CHANGELOG ========= Development ----------- Mail: * If the box manages mail for a domain and a subdomain of that domain, outbound mail from the subdomain was not DKIM-signed and would therefore fail DMARC tests on the receiving end, possibly result in the mail heading into spam folders. * Auto-configuration for Mozilla Thunderbird, Evolution, KMail, and Kontact is now available. * Domains that only have a catch-all alias or domain alias no longer automatically create/require admin@ and postmaster@ addresses since they'll forward anyway. * Roundcube is updated to version 1.1.0. * Authentication-Results headers for DMARC are now added to incoming mail. DNS: * If a custom CNAME record is set on a 'www' subdomain, the default A/AAAA records were preventing the CNAME from working. * If a custom DNS A record overrides one provided by the box, the a corresponding default IPv6 record by the box is removed since it will probably be incorrect. * Internationalized domain names (IDNs) are now supported for DNS and web, but email is not yet tested. Web: * Static websites now deny access to certain dot (.) files and directories which typically have sensitive info: .ht*, .svn*, .git*, .hg*, .bzr*. * The nginx server no longer reports its version and OS for better privacy. * The HTTP->HTTPS redirect is now more efficient. * When serving a 'www.' domain, reuse the SSL certificate for the parent domain if it covers the 'www' subdomain too * If a custom DNS CNAME record is set on a domain, don't offer to put a website on that domain. (Same logic already applies to custom A/AAAA records.) Control panel: * Status checks now check that system services are actually running by pinging each port that should have something running on it. * The status checks are now parallelized so they may be a little faster. * The status check for MX records now allow any priority, in case an unusual setup is required. * The interface for setting website domain-specific directories is simplified. * The mail guide now says that to use Outlook, Outlook 2007 or later on Windows 7 and later is required. * External DNS settings now skip the special "_secondary_nameserver" key which is used for storing secondary NS information. Setup: * Install cron if it isn't already installed. * Fix a units problem in the minimum memory check. * If you override the STORAGE_ROOT, your setting will now persist if you re-run setup. * Hangs due to apt wanting the user to resolve a conflict should now be fixed (apt will just clobber the problematic file now). v0.06 (January 4, 2015) ----------------------- Mail: * Set better default system limits to accommodate boxes handling mail for 20+ users. Contacts/calendar: * Update to ownCloud to 7.0.4. * Contacts syncing via ActiveSync wasn't working. Control panel: * New control panel for setting custom DNS settings (without having to use the API). * Status checks showed a false positive for Spamhause blacklists and for secondary DNS in some cases. * Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required. * The local DNS cache is cleared before running the status checks using 'rncd' now rather than restarting 'bind9', which should be faster and wont interrupt other services. * Multi-domain and wildcard certificate can now be installed through the control panel. * The DNS API now allows the setting of SRV records. Misc: * IPv6 configuration error in postgrey, nginx. * Missing dependency on sudo. v0.05 (November 18, 2014) ------------------------- Mail: * The maximum size of outbound mail sent via webmail and Exchange/ActiveSync has been increased to 128 MB, the same as when using SMTP. * Spam is no longer wrapped as an attachment inside a scary Spamassassin explanation. The original message is simply moved straight to the Spam folder unchanged. * There is a new iOS/Mac OS X Configuration Profile link in the control panel which makes it easier to configure IMAP/SMTP/CalDAV/CardDAV on iOS devices and Macs. * "Domain aliases" can now be configured in the control panel. * Updated to [Roundcube 1.0.3](http://trac.roundcube.net/wiki/Changelog). * IMAP/SMTP is now recommended even on iOS devices as Exchange/ActiveSync is terribly buggy. Control panel: * Installing an SSL certificate for the primary hostname would cause problems until a restart (services needed to be restarted). * Installing SSL certificates would fail if /tmp was on a different filesystem. * Better error messages when installing a SSL certificate fails. * The local DNS cache is now cleared each time the system status checks are run. * Documented how to use +tag addressing. * Minor UI tweaks. Other: * Updated to [ownCloud 7.0.3](http://owncloud.org/changelog/). * The ownCloud API is now exposed properly. * DNSSEC now works on `.guide` domains now too (RSASHA256). v0.04 (October 15, 2014) ------------------------ Breaking changes: * On-disk backups are now retained for a minimum of 3 days instead of 14. Beyond that the user is responsible for making off-site copies. * IMAP no longer supports the legacy SSLv3 protocol. SSLv3 is now known to be insecure. I don't believe any modern devices will be affected by this. HTTPS and SMTP submission already had SSLv3 disabled. Control panel: * The control panel has a new page for installing SSL certificates. * The control panel has a new page for hosting static websites. * The control panel now shows mailbox sizes on disk. * It is now possible to create catch-all aliases from the control panel. * Many usability improvements in the control panel. DNS: * Custom DNS A/AAAA records on subdomains were ignored. * It is now possible to set up a secondary DNS server. * DNS zones were updating even when nothing changed. * Strict SPF and DMARC settings are now set on all subdomains not used for mail. Security: * DNSSEC is now supported for the .email TLD which required a different key algorithm. * Nginx and Postfix now use 2048 bits of DH parameters instead of 1024. Other: * Spam filter learning by dragging mail in and out of the Spam folder should hopefully be working now. * Some things were broken if the machine had an IPv6 address. * Other things were broken if the machine was on a non-utf8 locale. * No longer implementing webfinger. * Removes apache before installing nginx, in case it has been installed by distro. v0.03 (September 24, 2014) -------------------------- * Update existing installs of Roundcube. * Disabled catch-alls pending figuring out how to get users to take precedence. * Z-Push was not working because in v0.02 we had accidentally moved to a different version. * Z-Push is now locked to a specific commit so it doesn't change on us accidentally. * The start script is now symlinked to /usr/local/bin/mailinabox. v0.02 (September 21, 2014) -------------------------- * Open the firewall to an alternative SSH port if set. * Fixed missing dependencies. * Set Z-Push to use sync command with ownCloud. * Support more concurrent connections for z-push. * In the status checks, handle wildcard certificates. * Show the status of backups in the control panel. * The control panel can now update a user's password. * Some usability improvements in the control panel. * Warn if a SSL cert is expiring in 30 days. * Use SHA2 to generate CSRs. * Better logic for determining when to take a full backup. * Reduce DNS TTL, not that it seems to really matter. * Add SSHFP DNS records. * Add an API for setting custom DNS records * Update to ownCloud 7.0.2. * Some things were broken if the machine had an IPv6 address. * Use a dialogs library to ask users questions during setup. * Other fixes. v0.01 (August 19, 2014) ----------------------- First release.