rxcomm
bbe27df413
SSHFP record creation should scan nonstandard SSH port if necessary ( #974 )
...
* sshfp records from nonstandard ports
If port 22 is not open, dns_update.py will not create SSHFP records
because it only scans port 22 for keys. This commit modifies
dns_update.py to parse the sshd_config file for open ports, and
then obtains keys from one of them (even if port 22 is not open).
* modified test of s per JoshData request
* edit CHANGELOG per JoshData
* fix typo
2016-10-15 15:36:13 -04:00
Michael Kroes
a658abc95f
Fix status checks for ufw when the system doesn't support iptables ( #961 )
2016-10-08 14:35:19 -04:00
Steve Gregg
8b5eba21c0
Correct typo of "PRIORITY" in the template ( #965 )
2016-10-05 18:43:50 -04:00
Marius Blüm
3ac4b8aca8
Remove Certificate Providers / Fix #950
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-09-27 15:06:50 +02:00
Marius Blüm
5f0376bfbf
Fix typo in alias-page, fixes #943 (merges #949 )
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-09-23 15:11:37 -04:00
Joshua Tauberer
c26bc841a2
more for dnspython exception with IPv6 addresses
...
fixes #945 , corrects prev commit (#947 ) in case of multiple AAAA records, adds changelog
2016-09-23 07:41:24 -04:00
Mathis Hoffmann
163daea41c
dnspython exception with IPv6 addresses
...
see #945 , merges #947
2016-09-23 07:35:53 -04:00
Scott Bronson
102b2d46ab
typo fix: seconday -> secondary ( #939 )
2016-09-18 08:10:49 -04:00
cs@twoflower
00bd23eb04
fix status_checks.py free disk space reporting #932
2016-09-15 17:01:21 +01:00
Joshua Tauberer
35a360ef0b
simplify how munin-cgi-graph is called to reduce the attack surface area
...
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
2016-08-19 12:42:43 -04:00
Marius Blüm
942bcfc7c5
Update Bootstrap to 3.3.7 ( #909 )
...
Signed-off-by: Marius Blüm <marius@lineone.io>
2016-08-15 18:06:12 -04:00
Joshua Tauberer
1aca6fe08f
some minor tweaks to the new users/aliases API documentation
2016-08-08 07:28:10 -04:00
Joshua Tauberer
cf3e1cd595
add SRV records for CardDAV/CalDAV
...
DavDroid's latest version's account configuration no longer just asked for a hostname. Its email address & password configuration mode did not work without a SRV record.
2016-07-31 20:53:57 -04:00
Joshua Tauberer
b044dda28f
put the ufw status checks in the network section, add a punctuation mark, add changelog entry
2016-07-29 09:23:36 -04:00
Joshua Tauberer
f66f39b61d
Merge branch 'ufw_status_check' of https://github.com/yodax/mailinabox
2016-07-29 09:16:22 -04:00
Joshua Tauberer
cbc4bf553d
Merge pull request #880 from schlypel/master
...
Added information about API endpoints
2016-07-29 09:04:27 -04:00
Joshua Tauberer
8844a9185f
Merge pull request #798 from mail-in-a-box/fail2banjails
...
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
2016-07-29 08:52:44 -04:00
schlypel
3249a55f3a
added API info to users page template
2016-06-29 13:35:42 +02:00
schlypel
b58fb54725
added API info to aliases page template
2016-06-29 13:34:54 +02:00
Rinze
1c84e0aeb6
Added received mail count to hourly activity overview in mail log management script
2016-06-10 13:08:57 +02:00
Rinze
ae1b56d23f
Added POP3 support to mail log management script
2016-06-10 11:19:03 +02:00
Rinze
946cd63e8e
Mail log management script cleanup
2016-06-10 10:32:32 +02:00
Michael Kroes
01fa8cf72c
add fail2ban jails for ownCloud, postfix submission, roundcube, and the Mail-in-a-Box management daemon
...
