Joshua Tauberer
242cadebc8
allow dashes in emails during validation, and for aliases allow a much wider range of characters, fixes #64
...
* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822
2014-06-06 10:51:36 -04:00
Joshua Tauberer
f1dac1fe13
show less output when updating DNS configuration
2014-06-06 10:51:36 -04:00
Joshua Tauberer
389c354c8f
Vagrant updates
...
* use a public box (the official Ubuntu 14.04 box which contra the description does have VBox Guest Additions installed)
* now that we allow SSH password logins, since Vagrant requires it, dont muck with sshd_config here
* don't put the machine on the public network because that will allow anyone to log into it with Vagrant's default username/password, duh
2014-06-06 10:51:36 -04:00
Joshua Tauberer
f9c3f33e74
move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase
2014-06-06 10:51:36 -04:00
Joshua Tauberer
6194c63f76
add management comments for checking for updated Ubuntu packages and applying updates
2014-06-05 20:57:30 +00:00
Joshua Tauberer
cab7321dbb
remove vestigal docker compatibility that prevented starting services during setup
2014-06-04 20:04:26 -04:00
Joshua Tauberer
295981828f
Vagrantize
...
* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started
2014-06-04 19:39:58 -04:00
Joshua Tauberer
3961e1aec3
test_dns: more error handling
2014-06-04 19:31:55 -04:00
Joshua Tauberer
7fa4862f1a
refactor dns_update so that the zone is first generated in a file-format agnostic way
2014-06-04 19:00:31 -04:00
Joshua Tauberer
8ed15168c0
the new dns_update totally forgot to write the OpenDKIM tables
2014-06-04 18:44:13 -04:00
Joshua Tauberer
2f0d036504
the bc package is no longer needed since redoing dns_update
2014-06-04 17:27:01 -04:00
Joshua Tauberer
d6e6cfd3c9
mail test: catch typical connecting errors and display nicer output
2014-06-04 17:13:06 -04:00
Joshua Tauberer
fff06f7d71
improve DNS test output
2014-06-04 17:01:49 -04:00
Joshua Tauberer
2bbb7a5e7e
remove Docker stuff since it doesnt work
2014-06-04 10:57:23 -04:00
Joshua Tauberer
a35fa12465
script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate
2014-06-04 11:38:20 +00:00
Joshua Tauberer
ea62c2419d
typo in updating DKIM, dont regenerate the DKIM private key each time setup is run
2014-06-03 21:42:33 +00:00
Joshua Tauberer
2a9349a64e
show the SSL certificate's fingerprint during setup so the user can sort of pin it
2014-06-03 21:39:49 +00:00
Joshua Tauberer
bb7905aefd
on second and later runs of start.sh, recall the inputs the user entered the last time
2014-06-03 21:31:13 +00:00
Joshua Tauberer
24edd5ce91
the SSL CSR must be generated with a country code
2014-06-03 21:17:10 +00:00
Joshua Tauberer
89730bd643
new backup script, see #11
2014-06-03 21:16:38 +00:00
Joshua Tauberer
51dd2ed70b
update nginx SSL options, fixes #61
2014-06-03 14:06:02 +00:00
Joshua Tauberer
c54b0cbefc
move management into a daemon service running as root
...
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.
This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
Joshua Tauberer
da15ae5375
rename the scripts directory to setup
2014-06-03 11:12:38 +00:00
Joshua Tauberer
af03feb389
remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)
...
partially reverts 6d473f81ac
2014-05-23 09:01:03 +00:00
Joshua Tauberer
19aba091d7
test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation
2014-05-17 08:32:40 -04:00
Joshua Tauberer
f91830f0e3
clean up README a bit; moving the bit Rationale into the github wiki
2014-05-15 08:57:44 -04:00
Joshua Tauberer
6d473f81ac
add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client
2014-05-15 12:10:35 +00:00
Joshua Tauberer
b646771517
redirect all HTTP to HTTPS and enable HSTS, closes #18
2014-05-14 12:15:11 +00:00
Joshua Tauberer
091a58ac94
dns_update needs to run with bash when run directly, see #39
2014-05-12 23:38:55 +00:00
Joshua Tauberer
c722625041
test_dns: add ADSP and DMARC tests, see #14
2014-05-10 08:03:18 -04:00
Joshua Tauberer
c403895f95
test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME)
2014-05-10 08:03:13 -04:00
Joshua Tauberer
bdadf3017d
test_dns: handle case where a DNS record is missing (vs incorrect)
2014-05-10 08:03:07 -04:00
Joshua Tauberer
d5971e383b
add ADSP and DMARC records; see #14
2014-05-10 11:58:27 +00:00
Joshua Tauberer
a8938e107e
DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain
2014-05-10 11:58:27 +00:00
Joshua Tauberer
cfcb5f5bbd
merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker
...
See http://phusion.github.io/baseimage-docker/ for why the stock Ubuntu
image from Docker is not good enough for a complex system.
Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.
see #16 ; merges #49
2014-05-06 10:05:14 -04:00
Joshua Tauberer
80b367ab07
test_mail: gracefully handled when the server has no reverse DNS available
2014-05-06 10:02:29 -04:00
Joshua Tauberer
63ef8f7b04
missing wget dependency used by roundcube installation
2014-05-06 10:02:06 -04:00
Joshua Tauberer
e247929386
docker: don't start services ourself
...
* let the base image's system services manager handle it
* move our container start script to occur before system services are started
2014-05-06 10:00:30 -04:00
Joshua Tauberer
1db0dd3092
system.sh: make apt-get upgrade quieter
2014-05-06 09:57:11 -04:00
Joshua Tauberer
fbd7d731e8
docker: fix startup scripts for nsd and dovecot to run them in the foreground
2014-05-06 09:56:20 -04:00
Joshua Tauberer
0659a0bb16
Merge branch 'better_docker' of https://github.com/pjz/mailinabox into pjz-better_docker
...
our trees had diverged, various conflicts resolved
2014-05-02 14:54:21 -04:00
Joshua Tauberer
189dd6000e
docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then
2014-05-02 14:23:56 -04:00
Joshua Tauberer
3fdcbe542f
don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name
2014-05-02 14:22:59 -04:00
Joshua Tauberer
89bb5da986
dns: missing dependency on bc
2014-05-02 14:18:26 -04:00
Paul Jimenez
5ceec760b9
Better Dockerfile support
2014-05-02 13:03:37 -04:00
Joshua Tauberer
acec82950b
docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e
and setting an environment variable)
2014-05-01 22:39:45 -04:00
Joshua Tauberer
2f6e0ded7a
docker: cleanup comments and make the installation of sshd quieter
2014-05-01 22:36:14 -04:00
Joshua Tauberer
f0afa7e8dc
docker: add some example run commands for debugging a container or having it take over host ports
2014-05-01 22:29:00 -04:00
Joshua Tauberer
89240a4fab
docker: do ADD container/docker later on so that the Dockerfile can be updated and still reuse a cached image after the major setup steps are done
2014-05-01 22:18:45 -04:00
Joshua Tauberer
16c0a9d342
docker: if container was launched with a tty start bash otherwise loop forever to keep the container going
2014-05-01 22:16:14 -04:00