Joshua Tauberer
fff06f7d71
improve DNS test output
2014-06-04 17:01:49 -04:00
Joshua Tauberer
2bbb7a5e7e
remove Docker stuff since it doesnt work
2014-06-04 10:57:23 -04:00
Joshua Tauberer
a35fa12465
script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate
2014-06-04 11:38:20 +00:00
Joshua Tauberer
ea62c2419d
typo in updating DKIM, dont regenerate the DKIM private key each time setup is run
2014-06-03 21:42:33 +00:00
Joshua Tauberer
2a9349a64e
show the SSL certificate's fingerprint during setup so the user can sort of pin it
2014-06-03 21:39:49 +00:00
Joshua Tauberer
bb7905aefd
on second and later runs of start.sh, recall the inputs the user entered the last time
2014-06-03 21:31:13 +00:00
Joshua Tauberer
24edd5ce91
the SSL CSR must be generated with a country code
2014-06-03 21:17:10 +00:00
Joshua Tauberer
89730bd643
new backup script, see #11
2014-06-03 21:16:38 +00:00
Joshua Tauberer
51dd2ed70b
update nginx SSL options, fixes #61
2014-06-03 14:06:02 +00:00
Joshua Tauberer
c54b0cbefc
move management into a daemon service running as root
...
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.
This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
Joshua Tauberer
da15ae5375
rename the scripts directory to setup
2014-06-03 11:12:38 +00:00
Joshua Tauberer
af03feb389
remove permit_dnswl_client because postfix has odd behavior when an IP address is not listed: it turns all bounces into deferrals (retry)
...
partially reverts 6d473f81ac
2014-05-23 09:01:03 +00:00
Joshua Tauberer
19aba091d7
test_mail: if EHLO test fails continue testing the rest, since user may be waiting on DNS propagation
2014-05-17 08:32:40 -04:00
Joshua Tauberer
f91830f0e3
clean up README a bit; moving the bit Rationale into the github wiki
2014-05-15 08:57:44 -04:00
Joshua Tauberer
6d473f81ac
add more postfix rules: reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender, and permit_dnswl_client
2014-05-15 12:10:35 +00:00
Joshua Tauberer
b646771517
redirect all HTTP to HTTPS and enable HSTS, closes #18
2014-05-14 12:15:11 +00:00
Joshua Tauberer
091a58ac94
dns_update needs to run with bash when run directly, see #39
2014-05-12 23:38:55 +00:00
Joshua Tauberer
c722625041
test_dns: add ADSP and DMARC tests, see #14
2014-05-10 08:03:18 -04:00
Joshua Tauberer
c403895f95
test_dns: properly test the non-primary domain of a box (for email addresses on domains besides PUBLIC_HOSTNAME)
2014-05-10 08:03:13 -04:00
Joshua Tauberer
bdadf3017d
test_dns: handle case where a DNS record is missing (vs incorrect)
2014-05-10 08:03:07 -04:00
Joshua Tauberer
d5971e383b
add ADSP and DMARC records; see #14
2014-05-10 11:58:27 +00:00
Joshua Tauberer
a8938e107e
DKIM: For the benefit of ADSP and DMARC (not yet impl), each sending domain should be its signing domain
2014-05-10 11:58:27 +00:00
Joshua Tauberer
cfcb5f5bbd
merge: @PirosB3 and @pjz suggested using pjzz/phusion-baseimage as the base image for docker
...
See http://phusion.github.io/baseimage-docker/ for why the stock Ubuntu
image from Docker is not good enough for a complex system.
Thanks to @pjz for updating the base image for Ubuntu 14.04 and starting
the service scripts.
see #16 ; merges #49
2014-05-06 10:05:14 -04:00
Joshua Tauberer
80b367ab07
test_mail: gracefully handled when the server has no reverse DNS available
2014-05-06 10:02:29 -04:00
Joshua Tauberer
63ef8f7b04
missing wget dependency used by roundcube installation
2014-05-06 10:02:06 -04:00
Joshua Tauberer
e247929386
docker: don't start services ourself
...
