Commit Graph

117 Commits

Author SHA1 Message Date
Richard Willis ab59323813 Added a note about TXT record length limitations and how to construct the records to bypass the limitation 2015-08-28 15:50:02 +02:00
Joshua Tauberer a56a9dc6a1 add Mail-in-a-Box version check to status checks
closes #502
2015-08-28 12:34:02 +00:00
Joshua Tauberer bc790ea581 backups: make the instructions about the backup password file more prominent 2015-08-28 12:33:07 +00:00
Joshua Tauberer dbfd158388 dont refresh the backup page when there's an error saving the config 2015-08-28 12:33:07 +00:00
Joshua Tauberer 0c9d431a3f major cleanup to adding new version check to the status checks 2015-08-28 12:29:55 +00:00
Norman Stanke 1a525df8ad Add Mail-in-a-Box version status check. 2015-08-28 11:55:21 +00:00
Richard Willis f26c0b71d2 Focus on fields in the login form
This just makes life a little easier...

Squashed the following commits:

* Use $.trim() for better browser support
2015-08-27 22:17:13 +02:00
Joshua Tauberer 8c08f957cd bidirectional alias controls: a new permitted_senders column in the aliases table allows setting who can send as an address independently of where the address forwards to
But the default permitted senders are the same as the addresses the alias forwards to.

Merge branch 'dhpiggott-bidirectional-alias-controls'
2015-08-14 23:09:22 +00:00
Joshua Tauberer 5924d0fe0d various cleanup related to the new permitted_senders column for aliases 2015-08-14 23:05:08 +00:00
Joshua Tauberer f4e8ee0af9 html errors in the backup template, my bad 2015-08-09 20:34:08 +00:00
Joshua Tauberer 9ca116d545 add an option to disable backups 2015-08-09 20:15:43 +00:00
Joshua Tauberer 3b4b57c081 switching between backup options in the admin wasn't working at all
* going from s3 to file target wasn't working
* use 'local' in the config instead of a file: url, for the local target, so it is not path-specific
* break out the S3 fields since users can't be expected to know how to form a URL
* use boto to generate a list of S3 hosts
* use boto to validate that the user input for s3 is valid
* fix lots of html errors in the backup admin
2015-08-09 20:08:33 +00:00
Joshua Tauberer c7f8ead496 clean up the new backup configuration panel 2015-08-09 20:08:30 +00:00
Leo Koppelkamm 77099b3bce Reword backup min_time label 2015-07-28 00:42:00 +02:00
Leo Koppelkamm 0d8a4099c1 Add placeholder attribute; use input instead of textarea 2015-07-28 00:37:48 +02:00
Leo Koppelkamm 606cf6a941 Fix API typo 2015-07-28 00:34:26 +02:00
Leo Koppelkamm e693802091 Rename max_age to min_age
Also clarify a comment and remove an unneeded type check
2015-07-27 22:18:19 +02:00
Leo Koppelkamm 91e4ea6e2f Infer target_type from url 2015-07-27 22:09:58 +02:00
Leo Koppelkamm 1e3e34f15f Make backup API RESTful 2015-07-27 22:00:36 +02:00
Leo Koppelkamm 2e6c410336 Make backups more configurable
Backup location and maximum age can now be configured in the admin panel.
For now only S3 is supported, but adding other duplicity supported backends should be straightforward.
2015-07-27 21:53:34 +02:00
Joshua Tauberer 0293e04311 fix control panel links, broken in Firefox (worked in Chrome)
see https://discourse.mailinabox.email/t/bug-present-for-ages/694/3
2015-07-25 14:12:45 +00:00
David Piggott 123ac4fd33 s/email/address/ in aliases UI variable names
This makes the frontend consistent with the backend.
2015-07-20 12:51:57 +01:00
David Piggott 423bb8e317 Fix remove-alias button breakage 2015-07-20 12:51:57 +01:00
David Piggott e6ff280984 Store and set alias receivers and senders separately for maximum control 2015-07-20 12:51:57 +01:00
David Piggott 3fdfad27cd Add support for bidirectional mail alias controls
This is an extension of #427. Building on that change it adds support in the
aliases table for flagging aliases as:
 1. Applicable to inbound and outbound mail.
 2. Applicable to inbound mail only.
 3. Applicable to outbound mail only.
 4. Disabled.

