v0.17c

Make control panel login failed messages generic - don't reveal if an email address has an account on the system.

CHANGELOG.md

@@ -1,10 +1,68 @@
 CHANGELOG
 =========
 
+v0.17c (April 1, 2016)
+----------------------
+
+This update addresses some minor security concerns and some installation issues.
+
+ownCoud:
+
+* Block web access to the configuration parameters (config.php). There is no immediate impact (see [#776](https://github.com/mail-in-a-box/mailinabox/pull/776)), although advanced users may want to take note.
+
+Mail:
+
+* Roundcube html5_notifier plugin updated from version 0.6 to 0.6.2 to fix Roundcube getting stuck for some people.
+
+Control panel:
+
+* Prevent click-jacking of the management interface by adding HTTP headers.
+* Failed login no longer reveals whether an account exists on the system.
+
+Setup:
+
+* Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows.
+* We now install Roundcube from our own mirror because Sourceforge's downloads experience frequent intermittant unavailability.
+
+v0.17b (March 1, 2016)
+----------------------
+
+ownCloud moved their source code to a new location, breaking our installation script.
+
+v0.17 (February 25, 2016)
+-------------------------
+
+Mail:
+
+* Roundcube updated to version 1.1.4.
+* When there's a problem delivering an outgoing message, a new 'warning' bounce will come after 3 hours and the box will stop trying after 2 days (instead of 5).
+* On multi-homed machines, Postfix now binds to the right network interface when sending outbound mail so that SPF checks on the receiving end will pass.
+* Mail sent from addresses on subdomains of other domains hosted by this box would not be DKIM-signed and so would fail DMARC checks by recipients, since version v0.15.
+
+Control panel:
+
+* TLS certificate provisioning would crash if DNS propagation was in progress and a challenge failed; might have shown the wrong error when provisioning fails.
+* Backup times were displayed with the wrong time zone.
+* Thresholds for displaying messages when the system is running low on memory have been reduced from 30% to 20% for a warning and from 15% to 10% for an error.
+* Other minor fixes.
+
+System:
+
+* Backups to some AWS S3 regions broke in version 0.15 because we reverted the version of boto. That's now fixed.
+* On low-usage systems, don't hold backups for quite so long by taking a full backup more often.
+* Nightly status checks might fail on systems not configured with a default Unicode locale.
+* If domains need a TLS certificate and the user hasn't installed one yet using Let's Encrypt, the administrator would get a nightly email with weird interactive text asking them to agree to Let's Encrypt's ToS. Now just say that the provisioning can't be done automatically.
+* Reduce the number of background processes used by the management daemon to lower memory consumption.
+
+Setup:
+
+* The first screen now warns users not to install on a machine used for other things.
+
 v0.16 (January 30, 2016)
 ------------------------
 
-This update primarily adds automatica SSL (now "TLS") certificate provisioning from Let's Encrypt (https://letsencrypt.org/).
+This update primarily adds automatic SSL (now "TLS") certificate provisioning from Let's Encrypt (https://letsencrypt.org/).
+* The Sieve port is now open so tools like the Thunderbird Sieve program can be used to edit mail filters.
 
 Control Panel:
 

README.md

@@ -59,20 +59,20 @@ by me:
 	$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
 	gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
 
-	$ git verify-tag v0.16
+	$ git verify-tag v0.17c
 	gpg: Signature made ..... using RSA key ID C10BDD81
 	gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
 	gpg: WARNING: This key is not certified with a trusted signature!
 	gpg:          There is no indication that the signature belongs to the owner.
 	Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81
 
-You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matchs the
+You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the
 fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
 and on my [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions.)
 
