v0.12c release to work-around Sourceforge outage

use a temporary mirror for roundcube while Sourceforge is recovering from an outage https://twitter.com/sfnet_ops/status/622171668497076224
forgot to create the pyzor home_dir in 3f606feea3
2026-03-13 17:17:23 +01:00 · 2015-07-19 08:30:03 -04:00 · 2015-07-19 08:25:04 -04:00 · 2015-07-19 08:25:04 -04:00 · 2015-07-19 08:25:04 -04:00 · 2015-07-04 11:31:51 -04:00
6 changed files with 29 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ v0.12 (July 3, 2015)

 This is a minor update to v0.11, which was a major update. Please read v0.11's advisories.

+* v0.12b was posted shortly after the initial posting of v0.12 correcting a minor regression in v0.12 related to creating aliases targetting multiple addresses.
+
+* v0.12c was posted on July 19, 2015 to work around the current Sourceforge.net outage: pyzor's remote server is now hard-coded rather than accessing a file hosted on Sourceforge, and roundcube is now downloaded from a Mail-in-a-Box mirror rather than from Sourceforge.
+
 * The administrator@ alias was incorrectly created starting with v0.11. If your first install was v0.11, check that the administrator@ alias forwards mail to you.
 * Intrusion detection rules (fail2ban) are relaxed (i.e. less is blocked).
 * SSL certificates could not be installed for the new automatic 'www.' redirect domains.
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ I sign the release tags on git. To verify that a tag is signed by me, you can pe
 	$ cd mailinabox

 	# Verify the tag.
-	$ git verify-tag v0.12
+	$ git verify-tag v0.12c
 	gpg: Signature made ..... using RSA key ID C10BDD81
 	gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
 	gpg: WARNING: This key is not certified with a trusted signature!
@@ -65,7 +65,7 @@ I sign the release tags on git. To verify that a tag is signed by me, you can pe
 	Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

 	# Check out the tag.
-	$ git checkout v0.12
+	$ git checkout v0.12c

 The key ID and fingerprint above should match my [Keybase.io key](https://keybase.io/joshdata) and the fingerprint I publish on [my homepage](https://razor.occams.info/).

--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -55,9 +55,11 @@ def sanitize_idn_email_address(email):
 		localpart, domainpart = email.split("@")
 		domainpart = idna.encode(domainpart).decode('ascii')
 		return localpart + "@" + domainpart
-	except idna.IDNAError:
-		# Domain part is not IDNA-valid, so leave unchanged. If there
-		# are non-ASCII characters it will be filtered out by
+	except (ValueError, idna.IDNAError):
+		# ValueError: String does not have a single @-sign, so it is not
+		# a valid email address. IDNAError: Domain part is not IDNA-valid.
+		# Validation is not this function's job, so return value unchanged. 
+		# If there are non-ASCII characters it will be filtered out by
 		# validate_email.
 		return email

@@ -68,8 +70,9 @@ def prettify_idn_email_address(email):
 		localpart, domainpart = email.split("@")
 		domainpart = idna.decode(domainpart.encode("ascii"))
 		return localpart + "@" + domainpart
-	except (UnicodeError, idna.IDNAError):
-		# Failed to decode IDNA. Should never happen.
+	except (ValueError, UnicodeError, idna.IDNAError):
+		# Failed to decode IDNA, or the email address does not have a
+		# single @-sign. Should never happen.
 		return email

 def is_dcv_address(email):
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -7,7 +7,7 @@
 #########################################################

 if [ -z "$TAG" ]; then
-	TAG=v0.12
+	TAG=v0.12c
 fi

 # Are we running as root?
--- a/setup/spamassassin.sh
+++ b/setup/spamassassin.sh
@@ -22,8 +22,19 @@ apt_install spampd razor pyzor dovecot-antispam
 tools/editconf.py /etc/default/spamassassin \
 	CRON=1

-# Configure pyzor.
-hide_output pyzor discover
+# Configure pyzor, which is a client to a live database of hashes of
+# spam emails. Set the pyzor configuration directory to something sane.
+# The default is ~/.pyzor. We used to use that, so we'll kill that old
+# directory. Then write the public pyzor server to its servers file.
+# That will prevent an automatic download on first use, and also means
+# we can skip 'pyzor discover', both of which are currently broken by
+# something happening on Sourceforge (#496).
+rm -rf ~/.pyzor
+tools/editconf.py /etc/spamassassin/local.cf -s \
+	pyzor_options="--homedir /etc/spamassassin/pyzor"
+mkdir -p /etc/spamassassin/pyzor
+echo "public.pyzor.org:24441" > /etc/spamassassin/pyzor/servers
+# check with: pyzor --homedir /etc/mail/spamassassin/pyzor ping

 # Configure spampd:
 # * Pass messages on to docevot on port 10026. This is actually the default setting but we don't
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -49,7 +49,7 @@ if [ $needs_update == 1 ]; then
 	# install roundcube
 	echo installing Roundcube webmail $VERSION...
 	wget_verify \
-		http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/$VERSION/roundcubemail-$VERSION.tar.gz \
+		https://mailinabox.email/mirror/roundcubemail-$VERSION.tar.gz \
 		$HASH \
 		/tmp/roundcube.tgz
 	tar -C /usr/local/lib -zxf /tmp/roundcube.tgz
Author	SHA1	Message	Date
Joshua Tauberer	1b00184c89	v0.12c release to work-around Sourceforge outage	2015-07-19 08:30:03 -04:00
Joshua Tauberer	e11825392d	use a temporary mirror for roundcube while Sourceforge is recovering from an outage https://twitter.com/sfnet_ops/status/622171668497076224	2015-07-19 08:25:04 -04:00
Joshua Tauberer	1a995d9e26	forgot to create the pyzor home_dir in `3f606feea3`	2015-07-19 08:25:04 -04:00
Joshua Tauberer	53d4820d74	hard-code pyzor sevice URL because 'pyzor discover' is failing because Sourceforge is offline, fixes #496	2015-07-19 08:25:04 -04:00
Joshua Tauberer	34b7638342	v0.12b	2015-07-04 11:31:51 -04:00
Joshua Tauberer	acd91665b5	setting an alias to forward to two or more addresses was broken since `aa33428311` fixes #482	2015-07-04 15:28:45 +00:00