The aliases UI is also updated to allow administrators to set the direction of
each alias.

Using this extra information, the sqlite queries executed by Postfix are
updated so only the relevant alias types are checked.

The goal and result of this change is that outbound-only catch-all aliases can
now be defined (in fact catch-all aliases of any type can be defined).

This allow us to continue supporting relaying as described at
https://mailinabox.email/advanced-configuration.html#relay
without requiring that administrators either create regular aliases for each
outbound *relay* address, or that they create a catch-all alias and then face a
flood of spam.

I have tested the code as it is in this commit and fixed every issue I found,
so in that regard the change is complete. However I see room for improvement
in terms of updating terminology to make the UI etc. easier to understand.
I'll make those changes as subsequent commits so that this tested checkpoint is
not lost, but also so they can be rejected independently of the actual change
if not wanted.
2015-07-20 12:51:57 +01:00
Joshua Tauberer 5dd5fc4a1c clean up multiple secondary nameservers and zone xfr ip addresses 2015-07-10 15:42:33 +00:00
Brian Bustin 09133c8f59 Initial backend changes to make it possible to have one or more secondary name servers 2015-07-10 14:59:38 +00:00
Joshua Tauberer 5ef1cfbdc7 forgot new version.html template file 2015-06-25 17:43:50 +00:00
Joshua Tauberer 7527b4dc27 show the Mail-in-a-Box version in the control panel and a button to ping the MiaB website for the latest version
fixes #441
2015-06-25 13:43:11 +00:00
Joshua Tauberer 1990f32ca4 typo, fixes #435 2015-06-06 13:22:50 +00:00
Joshua Tauberer 807939c0e4 make the +tag address tips clearer 2015-06-06 13:02:23 +00:00
Joshua Tauberer 5008cc603e merge - munin system monitoring 2015-06-06 12:52:22 +00:00
Joshua Tauberer 9857db96cd add a link to the /admin/munin page from the control panel nav bar 2015-06-06 12:52:16 +00:00
Joshua Tauberer e9e6d94e3b the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac 2015-06-06 12:38:19 +00:00
Joshua Tauberer 4fa58169f1 after installing an SSL certificate from the control panel the page wasn't being refreshed, broken in ec73c171c7 2015-05-28 18:45:53 +00:00
David Piggott d6c5f09a1a Use lowercase h for consistency in aliases template - it reads better (IMO!)
This also includes fixes for a typo and some whitespace inconsistencies in
mailconfig.py. In fact the capitalisation change and those fixes are the
remnants of a patch I had been running that changed the default aliases - it
was through developing it that I found the issues.

(I wanted to bring the number of patches I apply before deploying to zero and
in the case of this one I've come to view the way MIAB already is as superior,
so I've undone the core of my patch and these tiny issues are all that remain).
2015-05-28 13:46:15 +01:00
StevesMonkey 05438d047d Fixing minor misspelling of the word: encrypted 2015-05-25 10:15:57 +09:30
Joshua Tauberer 1e9c587b92 rewrite the DNS API to permit setting multiple records of the same type on the same domain
e.g. multiple TXT records