 Checkout the tag corresponding to the most recent release:
 
-	$ git checkout v0.16
+	$ git checkout v0.17c
 
 Begin the installation.
 

conf/management-initscript

@@ -27,9 +27,9 @@ EXEC_AS_USER=root
 
 # Ensure Python reads/writes files in UTF-8. If the machine
 # triggers some other locale in Python, like ASCII encoding,
-# Python may not be able to read/write files. Here and in
+# Python may not be able to read/write files. Set also
 # setup/start.sh (where the locale is also installed if not
-# already present).
+# already present) and management/daily_tasks.sh.
 export LANGUAGE=en_US.UTF-8
 export LC_ALL=en_US.UTF-8
 export LANG=en_US.UTF-8

conf/nginx-primaryonly.conf

@@ -6,6 +6,9 @@
 	location /admin/ {
 		proxy_pass http://127.0.0.1:10222/;
 		proxy_set_header X-Forwarded-For $remote_addr;
+		add_header X-Frame-Options "DENY";
+		add_header X-Content-Type-Options nosniff;
+		add_header Content-Security-Policy "frame-ancestors 'none';";
 	}
 
 	# ownCloud configuration.
@@ -15,8 +18,11 @@
 	rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
 	location /cloud/ {
 		alias /usr/local/lib/owncloud/;
-		location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
-			deny all;
+	 	location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
+	 		deny all;
+	 	}
+	 	location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
+	 		deny all;
 	 	}
 	}
 	location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {

management/backup.py

@@ -42,10 +42,10 @@ def backup_status(env):
 	# Get duplicity collection status and parse for a list of backups.
 	def parse_line(line):
 		keys = line.strip().split()
-		date = dateutil.parser.parse(keys[1])
+		date = dateutil.parser.parse(keys[1]).astimezone(dateutil.tz.tzlocal())
 		return {
 			"date": keys[1],
-			"date_str": date.strftime("%x %X"),
+			"date_str": date.strftime("%x %X") + " " + now.tzname(),
 			"date_delta": reldate(date, now, "the future?"),
 			"full": keys[0] == "full",
 			"size": 0, # collection-status doesn't give us the size
@@ -81,50 +81,66 @@ def backup_status(env):
 	# This is relied on by should_force_full() and the next step.
 	backups = sorted(backups.values(), key = lambda b : b["date"], reverse=True)
 
-	# Get the average size of incremental backups and the size of the
-	# most recent full backup.
+	# Get the average size of incremental backups, the size of the
+	# most recent full backup, and the date of the most recent
+	# backup and the most recent full backup.
 	incremental_count = 0
 	incremental_size = 0
+	first_date = None
 	first_full_size = None
+	first_full_date = None
 	for bak in backups:
+		if first_date is None:
+			first_date = dateutil.parser.parse(bak["date"])
 		if bak["full"]:
 			first_full_size = bak["size"]
+			first_full_date = dateutil.parser.parse(bak["date"])
 			break
 		incremental_count += 1
 		incremental_size += bak["size"]
 
-	# Predict how many more increments until the next full backup,
-	# and add to that the time we hold onto backups, to predict
-	# how long the most recent full backup+increments will be held
-	# onto. Round up since the backup occurs on the night following
-	# when the threshold is met.
+	# When will the most recent backup be deleted? It won't be deleted if the next
+	# backup is incremental, because the increments rely on all past increments.
+	# So first guess how many more incremental backups will occur until the next
+	# full backup. That full backup frees up this one to be deleted. But, the backup
+	# must also be at least min_age_in_days old too.
 	deleted_in = None
 	if incremental_count > 0 and first_full_size is not None:
-		deleted_in = "approx. %d days" % round(config["min_age_in_days"] + (.5 * first_full_size - incremental_size) / (incremental_size/incremental_count) + .5)
+		# How many days until the next incremental backup? First, the part of
+		# the algorithm based on increment sizes:
+		est_days_to_next_full = (.5 * first_full_size - incremental_size) / (incremental_size/incremental_count)
+		est_time_of_next_full = first_date + datetime.timedelta(days=est_days_to_next_full)
 
