Commit Graph

581 Commits

Author SHA1 Message Date
Michael Kropat 9e63ec62fb Cleanup: remove env dependency 2014-06-22 08:55:19 -04:00
Michael Kropat d100a790a0 Remove API_KEY_FILE setting 2014-06-22 08:45:29 -04:00
Michael Kropat 554a28479f Merge remote-tracking branch 'upstream/master' into mgmt-auth
Conflicts:
	management/daemon.py
2014-06-21 21:29:25 -04:00
Joshua Tauberer 064d75e261 Merge pull request #73 from mkropat/syslog-logging
Tell Flask to log to syslog
2014-06-21 21:22:27 -04:00
Michael Kropat 067052d4ea Add key-based authentication to management service
Intended to be the simplest auth possible: every time the service
starts, a random key is written to `/var/lib/mailinabox/api.key`. In
order to authenticate to the service, the client must pass the contents
of `api.key` in an HTTP basic auth header. In this way, users who do not
have read access to that file are not able to communicate with the
service.
2014-06-21 23:42:48 +00:00
Michael Kropat 53e15eae15 Tell Flask to log to syslog
- Writes Flask warnings and errors to `/var/log/syslog`
- Helps to debug issues when running in production
2014-06-21 23:25:35 +00:00
Joshua Tauberer 67d31ed998 move the SSL setup into its own bash script since it is used for much more than email now 2014-06-21 22:16:46 +00:00
Joshua Tauberer 5faa1cae71 manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:55:12 +00:00
Joshua Tauberer 126ea94ccf drop support for ADSP which since last November is no longer recommended per http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/ 2014-06-18 22:56:55 -04:00
Joshua Tauberer 95e61bc110 add DANE TLSA records to the PUBLIC_HOSTNAME's DNS
Postfix has a tls_security_level called "dane" which uses DNS-Based Authentication of Named Entities (DANE)
to require, if specified in the DNS of the MX host, an encrpyted connection with a known certificate.

This commit adds TLSA records.
2014-06-19 01:39:27 +00:00
Joshua Tauberer 699bccad80 missing spaces in nsd.conf (has no effect but looks proper) 2014-06-18 23:53:52 +00:00
Joshua Tauberer afb6c26c8b run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server
see #71
2014-06-18 19:45:47 -04:00
Joshua Tauberer 761fac729b nsd.conf wasn't properly using the signed zone files 2014-06-18 23:30:35 +00:00
Joshua Tauberer dd15bf4384 use a better sort order for records in DNS zone files 2014-06-17 23:34:06 +00:00
Joshua Tauberer 14396e58f8 dont create a separate zone for PUBLIC_HOSTNAME if it is a subdomain of another zone (hmm, this is a general principle that could apply to any two domains the box is serving) 2014-06-17 23:30:00 +00:00
Joshua Tauberer 33f06f29c1 let the user override some DNS records 2014-06-17 22:21:51 +00:00
Joshua Tauberer 88709506f8 add DNSSEC
* sign zones
* in a cron job, periodically re-sign zones because they expire (not tested)
2014-06-17 22:21:12 +00:00
Joshua Tauberer aaa735dbfe write nsd.conf zones in a predictable order so that we don't keep rewriting it 2014-06-12 22:28:37 -04:00
Joshua Tauberer e9cde52a48 two more cases of shelling out external programs in a more secure way, see cecda9cec5 2014-06-12 21:06:04 -04:00
Joshua Tauberer 8bd62aa3bc increase duplicity's volume size from the default of 25MB to 100MB so we create fewer files 2014-06-09 13:47:41 +00:00
Joshua Tauberer 5490142df5 re-do the backup script to use the duplicity program
Duplicity will manage the process of creating incremental backups for us.
Although duplicity can both encrypt & copy files to a remote host, I really
don't like PGP and so I don't want to use that.

Instead, we'll back up to a local directory unencrypted, then manually
encrypt the full & incremental backup files. Synchronizing the encrypted
backup directory to a remote host is a TODO.
2014-06-09 09:34:52 -04:00
Joshua Tauberer cecda9cec5 management: shell out external programs in a more secure way 2014-06-09 08:09:45 -04:00
Michael Kropat ae67409603 Support dual-stack IPv4/IPv6 mail servers
Addresses #3

Added support by adding parallel code wherever `$PUBLIC_IP` was used.
Providing an IPv6 address is completely optional.

Playing around on my IPv6-enabled mail server revealed that — before
this change — mailinabox might try to use an IPv6 address as the value
for `$PUBLIC_IP`, which wouldn't work out well.
2014-06-08 18:32:52 -04:00
Joshua Tauberer 242cadebc8 allow dashes in emails during validation, and for aliases allow a much wider range of characters, fixes #64
* for local mail users, also disallows periods at the beginning or end of the local or domain parts
* Dovecot gets confused if the string contains any unusual characters, so local mail users are restricted to a narrow regex
* for mail aliases Postfix is not confused so use a regex based on RFC 2822
2014-06-06 10:51:36 -04:00
Joshua Tauberer f1dac1fe13 show less output when updating DNS configuration 2014-06-06 10:51:36 -04:00
Joshua Tauberer 6194c63f76 add management comments for checking for updated Ubuntu packages and applying updates 2014-06-05 20:57:30 +00:00
Joshua Tauberer 295981828f Vagrantize
* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started
2014-06-04 19:39:58 -04:00
Joshua Tauberer 7fa4862f1a refactor dns_update so that the zone is first generated in a file-format agnostic way 2014-06-04 19:00:31 -04:00
Joshua Tauberer 8ed15168c0 the new dns_update totally forgot to write the OpenDKIM tables 2014-06-04 18:44:13 -04:00
Joshua Tauberer 89730bd643 new backup script, see #11 2014-06-03 21:16:38 +00:00
Joshua Tauberer c54b0cbefc move management into a daemon service running as root
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.

This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00