Commit Graph

852 Commits

Author SHA1 Message Date
David Duque 7de99aa690 v0.50 (September 25, 2020)
--------------------------
 
 Setup:
 
 * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.
 
 Mail:
 
 * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
 * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
 
 DNS:
 
 * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
 * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.
 
 TLS:
 
 * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
 
 Control Panel:
 
 * The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
 * User passwords can now have spaces.
 * Status checks for automatic subdomains have been moved into the section for the parent domain.
 * Typo fixed.
 
 Web:
 
 * The default web page served on fresh installations now adds the `noindex` meta tag.
 * The HSTS header is revised to also be sent on non-success responses.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9t2AgPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BZNkH/1jIGoWTz0xlS+e+TeXpHoCp/7zYAvQq/a/y
 vj9t1N1+bBg6Ywbd8UxyvOHwuL/UQU/5LTq6hk3gD+2ARfJUvDRbb047Xzlisg3N
 LhNoVhVbsxqKP1X2ZjeIBq9DgzMavuB64Bwd5UNdceM0Addi8KuCDOMF+FNY2t8k
 xytGjYdBi1/BG6SLBX+FAm5yrJghmkUJs2FnJjebSyyeV2HP3L1iBrk2N8UBd6PU
 fVjde534lgygFZK/8yXJpY2olfLMYJv7CaOMxvaW6RpbMI8VeLwDLfRt5LcrQZqq
 YXkuEnUI0eygbQYkeK/Vr1Vey6uQAWzIfbImEglHfvOXsZSYFXs=
 =SJNM
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl9vB/0ACgkQLzJ3OKPA
 rjpXTg/+L2W6LXtqJcDdPiLb7uRJ1a+R7DAPPLhZOXT8alFt6g2nAJHHI3NxKWVM
 KsrSGlL+XSw744tfEzw21WsDuoME2F536/q4V4iprQx0LSJ61EQtqFYABbHT7lSc
 EyJellcIBxvK9ZTrHhJy3jVJL5eEkrHr4YpaRd68CZGneziMbxZusrlD23OfOn+U
 Pi6O39+Xh9lB4nxMfzkjYwCPEyNsTaCieKforPE+7TYh6d5NFHp22e2/yNEwYHhv
 90txul+/ByeT6UNFsVQ+QXCpMr/m06W9zbCDgrArol12MlgeAg4bL2trgDUV2D9j
 Dpfo1SYo/VUYetlT98adxW7BK2JuGe3SsFDrgjNPDyMBZRoybLY/l1X5TF5d7dq/
 bhgDcHXSJ6iBmhZ8nGDuBWhiEld9orn/9vfj/nHmleurXxgDwMcGKn0eINDuX8Xd
 NauJdhyOiZLfy8+Rha9ltLlFC/sX8nq0o6iM1Xr+4UOTFVVxlVadkPTMOxuRIQfD
 +JaMRCoXLfbAknoGdKfAcxEAzzyylO6z4Ztj/fVp9SHjQgby1paLpJMHEVUaQzEZ
 VYqdOzmz7vrV1H5OHOIy6mthQrTw+Mg4KubJs7w99e3pZKJBpvp55+DLvA0JhKLD
 dVXqr7rBTkLk/tg4u2SWlj3aZOnkzMz0Iwiu5X+hx3kLl0f3Zgk=
 =VgsY
 -----END PGP SIGNATURE-----