-	# When will a backup be deleted?
+		# ...And then the part of the algorithm based on full backup age:
+		est_time_of_next_full = min(est_time_of_next_full, first_full_date + datetime.timedelta(days=config["min_age_in_days"]*10+1))
+
+		# It still can't be deleted until it's old enough.
+		est_deleted_on = max(est_time_of_next_full, first_date + datetime.timedelta(days=config["min_age_in_days"]))
+
+		deleted_in = "approx. %d days" % round((est_deleted_on-now).total_seconds()/60/60/24 + .5)
+
+	# When will a backup be deleted? Set the deleted_in field of each backup.
 	saw_full = False
-	days_ago = now - datetime.timedelta(days=config["min_age_in_days"])
 	for bak in backups:
 		if deleted_in:
-			# Subsequent backups are deleted when the most recent increment
-			# in the chain would be deleted.
+			# The most recent increment in a chain and all of the previous backups
+			# it relies on are deleted at the same time.
 			bak["deleted_in"] = deleted_in
 		if bak["full"]:
-			# Reset when we get to a full backup. A new chain start next.
+			# Reset when we get to a full backup. A new chain start *next*.
 			saw_full = True
 			deleted_in = None
 		elif saw_full and not deleted_in:
-			# Mark deleted_in only on the first increment after a full backup.
-			deleted_in = reldate(days_ago, dateutil.parser.parse(bak["date"]), "on next daily backup")
+			# We're now on backups prior to the most recent full backup. These are
+			# free to be deleted as soon as they are min_age_in_days old.
+			deleted_in = reldate(now, dateutil.parser.parse(bak["date"]) + datetime.timedelta(days=config["min_age_in_days"]), "on next daily backup")
 			bak["deleted_in"] = deleted_in
 
 	return {
-		"tz": now.tzname(),
 		"backups": backups,
 	}
 
-def should_force_full(env):
+def should_force_full(config, env):
 	# Force a full backup when the total size of the increments
 	# since the last full backup is greater than half the size
 	# of that full backup.
@@ -136,8 +152,14 @@ def should_force_full(env):
 			inc_size += bak["size"]
 		else:
 			# ...until we reach the most recent full backup.
-			# Return if we should to a full backup.
-			return inc_size > .5*bak["size"]
+			# Return if we should to a full backup, which is based
+			# on the size of the increments relative to the full
+			# backup, as well as the age of the full backup.
+			if inc_size > .5*bak["size"]:
+				return True
+			if dateutil.parser.parse(bak["date"]) + datetime.timedelta(days=config["min_age_in_days"]*10+1) < datetime.datetime.now(dateutil.tz.tzlocal()):
+				return True
+			return False
 	else:
 		# If we got here there are no (full) backups, so make one.
 		# (I love for/else blocks. Here it's just to show off.)
@@ -216,7 +238,7 @@ def perform_backup(full_backup):
 	# the increments since the most recent full backup are
 	# large.
 	try:
-		full_backup = full_backup or should_force_full(env)
+		full_backup = full_backup or should_force_full(config, env)
 	except Exception as e:
 		# This was the first call to duplicity, and there might
 		# be an error already.

management/daemon.py

@@ -15,7 +15,7 @@ from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains,
 # live across http requests so we don't baloon the system with
 # processes.
 import multiprocessing.pool
-pool = multiprocessing.pool.Pool(processes=10)
+pool = multiprocessing.pool.Pool(processes=5)
 
 env = utils.load_environment()
 
@@ -49,7 +49,7 @@ def authorized_personnel_only(viewfunc):
 		except ValueError as e:
 			# Authentication failed.
 			privs = []
-			error = str(e)
+			error = "Incorrect username or password"
 
 		# Authorized to access an API view?
 		if "admin" in privs:
@@ -125,7 +125,7 @@ def me():
 	except ValueError as e:
 		return json_response({
 			"status": "invalid",
-			"reason": str(e),
+			"reason": "Incorrect username or password",
 			})
 
 	resp = {

management/daily_tasks.sh

@@ -1,6 +1,14 @@
 #!/bin/bash
 # This script is run daily (at 3am each night).
 
+# Set character encoding flags to ensure that any non-ASCII
+# characters don't cause problems. See setup/start.sh and
+# the management daemon startup script.
+export LANGUAGE=en_US.UTF-8
+export LC_ALL=en_US.UTF-8
+export LANG=en_US.UTF-8
+export LC_TYPE=en_US.UTF-8
+
 # Take a backup.
 management/backup.py | management/email_administrator.py "Backup Status"
 

management/dns_update.py

@@ -91,7 +91,7 @@ def do_dns_update(env, force=False):
 		shell('check_call', ["/usr/sbin/service", "nsd", "restart"])
 
 	# Write the OpenDKIM configuration tables for all of the domains.
-	if write_opendkim_tables([domain for domain, zonefile in zonefiles], env):
+	if write_opendkim_tables(get_mail_domains(env), env):
 		# Settings changed. Kick opendkim.
 		shell('check_call', ["/usr/sbin/service", "opendkim", "restart"])
 		if len(updated_domains) == 0:

management/ssl_certificates.py

@@ -204,7 +204,7 @@ def get_certificates_to_provision(env, show_extended_problems=True, force_domain
 				domains_if_any.add(domain)
 
 			# It's valid. Should we report its validness?
-			if show_extended_problems:
+			elif show_extended_problems:
 				problems[domain] = "The certificate is valid for at least another 30 days --- no need to replace."
 
