Commit Graph

1965 Commits

Author SHA1 Message Date
Joshua Tauberer f9eceec746 Merge pull request #232 from dhpiggott/spamassassin-permissions-fix
Change owner of spamassassin directory from mail to spampd, closes #231
2014-10-11 13:06:12 -04:00
David Piggott b26abc947e Change owner of spamassassin directory from mail to spampd, closes #231 2014-10-11 18:00:22 +01:00
Joshua Tauberer b78eae1351 Merge pull request #230 from dhpiggott/dns-update-fix
Pass additional_records to recursive build_zone calls, closes #229
2014-10-11 12:27:30 -04:00
David Piggott ca57560f11 Pass additional_records to recursive build_zone calls, closes #229
The problem was that custom records defined for a subdomain where implicit
records are otherwise defined (e.g. A/AAAA records for the root) were ignored.

Though additional_records for a subdomain are processed in the base call to
build_zone (the call for the parent domain), and so custom records that don't
override implicits were working fine, those that overrode implicits were
ignored.

This was because the recursive call to build_zone for the subdomain creates the
implicit records (including A/AAAA records for the root), and so by relying on
the base call to add the additional_records fails because has_rec returned
true.

Adding a subdomain's additional_records in the child call works because has_rec
returns false when testing whether to add an e.g. A/AAAA override for the root,
as the defaults have not yet been added.
2014-10-11 17:04:35 +01:00
Joshua Tauberer 17331e7d82 adding a really slick ssl certificate installation form in the control panel 2014-10-10 15:49:14 +00:00
Joshua Tauberer 5130b279d8 management/mail_log.py also include the previously rotated log file 2014-10-10 13:59:50 +00:00
Joshua Tauberer aac6e49b94 spelling typo 2014-10-10 13:50:44 +00:00
Joshua Tauberer 2f4eccd9a9 add 'source /etc/mailinabox.conf' to dns.sh so it can be run separately 2014-10-08 12:48:43 +00:00
Joshua Tauberer ac49912b39 recommend DAVdroid
see http://discourse.mailinabox.email/t/recommend-a-different-android-carddav-and-caldav-android/102/1
2014-10-07 20:53:37 +00:00
Joshua Tauberer 0441a2e2e3 make a self-signed certificate on a non-primary domain a warning rather than an error, fixes #95 2014-10-07 20:41:07 +00:00
Joshua Tauberer 8566b78202 drop webfinger, see #95 2014-10-07 20:30:36 +00:00
Joshua Tauberer 06a8ce1c9d in the admin, show user mailbox sizes, fixes #210 2014-10-07 20:24:11 +00:00
Joshua Tauberer 443b084a17 in the admin, group aliases by domain, fixes #211 2014-10-07 19:47:46 +00:00
Joshua Tauberer 990649af2d in the admin, group users by domain, fixes 209 2014-10-07 19:47:43 +00:00
Joshua Tauberer 6f4d29a410 tweak the new web instructions 2014-10-07 16:17:45 +00:00
Joshua Tauberer 6ab29c3244 add instructions for static web hosting into the control panel 2014-10-07 16:05:42 +00:00
Joshua Tauberer bf9b770255 sort SSHFP records so that DNS updates don't trigger spurrious zone changes 2014-10-07 15:15:22 +00:00
Joshua Tauberer 9210ebdb9f control panel tweaks 2014-10-07 15:12:35 +00:00
Joshua Tauberer a56bb984d6 handle catastrophically bad certificates rather than raising an exception 2014-10-07 14:58:21 +00:00
Joshua Tauberer 7d1c0b3834 show SSL certificate expiration info in the control panel even long before certificates expire 2014-10-07 14:49:36 +00:00
Joshua Tauberer 20892b5d5b status check on ns records should now take into account that secondary dns may be customized, see #223 2014-10-05 18:42:52 +00:00
Joshua Tauberer 4cf53cd8ee backup status relativedelta was displaying wrong for deltas greater than 1 month 2014-10-05 18:23:29 +00:00
Joshua Tauberer 711db9352c bootstrap: apt was mangling stdin
When executed "cat bootstrap.sh | bash", apt-get mangled stdin. The script would terminate at the end of the if block containing apt-get (that seems to be as much as bash read from the pipe) and the remainder of the script was output to the console. This was very weird.

