external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-04-01 21:27:22 +02:00
Code Issues Releases Wiki Activity

Commit Graph

  • 621fcc2233 use /dev/random for crypto-grade RNG with the help of haveged Joshua Tauberer 2014-07-21 07:12:59 -04:00
  • 69f0e1d07a Use /dev/random instead of /dev/urandom /dev/random should be used for crypto-grade RNG. solt 2014-07-20 23:14:13 +02:00
  • 8042ab66ac dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain Joshua Tauberer 2014-07-20 15:15:33 +00:00
  • 8354d9732a in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses Joshua Tauberer 2014-07-20 14:53:55 +00:00
  • 1ad9c70887 refactor custom DNS records Joshua Tauberer 2014-07-20 14:48:20 +00:00
  • 2e0680de4f the check for whether a custom DNS setting is valid was in the wrong place Joshua Tauberer 2014-07-20 14:41:02 +00:00
  • 65c3a44e63 the cron job to re-sign DNSSEC zones wasnt working after adding the API key to the management daemon because the script relied on a bash-ism but cron runs it with (probably) sh Joshua Tauberer 2014-07-19 16:31:05 +00:00
  • 37fcc5b53d Add AAAA records for ns1/ns2 Joshua Tauberer 2014-07-18 11:12:13 +00:00
  • 89acbe4127 Update dns_update.py sfPlayer1 2014-07-18 13:05:32 +02:00
  • 0e893626c8 Add IPv6 glue records as well sfPlayer1 2014-07-18 13:03:09 +02:00
  • 42c891032d don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend Joshua Tauberer 2014-07-17 13:07:53 +00:00
  • d7a9e7cc17 run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box Joshua Tauberer 2014-07-17 13:02:39 +00:00
  • 7803ac9ca4 write explanatory text as we build DNS zones so we can help the user manage DNS off of the box Joshua Tauberer 2014-07-17 12:36:45 +00:00
  • 91cf45c843 add a comment Joshua Tauberer 2014-07-16 09:39:13 -04:00
  • eac349187d whats_next: move the admin alias check to the system section Joshua Tauberer 2014-07-16 09:19:32 -04:00
  • 023cd12e1a hide lots of unnecessary and scary output during setup Joshua Tauberer 2014-07-16 09:06:45 -04:00
  • 465aaf2d30 check that we're running as root before doing anything Joshua Tauberer 2014-07-16 08:29:50 -04:00
  • 5a4f5b1874 move the welcome message to after the system checks Joshua Tauberer 2014-07-16 08:27:14 -04:00
  • c716fd27bf refuse to start if the system has less than 768 MB of RAM, except when testing within Vagrant Joshua Tauberer 2014-07-16 08:25:54 -04:00
  • 4e5b5f2852 Vagrant typo Joshua Tauberer 2014-07-16 08:00:10 -04:00
  • 89376b10d0 Merge pull request #111 from h8h/patch-1 Joshua Tauberer 2014-07-16 09:36:22 -04:00
  • 9b887d2e63 Use $STORAGE_ROOT h8h 2014-07-16 15:33:40 +02:00
  • 9c7d476915 re-do catch-all aliases, fixes #107 (originally #104) Joshua Tauberer 2014-07-13 12:13:41 +00:00
  • 84d2023f94 Merge pull request #105 from jonessen96/master Joshua Tauberer 2014-07-12 17:05:07 -04:00
  • c35252720f Prohibited usage of empty local part for validate_email(email, strict = true) Jonas Platte 2014-07-12 13:17:13 +02:00
  • 70e4e7f7be Fixed validate_email not accepting catchalls (empty local part of the address) Jonas Platte 2014-07-12 03:19:09 +02:00
  • fb357dee33 add z-push to the start script Joshua Tauberer 2014-07-12 00:04:56 +00:00
  • 2a7669a0d3 z-push: an Exchange ActiveSync server Joshua Tauberer 2014-07-12 00:02:32 +00:00
  • 67c7391546 Roundcube's classic skin is nicer Joshua Tauberer 2014-07-11 21:52:46 +00:00
  • 85bd2c8804 use the Dovecot managesieve service to manage sieve scripts Joshua Tauberer 2014-07-10 07:40:51 +00:00
  • e713af5f5a refactor the mail setup scripts Joshua Tauberer 2014-07-10 07:18:01 +00:00
  • 6f51b49671 remove the hard-coded migration ID from setup.sh Joshua Tauberer 2014-07-10 12:49:19 +00:00
  • 41b3df6d78 manage hostmaster@ and postmaster@ automatically, create administrator@ during setup instead Joshua Tauberer 2014-07-09 19:29:46 +00:00
  • 22a010ecb9 say that certificates are valid too in output Joshua Tauberer 2014-07-09 16:38:56 +00:00
  • 659b5c8aa3 if the server certificate can be used for a non-primary domain, use it Joshua Tauberer 2014-07-09 16:38:42 +00:00
  • 6c70b10c15 tell users to restart nginx after plugging in a new cert Joshua Tauberer 2014-07-09 14:05:59 +00:00