Merge v0.50 from upstream
2020-09-26 10:21:01 +01:00
Joshua Tauberer 51aedcf6c3 Drop the MTA-STS TLSRPT record unless set explicitly 2020-09-21 15:57:17 -04:00
Felix Spöttel 7d6427904f Typo 2020-09-12 16:38:44 +02:00
Felix Spöttel dcb93d071c Add TOTP secret to user_key hash
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
2020-09-12 16:34:06 +02:00
Felix Spöttel 2ea97f0643 Do not log failed login attempts for MissingToken errors
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
2020-09-06 13:08:44 +02:00
Felix Spöttel 4791c2fc62 Safeguard against empty mru_token column
* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup
2020-09-06 13:03:54 +02:00
Felix Spöttel 49c333221a Use hmac.compare_digest() to compare mru_token 2020-09-06 12:54:45 +02:00
Felix Spöttel 481a333dc0 Address review feedback, thanks @hija 2020-09-04 20:28:15 +02:00
Felix Spöttel b0df35eba0 conn.close() if mru_token update can't .commit() 2020-09-03 20:39:03 +02:00
Felix Spöttel 08ae3d2b7f Rename internal validate_two_factor_secret => validate_two_factor_secret 2020-09-03 19:48:54 +02:00
Felix Spöttel 7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel ee01eae55e Decouple totp from users table by moving to totp_credentials table
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
2020-09-03 19:07:21 +02:00
Felix Spöttel 89b301afc7 Update OpenApi docs, rename /2fa/ => /mfa/ 2020-09-03 13:54:28 +02:00
Felix Spöttel ce70f44c58 Extract TOTPStrategy class to totp.py
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
2020-09-03 11:19:19 +02:00
Felix Spöttel 6594e19a1f Autofocus otp input when logging in, update layout 2020-09-02 20:30:08 +02:00
Felix Spöttel 8597646a12 Update API route naming, update setup page
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
2020-09-02 19:41:06 +02:00
Felix Spöttel f205c48564 Use pyotp for validating TOTP codes
* also implements resynchronisation support via `pyotp`'s `valid_window option
2020-09-02 19:12:15 +02:00
Felix Spöttel 3c3683429b implement two factor check during login 2020-09-02 17:23:32 +02:00
Felix Spöttel a7a66929aa add user interface for managing 2fa
* update user schema with 2fa columns
2020-09-02 16:48:23 +02:00
David Duque 94da7bb088
status_checks.py: Properly terminate the process pools (#1795)
* Only spawn a thread pool when strictly needed

For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.

* Acquire pools with the 'with' statement
2020-08-09 11:42:39 -04:00
Richard Willis c50170b816
Update "Remove Alias" modal title (#1800) 2020-07-29 10:01:20 -04:00
David Duque 5e597bb536
Update deprecated function from dnspython 2020-07-26 01:00:17 +01:00
David Duque fc0bd12631
Acquire pools with the 'with' statement 2020-07-22 12:42:10 +01:00
David Duque 311e6c63e8
Render the 'Backup now' buttons even if there are already backups 2020-07-21 19:25:48 +01:00
David Duque a0da88834c
Terminate the status checks process pool before exiting 2020-07-21 19:21:46 +01:00
David Duque 967409b157
Drop requirement for passwords to have no spaces (#1789) 2020-07-16 07:23:11 -04:00
David Duque 1b2711fc42
Add 'always' modifier to the HSTS add_header directive (#1790)