 	# Warn the user about domains hosted elsewhere.
@@ -365,7 +365,7 @@ def provision_certificates(env, agree_to_tos_url=None, logger=None, show_extende
 				"message": "Something unexpected went wrong. It looks like your local Let's Encrypt account data is corrupted. There was a problem with the file " + e.account_file_path + ".",
 			})
 
-		except (client.InvalidDomainName, client.NeedToTakeAction, acme.messages.Error, requests.exceptions.RequestException) as e:
+		except (client.InvalidDomainName, client.NeedToTakeAction, client.ChallengeFailed, acme.messages.Error, requests.exceptions.RequestException) as e:
 			ret_item.update({
 				"result": "error",
 				"message": "Something unexpected went wrong: " + str(e),
@@ -458,9 +458,14 @@ def provision_certificates_cmdline():
 				if agree_to_tos_url is not None:
 					continue
 
-				# Can't ask the user a question in this mode.
-				if headless in sys.argv:
-					print("Can't issue TLS certficate until user has agreed to Let's Encrypt TOS.")
+				# Can't ask the user a question in this mode. Warn the user that something
+				# needs to be done.
+				if headless:
+					print(", ".join(request["domains"]) + " need a new or renewed TLS certificate.")
+					print()
+					print("This box can't do that automatically for you until you agree to Let's Encrypt's")
+					print("Terms of Service agreement. Use the Mail-in-a-Box control panel to provision")
+					print("certificates for these domains.")
 					sys.exit(1)
 
 				print("""
@@ -513,7 +518,7 @@ Do you agree to the agreement? Type Y or N and press <ENTER>: """
 			print("A TLS certificate was requested for: " + ", ".join(wait_domains) + ".")
 			first = True
 			while wait_until > datetime.datetime.now():
-				if "--headless" not in sys.argv or first:
+				if not headless or first:
 					print ("We have to wait", int(round((wait_until - datetime.datetime.now()).total_seconds())), "seconds for the certificate to be issued...")
 				time.sleep(10)
 				first = False

management/status_checks.py

@@ -222,14 +222,14 @@ def check_free_memory(rounded_values, env, output):
 	# Check free memory.
 	percent_free = 100 - psutil.virtual_memory().percent
 	memory_msg = "System memory is %s%% free." % str(round(percent_free))
-	if percent_free >= 30:
-		if rounded_values: memory_msg = "System free memory is at least 30%."
+	if percent_free >= 20:
+		if rounded_values: memory_msg = "System free memory is at least 20%."
 		output.print_ok(memory_msg)
-	elif percent_free >= 15:
-		if rounded_values: memory_msg = "System free memory is below 30%."
+	elif percent_free >= 10:
+		if rounded_values: memory_msg = "System free memory is below 20%."
 		output.print_warning(memory_msg)
 	else:
-		if rounded_values: memory_msg = "System free memory is below 15%."
+		if rounded_values: memory_msg = "System free memory is below 10%."
 		output.print_error(memory_msg)
 
 def run_network_checks(env, output):
@@ -464,7 +464,7 @@ def check_dns_zone(domain, env, output, dns_zonefiles):
 			elif ip is None:
 				output.print_error("Secondary nameserver %s is not configured to resolve this domain." % ns)
 			else:
-				output.print_error("Secondary nameserver %s is not configured correctly. (It resolved this domain as %s. It should be %s.)" % (ns, ip, env['PUBLIC_IP']))
+				output.print_error("Secondary nameserver %s is not configured correctly. (It resolved this domain as %s. It should be %s.)" % (ns, ip, correct_ip))
 