(tests squashed into this commit by josh)
2016-06-06 09:13:10 -04:00
Joshua Tauberer
9ee2d946b7
Merge pull request #821 from m4rcs/before-backup
...
Added a pre-backup script to complement post-backup script.
2016-05-17 19:48:14 -04:00
Arnaud
ff7d4196a6
target to blank for munin link in tempalte ( #822 )
...
adding :
target="_blank"
to
<li><a href="/admin/munin">Munin Monitoring</a></li> on line 96
Why ?
Because when you click on munin link, and follow links, you lose your index, or click back many times...
So i propose my pull request.
Et voilà ^^
2016-05-17 19:46:45 -04:00
aspdye
490b36d86c
Fix #819 ( #823 )
2016-05-17 19:46:10 -04:00
Marc Schiller
69bd137b4e
Added a pre-backup script to complement post-backup script.
2016-05-11 10:11:16 +02:00
Joshua Tauberer
6d259a6e12
use "127.0.0.1" throughout rather than mixing use of an IP address and "localhost"
...
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on.
This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12 .)
I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address.
Fixes #797
2016-05-06 09:10:38 -04:00
Joshua Tauberer
6eeb107ee3
Merge #795 - Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-24 06:27:50 -04:00
aspdye
79a39d86f9
reseller -> provider
2016-04-23 15:18:21 +02:00
aspdye
0ebf33e9df
Make clear that Let's Encrypt is reccomended!
2016-04-23 11:35:02 +02:00
aspdye
f65d9d3196
Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-09 13:27:27 +02:00
Michael Kroes
736b3de221
Improve matching of ufw output. Reuse network service list. Improve messages
2016-04-07 16:03:28 +02:00
Michael Kroes
42f2e983e5
Merge branch 'master' into ufw_status_check
2016-04-07 15:13:59 +02:00
msgerbs
703a963ae5
Add SRV record to the Custom DNS page
...
Add SRV to the drop-down to add a custom DNS zone. I made this change on my up-to-date install and it worked without any issues.
2016-04-05 00:54:26 -05:00
Michael Kroes
c9f30e8059
Add status checks for ufw
2016-04-02 13:41:16 +02:00
Joshua Tauberer
252c35c66e
Merge pull request #772 from yodax/generic-login-message
...
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
2016-03-26 09:22:02 -04:00
Michael Kroes
f292e8fc5b
Add generic login failed message
2016-03-26 14:06:43 +01:00
Michael Kroes
d7d8bda0a4
Instructions on how to create a web site for a domain weren't rendered. Users would miss the step about manually creating the directory to put files in there and wouldn't see anything happen
2016-03-25 13:37:55 +01:00
Joshua Tauberer
74a0359cec
Merge pull request #763 from Neopallium/master
...
Fix creation of custom MX records.
2016-03-23 17:22:42 -04:00
Joshua Tauberer
5edefbec27
merge #735 - Allow a server to be rebooted when a reboot is required
2016-03-23 16:39:40 -04:00
Joshua Tauberer
67555679bd
move the reboot button, fix grammar, refactor check for DRY, add changelog entry
2016-03-23 16:37:15 -04:00
Joshua Tauberer
546d6f0026
merge #674 - Support munin's cgi dynazoom
2016-03-23 16:10:30 -04:00
Joshua Tauberer
bd86d44c8b
simplify the munin_cgi wrapper / add changelog entry
2016-03-23 16:09:19 -04:00
Robert G. Jakabosky
72fcb005b2
Check MX priority.
2016-03-22 03:07:14 +08:00
Robert G. Jakabosky
84638ab11e
Fix creation of custom MX records.
2016-03-21 21:12:08 +08:00
Joshua Tauberer
49ea9cddd1
ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited
2016-03-06 14:39:34 -05:00
Joshua Tauberer
3bbec18ac6
Merge pull request #734 from yodax/dynamicpool
...
Create a temporary multiprocessing pool
2016-02-28 12:39:11 -05:00
Joshua Tauberer
2be373fd06
Merge pull request #727 from yodax/userlist
...
