Commit Graph

1798 Commits

Author SHA1 Message Date
Joshua Tauberer d0ccde7b48 changelog entries 2015-07-21 06:50:00 -04:00
Joshua Tauberer 1e261e347a missing dependency php-mail-mimedecode for roundcube, fixes #447 2015-07-21 10:25:10 +00:00
Joshua Tauberer 2cb4cdc645 dont run network checks during upgrades since this is a bad reason to block an upgrade from going through 2015-07-21 06:21:56 -04:00
David Piggott 123ac4fd33 s/email/address/ in aliases UI variable names
This makes the frontend consistent with the backend.
2015-07-20 12:51:57 +01:00
David Piggott 423bb8e317 Fix remove-alias button breakage 2015-07-20 12:51:57 +01:00
David Piggott e6ff280984 Store and set alias receivers and senders separately for maximum control 2015-07-20 12:51:57 +01:00
David Piggott 3fdfad27cd Add support for bidirectional mail alias controls
This is an extension of #427. Building on that change it adds support in the
aliases table for flagging aliases as:
 1. Applicable to inbound and outbound mail.
 2. Applicable to inbound mail only.
 3. Applicable to outbound mail only.
 4. Disabled.

The aliases UI is also updated to allow administrators to set the direction of
each alias.

Using this extra information, the sqlite queries executed by Postfix are
updated so only the relevant alias types are checked.

The goal and result of this change is that outbound-only catch-all aliases can
now be defined (in fact catch-all aliases of any type can be defined).

This allow us to continue supporting relaying as described at
https://mailinabox.email/advanced-configuration.html#relay
without requiring that administrators either create regular aliases for each
outbound *relay* address, or that they create a catch-all alias and then face a
flood of spam.

I have tested the code as it is in this commit and fixed every issue I found,
so in that regard the change is complete. However I see room for improvement
in terms of updating terminology to make the UI etc. easier to understand.
I'll make those changes as subsequent commits so that this tested checkpoint is
not lost, but also so they can be rejected independently of the actual change
if not wanted.
2015-07-20 12:51:57 +01:00
Joshua Tauberer d3bbc0ec95 bug in new secondary nameservers
forgot a 'continue' statement
see 216acb0eeb
fixes #497
2015-07-20 11:25:16 +00:00
Joshua Tauberer e54608c282 fix occ upgrade to not bail when occ returns 'ownCloud is already latest version' exit code 3, see #496 2015-07-19 13:06:38 +00:00
Joshua Tauberer 9b9a40ddd7 v0.12c
remove live dependency on Sourceforge
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVq5kxAAoJELkgQfTBC92B9uMIALcrGjq7weaL3qRHYRoeVs5C
 /Ov1Lg9QY7PGRl3HtBmFvw50E3coxFCFBfEycK0D9Rue6xF2PHyg8n0DvX5Q2wSD
 A9EWAv27ZPoup8/ggv970lTZSpJzseJs1Km0QeOaapfgzPFFtDDwUbkV8sHQxXi4
 KCFzmlE72rmvsley/u3IlS/dCb07QdLhdIa/ZJYxSIMJdvMqj0enefBOELoeomYC
 ZoNzzzB08eCiyTVd6BTFPBz6CWI6yW203JWoQsSjaz9qEB/N6m9u/PrHBT8VPIRM
 Q/a4gn598eAzcGEjub3ZYmJlnbBSlhvczfljmYgNcgizy/SwByaA1AaAemdwI5s=
 =2FnK
 -----END PGP SIGNATURE-----

Merge tag 'v0.12c'