 def check_dns_zone_suggestions(domain, env, output, dns_zonefiles, domains_with_a_records):
 	# Warn if a custom DNS record is preventing this or the automatic www redirect from
@@ -740,10 +740,10 @@ def what_version_is_this(env):
 	return tag
 
 def get_latest_miab_version():
-	# This pings https://mailinabox.email/bootstrap.sh and extracts the tag named in
+	# This pings https://mailinabox.email/setup.sh and extracts the tag named in
 	# the script to determine the current product version.
 	import urllib.request
-	return re.search(b'TAG=(.*)', urllib.request.urlopen("https://mailinabox.email/bootstrap.sh?ping=1").read()).group(1).decode("utf8")
+	return re.search(b'TAG=(.*)', urllib.request.urlopen("https://mailinabox.email/setup.sh?ping=1").read()).group(1).decode("utf8")
 
 def check_miab_version(env, output):
 	config = load_settings(env)

management/templates/login.html

@@ -117,7 +117,7 @@ function do_login() {
       // Open the next panel the user wants to go to. Do this after the XHR response
       // is over so that we don't start a new XHR request while this one is finishing,
       // which confuses the loading indicator.
-      setTimeout(function() { show_panel(!switch_back_to_panel ? 'system_status' : switch_back_to_panel) }, 300);
+      setTimeout(function() { show_panel(!switch_back_to_panel || switch_back_to_panel == "login" ? 'system_status' : switch_back_to_panel) }, 300);
     }
   })
 }

management/templates/ssl.html

@@ -250,7 +250,7 @@ function provision_tls_cert() {
           var now = new Date();
           n.append(b);
           function ready_to_finish() {
-            var remaining = r.seconds - Math.round((new Date() - now)/1000);
+            var remaining = Math.round(r.seconds - (new Date() - now)/1000);
             if (remaining > 0) {
               setTimeout(ready_to_finish, 1000);
               b.text("Finish (" + remaining + "...)")

management/templates/system-backup.html

@@ -142,7 +142,7 @@ function show_system_backup() {
         var b = r.backups[i];
         var tr = $('<tr/>');
         if (b.full) tr.addClass("full-backup");
-        tr.append( $('<td/>').text(b.date_str + " " + r.tz) );
+        tr.append( $('<td/>').text(b.date_str) );
         tr.append( $('<td/>').text(b.date_delta + " ago") );
         tr.append( $('<td/>').text(b.full ? "full" : "increment") );
         tr.append( $('<td style="text-align: right"/>').text( nice_size(b.size)) );

setup/bootstrap.sh

@@ -2,12 +2,12 @@
 #########################################################
 # This script is intended to be run like this:
 #
-#   curl https://.../bootstrap.sh | sudo bash
+#   curl https://mailinabox.email/setup.sh | sudo bash
 #
 #########################################################
 
 if [ -z "$TAG" ]; then
-	TAG=v0.16
+	TAG=v0.17c
 fi
 
 # Are we running as root?

setup/dkim.sh

@@ -39,7 +39,7 @@ fi
 # Create a new DKIM key. This creates mail.private and mail.txt
 # in $STORAGE_ROOT/mail/dkim. The former is the private key and
 # the latter is the suggested DNS TXT entry which we'll include
-# in our DNS setup. Note tha the files are named after the
+# in our DNS setup. Note that the files are named after the
 # 'selector' of the key, which we can change later on to support
 # key rotation.
 #

setup/mail-postfix.sh

@@ -57,15 +57,26 @@ apt_install postfix postfix-pcre postgrey ca-certificates
 # Set some basic settings...
 #
 # * Have postfix listen on all network interfaces.
+# * Make outgoing connections on a particular interface (if multihomed) so that SPF passes on the receiving side.
 # * Set our name (the Debian default seems to be "localhost" but make it our hostname).
 # * Set the name of the local machine to localhost, which means xxx@localhost is delivered locally, although we don't use it.
 # * Set the SMTP banner (which must have the hostname first, then anything).
 tools/editconf.py /etc/postfix/main.cf \
 	inet_interfaces=all \
+	smtp_bind_address=$PRIVATE_IP \
+	smtp_bind_address6=$PRIVATE_IPV6 \
 	myhostname=$PRIMARY_HOSTNAME\
 	smtpd_banner="\$myhostname ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)" \
 	mydestination=localhost
 