Allow files in /home/user-data/mail/mailboxes
2016-02-28 12:33:38 -05:00
Michael Kroes
b71ad85e9f
Restore an empty line
2016-02-26 09:51:22 +01:00
Michael Kroes
8ea2f5a766
Allow a server to be rebooted when a reboot is required
2016-02-25 21:56:27 +01:00
yodax
6c1357e16c
Merge branch 'master' into dynamicpool
2016-02-23 17:01:13 +01:00
Joshua Tauberer
5cabfd591b
(re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly
...
This was originally fixed in 143bbf37f4
(February 16, 2015). Then I broke it in 7a93d219ef
(November 2015) while doing some refactoring ahead of v0.15.
2016-02-23 10:16:04 -05:00
yodax
721730f0e8
Create a temporary multiprocessing pool
2016-02-23 06:32:01 +01:00
Joshua Tauberer
af80849857
Merge pull request #732 from yodax/memory
...
Reduce percentages for required free memory checks
2016-02-22 15:02:50 -05:00
Joshua Tauberer
4b2e48f2c0
Merge pull request #726 from yodax/login
...
When previous panel was login, move to system_status
2016-02-22 14:44:23 -05:00
yodax
1b24e2cbaf
Reduce percentages for required memory checks
2016-02-22 17:49:19 +01:00
yodax
0843159fb4
Reduce number of processes in the pool to 5
2016-02-22 17:38:30 +01:00
yodax
057903a303
Allow files in /home/user-data/mail/mailboxes
2016-02-21 13:49:07 +01:00
yodax
b8e99c30a2
When previous panel was login, move to system_status
2016-02-20 18:42:28 +01:00
Joshua Tauberer
23ecff04b8
the logic in 4ed23f44e6
for taking backups more often was partly backward
2016-02-18 07:50:59 -05:00
Joshua Tauberer
36cb2ef41d
missing elif
2016-02-16 09:11:54 -05:00
Joshua Tauberer
1ba44b02d4
forgot to catch free_tls_certificates.client.ChallengeFailed
...
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it
2016-02-15 18:22:16 -05:00
Joshua Tauberer
2f24328608
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
...
Made a mistake refactoring the headless variable earlier.
fixes #696
2016-02-13 12:38:16 -05:00
Joshua Tauberer
8ea42847da
nightly status checks could fail if any domains had non-ASCII characters
...
https://discourse.mailinabox.email/t/status-check-emails-empty-after-upgrading-to-v0-16/1082/3
A user on that thread suggests an alternate solution, adding `PYTHONIOENCODING=utf-8` to `/etc/environment`. Python docs say that affects stdin/out/err. But we also use these environment variables elsewhere to ensure that config files we read/write are opened with UTF8 too. Maybe all that can be simplified too.
2016-02-13 11:51:06 -05:00
Joshua Tauberer
4ed23f44e6
take a full backup more often so we don't keep backups around for so long
2016-02-05 11:08:33 -05:00
Joshua Tauberer
178527dab1
convert the backup increment time to the local timezone, fixes #700
...
Duplicity gives times in UTC. We were assuming times were in local time.
2016-02-05 08:58:07 -05:00
Wolf-Bastian Pöttner
239eac662c
Fix: Correct IP is reported when using custom DNS
...