fixes #333
2015-05-03 13:43:38 +00:00
Joshua Tauberer 9f1d633ae4 re-do the custom DNS get/set routines so it is possible to store more than one record for a qname-rtype pair, like multiple TXT records 2015-05-03 13:43:38 +00:00
Joshua Tauberer 542877ee46 use the font-awesome .fa-spinner.fa-pulse classes for the AJAX loading indicator, rather than the static glyphicon-time icon 2015-05-03 13:43:38 +00:00
Joshua Tauberer f1760b516d control panel: sometimes the ajax loading modal would show after operations were already done
Needed to add the clearQueue flag to jQuery's stop() method
2015-05-03 13:43:38 +00:00
Joshua Tauberer c03e00035f prevent archiving of the user's own account because they'll lose access to the control panel 2015-04-28 07:17:21 -04:00
Joshua Tauberer 2f8866ef32 if there are no users at all the warning on the control panel login screen was incorrect 2015-04-28 07:17:21 -04:00
Joshua Tauberer 35f4a49d10 my html5 stub was wrong; 8c3aed2846 2015-04-19 13:21:38 +00:00
Joshua Tauberer 8c3aed2846 update the control panel html template to my latest html5 stub
jquery 1.11.1, bootstrap 3.3.0, better accessibility, see https://github.com/JoshData/html5-stub
2015-04-11 15:40:19 -04:00
Joshua Tauberer bd498def76 backups now use duplicity's built-in gpg symmetric encryption
Merge branch 'dhpiggott-gpg-encrypt-backups'
2015-04-11 18:33:57 +00:00
Joshua Tauberer d8279c48ac new backup method tweaks
* use the AES256 cipher, be explicit that only the first line of secret_key.txt is used, and sanity check that the passphrase is long enough
* change overship of the encrypted files to the user-data user
* simplify variable names in management/backup.py
* although I appreciate long comments I am trimming the commentary about the backup migration
* revise the control panel template to not refer to the old unencrypted files
* add CHANGELOG entry
2015-04-11 18:32:22 +00:00
David Piggott 4232245546 Use built in duplicity encryption (GPG) for backups, closes #362, closes #363
[Josh merged some subsequent commits:]

* Guard via idempotency against termination between migration operations
* Final corrections and tweaks
* Pass passphrase through to all duplicity calls

Empirical evidence (a failed cron job) shows that cleanup requires the
passphrase (so it presumably needs to decrypt metadata), and though
remove-older-than has been working fine without it, it won't do any harm
to set it in case that changes or there are any special cases.

* Add back the archive-dir override but locate it at STORAGE_ROOT/backup/cache
2015-04-11 17:51:44 +00:00
Joshua Tauberer 322a5779f1 store IDNs (internationalized domain names) in IDNA (ASCII) in our database, not in Unicode
I changed my mind. In 1bf8f1991f I allowed Unicode domain names to go into the database. I thought that was nice because it's what the user *means*. But it's not how the web works. Web and DNS were working, but mail wasn't. Postfix (as shipped with Ubuntu 14.04 without support for SMTPUTF8) exists in an ASCII-only world. When it goes to the users/aliases table, it queries in ASCII (IDNA) only and had no hope of delivering mail if the domain was in full Unicode in the database. I was thinking ahead to SMTPUTF8, where we *could* put Unicode in the database (though that would prevent IDNA-encoded addressing from being deliverable) not realizing it isn't well supported yet anyway.

It's IDNA that goes on the wire in most places anyway (SMTP without SMTPUTF8 (and therefore how Postfix queries our users/aliases tables), DNS zone files, nginx config, CSR 'CN' field, X509 Common Name and Subject Alternative Names fields), so we should really be talking in terms of IDNA (i.e. ASCII).

This partially reverts commit 1bf8f1991f, where I added a lot of Unicode=>IDNA conversions when writing configuration files. Instead I'm doing Unicode=>IDNA before email addresses get into the users/aliases table. Now we assume the database uses IDNA-encoded ASCII domain names. When adding/removing aliases, addresses are converted to ASCII (w/ IDNA). User accounts must be ASCII-only anyway because of Dovecot's auth limitations, so we don't do any IDNA conversion (don't want to change the user's login info behind their back!). The aliases control panel page converts domains back to Unicode for display to be nice. The status checks converts the domains to Unicode just for the output headings.

A migration is added to convert existing aliases with Unicode domains into IDNA. Any custom DNS or web settings with Unicode may need to be changed.

Future support for SMTPUTF8 will probably need to add columns in the users/aliases table so that it lists both IDNA and Unicode forms.
2015-04-09 14:46:02 +00:00
Joshua Tauberer ec039719de prevent caching of ajax responses in the control panel
GET requests might be cached. Definitely happens on Internet Explorer. Makes it look like the user is getting unauthorized access.

See https://discourse.mailinabox.email/t/fresh-install-can-login-to-webmail-but-not-admin/394/4.
2015-03-31 14:52:11 +00:00