2caddb41eb
#1161 Move the config line for mail_domain to always reset the PRIMARY_HOST ( #1163 )
2017-05-06 08:18:50 -04:00
68ebca8a15
Update Z-Push to 2.3.6 ( #1166 )
2017-04-30 07:24:36 -04:00
0c4c2e51bb
bump to Nextcloud 10.0.5
2017-04-24 17:31:54 -04:00
828512b95a
changelog entries
2017-04-17 07:51:01 -04:00
add985ce5d
letencrypt now supports idna, remove the check/block
2017-04-17 07:45:08 -04:00
00c61dbcdd
changelog entry for migration to Nextcloud
2017-04-02 07:53:56 -04:00
453091f1fb
v0.22 released
2017-04-02 07:34:14 -04:00
653cb7ce10
roundcube 1.2.4, persistent login plugin
2017-03-26 09:50:00 -04:00
d7d8964afc
changlog entries
2017-03-26 09:31:35 -04:00
9c9cae2096
Added an alternative mail log scanning script for use from the command line (and monitoring, at a later stage)
...
merges #970
2017-03-26 09:13:35 -04:00
86621392f6
support SSHFP records for custom domains ( #1114 )
2017-03-09 09:05:52 -05:00
368b9c50d0
add DSA and ED25519 SSHFP records if those keys are present ( #1078 )
2017-03-01 08:02:41 -05:00
2c86fa3755
merge v0.21c hot fix release
2017-02-01 11:26:32 -05:00
3c05fc94ff
v0.21c
2017-02-01 11:01:11 -05:00
e694f57673
changelog entries
2017-01-15 11:23:59 -05:00
ab2367e98a
v0.21b
2016-12-05 17:36:11 -05:00
e03b071e8b
missed changelog header
2016-11-30 12:50:38 -05:00
df93d82d0f
v0.21 released
2016-11-30 12:42:24 -05:00
abb6a1a070
changelog entries
2016-11-12 09:34:52 -05:00
155bcfc654
Add ownCloud 9.1.1 to the changelog ( #984 )
2016-10-21 10:12:46 -04:00
4b07a6aa8f
disable nested checker checks ( #972 )
...
fixes #967
2016-10-18 14:15:33 -04:00
fd6226187a
lower memory requirements to 512MB, display a warning if system memory is below 768MB. ( #952 )
2016-10-15 15:41:25 -04:00
bbe27df413
SSHFP record creation should scan nonstandard SSH port if necessary ( #974 )
...
* sshfp records from nonstandard ports
If port 22 is not open, dns_update.py will not create SSHFP records
because it only scans port 22 for keys. This commit modifies
dns_update.py to parse the sshd_config file for open ports, and
then obtains keys from one of them (even if port 22 is not open).
* modified test of s per JoshData request
* edit CHANGELOG per JoshData
* fix typo
2016-10-15 15:36:13 -04:00
a658abc95f
Fix status checks for ufw when the system doesn't support iptables ( #961 )
2016-10-08 14:35:19 -04:00
da5497cd1c
Update changelog entries
2016-09-28 08:37:24 +02:00
4e4fe90fc7
v0.20
2016-09-23 07:49:13 -04:00
3cd5a6eee7
changelog entries
2016-09-23 07:46:01 -04:00
c26bc841a2
more for dnspython exception with IPv6 addresses
...