This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header)
2020-07-16 07:21:14 -04:00
David Duque c8fbe2dd5d
Determine the PHP version at runtime (instead of at setup-time) 2020-07-15 15:28:02 +01:00
David Duque 515a74ba11
Render the lsb_release at flask init time
Don't change the index.html file at setup time
2020-07-14 11:51:25 +01:00
David Duque b562e7eefa
Hide the 'Create Backup' buttons when backups are turned off 2020-07-11 15:45:50 +01:00
David Duque ccf60c7017
Backups: User-initiated and cron-initiated jobs will have the same lockname
So that some poor timing (initiating a backup when there's a cron-initiated backup)
doesn't screw everything up.
2020-07-11 09:16:32 +01:00
David Duque 79e2398d71
Fix comment 2020-07-11 08:30:05 +01:00
David Duque af9ef186b3
Add manual backup option 2020-07-10 15:48:37 +01:00
David Duque e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses (#1787) 2020-07-08 18:26:47 -04:00
David Duque 199c2c50ba
Backups: Fix backup target selector width 2020-07-08 19:32:24 +01:00
David Duque b98111b4e1
Fix unassigned php version 2020-06-29 09:13:50 +01:00
David Duque fcb44dafa3
Let's encrypt certbot hotfix 2020-06-27 21:32:36 +01:00
David Duque 022a11e159 Merge remote-tracking branch 'up/master' 2020-06-21 15:52:31 +01:00
David Duque 5d6c23cff9 Finalize php configuration 2020-06-21 15:18:46 +01:00
David Duque 0ccbf1b809 Only spawn a thread pool when strictly needed
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
2020-06-21 15:05:17 +01:00
Joshua Tauberer 6fd3195275 Fix MTA-STS policy id so it does not have invalid characters, fixes #1779 2020-06-12 13:09:11 -04:00
David Duque d01069f7f2 Automatically agree to ToS on SSL provision 2020-06-12 09:27:08 +01:00
Joshua Tauberer 9db2fc7f05 In web proxies, add X-{Forwarded-{Host,Proto},Real-IP} and 'proxy_set_header Host' when there is a flag
Merges #1432, more or less.
2020-06-11 12:20:17 -04:00
Joshua Tauberer e03a6541ce Don't make autoconfig/autodiscover subdomains and SRV records when the parent domain has no user accounts
These subdomains/records are for automatic configuration of mail clients, but if there are no user accounts on a domain, there is no need to publish a DNS record, provision a TLS certificate, or create an nginx server config block.
2020-06-11 12:20:17 -04:00
Vasek Sraier df9bb263dc
daily_tasks.sh: redirect stderr to stdout (#1768)
When the management commands fail, they can print something to the standard error output.
The administrator would never notice, because it wouldn't be send to him with the usual emails.
Fixes #1763
2020-06-07 09:56:45 -04:00
Joshua Tauberer 3a4b8da8fd More for MTA-STS for incoming mail
* Create the mta_sts A/AAAA records even if there is no valid TLS certificate because we can't get a TLS certificate if we don't set up the domains.
* Make the policy id in the TXT record stable by using a hash of the policy file so that the DNS record doesn't change every day, which means no nightly notification and also it allows for longer caching by sending MTAs.
2020-05-30 08:04:09 -04:00
Joshua Tauberer 37dad9d4bb Provision certificates from Let's Encrypt grouped by DNS zone
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).

Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.

Fixes #690.
2020-05-29 15:38:18 -04:00
Joshua Tauberer b805f8695e Move status checks for www, autoconfig, autodiscover, and mta-sts to within the section for the parent domain
Since we're checking the MTA-STS policy, there's no need to check that the domain resolves etc. directly.
2020-05-29 15:38:13 -04:00
Joshua Tauberer 10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
A. Schippers afc9f9686a
Publish MTA-STS policy for incoming mail (#1731)
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
David Duque 8ca58798e4
Typo fix 2020-05-28 16:17:10 +01:00
David Duque 235ebe9a4a
Secondary nameservers: Allow IPv6 2020-05-28 15:47:43 +01:00
David Duque 1513655bc4
Make sure that the OS in the admin panel matches the actual system OS 2020-05-17 02:45:35 +01:00
David Duque ad9979f9c6
Make the Show More link an actual button 2020-04-25 04:26:24 +01:00
David Duque e75d89113a
Test 2020-04-25 04:17:55 +01:00
David Duque 7984d103a4
Test 2020-04-25 04:13:46 +01:00
David Duque 4309a6a875
Swap show-button order 2020-04-25 03:51:38 +01:00
David Duque 32e42f14fb
Do not apply custom nginx dotfiles to the default webroot 2020-04-24 17:03:13 +01:00
David Duque d9567c0035
Use proper emojis for status checks 2020-04-24 15:50:01 +01:00
David Duque 372d5d9783
SMTP Relays: Wrap ternary operations correctly 2020-04-21 14:35:51 +01:00
David Duque 2176d59727
Version check will now use the correct endpoint 2020-04-20 23:35:11 +01:00
David Duque ab9dbdf270
Default conf: don't repeat the upstream php conf 2020-04-20 20:01:19 +01:00
David Duque 502a4d2128
Uhhhh, yeah 2020-04-20 19:38:50 +01:00
David Duque 7ff5a336a6
Always assign default config to primary hostname 2020-04-20 19:35:20 +01:00
David Duque c401625a01
Don't overwrite 2020-04-20 19:20:26 +01:00
David Duque 5f15c2e53b
Fix some stuff 2020-04-20 19:15:43 +01:00
David Duque 49da79cbd9
Oops (yet again) 2020-04-20 19:06:19 +01:00
David Duque 7f5a939e50
Throw failure reason (web update) 2020-04-20 18:59:02 +01:00
David Duque 3396bdbb22
Use get_web_root instead of raw indexing 2020-04-20 18:54:27 +01:00
David Duque 8c5ff2b523
Screwed up on the path 2020-04-20 18:28:13 +01:00
David Duque b2c2d61867
Oops 2020-04-20 18:23:45 +01:00
David Duque 72070ee7bd
Create custom nginx files 2020-04-20 18:17:41 +01:00
David Duque b6342d34d2
Start web templating work 2020-04-20 15:55:05 +01:00
David Duque 9a6a35cadc
Update version display 2020-04-20 00:43:20 +01:00
David Duque 4ed014a50c
Add SMTP Relay status checks 2020-04-18 15:00:51 +01:00
David Duque ad3a78a300
relayhost, not relay_host, and key, not pass 2020-04-18 11:56:30 +01:00
David Duque da7fe68daa
pls 2020-04-18 00:38:36 +01:00
David Duque eee5dbf755
Is this it? 2020-04-18 00:22:10 +01:00
David Duque 8f247e3b70
Import other stuff 2020-04-18 00:13:13 +01:00
David Duque 10e4b79423
Fixing editconf input 2020-04-18 00:00:35 +01:00
David Duque 625eca8ea4
Swap tuple by a list 2020-04-17 23:48:39 +01:00
David Duque 858251045d
Cleanup 2020-04-17 23:39:52 +01:00
David Duque b9dec64ea1 Merge branch 'master' of github.com:ddavness/mailinabox 2020-04-17 19:54:44 +01:00
David Duque ca3d794c80
Sanity improvements 2020-04-17 19:54:34 +01:00
David Duque 60294a876d Allow editconf to be ran 2020-04-17 19:36:04 +01:00
David Duque 02c2657569
Oops 2020-04-17 19:06:19 +01:00
David Duque df8bacd0ed
Actually edit the files on Postfix's end 2020-04-17 19:05:05 +01:00
David Duque c653f660bb
Move editconf into management 2020-04-17 18:54:13 +01:00
David Duque 25900758d1
I screwed up badly 2020-04-17 18:09:43 +01:00
David Duque 0e583b9e4f
Booleans are passed as strings 2020-04-17 18:06:16 +01:00
David Duque 6d8e2a5bb9
Cleanup 2020-04-17 10:45:47 +01:00
David Duque 9b6781685a
Move settings away from mailinabox.conf 2020-04-16 22:52:48 +01:00
David Duque 5e080bedb6
Syntax errors. 2020-04-16 22:21:33 +01:00
David Duque 430f6dab38
Actual implementation of the Relay setup daemon 2020-04-16 22:16:02 +01:00
David Duque 7ffc889c08
Bump web dependencies (#1)
- Bootstrap: 3.3.7 -> 4.4.1
- - New admin panel style and respective corrections applied.

