fff06f7d71
improve DNS test output
2014-06-04 17:01:49 -04:00
2bbb7a5e7e
remove Docker stuff since it doesnt work
2014-06-04 10:57:23 -04:00
a35fa12465
script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate
2014-06-04 11:38:20 +00:00
ea62c2419d
typo in updating DKIM, dont regenerate the DKIM private key each time setup is run
2014-06-03 21:42:33 +00:00
2a9349a64e
show the SSL certificate's fingerprint during setup so the user can sort of pin it
2014-06-03 21:39:49 +00:00
bb7905aefd
on second and later runs of start.sh, recall the inputs the user entered the last time
2014-06-03 21:31:13 +00:00
24edd5ce91
the SSL CSR must be generated with a country code
2014-06-03 21:17:10 +00:00
89730bd643
new backup script, see #11
2014-06-03 21:16:38 +00:00
51dd2ed70b
update nginx SSL options, fixes #61
2014-06-03 14:06:02 +00:00
c54b0cbefc
move management into a daemon service running as root
...
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.
This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
da15ae5375
rename the scripts directory to setup
2014-06-03 11:12:38 +00:00
af03feb389
remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)
...
partially reverts 6d473f81ac
2014-05-23 09:01:03 +00:00
19aba091d7
test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation
2014-05-17 08:32:40 -04:00
f91830f0e3
clean up README a bit; moving the bit Rationale into the github wiki
2014-05-15 08:57:44 -04:00
6d473f81ac
add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client
2014-05-15 12:10:35 +00:00
b646771517
redirect all HTTP to HTTPS and enable HSTS, closes #18
2014-05-14 12:15:11 +00:00
091a58ac94
dns_update needs to run with bash when run directly, see #39
2014-05-12 23:38:55 +00:00
c722625041
test_dns: add ADSP and DMARC tests, see #14
2014-05-10 08:03:18 -04:00
c403895f95
test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME)
2014-05-10 08:03:13 -04:00
bdadf3017d
test_dns: handle case where a DNS record is missing (vs incorrect)
2014-05-10 08:03:07 -04:00
d5971e383b
add ADSP and DMARC records; see #14
2014-05-10 11:58:27 +00:00
a8938e107e
DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain
2014-05-10 11:58:27 +00:00
cfcb5f5bbd
merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker
...
See http://phusion.github.io/baseimage-docker/ for why the stock Ubuntu
image from Docker is not good enough for a complex system.
Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.
see #16 ; merges #49
2014-05-06 10:05:14 -04:00
80b367ab07
test_mail: gracefully handled when the server has no reverse DNS available
2014-05-06 10:02:29 -04:00
63ef8f7b04
missing wget dependency used by roundcube installation
2014-05-06 10:02:06 -04:00
e247929386
docker: don't start services ourself
...
* let the base image's system services manager handle it
* move our container start script to occur before system services are started
2014-05-06 10:00:30 -04:00
1db0dd3092
system.sh: make apt-get upgrade quieter
2014-05-06 09:57:11 -04:00
fbd7d731e8
docker: fix startup scripts for nsd and dovecot to run them in the foreground
2014-05-06 09:56:20 -04:00
0659a0bb16
Merge branch 'better_docker' of https://github.com/pjz/mailinabox into pjz-better_docker
...
our trees had diverged, various conflicts resolved
2014-05-02 14:54:21 -04:00
189dd6000e
docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then
2014-05-02 14:23:56 -04:00
3fdcbe542f
don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name
2014-05-02 14:22:59 -04:00
89bb5da986
dns: missing dependency on bc
2014-05-02 14:18:26 -04:00
5ceec760b9
Better Dockerfile support
2014-05-02 13:03:37 -04:00
acec82950b
docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e and setting an environment variable)
2014-05-01 22:39:45 -04:00
2f6e0ded7a
docker: cleanup comments and make the installation of sshd quieter
2014-05-01 22:36:14 -04:00
f0afa7e8dc
docker: add some example run commands for debugging a container or having it take over host ports
2014-05-01 22:29:00 -04:00
89240a4fab
docker: do ADD container/docker later on so that the Dockerfile can be updated and still reuse a cached image after the major setup steps are done
2014-05-01 22:18:45 -04:00
16c0a9d342
docker: if container was launched with a tty start bash otherwise loop forever to keep the container going
2014-05-01 22:16:14 -04:00
7999eae857
Merge pull request #47 from randallsquared/master
...
don't reject mail to domains that only have aliases and not users
2014-05-01 18:21:19 -04:00
8fcb10cc0a
don't reject alias-only domains
2014-05-01 22:14:04 +00:00
74ec3d9696
ssl: there is no need to use -des3 in key generation if we're just going to remove the passphrase
...
thanks @konklone for discussion
2014-05-01 16:47:24 -04:00
532c9aa7fd
move the Dockerfile to the root to allow the working directory of the repo to be pushed inside the image (rather than inside the container getting a fresh mailinabox from github) so changes in the working copy can be tested in Docker quickly / without pushing to github
2014-05-01 16:39:12 -04:00
19f5f144ae
installing roundcube from debian would cause update from ubuntu later, now install from Ubuntu debs
...
We were installing .deb's from Debian. The next apt-get upgrade would cause roundcube to be upgraded.
Maybe that also triggered the installation of apache. Now install roundcube from Ubuntu. So long as
Ubuntu doesn't post an update to roundcube, at least it won't trigger an upgrade on the next
apt-get upgrade. This should also mean we don't need to purge the installation of apache2.
Also try using apt-mark hold to prevent roundcube from being updated, in case that will trigger
dependencies.
2014-05-01 20:34:41 +00:00
e413680f62
add a bash function ufw_allow which calls 'ufw allow' but hides its totally useless output
2014-05-01 19:35:18 +00:00
66269f910f
make a bash function to use everywhere we apt-get-install (`DEBIAN_FRONTEND=noninteractive apt-get -qq -y `)
...
ensures the output is quiet
2014-05-01 19:24:16 +00:00
80bf60715e
Merge pull request #45 from randallsquared/master
...
enable roundcube's password-change plugin
2014-04-30 15:11:23 -04:00
abe277e393
Use STORAGE_ROOT in DSN
2014-04-30 14:52:23 -04:00
410a91504e
Use STORAGE_ROOT where appropriate
2014-04-30 14:50:11 -04:00
43461fc14b
enable and configure password-change plugin for roundcube
2014-04-30 13:07:15 -04:00
52fe6922ee
add warnings about using a fresh machine because I wont support installing this on an existing machine
2014-04-26 12:08:17 +00:00
Joshua Tauberer
Paul Jimenez
Randall Randall