fixes #945 , corrects prev commit (#947 ) in case of multiple AAAA records, adds changelog
2016-09-23 07:41:24 -04:00
d73d1c6900
changelog typos
2016-08-24 07:47:55 -04:00
27b4edfc76
v0.19b
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXuHvJAAoJELkgQfTBC92B2IsIAJl+tQkkVp5cu4zuSLOpHj73
LFGGCrGTSMwuyNbnklkLmLIfRxlmNfHNfQqHYhxJQq7JVLuDRJS2rTJnSWGg4PuE
vyrjOEFNNqFp9cy00j6NMUUcJa4kte4cvMg3Sonz7JkVwS3fxp7hSgZknYOjlLvh
R/FmrqVhpDtTZRtMjcQaCtCTWUEETYFLsJZ2iZkIlpGhoxPGEhKZquNrT0s3qrNv
Rwf6O3i9RIS/bOu2lWI+ymdStPVJnn+deRTBWPpsxXdNC/NG9+gWiqGgRnjTBbMO
uzH1hYct+J6TWeNpesECfMMjTOZ+T7yrRJc1s9ThuLokyAlo9yf4E5YFziZ0hi4=
=JxNp
-----END PGP SIGNATURE-----
merge v0.19b hot fix release
2016-08-20 11:50:26 -04:00
ba75ff7820
v0.19b
2016-08-20 11:48:08 -04:00
a14b17794b
simplify how munin-cgi-graph is called to reduce the attack surface area
...
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
The vulnerability was created by 6d6f3ea391#914 .
This is the v0.19b hotfix commit.
2016-08-20 11:47:44 -04:00
86457e5bc4
merge: fail2ban broke, released v0.19a
2016-08-18 08:39:31 -04:00
7c9f3e0b23
v0.19a
2016-08-18 08:36:28 -04:00
83d8dbca3e
fail2ban won't start until the roundcube log file is created
...
fixes #911
2016-08-18 08:32:14 -04:00
e9368de462
[merge #902 ] Upgrade ownCloud from 8.2.3 to 8.2.7
...
Merge https://github.com/mar1u5/mailinabox
fixes #901
2016-08-13 17:36:08 -04:00
cdd0a821eb
v0.19
...
closes #898
2016-08-13 17:27:10 -04:00
6f165d0aeb
Update Changelog
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-08-09 00:58:10 +02:00
fc5cc9753b
roundcube 1.2.1
2016-08-08 07:32:02 -04:00
cf3e1cd595
add SRV records for CardDAV/CalDAV
...
DavDroid's latest version's account configuration no longer just asked for a hostname. Its email address & password configuration mode did not work without a SRV record.
2016-07-31 20:53:57 -04:00
b044dda28f
put the ufw status checks in the network section, add a punctuation mark, add changelog entry
2016-07-29 09:23:36 -04:00
6de7d59f14
changelog entries
2016-07-29 09:12:01 -04:00
8844a9185f
Merge pull request #798 from mail-in-a-box/fail2banjails
...
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
2016-07-29 08:52:44 -04:00
3055f9a79c
drop SSLv3, RC4 ciphers from SMTP port 25
...
Per http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html , Google is about to do the same.
fixes #611
2016-06-12 09:11:50 -04:00
01fa8cf72c
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
...
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
61744095a8
Update Roundcube to 1.2.0
...
closes #840
2016-06-06 07:32:54 -04:00
6666d28c44
v0.18c
2016-06-02 15:47:45 -04:00
66675ff2e9
Dovecot LMTP accepted all mail regardless of whether destination was a user, broken by ae8cd4ef, fixes #852
...
In the earlier commit, I added a Dovecot userdb lookup. Without a userdb lookup, Dovecot would use the password db for user lookups. With a userdb lookup we can support iterating over users.
But I forgot the WHERE clause in the query, resulting in every incoming message being accepted if the user database contained any users at all. Since the mailbox path template is the same for all users, mail was delivered correctly except that mail that should have been rejected was delivered too.
2016-06-02 08:05:34 -04:00
1ad5892acd
can't change roundcube's default_host setting, partially reverts 6d259a6e12
...
The default_host setting is a part of the internal username key. We can't change that without causing Roundcube to create new internal user accounts.
2016-05-16 07:14:45 -04:00
94b7c80792
v0.18
2016-05-15 20:41:31 -04:00
6d259a6e12
use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost"
...
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.
This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12 .)
I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.