- JQuery: 2.1.4 -> 3.5.0
2020-04-16 19:52:01 +01:00
David Duque 785280c86b
Submission 2020-04-16 17:01:49 +01:00
David Duque fcf5544fc8
WIP 2020-04-16 14:09:24 +01:00
David Duque 09b3c37885
Oops 2020-04-16 14:04:45 +01:00
David Duque bf83bd6ff7
MiaB SMTP Daemon: Just return something for now 2020-04-16 12:56:27 +01:00
David Duque 03472788fd
WIP 2020-04-16 12:45:55 +01:00
David Duque 7b60c0850c Merge remote-tracking branch 'up/master' 2020-04-15 18:03:50 +01:00
David Duque 68768ed112
Fix attempt 2020-04-15 18:01:33 +01:00
David Duque 21196620b6
Code debug 2020-04-15 15:02:20 +01:00
David Duque bb26a2d12c
Push script zone to the end of the document 2020-04-14 10:08:11 +01:00
David Duque 687721caf8
Load SMTP settings when entering the page 2020-04-14 10:03:44 +01:00
David Duque 14ee44e8e2
HTML JS Cleanup 2020-04-14 09:52:01 +01:00
Michael Becker 40b21c466d
Fypo fix in users.html (#1748) 2020-04-13 22:10:52 -04:00
David Duque 109d8735c7
Change admin panel footer 2020-04-13 19:32:38 +01:00
David Duque ee688eb184
SMTP Relay Host stub progress 2020-04-13 18:36:56 +01:00
David Duque c004e55c76
SMTP Relay Host stub progress 2020-04-13 18:29:14 +01:00
David Duque 6e462f6523
SMTP Relay Host stub progress 2020-04-13 18:21:33 +01:00
David Duque 51c288dcd5
SMTP Relay Host stub progress 2020-04-13 18:14:39 +01:00
David Duque 6393075f11
SMTP Relay Host stub progress 2020-04-13 18:09:04 +01:00
David Duque 9d23f67e8a
SMTP Relay Host stub progress 2020-04-13 18:05:49 +01:00
David Duque 10993b9154
SMTP Relay Host stub progress 2020-04-13 17:55:00 +01:00
David Duque 3278c8cf94
SMTP Relay Host stub progress 2020-04-13 16:18:26 +01:00
David Duque aa62c6349e
SMTP Relay Host stub progress 2020-04-13 16:13:26 +01:00
David Duque 30221bdb11
SMTP Relay Host stub progress 2020-04-13 15:57:56 +01:00
David Duque 664267357a
SMTP Relay Host stub progress 2020-04-13 15:53:47 +01:00
David Duque 4a20d50eea
SMTP Relay Host stub 2020-04-13 15:34:14 +01:00
David Duque cd4c478986
Add smtp relay html page 2020-04-13 01:24:36 +01:00
David Duque 974c9bba61
Fix status check colors, add SMTP relay stub 2020-04-13 01:16:23 +01:00
David Duque 0d17caccfe
Downgrade port 25 blockage error to warn; mention SMTP relays 2020-04-13 01:10:38 +01:00
David Duque 8d7f6bfb19
Change all occurrences of PHP 7.2 to PHP 7.3 2020-04-13 00:55:48 +01:00
David Duque edb03b7862
Misc changes 2020-04-12 23:54:35 +01:00
Sumit d67e09f334
Allowing adding nginx aliases in www/custom.yaml (#1742)
with this nginx will keep on proxying requests and serve static content
instead of passing this responsibility to proxied server

Without this the one needs to run an additional server to server static
content on the proxied url
2020-04-11 14:17:46 -04:00
Jarek Jurasz db9637ce4f Fix Feb 29 issue #1733 2020-03-03 20:59:28 +01:00
Jarek Jurasz f908bc364e mail_log.py reading forward #1593 2020-03-03 20:56:30 +01:00
Matthias Hähnel cd62fd9826 Update usage hint in backup.py (#1662)
removed explicit call of the system python, cause the file has a shebang with the mail-in-a-box shipped python. 
for me the system python complaint, that it is missing some modules
2019-11-23 08:04:22 -05:00
Joshua Tauberer f6f75f6fab Don't fail when resolving zone transfer IP addresses since a nameserver may not have an IPv6 address 2019-11-19 09:57:33 -05:00
Edwin Schaap 2f54f39f31 If xfr is subnet, do not create "notify" entry (#1672) 2019-11-10 11:58:22 -05:00
Dan Jensen cde4e0caca Change SSL notification email subject (#1653)
Previously the notification email sent when a box's SSL certificate
is automatically updated said, "Error Provisioning TLS Certificate"
even when there was no error. This changes the subject line to "TLS
Certificate Provisioning Results", which is more accurate.
2019-11-02 15:29:05 -04:00
notEvil 7558ffd4f3 Allow dns zone transfer from IPv6 (#1643) 2019-10-28 06:31:50 -04:00
Victor 50e9e8af30 Sort custom dns table based on fqdn, rtype, and value (#1651) 2019-10-28 06:29:40 -04:00
Joshua Tauberer a70ba94b0c add autoconfig domains before subtracting domains with overridden A records so that a custom DNS record can be used to suppress TLS certificate generation for those domains if needed 2019-09-10 07:11:16 -04:00
Joshua Tauberer 3ff9817325 document the xfr: CIDR notation, fix spaces vs tabs and syntax error, broken by c7377e602d, #1616 2019-08-31 08:50:44 -04:00
Kim Schulz c7377e602d make it possible to use subnet addresses for axfr (#1616)
it is sometimes needed to be able to set axfr to more than just one ip address. This can be done with multiple xfr: in  the secondary dns input but if you need to add an entire subnet segment (xxx.xxx.xxx.0/yy) then it will not work.
With this patch it is now possible to use a subnet as input for xfr the same way as if it was an ip address.
2019-08-31 08:00:18 -04:00
Snacho 08021ea19f Fix an issue when Secondary NS has multiple A records (#1633)
If a custom secondary NS server has multiple A records status_checks.py will fail with a timeout and Web UI won't load.
2019-08-31 07:58:12 -04:00
captainwasabi c4cb828f65 Fix rsync backup options string: extraneous single quotes causing problems (#1629)
The resulting command had nested single quotes which doesn't work