  • deebda06e1 utils.sort_domains wasn't right Joshua Tauberer 2014-07-09 12:35:12 +00:00
  • 1a74b81f44 new nginx configuration yaml file to allow proxying of whole domains elsewhere Joshua Tauberer 2014-07-09 12:31:32 +00:00
  • 04e30ffa78 check that the installed certificate corresponds to the private key Joshua Tauberer 2014-07-08 15:47:54 +00:00
  • 10fbb2b293 in cf7053c124 I allowed editconf.py to insert a setting where we find it already commented-out in order to get an nginx configuration line in the right place, but it wasn't quite right because when run again we would insert the setting a second time Joshua Tauberer 2014-07-08 00:48:22 +00:00
  • 3bab63d4ce update to Roundcube 1.0.1 Joshua Tauberer 2014-07-08 00:37:53 +00:00
  • 7339bf080a add a web_update script to trigger writing nginx config Joshua Tauberer 2014-07-08 00:34:38 +00:00
  • 59a9d02fa5 check that installed certificates are for the domains we are using the certificates for Joshua Tauberer 2014-07-07 12:06:11 +00:00
  • 3d4eadd436 the new migration management in c8856f107d left out the part where we actually keep the system's current MIGRATIONID... it was being lost when setup/start.sh was re-run Joshua Tauberer 2014-07-07 11:29:21 +00:00
  • cf7053c124 set nginx server_names_hash_bucket_size to 64, fixes #93 Joshua Tauberer 2014-07-07 11:23:31 +00:00
  • 430b2dec11 update default www page to link to the website, fixes #96 Joshua Tauberer 2014-07-07 07:07:54 -04:00
  • ad3f6f8424 adding externals and .env to gitignore Joshua Tauberer 2014-07-07 07:06:24 -04:00
  • 65fb65ada7 an mx record may be missing if the A record matches the A record of PRIMARY_HOSTNAME Joshua Tauberer 2014-07-07 02:33:35 +00:00
  • 28e254fb84 whats_next: Allow the PRIMARY_HOSTNAME to not have an MX because the default value means the domain itself, which is what we want anyway Joshua Tauberer 2014-07-07 02:17:04 +00:00
  • e898cd5d2a whats_next: wrap output to the actual width of the terminal Joshua Tauberer 2014-07-07 02:03:01 +00:00
  • 6a231d4409 clarify that an SSL cert can remain self-signed on the non-primary domains if the domain isn't being used for web Joshua Tauberer 2014-07-07 01:54:54 +00:00
  • dcce98f84b and remove the old documentation now that there is documentation on the website Joshua Tauberer 2014-07-06 11:57:57 -04:00
  • 05664f0a3b have the README refer to the website for details Joshua Tauberer 2014-07-06 11:31:11 -04:00
  • 49d5561933 when adding/removing mail addresses also update nginx's config Joshua Tauberer 2014-07-06 12:16:50 +00:00
  • c8856f107d migrate the SSL certificates path for non-primary certs to a new layout using a new migration script Joshua Tauberer 2014-06-30 20:41:29 +00:00
  • 06ba25151f get_domain_ssl_files returned the wrong path for the CSR for PRIMARY_HOSTNAME Joshua Tauberer 2014-06-30 19:49:41 +00:00
  • b5aa1b0f31 walk the user through choosing the PRIMARY_HOSTNAME by first asking for their email address Joshua Tauberer 2014-06-30 10:20:58 -04:00
  • fed5959288 s/PUBLIC_HOSTNAME/PRIMARY_HOSTNAME/ throughout Joshua Tauberer 2014-06-30 09:15:36 -04:00
  • 573faa2bf5 install the backup script as a daily cron job Joshua Tauberer 2014-06-26 10:46:22 +00:00
  • 87f001a5d5 some comments Joshua Tauberer 2014-06-24 03:24:41 +00:00
  • f8cd2bb805 typo: www/default/index.html would be overwritten if it already exists Joshua Tauberer 2014-06-23 19:43:19 +00:00
  • 1dec8c65ce move the SSH password login check into whats_next.py (it used to be in start.sh and then moved to an unused script when it became a problem for Vagrant) Joshua Tauberer 2014-06-23 19:39:20 +00:00
  • d4ce50de86 new tool to purchase and install a SSL certificate using Gandi.net's API Joshua Tauberer 2014-06-23 10:53:09 +00:00
  • 30c416ff6e rename the new checklist script to whats_next.py Joshua Tauberer 2014-06-23 00:11:24 +00:00
  • 5aa09c3f9b let the user override some DNS records in a different way Joshua Tauberer 2014-06-22 19:33:30 +00:00
  • 45e93f7dcc strengthen the cyphers and protocols allowed by Dovecot and Postfix submission Joshua Tauberer 2014-06-22 19:03:11 +00:00