v0.12c

remove live dependency on Sourceforge

everything was already on master
2015-07-19 08:34:16 -04:00
Joshua Tauberer 1b00184c89 v0.12c release to work-around Sourceforge outage 2015-07-19 08:30:03 -04:00
Joshua Tauberer e11825392d use a temporary mirror for roundcube while Sourceforge is recovering from an outage https://twitter.com/sfnet_ops/status/622171668497076224 2015-07-19 08:25:04 -04:00
Joshua Tauberer 1a995d9e26 forgot to create the pyzor home_dir in 3f606feea3 2015-07-19 08:25:04 -04:00
Joshua Tauberer 53d4820d74 hard-code pyzor sevice URL because 'pyzor discover' is failing because Sourceforge is offline, fixes #496 2015-07-19 08:25:04 -04:00
Joshua Tauberer 40a5fa46d1 use a temporary mirror for roundcube while Sourceforge is recovering from an outage https://twitter.com/sfnet_ops/status/622171668497076224 2015-07-17 20:27:59 -04:00
Joshua Tauberer 05e33edb0d forgot to create the pyzor home_dir in 3f606feea3 2015-07-17 20:26:36 -04:00
Joshua Tauberer 76dba1a521 the ownCloud upgrade must be run after apps are (re-)enabled after an upgrade 2015-07-17 11:44:28 +00:00
Joshua Tauberer f7298a45bd update to ownCloud 8.1.0 2015-07-17 11:44:28 +00:00
Joshua Tauberer 3f606feea3 hard-code pyzor sevice URL because 'pyzor discover' is failing because Sourceforge is offline, fixes #496 2015-07-17 11:44:28 +00:00
Joshua Tauberer 541d9252f6 allow PEM files to have non-Unix line endings 2015-07-17 11:44:28 +00:00
Joshua Tauberer cbbbb117e0 Merge pull request #492 from PortableTech/tlsa
Add TLSA record for SSL connections.
2015-07-13 09:15:12 -04:00
PortableTech 415f95b792 Add TLSA record for HTTPS connections.
While not widely supported, there are some browser addons that can
validate DNSSEC and TLSA for additional out-of-band verification of
certificates when browsing the web.  Costs nothing to implement and
might improve security in some situations.
2015-07-13 09:12:13 -04:00
Joshua Tauberer 5f17abc856 Merge pull request #463 from PortableTech/master
outgoing_mail_header_filters use local hostname and ip
2015-07-11 17:21:55 -04:00
Joshua Tauberer a91995f0a7 Merge pull request #486 from anoma/fail2ban-organise
Optimise FAIL2BAN jail.local
2015-07-11 17:20:34 -04:00
Joshua Tauberer 216acb0eeb merge #476 - multiple secondary NS servers and zone xfr-only servers
closes #476
2015-07-10 15:42:44 +00:00
Joshua Tauberer 5dd5fc4a1c clean up multiple secondary nameservers and zone xfr ip addresses 2015-07-10 15:42:33 +00:00
Brian Bustin 09133c8f59 Initial backend changes to make it possible to have one or more secondary name servers 2015-07-10 14:59:38 +00:00
Joshua Tauberer d08a3095a9 tweak security.md 2015-07-09 13:30:25 -04:00
anoma 593fd242bf Activate FAIL2BAN recidive jail
Recidive can be thought of as FAIL2BAN checking itself. This setup will monitor the FAIL2BAN log and if 10 bans are seen within one day activate a week long ban and email the mail in a box admin that it has been applied . These bans survive FAIL2BAN service restarts so are much stronger which obviously means we need to be careful with them.

Our current settings are relatively safe and definitely not easy to trigger by mistake e.g to activate a recidive IP jail by failed SSH logins a user would have to fail logging into SSH  6 times in 10 minutes, get banned, wait for the ban to expire and then repeat this process 9 further times within a 24 hour period.

The default maxretry of 5 is much saner but that can be applied once users are happy with this jail. I have been running a stronger version of this for months and it does a very good job of ejecting persistent abusers.
2015-07-07 12:37:42 +01:00
anoma e591d9082f Ultra safe dovecot findtime and maxretry settings
Explicitly set the timings and counts for the dovecot jail rather than change the global [DEFAULT] and inherit it for this one jail. These settings are far too safe so a future PR should increase security here.
2015-07-06 13:44:53 +01:00
anoma b6f26c0f1e Revert to defaults FAIL2BAN findtime and maxretry
Reverts the remaining FAIL2BAN settings to default: findtime 600 and maxretry 3. As jail settings override default settings this was hardly being used anyway so it is better to explicitly set it per jail as and when required.
2015-07-06 13:42:41 +01:00
Joshua Tauberer 34b7638342 v0.12b 2015-07-04 11:31:51 -04:00
Joshua Tauberer acd91665b5 setting an alias to forward to two or more addresses was broken since aa33428311
fixes #482
2015-07-04 15:28:45 +00:00
Joshua Tauberer b503ea1cf7 v0.12
--------------------

This is a minor update to v0.11, which was a major update. Please read v0.11's advisories.