+# Tweak some queue settings:
+# * Inform users when their e-mail delivery is delayed more than 3 hours (default is not to warn).
+# * Stop trying to send an undeliverable e-mail after 2 days (instead of 5), and for bounce messages just try for 1 day.
+tools/editconf.py /etc/postfix/main.cf \
+	delay_warning_time=3h \
+	maximal_queue_lifetime=2d \
+	bounce_queue_lifetime=1d
+
 # ### Outgoing Mail
 
 # Enable the 'submission' port 587 smtpd server and tweak its settings.

setup/management.sh

@@ -4,19 +4,25 @@ source setup/functions.sh
 
 echo "Installing Mail-in-a-Box system management daemon..."
 
-# Switching python 2 boto to package manager's, not pypi's.
-if [ -f /usr/local/lib/python2.7/dist-packages/boto/__init__.py ]; then hide_output pip uninstall -y boto; fi
+# Install packages.
+# flask, yaml, dnspython, and dateutil are all for our Python 3 management daemon itself.
+# duplicity does backups. python-pip is so we can 'pip install boto' for Python 2, for duplicity, so it can do backups to AWS S3.
+apt_install python3-flask links duplicity libyaml-dev python3-dnspython python3-dateutil python-pip
 
-# duplicity uses python 2 so we need to use the python 2 package of boto
-# build-essential libssl-dev libffi-dev python3-dev: Required to pip install cryptography.
-apt_install python3-flask links duplicity python-boto libyaml-dev python3-dnspython python3-dateutil \
-	build-essential libssl-dev libffi-dev python3-dev python-pip
+# These are required to pip install cryptography.
+apt_install build-essential libssl-dev libffi-dev python3-dev
 
-# Install other Python packages. The first line is the packages that Josh maintains himself!
+# Install other Python 3 packages used by the management daemon.
+# The first line is the packages that Josh maintains himself!
+# NOTE: email_validator is repeated in setup/questions.sh, so please keep the versions synced.
 hide_output pip3 install --upgrade \
-	rtyaml "email_validator>=1.0.0" free_tls_certificates \
+	rtyaml "email_validator>=1.0.0" "free_tls_certificates>=0.1.3" \
 	"idna>=2.0.0" "cryptography>=1.0.2" boto psutil
-# email_validator is repeated in setup/questions.sh
+
+# duplicity uses python 2 so we need to get the python 2 package of boto to have backups to S3.
+# boto from the Ubuntu package manager is too out-of-date -- it doesn't support the newer
+# S3 api used in some regions, which breaks backups to those regions.  See #627, #653.
+hide_output pip install --upgrade boto
 
 # Create a backup directory and a random key for encrypting backups.
 mkdir -p $STORAGE_ROOT/backup

setup/owncloud.sh

@@ -52,8 +52,8 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
 	# The two apps we actually want are not in ownCloud core. Clone them from
 	# their github repositories.
 	mkdir -p /usr/local/lib/owncloud/apps
-	git_clone https://github.com/owncloud/contacts 4ff855e7c2075309041bead09fbb9eb7df678244 '' /usr/local/lib/owncloud/apps/contacts
-	git_clone https://github.com/owncloud/calendar ec53139b144c0f842c33813305612e8006c42ea5 '' /usr/local/lib/owncloud/apps/calendar
+	git_clone https://github.com/owncloudarchive/contacts 4ff855e7c2075309041bead09fbb9eb7df678244 '' /usr/local/lib/owncloud/apps/contacts
+	git_clone https://github.com/owncloudarchive/calendar ec53139b144c0f842c33813305612e8006c42ea5 '' /usr/local/lib/owncloud/apps/calendar
 
 	# Fix weird permissions.
 	chmod 750 /usr/local/lib/owncloud/{apps,config}

setup/questions.sh

@@ -18,7 +18,8 @@ if [ -z "$NONINTERACTIVE" ]; then
 	message_box "Mail-in-a-Box Installation" \
 		"Hello and thanks for deploying a Mail-in-a-Box!
 		\n\nI'm going to ask you a few questions.
-		\n\nTo change your answers later, just run 'sudo mailinabox' from the command line."
+		\n\nTo change your answers later, just run 'sudo mailinabox' from the command line.
+		\n\nNOTE: You should only install this on a brand new Ubuntu installation 100% dedicated to Mail-in-a-Box. Mail-in-a-Box will, for example, remove apache2."
 fi
 