I think this fixes all/most of the issues in #1627.  I am getting a full backup, then the next time it's run I get an incremental.  running from the CLI with --status looks good, --verify looks good, and --list looks good.
2019-08-13 05:57:05 -04:00
captainwasabi 0657f9e875 add proper check for DNS error in list_target_files (#1625)
The elif needed to check to see if the string was in the listing of results of the shell command.  As it was the conditional was just the string which always evaluates to true and was therefore giving a misleading error message.
2019-08-13 05:47:11 -04:00
jvolkenant fd5b11823c Add AAAA records for autodiscover & autoconfig (#1606) 2019-07-10 06:28:37 -04:00
Michael Heuberger 0d4c693792 Add missing login form method to keep LastPass happy (#1565) 2019-05-12 05:10:34 -07:00
Pascal Garber 77b2246010 Backup Amazon S3: Added support for custom endpoints (#1427) 2019-05-12 05:09:30 -07:00
jvolkenant aff80ac58c Autodiscovery fix for additional hosted email domains, Fixes #941 (#1467) 2019-05-09 10:13:23 -07:00
mbraem fb25013334 user privileges is a set (#1551)
fixes #1540
2019-04-14 14:17:43 -04:00
Ryan Stubbs bad38840d8 Fix type on alias edit page (#1520) 2019-02-11 20:14:56 -05:00
Joshua Tauberer 0d4565e71d merge master branch 2018-12-02 18:19:15 -05:00
Joshua Tauberer a211ad422b add a note on the aliases page that aliases should not be used to forward to outside domains
fixes #1198
2018-12-02 18:02:00 -05:00
Joshua Tauberer ef28a1defd show the Mail-in-a-Box version in the system status checks even when the new-version check is disabled
fixes #922
2018-12-02 18:02:00 -05:00
Joshua Tauberer c5c413b447 remove user account mailbox size from the control panel because it takes way too long to compute on very large mailboxes
fixes #531
2018-12-02 18:02:00 -05:00
Joshua Tauberer d2beb3919b document password character limitation
fixes #407
2018-12-02 18:02:00 -05:00
jeff-h 000363492e Improve greylisting explanation. (#1447)
Hopefully this improves the accuracy of the greylisting description.
2018-12-02 17:58:26 -05:00
jeff-h 5be74dec6e Improve postgrey logging (#1448)
We can't presume the redelivery timeframe of the sending server. However, we do know the blacklist timeframe within which we will reject a redelivery.
2018-12-02 17:57:37 -05:00
Joshua Tauberer 870b82637a fix some wrong variable names, fixes #1353 2018-11-30 10:46:54 -05:00
Joshua Tauberer dc6458623d add a note on the aliases page that aliases should not be used to forward to outside domains
fixes #1198
2018-11-30 10:46:54 -05:00
Joshua Tauberer 60f9c9e3b7 show the Mail-in-a-Box version in the system status checks even when the new-version check is disabled
fixes #922
2018-11-30 10:46:54 -05:00
Joshua Tauberer b05b06c74a remove user account mailbox size from the control panel because it takes way too long to compute on very large mailboxes
fixes #531
2018-11-30 10:46:54 -05:00
Joshua Tauberer 7f8f4518e3 document password character limitation
fixes #407
2018-11-30 10:46:54 -05:00
Joshua Tauberer 86e2cfb6c8 remove old duplicity migration code from 2015, see 42322455 2018-11-30 10:46:54 -05:00
Joshua Tauberer f739662392 duplicity started creating signature files with invalid filenames, fixes #1431 2018-10-13 16:16:30 -04:00
Joshua Tauberer 3dbd6c994a update bind9 configuration 2018-10-03 14:28:43 -04:00
Joshua Tauberer bbfa01f33a update to PHP 7.2
* drop the ondrej/php PPA since PHP 7.x is available directly from Ubuntu 18.04
* intall PHP 7.2 which is just the "php" package in Ubuntu 18.04
* some package names changed, some unnecessary packages are no longer provided
* update paths
2018-10-03 13:00:15 -04:00
Christopher A. DeFlumeri d96613b8fe minimal changeset to get things working on 18.04
@joshdata squashed pull request #1398, removed some comments, and added these notes:

* The old init.d script for the management daemon is replaced with a systemd service.
* A systemd service configuration is added to configure permissions for munin on startup.
* nginx SSL settings are updated because nginx's options and defaults have changed, and we now enable http2.
* Automatic SSHFP record generation is updated to know that 22 is the default SSH daemon port, since it is no longer explicit in sshd_config.
* The dovecot-lucene package is dropped because the Mail-in-a-Box PPA where we built the package has not been updated for Ubuntu 18.04.
* The stock postgrey package is installed instead of the one from our PPA (which we no longer support), which loses the automatic whitelisting of DNSWL.org-whitelisted senders.
* Drop memcached and the status check for memcached, which we used to use with ownCloud long ago but are no longer installing.
* Other minor changes.
2018-10-03 13:00:06 -04:00
hlxnd f420294819 Use ISO 8601 on backups table dates. 2018-08-05 15:26:45 +02:00
Joshua Tauberer 2f467556bd new ssl cert provisioning broke if a domain doesnt yet have a cert, fixes #1392 2018-07-19 11:40:49 -04:00
Joshua Tauberer 2a72c800f6 replace free_tls_certificates with certbot 2018-06-29 16:46:21 -04:00
Joshua Tauberer 8be23d5ef6 ssl_certificates: reuse query_dns function in status_checks and simplify calls by calling normalize_ip within query_dns 2018-06-29 16:46:21 -04:00
Joshua Tauberer 1eba7b0616 send the mail_log.py report to the box admin every Monday 2018-02-25 11:55:06 -05:00
Joshua Tauberer 9c7820f422 mail_log.py: include sent mail in the logins report in a new smtp column 2018-02-24 09:24:15 -05:00
Joshua Tauberer 87ec4e9f82 mail_log.py: refactor the dovecot login collector 2018-02-24 09:24:14 -05:00
Joshua Tauberer 08becf7fa3 the hidden feature for proxying web requests now sets X-Forwarded-For 2018-02-24 09:24:14 -05:00
NatCC fe597da7aa Update users.html (#1345)
Passwords must be eight characters long; when passwords are changed via the users page the dialog states that passwords need to be at least four characters but only eight or more are acceptable.
2018-02-03 17:49:11 -05:00
Joshua Tauberer 61e9888a85 Cdon't try to generate a CSR in the control panel until both the domain and country are selected
Fixes #1338.

See 0e9680fda63c33ace3f34ca7126617fb0efe8ffc, a52c56e571.
2018-01-28 09:08:24 -05:00
Joshua Tauberer ef6f121491 when generating a CSR in the control panel, don't set empty attributes
Same as in a52c56e571.

Fixes #1338.
2018-01-28 09:07:54 -05:00
Joshua Tauberer 8d6d84d87f run mailconfig.py's email address validator outside of the virtualenv during questions.sh
We don't have the virtualenv this early in setup.

Broken by 0088fb4553.

Fixes #1326.

See https://discourse.mailinabox.email/t/that-is-not-a-valid-email-error-during-mailinabox-installation/2793.
2018-01-20 10:59:37 -05:00
Joshua Tauberer 0088fb4553 install Python 3 packages in a virtualenv
The cryptography package has created all sorts of installation trouble over the last few years, probably because of mismatches between OS-installed packages and pip-installed packages. Using a virtualenv for all Python packages used by the management daemon should make sure everything is consistent.

