1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-24 02:37:05 +00:00
Commit Graph

13 Commits

Author SHA1 Message Date
Michael Kropat
d904feb399 Filter privacy-sensitive headers on outgoing mail
By default, Postfix adds a Received header — on all mail that you send —
that lists the IP of the device you sent the mail from.  This feature is
great if you're a mail provider and you need to debug why one user is
having sending issues.  This feature is not so great if you run your own
mail server and you don't want every recipient of every email you send
to know the device and IP you sent the email from.

To limit this filtering to outgoing mail only, we apply the filters just
to the submission port.  See these guides [1] [2] for more context.

I have taken care to make the configuration logic be **idempotent**.
Unfortunately, due to the syntax of `master.cf`, this requires a small
amount of `sed` and `perl` wizardry :(

In addition to filtering the Received header, the
`submission_header_checks` file is currently configured to filter other,
privacy-sensitive headers.  If people object, we can remove those
filters.  The important thing is that the IP be filtered or masked.

  [1] http://askubuntu.com/a/78168/11259
  [2] http://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/
2014-06-08 15:38:49 -04:00
Joshua Tauberer
51dd2ed70b update nginx SSL options, fixes #61 2014-06-03 14:06:02 +00:00
Joshua Tauberer
c54b0cbefc move management into a daemon service running as root
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.

This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
Joshua Tauberer
b646771517 redirect all HTTP to HTTPS and enable HSTS, closes #18 2014-05-14 12:15:11 +00:00
Joshua Tauberer
6fd768d6ee update to @konklone's latest nginx SSL configuration recommendations 2014-04-17 20:27:52 -04:00
Joshua Tauberer
48bbdd9999 branding 2014-04-17 18:05:05 -04:00
Joshua Tauberer
2ebd9706ec add php-fastcgi init script to start the FastCGI process needed to run Roundcube (and any other PHP scripts, really) 2014-03-17 00:03:19 +00:00
Joshua Tauberer
cf0f26d58d update project webpage because I renamed my github account 2014-01-27 15:49:00 +00:00
Joshua Tauberer
afda0405cf apply @konklone's nginx https: recommendations from https://gist.github.com/konklone/6532544 2013-09-14 10:11:47 -04:00
Joshua Tauberer
b4e7d6ba5e create a basic hello world page on http/https 2013-09-08 09:55:58 +00:00
Joshua Tauberer
b770c5370b web and roundcube webmail 2013-09-07 16:53:25 -04:00
Joshua Tauberer
7f63c199a6 move the sieve script configuration to tools/mail.py 2013-09-01 10:40:12 -04:00
Joshua Tauberer
5b82bbb5b3 preliminary script for nginx 2013-09-01 14:24:49 +00:00