 # The box needs a name.

setup/start.sh

@@ -10,8 +10,8 @@ source setup/preflight.sh
 
 # Ensure Python reads/writes files in UTF-8. If the machine
 # triggers some other locale in Python, like ASCII encoding,
-# Python may not be able to read/write files. Here and in
-# the management daemon startup script.
+# Python may not be able to read/write files. This is also
+# in the management daemon startup script and the cron script.
 
 if [ -z `locale -a | grep en_US.utf8` ]; then
     # Generate locale if not exists
@@ -23,6 +23,9 @@ export LC_ALL=en_US.UTF-8
 export LANG=en_US.UTF-8
 export LC_TYPE=en_US.UTF-8
 
+# Fix so line drawing characters are shown correctly in Putty on Windows. See #744.
+export NCURSES_NO_UTF8_ACS=1
+
 # Recall the last settings used if we're running this a second time.
 if [ -f /etc/mailinabox.conf ]; then
 	# Run any system migrations before proceeding. Since this is a second run,

setup/webmail.sh

@@ -34,11 +34,11 @@ apt-get purge -qq -y roundcube* #NODOC
 # Install Roundcube from source if it is not already present or if it is out of date.
 # Combine the Roundcube version number with the commit hash of vacation_sieve to track
 # whether we have the latest version.
-VERSION=1.1.3
-HASH=4513227bd64eb8564f056817341b1dfe478e215e
+VERSION=1.1.4
+HASH=4883c8bb39fadf8af94ffb09ee426cba9f8ef2e3
 VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5
-PERSISTENT_LOGIN_VERSION=117fbd8f93b56b2bf72ad055193464803ef3bc36
-HTML5_NOTIFIER_VERSION=046eb388dd63b1ec77a3ee485757fc25ae9e684d
+PERSISTENT_LOGIN_VERSION=1e9d724476a370ce917a2fcd5b3217b0c306c24e
+HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
 UPDATE_KEY=$VERSION:$VACATION_SIEVE_VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:a
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/roundcubemail/version ]; then
@@ -51,7 +51,7 @@ fi
 if [ $needs_update == 1 ]; then
 	# install roundcube
 	wget_verify \
-		https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/$VERSION/roundcubemail-$VERSION.tar.gz \
+		https://s3.amazonaws.com/joshdata/mail-in-a-box/public/roundcubemail-$VERSION.tar.gz \
 		$HASH \
 		/tmp/roundcube.tgz
 	tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz

tools/parse-nginx-log-bootstrap-accesses.py

@@ -2,7 +2,8 @@
 #
 # This is a tool Josh uses on his box serving mailinabox.email to parse the nginx
 # access log to see how many people are installing Mail-in-a-Box each day, by
-# looking at accesses to the bootstrap.sh script.
+# looking at accesses to the bootstrap.sh script (which is currently at the URL
+# .../setup.sh).
 
 import re, glob, gzip, os.path, json
 import dateutil.parser
@@ -24,9 +25,10 @@ for fn in glob.glob("/var/log/nginx/access.log*"):
 	# Loop through the lines in the access log.
 	with f:
 		for line in f:
-			# Find lines that are GETs on /bootstrap.sh by either curl or wget.
+			# Find lines that are GETs on the bootstrap script by either curl or wget.
 			# (Note that we purposely skip ...?ping=1 requests which is the admin panel querying us for updates.)
-			m = re.match(rb"(?P<ip>\S+) - - \[(?P<date>.*?)\] \"GET /bootstrap.sh HTTP/.*\" 200 \d+ .* \"(?:curl|wget)", line, re.I)
+			# (Also, the URL changed in January 2016, but we'll accept both.)
+			m = re.match(rb"(?P<ip>\S+) - - \[(?P<date>.*?)\] \"GET /(bootstrap.sh|setup.sh) HTTP/.*\" 200 \d+ .* \"(?:curl|wget)", line, re.I)
 			if m:
 				date, time = m.group("date").decode("ascii").split(":", 1)
 				date = dateutil.parser.parse(date).date().isoformat()