* The administrator@ alias was incorrectly created starting with v0.11. If your first install was v0.11, check that the administrator@ alias forwards mail to you.
* Intrusion detection rules (fail2ban) are relaxed (i.e. less is blocked).
* SSL certificates could not be installed for the new automatic 'www.' redirect domains.
* PHP's default character encoding is changed from no default to UTF8. The effect of this change is unclear but should prevent possible future text conversion issues.
* User-installed SSL private keys in the BEGIN PRIVATE KEY format were not accepted.
* SSL certificates with SAN domains with IDNA encoding were broken in v0.11.
* Some IDNA functionality was using IDNA 2003 rather than IDNA 2008.
2015-07-03 10:34:33 -04:00
Joshua Tauberer 091c2e45bf always attempt to upgrade pip packages during setup 2015-07-03 14:25:41 +00:00
Joshua Tauberer 0a78d1d2fa update changelog 2015-07-03 14:15:14 +00:00
Joshua Tauberer ff4780d5fb better error handling of invalid PEM files 2015-07-03 14:00:59 +00:00
PortableTech 07beef3db2 outgoing_mail_header_filters use local hostname and ip
Modify outgoing_mail_header_filters and mail-postfix.sh
files to result in the primary hostname, and the public
ip of the server showing in the first mail header route
instead of unknown and 127.0.0.1.  This could help lower
the spam score of mail sent from your server to some
public mail services.
2015-07-02 16:04:56 -04:00
Joshua Tauberer 0924f8ca7a allow for PEM private keys in the 'BEGIN PRIVATE KEY' format too
see https://discourse.mailinabox.email/t/another-upgrade-failure/630/5
2015-07-02 15:37:26 -04:00
Joshua Tauberer 6302aa6c12 Merge pull request #479 from hnk/patch-1
update docstring to clarify usage of -c option
2015-07-02 13:44:03 -04:00
Hnk Reno da4d9ff607 update docstring to clarify usage of -c option 2015-07-02 19:27:05 +02:00
kri3v dd0bdef640 Added more bantime and lowered max retry attempts
Ban time was too low for preventing ssh brute force attacks, this change also allows to keep the auth.log more clean and avoid wasting cpu and i/o on this. 

Bots eventually will flag your IP as secure and move along.
2015-07-02 12:55:43 -03:00
Joshua Tauberer e57e08088a the control panel would not allow installing a certificate for a www redirect domain, fixes #475 2015-07-02 10:53:54 +00:00
Joshua Tauberer 5e43c394d5 Merge pull request #477 from anoma/master
cleanup and harden of fail2ban
2015-07-02 06:22:57 -04:00
anoma b2eaaeca4b Revert to default 6 ssh/ddos login attempts
No legitimate admin will require 20 login attempts. The default 6 is a sane middle ground especially since in 10 minutes they can try again  or immediately from another IP anyway.
2015-07-02 10:23:48 +01:00
anoma e2d9a523c3 Cleanup blank lines, comments and whitespace to make it easier to follow 2015-07-02 10:19:37 +01:00
anoma 11df1e4680 Unnecessary config item, inherited from default jail.conf 2015-07-02 10:10:50 +01:00
anoma 53d5542402 Revert to default 600 second ban time
A 60 second/1 minute ban time is not long enough to counter brute force attacks which is the main purpose of fail2ban for mail in a box. The default bantime of 10 minutes is still sane and I think we have proven fail2ban is reliable enough not to cause problems in general. It is not worth sacrificing security for the rare case where an admin locks themselves out for 10 minutes.
2015-07-02 10:08:50 +01:00
anoma bfda3f40b9 Unnecessary config item, inherited from default jail.conf 2015-07-02 09:55:59 +01:00
Joshua Tauberer c0ddceb2bd Merge pull request #471 from hnk/patch-1
Set PHPs default charset to UTF-8, since we use it. Closes #367.
2015-06-30 12:00:27 -04:00