:00
Joshua Tauberer 6a512042dc after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location 2014-08-02 14:16:08 +00:00
Joshua Tauberer 6d4fab1e6a whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using
fixes #120 (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest

Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1 in which a user asks about the DS parameters that Gandi asks for.
2014-08-01 12:15:05 +00:00
Joshua Tauberer 30178ef019 add a --force flag to dns_update 2014-08-01 12:05:34 +00:00
Joshua Tauberer cd59025979 dont ask the user for the machine's IP address if we can be sure our guess is right (trust icanhazip to give us the right answer) 2014-07-29 20:07:26 -04:00
Joshua Tauberer 0be92d776e put a 15-second timeout in asking icanhazip.com for our IP address, although this limit does not seem to actually work (i.e. if I set the limit to 5 seconds, curl still hangs 10+ when I turn off my network connection) 2014-07-29 20:07:26 -04:00
Joshua Tauberer 168c06939d have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces
hopefully fixes #121; thanks for the help @sfPlayer1
2014-07-29 20:07:26 -04:00
Joshua Tauberer c74bef12d2 allow for network checks to be skips in setup while testing using SKIP_NETWORK_CHECKS=1 2014-07-29 20:07:26 -04:00
Joshua Tauberer 6619239280 the SSL private key would be overwritten if ssl_certificate.pem file was deleted; maybe the cause of #98 2014-07-28 15:38:23 -04:00
Joshua Tauberer 834a7b9096 run network checks during setup and stop if there is a bad condition
* check that the PUBLIC_IP is not listed in zen.spamhaus.org
* check that the PRIMARY_HOSTNAME is not listed in dbl.spamhaus.org
* check that a connection to Google's MTA is working (i.e. we're not on a residential network that blocks outbound port 25)
2014-07-26 11:26:59 -04:00
Joshua Tauberer 3a7221a69a handle errors in management API calls properly
see #118
2014-07-25 13:53:40 +00:00
Joshua Tauberer 86ec0f6da7 the cron job to re-sign DNSSEC zones was still not working because the script needed a hash-bang line; what I did in 65c3a44e63 didn't actually fix the problem 2014-07-25 12:15:30 +00:00
Joshua Tauberer f50cf10249 also accept Ubuntu 14.04.1 LTS, the point release that people are automatically pushed to
fixes #116
2014-07-22 21:36:59 +00:00
Joshua Tauberer 621fcc2233 use /dev/random for crypto-grade RNG with the help of haveged
Rather than pass `-r /dev/random` to ldns-keygen (it was `-r /dev/urandom`),
don't pass `-r` at all since /dev/random is the default.

Merges branch 'master' of github.com:pysiak/mailinabox
2014-07-21 07:31:14 -04:00
solt 69f0e1d07a Use /dev/random instead of /dev/urandom
/dev/random should be used for crypto-grade RNG.

To make sure use of /dev/random doesn't stall due to lack of entropy, install haveged which fills the entropy pool with sources such as network traffic, key strokes, etc.

On branch master
Your branch is up-to-date with 'origin/master'.

Changes to be committed:
	modified:   setup/dns.sh
	modified:   setup/system.sh
	modified:   setup/webmail.sh
2014-07-20 23:14:13 +02:00
Joshua Tauberer 8042ab66ac dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain 2014-07-20 15:23:17 +00:00
Joshua Tauberer 8354d9732a in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses 2014-07-20 14:53:55 +00:00
Joshua Tauberer 1ad9c70887 refactor custom DNS records 2014-07-20 14:48:20 +00:00
Joshua Tauberer 2e0680de4f the check for whether a custom DNS setting is valid was in the wrong place 2014-07-20 14:41:02 +00:00
Joshua Tauberer 65c3a44e63 the cron job to re-sign DNSSEC zones wasnt working after adding the API key to the management daemon because the script relied on a bash-ism but cron runs it with (probably) sh 2014-07-19 16:31:05 +00:00
Joshua Tauberer 37fcc5b53d Add AAAA records for ns1/ns2
Merges branch 'patch-1' of https://github.com/sfPlayer1/mailinabox
2014-07-18 11:12:13 +00:00
sfPlayer1 89acbe4127 Update dns_update.py
Add new extra bool parameter.
2014-07-18 13:05:32 +02:00
sfPlayer1 0e893626c8 Add IPv6 glue records as well
The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.

This caused http://dnscheck.pingdom.com to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.

Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld

I'm not very familiar with Python and DNS, please verify ;)
2014-07-18 13:03:09 +02:00
Joshua Tauberer 42c891032d don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend 2014-07-17 13:08:05 +00:00