Fix bug that reports wrong ip, when custom DNS is enabled
2016-02-04 21:32:11 +01:00
Joshua Tauberer
4e18f66db6
tls control panel: only show integral seconds while waiting the requested time from Lets Encrypt, in case we got back a non-integral number of seconds to wait
2016-02-03 08:21:22 -05:00
Joshua Tauberer
83ffc99b9c
change the public URL of bootstrap.sh to setup.sh
2016-01-30 11:19:51 -05:00
mike
6b408ef824
Use utils.shell instead of subprocess.Popen
2016-01-14 10:24:04 -05:00
Jeroen Jacobs
70111dafbc
Removes border and rounded corners from navbar
2016-01-14 15:48:39 +01:00
Joshua Tauberer
faaa74c3a7
tls: hide extra reasons why domains aren't getting a new certificate during setup
2016-01-14 07:21:08 -05:00
mike
8932aaf4ef
needed libcgi-fast-perl and chown log files
2016-01-13 23:55:45 -05:00
mike
6d6f3ea391
Added ability to use munin's dynazoom
2016-01-13 22:20:33 -05:00
Joshua Tauberer
2ad7d0830e
add exception handling for what_version_is_this, fixes #659
2016-01-09 09:23:07 -05:00
Joshua Tauberer
07f9228694
Merge branch 'letsencrypt' for automatic provisioning of TLS certificates from Let's Encrypt
2016-01-09 08:58:35 -05:00
baltoche
36e5772a8e
Update dns_update.py
2016-01-05 16:56:16 +01:00
Joshua Tauberer
2882e63dd8
second part of provisioning tls certificates from the control panel
2016-01-04 18:43:17 -05:00
Joshua Tauberer
812ef024ef
status checks: check that the non-primary domains also resolve over IPv6, if configured
2016-01-04 18:43:17 -05:00
Joshua Tauberer
40cdc5aa30
status checks: if a domain's DNS isnt working dont check the TLS certificate because we cant automatically provision one now anyway
2016-01-04 18:43:17 -05:00
Joshua Tauberer
b8d6226a9a
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
2016-01-04 18:43:17 -05:00
Joshua Tauberer
bac15d3919
provision tls certificates from the control panel
2016-01-04 18:43:16 -05:00
Joshua Tauberer
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b1b57f9bfd
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
...
fixes #646
2016-01-04 18:43:16 -05:00
Joshua Tauberer
b6933a73fa
provision and install free SSL certificates from Let's Encrypt
2016-01-04 18:43:16 -05:00
Joshua Tauberer
5033042b8c
backups: email the administrator when there's a problem
...
Refactor by moving the email-the-admin code out of the status checks and into a new separate tool.
This is why I suppressed non-error output of the backups last commit - so it doesn't send a daily email.
2016-01-04 18:43:02 -05:00
Joshua Tauberer
89a46089ee
backups: suppress all output except errors
2016-01-04 18:43:02 -05:00
Joshua Tauberer
e288d7730b
backups: trap an error that occurs as early as getting the current backup status
2016-01-04 18:43:02 -05:00
Joshua Tauberer
06a0e7f3fe
merge #584 - Add checks to the management interface to report memory usage
2016-01-01 18:13:21 -05:00
Joshua Tauberer
a9cd72bbf9
tighten the status text strings for free memory, add changelog entry
2016-01-01 18:12:36 -05:00
Joshua Tauberer
682b1dea5e
changelog/status checks updated for opening the sieve port
2016-01-01 17:53:05 -05:00
Joshua Tauberer
8d19eade85
clarify the backup days option, fixes #570
2015-12-26 12:04:26 -05:00
Joshua Tauberer
d53332b7cf
drop the CSR_COUNTRY setting and ask within the control panel
2015-12-26 11:48:23 -05:00
Joshua Tauberer
392d33b902
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
...
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
2015-12-26 11:01:46 -05:00
Joshua Tauberer
4305a71916
merge #587 - move backup and nightly status checks to 3am in system time
...
previously these were run in a cron.daily script which per crontab is run at 6:25 am local time
2015-12-26 08:42:58 -05:00
Joshua Tauberer
a4d8e12fd7
clean up the backup time patch: dont choose timezone here, move status checks into the same 3am script
2015-12-26 08:41:37 -05:00
Joshua Tauberer
dbf4729109
add management/backup.py --restore
2015-12-23 12:53:38 +00:00
Joshua Tauberer
6e6c993724
reword POP documentation, add to changelog/readme
2015-12-12 08:46:18 -05:00
Marius
f8b4e3775d
Update mail-guide.html (POP3)
2015-12-12 08:41:13 -05:00