1. 29 May, 2015 9 commits
  2. 28 May, 2015 9 commits
  3. 26 May, 2015 1 commit
    • Xoib's avatar
      softer the greylisting delay restriction · 11546b97
      Xoib authored
      A lot of legit mail servers try again between 200 and 285 seconds, then
      3 hours later. Why? RFC is not strict about retry timer so postfix and
      other MTA have their own intervals. To fix the problem of receiving
      these e-mail really latter, I reduced the delay of postgrey to
      180 seconds (default is 300 seconds).
      11546b97
  4. 25 May, 2015 2 commits
  5. 23 May, 2015 3 commits
  6. 22 May, 2015 2 commits
  7. 20 May, 2015 3 commits
  8. 19 May, 2015 3 commits
  9. 16 May, 2015 1 commit
  10. 14 May, 2015 1 commit
  11. 11 May, 2015 1 commit
  12. 08 May, 2015 1 commit
    • Joshua Tauberer's avatar
      v0.09 · 837d327c
      Joshua Tauberer authored
      =====
      
      May 8, 2015
      
      Mail:
      
      * Spam checking is now performed on messages larger than the previous limit of 64KB.
      * POP3S is now enabled (port 995).
      * Roundcube is updated to version 1.1.1.
      * Minor security improvements (more mail headers with user agent info are anonymized; crypto settings were tightened).
      
      ownCloud:
      
      * Downloading files you uploaded to ownCloud broke because of a change in ownCloud 8.
      
      DNS:
      
      * Internationalized Domain Names (IDNs) should now work in email. If you had custom DNS or custom web settings for internationalized domains, check that they are still working.
      * It is now possible to set multiple TXT and other types of records on the same domain in the control panel.
      * The custom DNS API was completely rewritten to support setting multiple records of the same type on a domain. Any existing client code using the DNS API will have to be rewritten. (Existing code will just get 404s back.)
      * On some systems the `nsd` service failed to start if network inferfaces were not ready.
      
      System / Control Panel:
      
      * In order to guard against misconfiguration that can lead to domain control validation hijacking, email addresses that begin with admin, administrator, postmaster, hostmaster, and webmaster can no longer be used for (new) mail user accounts, and aliases for these addresses may direct mail only to the box's administrator(s).
      * Backups now use duplicity's built-in gpg symmetric AES256 encryption rather than my home-brewed encryption. Old backups will be incorporated inside the first backup after this update but then deleted from disk (i.e. your backups from the previous few days will be backed up).
      * There was a race condition between backups and the new nightly status checks.
      * The control panel would sometimes lock up with an unnecessary loading indicator.
      * You can no longer delete your own account from the control panel.
      
      Setup:
      
      * All Mail-in-a-Box release tags are now signed on github, instructions for verifying the signature are added to the README, and the integrity of some packages downloaded during setup is now verified against a SHA1 hash stored in the tag itself.
      * Bugs in first user account creation were fixed.
      837d327c
  13. 06 May, 2015 1 commit
  14. 05 May, 2015 2 commits
    • Joshua Tauberer's avatar
      drop legacy, export-grade, and anonymous ciphers from SMTP (port 25, opportunistic) · 7ca42489
      Joshua Tauberer authored
      Even though SMTP (on port 25) is typically opportunistic and a MitM attack can't be prevented, we may as well only offer ciphers that provide some level of security. If a client is so old or misconfigured that it doesn't support newer ciphers, it should hopefully fall back to a non-TLS connection.
      
      Postfix's default was basically anything goes (anonymous and 40-bit ciphers!). Google's MTA's only offer ciphers at 112 bits at greater, and this change approximates that with Postfix's "medium" setting.
      
      Fixes #371
      7ca42489
    • Joshua Tauberer's avatar
      bad ciphers were allowed in smtp submssion · 8c6363f7
      Joshua Tauberer authored
      This disallows aNULL and other bad ciphers in the Postfix submission server.
      
      I missed an option in 45e93f7d recommended by the blog post I was reading.
      
      Fixes #389.
      8c6363f7
  15. 04 May, 2015 1 commit