  • 343886d818 add mail alias checks and other cleanup Joshua Tauberer 2014-06-22 16:28:55 +00:00
  • deab8974ec if we handle mail for both a domain and any subdomain, only create a zone for the domain and put the subdomain's DNS records in the main domain's zone file Joshua Tauberer 2014-06-22 16:24:15 +00:00
  • 4668367420 first pass at a management tool for checking what the user must do to finish his configuration: set NS records, DS records, sign his certificates, etc. Joshua Tauberer 2014-06-22 15:34:36 +00:00
  • ec6c7d84c1 dont ask for a CSR country code on second runs because the CSR is already generated and any new country code won't be used anyway Joshua Tauberer 2014-06-22 12:48:21 +00:00
  • 8076ce4ab9 Merge pull request #74 from mkropat/mgmt-auth Joshua Tauberer 2014-06-22 11:36:04 -04:00
  • 9e63ec62fb Cleanup: remove env dependency Michael Kropat 2014-06-22 08:55:19 -04:00
  • d100a790a0 Remove API_KEY_FILE setting Michael Kropat 2014-06-22 08:45:29 -04:00
  • 554a28479f Merge remote-tracking branch 'upstream/master' into mgmt-auth Michael Kropat 2014-06-21 21:29:25 -04:00
  • 064d75e261 Merge pull request #73 from mkropat/syslog-logging Joshua Tauberer 2014-06-21 21:22:27 -04:00
  • e70bc50432 README parallel sentence structure Joshua Tauberer 2014-06-22 00:34:49 +00:00
  • bb394242ef Update documentation to use API auth Michael Kropat 2014-06-22 00:07:14 +00:00
  • 88e496eba4 Update setup scripts to auth against the API Michael Kropat 2014-06-22 00:02:52 +00:00
  • 447399e8cd Update mail tool to pass api key auth Michael Kropat 2014-06-21 23:49:09 +00:00
  • 067052d4ea Add key-based authentication to management service Michael Kropat 2014-06-21 23:42:48 +00:00
  • 53e15eae15 Tell Flask to log to syslog Michael Kropat 2014-06-21 23:25:35 +00:00
  • 67d31ed998 move the SSL setup into its own bash script since it is used for much more than email now Joshua Tauberer 2014-06-21 22:15:53 +00:00
  • 0ab43ef4fd have webfinger output a JSON file in STORAGE_ROOT/webfinger/(acct/..) Joshua Tauberer 2014-06-21 17:08:18 +00:00
  • 326cc2a451 obviously put our stuff in /usr/local and not /usr Joshua Tauberer 2014-06-21 12:35:00 -04:00
  • d3cacd4a11 update test_dns Joshua Tauberer 2014-06-19 18:47:41 -04:00
  • 87b0608f15 test_dns: DNSSEC signing inserts empty text string components Joshua Tauberer 2014-06-17 17:34:26 -04:00
  • 85169dc960 preliminary support for webfinger Joshua Tauberer 2014-06-20 01:54:59 +00:00
  • 5faa1cae71 manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for Joshua Tauberer 2014-06-20 01:16:38 +00:00
  • a1a80b295e update docs a bit Joshua Tauberer 2014-06-18 23:12:05 -04:00
  • 94a140a27a linkify README Joshua Tauberer 2014-06-18 23:04:06 -04:00
  • 126ea94ccf drop support for ADSP which since last November is no longer recommended per http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/ Joshua Tauberer 2014-06-18 22:56:55 -04:00
  • 0f72f78eea add DNSSEC/DANE TLSA to the README Joshua Tauberer 2014-06-19 02:19:05 +00:00
  • 782ad04b10 use DANE when sending mail: if the recipient MX has a DANE TLSA record in DNS then Postfix will necessarily encrypt the mail in transport Joshua Tauberer 2014-06-19 01:58:14 +00:00
  • 95e61bc110 add DANE TLSA records to the PUBLIC_HOSTNAME's DNS Joshua Tauberer 2014-06-19 01:39:27 +00:00
  • 699bccad80 missing spaces in nsd.conf (has no effect but looks proper) Joshua Tauberer 2014-06-18 23:53:52 +00:00
  • afb6c26c8b run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server Joshua Tauberer 2014-06-18 19:41:35 -04:00
  • 761fac729b nsd.conf wasn't properly using the signed zone files Joshua Tauberer 2014-06-18 23:30:35 +00:00
  • dd15bf4384 use a better sort order for records in DNS zone files Joshua Tauberer 2014-06-17 23:34:06 +00:00
  • 14396e58f8 dont create a separate zone for PUBLIC_HOSTNAME if it is a subdomain of another zone (hmm, this is a general principle that could apply to any two domains the box is serving) Joshua Tauberer 2014-06-17 23:30:00 +00:00
  • 33f06f29c1 let the user override some DNS records Joshua Tauberer 2014-06-17 21:39:26 +00:00