Ensuring that apt-get and git have their stdins redirected from /dev/null seems to fix the problem.

see #224
2014-10-05 13:40:12 -04:00
Joshua Tauberer f42a1c5a74 allow overriding the second nameserver with a secondary/slave server
fixes #151
fixes #223
2014-10-05 14:53:42 +00:00
Joshua Tauberer 092c842a87 split external/custom dns into separate pages in the admin 2014-10-05 13:38:23 +00:00
Joshua Tauberer d9ecc50119 since the management server binds to 127.0.0.1, must use that and not 'localhost' to connect to it because 'localhost' resolves to the IPv6 ::1 when it is available, see #224 2014-10-05 09:01:26 -04:00
Joshua Tauberer 7c2092d48f remove apache before installing nginx, see #224 2014-10-05 09:01:20 -04:00
Joshua Tauberer 5fd107cae5 more work on making the bash scripts readable 2014-10-04 17:57:26 -04:00
Joshua Tauberer db0967446b remove unnecessary sudos 2014-10-04 14:06:08 -04:00
Joshua Tauberer 2ff5038c84 replace '.' with 'source' 2014-10-04 14:05:06 -04:00
Joshua Tauberer 4ae76aa2dd dnssec: use RSASHA256 keys for .email domains 2014-10-04 17:29:42 +00:00
h8h ba33669a62 generate the locales before change to it.
For my german box changing the locale failed:
´´´´/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
setup/functions.sh: line 6: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)´´´´

see #206 and 4e6d572de9
closes #220
commit modified by joshdata
2014-10-02 11:05:42 +00:00
Joshua Tauberer 779d921410 status checks: put DNSSEC tests in a better order w.r.t. other tests
* If the PRIMARY_HOSTNAME is in a zone with a DS record set at the registrar, show any DNSSEC failure (but only a failure) immediately since it is probably the cause of other DNS errors displayed later.
* For zones, if a DS record is set at the register, do the DNSSEC test first because even the NS test will fail if DNSSEC is improperly configure.
* But if a DS record is not set, the this is just a suggestion to configure DNSSEC so offer the suggestion last --- after mail and web checks.

see https://discourse.mailinabox.email/t/dns-nameserver-gandi-glue-records-issues/105/3
2014-10-01 12:13:11 +00:00
jkaberg 68efef1164 dont log robots.txt and favicon.ico. we should REALLY consider creating seperate include files for *all* of our "apps", this is getting messy.. 2014-09-27 17:04:05 +00:00
Joshua Tauberer 6ecada7eed Merge commit '93a722f' 2014-09-27 16:56:38 +00:00
Joshua Tauberer 94c4352f45 Merge branch 'jmar71n-master' - site-wide bayesean spam filtering 2014-09-27 16:18:55 +00:00
Joshua Tauberer 6dd6353d41 move sa-learn-pipe.sh from /usr to /usr/local 2014-09-27 16:18:40 +00:00
Joshua Tauberer d06bfa6c1b tweak the site-wide bayesian spam filtering config 2014-09-27 16:18:36 +00:00
Joshua Tauberer 5c7ba2a4c7 preliminary work on a mail.log scanner to report things in the control panel 2014-09-27 13:33:13 +00:00
Joshua Tauberer e9cc3fdaab make mail instructions clearer and describe greylisting, DMARC policy 2014-09-27 13:32:22 +00:00
Joshua Tauberer 8bd37ea53c add catch-alls to the admin again with nicer instructions 2014-09-27 13:32:22 +00:00
Joshua Tauberer 698ae03505 catch-all addresses should not have precedence over mail users
Aliases have precedence over mail users. A catch-all address would grab mail intended for a mail user and send it elsewhere. This adds some SQL hackery to create dummy aliases for all mail users.

fixes #200
closes #214 another way
2014-09-27 13:32:10 +00:00
Joshua Tauberer a4c70f7a92 revert dovecot part of 39bca053ed because dovecot started behaving weird and I don't have time to debug it 2014-09-26 22:41:59 +00:00
Joshua Tauberer 39bca053ed add 2048 bits of DH params for nginx, postfix, dovecot
nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own.

ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.)

see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3
2014-09-26 22:09:22 +00:00
Joshua Tauberer c2eb8e5330 typo in roundcube download URL
see 8e0967dd8e (commitcomment-7940724)
2014-09-26 14:26:45 +00:00
Joshua Tauberer ab47144ae3 add strict SPF and DMARC records to any subdomains (including custom records) that do not have SPF/DMARC set
closes #208
2014-09-26 14:01:03 +00:00
Joshua Tauberer 9b6f9859d1 dns_update: assume DKIM is present 2014-09-26 14:01:03 +00:00
Joshua Tauberer 4e6d572de9 ensure Python operates in UTF-8 with a consistent locale for all users
fixes #206 (hopefully)
2014-09-26 08:26:09 -04:00
Joshua Tauberer 145186a6b6 link to Modoboa in README 2014-09-26 08:20:13 -04:00
Joshua Tauberer 5714b3c6b7 bump bootstrap.sh to incoming 0.03 tag 2014-09-24 12:48:15 +00:00