Fixes #797
2016-05-06 09:10:38 -04:00
e7fffc66c7
changelog tweaks, fixes #805
2016-05-06 08:51:53 -04:00
8548ede638
Merge pull #806 - Update Roundcube to 1.1.5
2016-04-24 06:31:28 -04:00
d3818d1db6
changelog entries
2016-04-13 18:42:53 -04:00
7e0f534aea
Add ownCloud update to changelog
2016-04-08 14:04:15 +02:00
1a1d125b31
v0.17c
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJW/mJqAAoJELkgQfTBC92B/F8H/2s6wKhzzeoqkhLU2nvYJh0B
Q1d0SbtdQWIWrTQbcjIR3aGYwJzJ+HC7rylrwS4lB2ugpJBA0MnfD+ktwbe/EyDa
pN6WLlmnXyAw28//ubq0FQqC8Gawsj4WMfmSEw/XuDShik8XJmU7QUEnewClJ7So
ko4eVp9KL8MU3Rj/DebhyoW0EjpB/qrJvLSqtj4KCxKYES9J8nUVBFVRDL48yNx4
2KTIjqreGZmtW0/wxPnganMeV6DZn3B6vBmqOYYvw7bf6r/cY0ZkNK/ENlo+ntJD
3jFKki4TJChhGVWH5T4Tw2bys4Cua1+SA3cleNRH1rYSvRWyOCwK+LS4YBJHYp4=
=umMp
-----END PGP SIGNATURE-----
merge hotfix release tag 'v0.17c' into master
The hotfixes were all already applied to master in original PRs. This merge merely brings over the CHANGELOG and the updated install instructions (v0.17b=>v0.17c), including to bootstrap.sh which is what triggers v0.17c being the latest release.
2016-04-01 08:00:10 -04:00
86881c0107
v0.17c
2016-04-01 07:58:28 -04:00
3843f63416
hotfix merge #772 - yodax/generic-login-message
...
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
2016-03-31 10:46:38 -04:00
703e6795e8
hotfix merge #769 - update the Roundcube html5_notifier plugin from version 0.6 to 0.6.2
...
fixes Roundcube getting stuck for some people, hopefully fixes #693
2016-03-31 10:46:34 -04:00
b3223136f4
hotfix - install roundcube from our own mirror, hosted in Josh's AWS S3 account, because sourceforge is down all the time
...
fixes #750 , see #701 , see #370
was df92a10eba
2016-03-31 10:35:48 -04:00
aa1fdaddaf
hotfix merge #755 - Prevent click jacking of the management interface
2016-03-31 10:34:52 -04:00
7fa9baf308
hotfix merge #744 - Fix for putty Line Drawing issues
2016-03-31 10:33:42 -04:00
eb8cfaab75
changelog entry for html5_notifier bump
2016-03-31 10:20:13 -04:00
df92a10eba
install roundcube from our own mirror, hosted in Josh's AWS S3 account, because sourceforge is down all the time
...
fixes #750 , see #701 , see #370
2016-03-23 17:31:24 -04:00
56591abbc2
merge #766 - Configure bayes_file_mode in spamassassin/local.cf
2016-03-23 17:17:30 -04:00
313a86d0fa
add changelog entry for bayes file permissions
2016-03-23 17:16:50 -04:00
083e3cf755
merge #757 (squashed) - add swap space to low-memory systems
2016-03-23 17:07:40 -04:00
696bbe4e82
Add a swap file to the system if system memory is less than 2GB, 5GB of free disk space is available, and if no swap file yet exists
2016-03-23 17:07:04 -04:00
cdedaed3b0
merge #744 - Fix for putty Line Drawing issues
2016-03-23 16:51:01 -04:00
c01f903413
edit NCURSES_NO_UTF8_ACS's comment, add changelog entry
2016-03-23 16:50:27 -04:00
5edefbec27
merge #735 - Allow a server to be rebooted when a reboot is required
2016-03-23 16:39:40 -04:00
67555679bd
move the reboot button, fix grammar, refactor check for DRY, add changelog entry
2016-03-23 16:37:15 -04:00
546d6f0026
merge #674 - Support munin's cgi dynazoom
2016-03-23 16:10:30 -04:00
bd86d44c8b
simplify the munin_cgi wrapper / add changelog entry
2016-03-23 16:09:19 -04:00
d881487d68
v0.17b
2016-03-01 07:23:20 -05:00
33d07b2b54
ownCloud moved their source code to a new location, breaking our installation script.
