records.append(("_25._tcp","TLSA",build_tlsa_record(env),"Recommended when DNSSEC is enabled. Advertises to mail servers connecting to the box that mandatory encryption should be used."))
# The MX record says where email for the domain should be delivered: Here!
records.append((None,"MX","10 %s."%env["PRIMARY_HOSTNAME"],"Required. Specifies the hostname of the machine that handles @%s mail."%domain))
records.append((None,"MX","10 %s."%env["PRIMARY_HOSTNAME"],"Required. Specifies the hostname (and priority) of the machine that handles @%s mail."%domain))
# SPF record: Permit the box ('mx', see above) to send mail on behalf of
# the domain, and no one else.
records.append((None,"TXT",'"v=spf1 mx -all"',"Recomended. Specifies that only the box is permitted to send @%s mail."%domain))
records.append((None,"TXT",'"v=spf1 mx -all"',"Recommended. Specifies that only the box is permitted to send @%s mail."%domain))
# Add DNS records for any subdomains of this domain. We should not have a zone for
# Add defaults if not overridden by the user's custom settings.
defaults=[
(None,"A",env["PUBLIC_IP"],"Optional. Sets the IP address that %s resolves to, e.g. for web hosting."%domain),
(None,"A",env["PUBLIC_IP"],"Optional. Sets the IP address that %s resolves to, e.g. for web hosting. (It is not necessary for receiving mail on this domain.)"%domain),
("www","A",env["PUBLIC_IP"],"Optional. Sets the IP address that www.%s resolves to, e.g. for web hosting."%domain),
(None,"AAAA",env.get('PUBLIC_IPV6'),"Optional. Sets the IPv6 address that %s resolves to, e.g. for web hosting."%domain),
(None,"AAAA",env.get('PUBLIC_IPV6'),"Optional. Sets the IPv6 address that %s resolves to, e.g. for web hosting. (It is not necessary for receiving mail on this domain.)"%domain),
("www","AAAA",env.get('PUBLIC_IPV6'),"Optional. Sets the IPv6 address that www.%s resolves to, e.g. for web hosting."%domain),
records.append((m.group(1),"TXT",m.group(2),"Recommended. Specifies that only the box is permitted to send mail at this domain."))
records.append((m.group(1),"TXT",m.group(2),"Recommended. Provides a way for recipients to verify that this machine sent @%s mail."%domain))
# Append a DMARC record.
records.append(("_dmarc","TXT",'"v=DMARC1; p=quarantine"',"Optional. Specifies that mail that does not originate from the box but claims to be from @%s is suspect and should be quarantined by the recipient's mail system."%domain))
<textareaclass="form-control"rows="3"id="addaliasTargets"placeholder="Forward to these email addresses (one per line or separated by commas)"></textarea>
<p class="chromeframe">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> or <a href="http://www.google.com/chromeframe/?redirect=true">activate Google Chrome Frame</a> to improve your experience.</p>
<tr><th>Password:</th><td>Your mail password.</td></tr>
</table>
<p>On mobile devices you might need to install a “mail client” app. We recommend <ahref="https://play.google.com/store/apps/details?id=com.fsck.k9">K-9 Mail</a>. On a desktop you could try <ahref="https://www.mozilla.org/en-US/thunderbird/">Mozilla Thunderbird</a>.</p>
<p>Configure your device or desktop mail client as follows:</p>
<p>Depending on your mail program, you will use either IMAP & SMTP or Exchange ActiveSync. See this <ahref="http://z-push.org/compatibility/">list of compatible devices</a> for Exchange ActiveSync.</p>
<h4>Notes</h4>
<p>Mail-in-a-Box uses <ahref="http://en.wikipedia.org/wiki/Greylisting">greylisting</a> to cut down on spam. The first time you receive an email from a recipient, it may be delayed for ten minutes.</p>
<pclass="text-danger">This is for advanced configurations.</p>
<h3>Overview</h3>
<p>Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere. We do not recommend this.</p>
<p>If you do so, you are responsible for keeping your DNS entries up to date. In particular DNSSEC entries must be re-signed periodically. Do not set a DS record at your registrar or publish DNSSEC entries in your DNS zones if you do not intend to keep them up to date.</p>
<h3>DNS Settings</h3>
<p>Enter the following DNS entries at your DNS provider:</p>
<p>Add an email address to this system. This will create a new login username/password. (Use <ahref="javascript:show_panel('aliases')">aliases</a> to create email addresses that forward to existing accounts.)</p>
$("<p>Are you sure you want to archive "+email+"?</p> <p>The user's mailboxes will not be deleted (you can do that later), but the user will no longer be able to log into any services on this machine.</p>"),
"Archive",
function(){
api(
"/mail/users/remove",
"POST",
{
email:email
},
function(r){
// Responses are multiple lines of pre-formatted text.
print_ok("""The DANE TLSA record for incoming mail is correct (%s)."""%tlsa_qname,)
env['out'].print_ok("""The DANE TLSA record for incoming mail is correct (%s)."""%tlsa_qname,)
eliftlsa25isNone:
print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""")
env['out'].print_error("""The DANE TLSA record for incoming mail is not set. This is optional.""")
else:
print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'. Try running tools/dns_update to
env['out'].print_error("""The DANE TLSA record for incoming mail (%s) is not correct. It is '%s' but it should be '%s'. Try running tools/dns_update to
regenerate the record. It may take several hours for
print_error("""The SSL certificate for this domain is currently self-signed. Visitors to a website on
env['out'].print_error("""The SSL certificate for this domain is currently self-signed. Visitors to a website on
this domain will get a security warning. If you are not serving a website on this domain, then it is
safe to leave the self-signed certificate in place.""")
print()
print_block("""You can purchase a signed certificate from many places. You will need to provide this Certificate Signing Request (CSR)
env['out'].print_line("")
env['out'].print_line("""You can purchase a signed certificate from many places. You will need to provide this Certificate Signing Request (CSR)
to whoever you purchase the SSL certificate from:""")
print()
print(open(ssl_csr_path).read().strip())
print()
print_block("""When you purchase an SSL certificate you will receive a certificate in PEM format and possibly a file containing intermediate certificates in PEM format.
env['out'].print_line("""When you purchase an SSL certificate you will receive a certificate in PEM format and possibly a file containing intermediate certificates in PEM format.
If you receive intermediate certificates, use a text editor and paste your certificate on top and then the intermediate certificates
below it. Save the file and place it onto this machine at %s. Then run "service nginx restart"."""%ssl_certificate)
elifcert_status=="OK":
print_ok("SSL certificate is signed & valid.")
env['out'].print_ok("SSL certificate is signed & valid.")
else:
print_error("The SSL certificate has a problem:")
print("")
print(cert_status)
print("")
env['out'].print_error("The SSL certificate has a problem:")