- 30 Jun, 2015 4 commits
-
-
Joshua Tauberer authored
some IDNA functionality was still using Python's built-in IDNA 2003 encoder rather than the idna package's IDNA 2008 encoder
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
--------------------- Advisories: * Users can no longer spoof arbitrary email addresses in outbound mail. When sending mail, the email address configured in your mail client must match the SMTP login username being used, or the email address must be an alias with the SMTP login username listed as one of the alias's targets. * This update replaces your DKIM signing key with a stronger key. Because of DNS caching/propagation, mail sent within a few hours after this update could be marked as spam by recipients. If you use External DNS, you will need to update your DNS records. * The box will now install software from a new Mail-in-a-Box PPA on Launchpad.net, where we are distributing two of our own packages: a patched postgrey and dovecot-lucene. Mail: * Greylisting will now let some reputable senders pass through immediately. * Searching mail (via IMAP) will now be much faster using the dovecot lucene full text search plugin. * Users can no longer spoof arbitrary email addresses in outbound mail (see above). * Fix for deleting admin@ and postmaster@ addresses. * Roundcube is updated to version 1.1.2, plugins updated. * Exchange/ActiveSync autoconfiguration was not working on all devices (e.g. iPhone) because of a case-sensitive URL. * The DKIM signing key has been increased to 2048 bits, from 1024, replacing the existing key. Web: * 'www' subdomains now automatically redirect to their parent domain (but you'll need to install an SSL certificate). * OCSP no longer uses Google Public DNS. * The installed PHP version is no longer exposed through HTTP response headers, for better security. DNS: * Default IPv6 AAAA records were missing since version 0.09. Control panel: * Resetting a user's password now forces them to log in again everywhere. * Status checks were not working if an ssh server was not installed. * SSL certificate validation now uses the Python cryptography module in some places where openssl was used. * There is a new tab to show the installed version of Mail-in-a-Box and to fetch the latest released version. System: * The munin system monitoring tool is now installed and accessible at /admin/munin. * ownCloud updated to version 8.0.4. The ownCloud installation step now is reslient to download problems. The ownCloud configuration file is now stored in STORAGE_ROOT to fix loss of data when moving STORAGE_ROOT to a new machine. * The setup scripts now run `apt-get update` prior to installing anything to ensure the apt database is in sync with the packages actually available.
-
- 27 Jun, 2015 2 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
The sslmate guidance changed. See #458.
-
- 26 Jun, 2015 2 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
- 25 Jun, 2015 7 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
show the Mail-in-a-Box version in the control panel and a button to ping the MiaB website for the latest version fixes #441
-
Joshua Tauberer authored
-
Joshua Tauberer authored
* Add a migration to delete any existing DKIM key so that existing machines get a fresh 2048-bit key. (Sadly we don't support key rotation so the change is immediate.) * Because the DNS record for a 2048-bit key is so much longer, the way we read OpenDKIM's DNS record text file had to be modified to combine an arbitrary number of TXT record quoted ("...") strings. * When writing out the TXT record value, the string must be split into quoted ("...") strings with a maximum length of 255 bytes each, per the DNS spec. * Added a changelog entry.
-
Joshua Tauberer authored
-
Joshua Tauberer authored
Z-Push autoconfiguration fails due to URL case sensitivity
-
Marc Schiller authored
-
- 24 Jun, 2015 6 commits
-
-
PortableTech authored
Currently MiaB creates 1024 bit keys which is seen as a minimum standard by several providers such as Google who already uses a 2048 bit key. Increasing the keysize beyond 2048 is an issue as it often goes beyond supported DNS record sizes.
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
Reject outgoing mail if MAIL FROM (envelope sender) does not match login name or is not an alias that directs mail (directly) to login name.
-
Joshua Tauberer authored
ownCloud breaks if download fails (Issue #449)
-
aLeX authored
If the downloaded file doesn't pass hash verification, the script exits and leaves a broken system Just make hash verification before moving owncloud directory
-
- 23 Jun, 2015 1 commit
-
-
Joshua Tauberer authored
-
- 21 Jun, 2015 2 commits
-
-
Joshua Tauberer authored
validate certificates using the cryptography python package as much as possible, shelling out to openssl just once instead of four times per certificate * Use `cryptography` instead of parsing openssl's output. * When checking if we can reuse the primary domain certificate or a www-parent-domain certificate for a domain, avoid shelling out to openssl entirely.
-
Joshua Tauberer authored
-
- 20 Jun, 2015 1 commit
-
-
Morteza Milani authored
-
- 18 Jun, 2015 8 commits
-
-
Toilal authored
[JT added installing netcat-openbsd in system.sh]
-
Joshua Tauberer authored
add a new autoconfiguration option PRIMARY_HOSTNAME=auto to simply grab the hostname from reverse DNS drawn from https://github.com/Toilal/mailinabox/commit/5b23a06a7410e4530a56fd6200a6c46c3c6ea9b6.
-
Joshua Tauberer authored
-
Joshua Tauberer authored
move more of start.sh into questions.sh to keep start.sh cleaner and encapsulate all of the variable setting in a single script Based on https://github.com/Toilal/mailinabox/commit/5b23a06a7410e4530a56fd6200a6c46c3c6ea9b6.
-
Joshua Tauberer authored
-
Joshua Tauberer authored
fix wrong redirect for automatic www subdomain redirects
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
- 17 Jun, 2015 3 commits
-
-
bizonix authored
$ curl -I https://www.site.co.il/static/images/1.png?a=b | grep Location Location: https://site.co.il?a=b but should be something like Location: https://site.co.il/static/images/1.png?a=b
-
Joshua Tauberer authored
-
Joshua Tauberer authored
This was broken by the ability to have multiple TXT records in 9f1d633a.
-
- 15 Jun, 2015 1 commit
-
-
Joshua Tauberer authored
-
- 14 Jun, 2015 3 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-