* let the base image's system services manager handle it
* move our container start script to occur before system services are started
2014-05-06 10:00:30 -04:00
Joshua Tauberer
1db0dd3092
system.sh: make apt-get upgrade quieter
2014-05-06 09:57:11 -04:00
Joshua Tauberer
fbd7d731e8
docker: fix startup scripts for nsd and dovecot to run them in the foreground
2014-05-06 09:56:20 -04:00
Joshua Tauberer
0659a0bb16
Merge branch 'better_docker' of https://github.com/pjz/mailinabox into pjz-better_docker
...
our trees had diverged, various conflicts resolved
2014-05-02 14:54:21 -04:00
Joshua Tauberer
189dd6000e
docker: re-run the start script on the container's first run because it won't know its hostname or IP address until then
2014-05-02 14:23:56 -04:00
Joshua Tauberer
3fdcbe542f
don't ask the user to create an email account if the shell is non-interactive and provide a better default for the domain name
2014-05-02 14:22:59 -04:00
Joshua Tauberer
89bb5da986
dns: missing dependency on bc
2014-05-02 14:18:26 -04:00
Paul Jimenez
5ceec760b9
Better Dockerfile support
2014-05-02 13:03:37 -04:00
Joshua Tauberer
acec82950b
docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e
and setting an environment variable)
2014-05-01 22:39:45 -04:00
Joshua Tauberer
2f6e0ded7a
docker: cleanup comments and make the installation of sshd quieter
2014-05-01 22:36:14 -04:00
Joshua Tauberer
f0afa7e8dc
docker: add some example run commands for debugging a container or having it take over host ports
2014-05-01 22:29:00 -04:00
Joshua Tauberer
89240a4fab
docker: do ADD container/docker later on so that the Dockerfile can be updated and still reuse a cached image after the major setup steps are done
2014-05-01 22:18:45 -04:00
Joshua Tauberer
16c0a9d342
docker: if container was launched with a tty start bash otherwise loop forever to keep the container going
2014-05-01 22:16:14 -04:00
Joshua Tauberer
7999eae857
Merge pull request #47 from randallsquared/master
...
don't reject mail to domains that only have aliases and not users
2014-05-01 18:21:19 -04:00
Randall Randall
8fcb10cc0a
don't reject alias-only domains
2014-05-01 22:14:04 +00:00
Joshua Tauberer
74ec3d9696
ssl: there is no need to use -des3 in key generation if we're just going to remove the passphrase
...
thanks @konklone for discussion
2014-05-01 16:47:24 -04:00
Joshua Tauberer
532c9aa7fd
move the Dockerfile to the root to allow the working directory of the repo to be pushed inside the image (rather than inside the container getting a fresh mailinabox from github) so changes in the working copy can be tested in Docker quickly / without pushing to github
2014-05-01 16:39:12 -04:00
Joshua Tauberer
19f5f144ae
installing roundcube from debian would cause update from ubuntu later, now install from Ubuntu debs
...
We were installing .deb's from Debian. The next apt-get upgrade would cause roundcube to be upgraded.
Maybe that also triggered the installation of apache. Now install roundcube from Ubuntu. So long as
Ubuntu doesn't post an update to roundcube, at least it won't trigger an upgrade on the next
apt-get upgrade. This should also mean we don't need to purge the installation of apache2.
Also try using apt-mark hold to prevent roundcube from being updated, in case that will trigger
dependencies.
2014-05-01 20:34:41 +00:00
Joshua Tauberer
e413680f62
add a bash function ufw_allow which calls 'ufw allow' but hides its totally useless output
2014-05-01 19:35:18 +00:00
Joshua Tauberer
66269f910f
make a bash function to use everywhere we apt-get-install (DEBIAN_FRONTEND=noninteractive apt-get -qq -y
)
...
ensures the output is quiet
2014-05-01 19:24:16 +00:00
Joshua Tauberer
80bf60715e
Merge pull request #45 from randallsquared/master
...
enable roundcube's password-change plugin
2014-04-30 15:11:23 -04:00
Randall Randall
abe277e393
Use STORAGE_ROOT in DSN
2014-04-30 14:52:23 -04:00
Randall Randall
410a91504e
Use STORAGE_ROOT where appropriate
2014-04-30 14:50:11 -04:00
Randall Randall
43461fc14b
enable and configure password-change plugin for roundcube
2014-04-30 13:07:15 -04:00
Joshua Tauberer
52fe6922ee
add warnings about using a fresh machine because I wont support installing this on an existing machine
2014-04-26 12:08:17 +00:00