See #1298, see #1264.
2018-01-15 13:27:04 -05:00
Joshua Tauberer 5f14eca67f merge v0.25 security release 2017-11-15 11:27:30 -05:00
John Olten 544f155948 Add support for DNS wildcard [merges #1281] 2017-11-15 11:10:59 -05:00
Jānis (Yannis) 7bf377eed1 use RSASHA256 for .lv domains DNSSEC (#1277) 2017-10-31 18:01:47 -04:00
Nicolas North cd554cf480 document the "local" alias pointing to this box in Custom DNS (#1261) 2017-10-20 17:20:21 -04:00
Fabian Bucher 341aa8695a update F-Droid DAVdroid link (#1253)
the information about the invalid link comes from here -> https://discourse.mailinabox.email/t/admin-sync-guide-contacts-and-calendar-davdroid-3-69-free-here/2528
2017-10-04 17:47:15 -04:00
Joshua Tauberer cc7be13098 update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months
* The Mozilla recommendations must have been updated in the last few years.
* The HSTS header must have >=6 months to get an A+ at ssllabs.com/ssltest.
2017-10-03 11:47:32 -04:00
Joshua Tauberer 35b8a149d8 fix dns regex: underscores are allowed in domain names even though they are not allowed in hostnames 2017-09-22 12:31:49 -04:00
Marius Blüm 48ff664ee9 Remove the ? from "Log out" (#1231)
Signed-off-by: Marius Blüm <marius@lineone.io>
2017-08-23 19:46:45 -04:00
Git Repository 19a928e4ec [Issue #1159] Remove any +tag name in email alias before checking privileges (#1181)
* [Issue #1159] Remove any +tag name in email alias before checking privileges

* Move priprivileged email check after the conversion to unicode so only IDNA serves as input
2017-07-21 11:10:16 -04:00
Michael Kroes 78f2fe213e Secondary name server could not be set (#1209) 2017-07-21 08:20:37 -04:00
Michael Kroes a16855ecf0 Backup script should now stop php7.0-fpm instead of php5-fpm (#1206) 2017-07-17 09:45:40 -04:00
Michael Kroes 2c324d0bc9 web_domains should also normalize ipv6 addresses (#1201) 2017-07-13 07:16:12 -04:00
François Deppierraz 46ba62b7b1 Add support for NS records in custom domains (#1177) 2017-06-11 07:56:30 -04:00
Michael Kroes e49c99890b fetch whole bootstrap - fixes missing icons in admin (#1185) 2017-05-31 07:36:17 -04:00
Git Repository 18f1689f45 changed the location we store the web-assets for the admin pages to /usr/local/mailinabox (#1179) 2017-05-23 19:22:53 -04:00
Git Repository 8234a5a9f4 download jQuery and Bootstrap during setup and serve locally so that we don't rely on a CDN which is blocked in some parts of the world (#1167) (#1171) 2017-05-08 07:25:16 -04:00
Michael Kroes d2b7204319 Add support for adding a custom "CAA" DNS record (#1155) 2017-04-30 08:58:00 -04:00
Joshua Tauberer add985ce5d letencrypt now supports idna, remove the check/block 2017-04-17 07:45:08 -04:00
yodax b66f12dd4c Fix rsync backup. The path was not append properly 2017-04-17 07:25:47 -04:00
yodax 6e04eb490f Add check to prevent division by zero during backup status 2017-04-17 07:25:47 -04:00
Michael Kroes a072730fb8 Wrap normalize_ip in try..except (#1139)
closes #1134
2017-04-03 16:53:53 -04:00
Rinze de Laat 9c9cae2096 Added an alternative mail log scanning script for use from the command line (and monitoring, at a later stage)
merges #970
2017-03-26 09:13:35 -04:00
Théo Segonds 423f1907d0 Fix zpush compatibility list link (#1076) 2017-03-26 09:09:00 -04:00
Sean Watson 86621392f6 support SSHFP records for custom domains (#1114) 2017-03-09 09:05:52 -05:00