1. 09 Apr, 2015 7 commits
    • Joshua Tauberer's avatar
      prevent accidental domain control validation hijacking by limiting use of... · 072aeca1
      Joshua Tauberer authored
      prevent accidental domain control validation hijacking by limiting use of admin@ etc. addresses in users/aliases
      072aeca1
    • Joshua Tauberer's avatar
    • Joshua Tauberer's avatar
      store IDNs (internationalized domain names) in IDNA (ASCII) in our database, not in Unicode · 322a5779
      Joshua Tauberer authored
      I changed my mind. In 1bf8f199 I allowed Unicode domain names to go into the database. I thought that was nice because it's what the user *means*. But it's not how the web works. Web and DNS were working, but mail wasn't. Postfix (as shipped with Ubuntu 14.04 without support for SMTPUTF8) exists in an ASCII-only world. When it goes to the users/aliases table, it queries in ASCII (IDNA) only and had no hope of delivering mail if the domain was in full Unicode in the database. I was thinking ahead to SMTPUTF8, where we *could* put Unicode in the database (though that would prevent IDNA-encoded addressing from being deliverable) not realizing it isn't well supported yet anyway.
      
      It's IDNA that goes on the wire in most places anyway (SMTP without SMTPUTF8 (and therefore how Postfix queries our users/aliases tables), DNS zone files, nginx config, CSR 'CN' field, X509 Common Name and Subject Alternative Names fields), so we should really be talking in terms of IDNA (i.e. ASCII).
      
      This partially reverts commit 1bf8f199, where I added a lot of Unicode=>IDNA conversions when writing configuration files. Instead I'm doing Unicode=>IDNA before email addresses get into the users/aliases table. Now we assume the database uses IDNA-encoded ASCII domain names. When adding/removing aliases, addresses are converted to ASCII (w/ IDNA). User accounts must be ASCII-only anyway because of Dovecot's auth limitations, so we don't do any IDNA conversion (don't want to change the user's login info behind their back!). The aliases control panel page converts domains back to Unicode for display to be nice. The status checks converts the domains to Unicode just for the output headings.
      
      A migration is added to convert existing aliases with Unicode domains into IDNA. Any custom DNS or web settings with Unicode may need to be changed.
      
      Future support for SMTPUTF8 will probably need to add columns in the users/aliases table so that it lists both IDNA and Unicode forms.
      322a5779
    • Joshua Tauberer's avatar
      e41df28b
    • Joshua Tauberer's avatar
      Merge pull request #372 from hnk/fix-spaces_in_password · d3239b49
      Joshua Tauberer authored
      fix(read_password): regex check for spaces, quotes
      d3239b49
    • Joshua Tauberer's avatar
      Add POP3S support (merge w/ adjustments) · d11be61d
      Joshua Tauberer authored
      * Add pop3s to the ufw firewall rules.
      * Updated some comments.
      * Updated CHANGELOG.
      
      Merge branch 'master' of https://github.com/pichak/mailinabox
      d11be61d
    • Morteza Milani's avatar
      Better documentation for POP3 settings, UIDL. · 916063a7
      Morteza Milani authored
      UIDL assigns a unique string to each email. This allows emails to
      be left on the server after a client downloads them.
      916063a7
  2. 01 Apr, 2015 2 commits
    • Joshua Tauberer's avatar
    • Joshua Tauberer's avatar
      Version 0.08 · f3ad6b4a
      Joshua Tauberer authored
      CHANGELOG
      =========
      
      v0.08 (April 1, 2015)
      ---------------------
      
      Mail:
      
      * The Roundcube vacation_sieve plugin by @arodier is now installed to make it easier to set vacation auto-reply messages from within Roundcube.
      * Authentication-Results headers for DMARC, added in v0.07, were mistakenly added for outbound mail --- that's now removed.
      * The Trash folder is now created automatically for new mail accounts, addressing a Roundcube error.
      
      DNS:
      
      * Custom DNS TXT records were not always working and they can now override the default SPF, DKIM, and DMARC records.
      
      System:
      
      * ownCloud updated to version 8.0.2.
      * Brute-force SSH and IMAP login attempts are now prevented by properly configuring fail2ban.
      * Status checks are run each night and any changes from night to night are emailed to the box administrator (the first user account).
      
      Control panel:
      
      * The new check that system services are running mistakenly checked that the Dovecot Managesieve service is publicly accessible. Although the service binds to the public network interface we don't open the port in ufw. On some machines it seems that ufw blocks the connection from the status checks (which seems correct) and on some machines (mine) it doesn't, which is why I didn't notice the problem.
      * The current backup chain will now try to predict how many days until it is deleted (always at least 3 days after the next full backup).
      * The list of aliases that forward to a user are removed from the Mail Users page because when there are many alises it is slow and times-out.
      * Some status check errors are turned into warnings, especially those that might not apply if External DNS is used.
      f3ad6b4a
  3. 31 Mar, 2015 1 commit
  4. 30 Mar, 2015 3 commits
  5. 29 Mar, 2015 2 commits
    • Joshua Tauberer's avatar
      Merge pull request #366 from hnk/hnk-patch-read_password · f4fa9c93
      Joshua Tauberer authored
      Change read_password() logic to catch short passwords
      f4fa9c93
    • Hnk Reno's avatar
      Change read_password() logic to better catch improper passwords · 6c64723d
      Hnk Reno authored
      Currently read_password does not verify password length. But further down the chain, passwords are checked to make sure they are longer than four characters.
      
      If during initial setup, the user enters a password that is shorter than four characters, this will not be caught here, but when the script actually calls management/mailconfig.py to add the user, it will fail without a chance to correct the short password.
      
      The setup script will then continue without an inital user being created and this will confuse users.
      6c64723d
  6. 28 Mar, 2015 4 commits
  7. 22 Mar, 2015 5 commits
  8. 21 Mar, 2015 3 commits
  9. 19 Mar, 2015 1 commit
  10. 09 Mar, 2015 1 commit
  11. 08 Mar, 2015 4 commits
  12. 04 Mar, 2015 2 commits
  13. 28 Feb, 2015 2 commits
  14. 23 Feb, 2015 2 commits
  15. 21 Feb, 2015 1 commit