...
Fixes #741 .
2016-03-01 07:23:16 -05:00
f9ca440ce8
v0.17
2016-02-25 18:36:14 -05:00
d880f088be
fix changelog description of a bug, see #725
2016-02-23 10:24:26 -05:00
5cabfd591b
(re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly
...
This was originally fixed in 143bbf37f47a93d219ef
2016-02-23 10:16:04 -05:00
af80849857
Merge pull request #732 from yodax/memory
...
Reduce percentages for required free memory checks
2016-02-22 15:02:50 -05:00
7a191e67b8
Add a changelog entry
2016-02-22 21:01:33 +01:00
a2e6e81697
Add a changelog entry
2016-02-22 19:14:46 +01:00
a0bae5db5c
update changelog
2016-02-18 07:18:51 -05:00
5e4c0ed825
Revert "install boto (py2) via the package manager, not pip (used by duplicity)"
...
This reverts commit b32cb6229bFixes #627 . Fixes #653 . Closes #714 .
2016-02-18 06:54:23 -05:00
36cb2ef41d
missing elif
2016-02-16 09:11:54 -05:00
3d5a35b184
typo
2016-02-15 18:47:19 -05:00
87d3f2641d
merge #685 - tweak postfix mail queue/warn/bounce times
2016-02-15 18:44:56 -05:00
1ba44b02d4
forgot to catch free_tls_certificates.client.ChallengeFailed
...
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it
2016-02-15 18:22:16 -05:00
2f24328608
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
...
Made a mistake refactoring the headless variable earlier.
fixes #696
2016-02-13 12:38:16 -05:00
8ea42847da
nightly status checks could fail if any domains had non-ASCII characters
...
https://discourse.mailinabox.email/t/status-check-emails-empty-after-upgrading-to-v0-16/1082/3
A user on that thread suggests an alternate solution, adding `PYTHONIOENCODING=utf-8` to `/etc/environment`. Python docs say that affects stdin/out/err. But we also use these environment variables elsewhere to ensure that config files we read/write are opened with UTF8 too. Maybe all that can be simplified too.
2016-02-13 11:51:06 -05:00
4ed23f44e6
take a full backup more often so we don't keep backups around for so long
2016-02-05 11:08:33 -05:00
178527dab1
convert the backup increment time to the local timezone, fixes #700
...
Duplicity gives times in UTC. We were assuming times were in local time.
2016-02-05 08:58:07 -05:00
77937df955
bind postfix to the right network interface when sending outbound mail so that SPF checks on the receiving end will pass
...
fixes #3 (again)
2016-02-01 12:36:52 -05:00
4db8efa0df
bump Roundcube to 1.1.4
2016-02-01 12:31:42 -05:00
5895aeecd7
fixed typo
2016-01-31 11:01:00 +10:30
3615772b2d
v0.16
2016-01-30 11:15:14 -05:00
78729bd277
update CHANGELOG
2016-01-27 20:23:41 -05:00
2ad7d0830e
add exception handling for what_version_is_this, fixes #659
2016-01-09 09:23:07 -05:00
5045e206c2
roundcube file ownership should not preserve uid/gid from the release tarball, tar (when run as root) should always extract using --no-same-owner, fixes #667
2016-01-09 09:17:45 -05:00
07f9228694
Merge branch 'letsencrypt' for automatic provisioning of TLS certificates from Let's Encrypt
2016-01-09 08:58:35 -05:00
Git Repository
Michael Kroes
Joshua Tauberer
Rinze de Laat
Sean Watson
Tristan Hill
rxcomm
Marius Blüm
aspdye
X O