1. 11 Apr, 2015 3 commits
    • Joshua Tauberer's avatar
      backups now use duplicity's built-in gpg symmetric encryption · bd498def
      Joshua Tauberer authored
      Merge branch 'dhpiggott-gpg-encrypt-backups'
      bd498def
    • Joshua Tauberer's avatar
      new backup method tweaks · d8279c48
      Joshua Tauberer authored
      * use the AES256 cipher, be explicit that only the first line of secret_key.txt is used, and sanity check that the passphrase is long enough
      * change overship of the encrypted files to the user-data user
      * simplify variable names in management/backup.py
      * although I appreciate long comments I am trimming the commentary about the backup migration
      * revise the control panel template to not refer to the old unencrypted files
      * add CHANGELOG entry
      d8279c48
    • David Piggott's avatar
      Use built in duplicity encryption (GPG) for backups, closes #362, closes #363 · 42322455
      David Piggott authored
      [Josh merged some subsequent commits:]
      
      * Guard via idempotency against termination between migration operations
      * Final corrections and tweaks
      * Pass passphrase through to all duplicity calls
      
      Empirical evidence (a failed cron job) shows that cleanup requires the
      passphrase (so it presumably needs to decrypt metadata), and though
      remove-older-than has been working fine without it, it won't do any harm
      to set it in case that changes or there are any special cases.
      
      * Add back the archive-dir override but locate it at STORAGE_ROOT/backup/cache
      42322455
  2. 09 Apr, 2015 8 commits
  3. 01 Apr, 2015 2 commits
    • Joshua Tauberer's avatar
    • Joshua Tauberer's avatar
      Version 0.08 · f3ad6b4a
      Joshua Tauberer authored
      CHANGELOG
      =========
      
      v0.08 (April 1, 2015)
      ---------------------
      
      Mail:
      
      * The Roundcube vacation_sieve plugin by @arodier is now installed to make it easier to set vacation auto-reply messages from within Roundcube.
      * Authentication-Results headers for DMARC, added in v0.07, were mistakenly added for outbound mail --- that's now removed.
      * The Trash folder is now created automatically for new mail accounts, addressing a Roundcube error.
      
      DNS:
      
      * Custom DNS TXT records were not always working and they can now override the default SPF, DKIM, and DMARC records.
      
      System:
      
      * ownCloud updated to version 8.0.2.
      * Brute-force SSH and IMAP login attempts are now prevented by properly configuring fail2ban.
      * Status checks are run each night and any changes from night to night are emailed to the box administrator (the first user account).
      
      Control panel:
      
      * The new check that system services are running mistakenly checked that the Dovecot Managesieve service is publicly accessible. Although the service binds to the public network interface we don't open the port in ufw. On some machines it seems that ufw blocks the connection from the status checks (which seems correct) and on some machines (mine) it doesn't, which is why I didn't notice the problem.
      * The current backup chain will now try to predict how many days until it is deleted (always at least 3 days after the next full backup).
      * The list of aliases that forward to a user are removed from the Mail Users page because when there are many alises it is slow and times-out.
      * Some status check errors are turned into warnings, especially those that might not apply if External DNS is used.
      f3ad6b4a
  4. 31 Mar, 2015 1 commit
  5. 30 Mar, 2015 3 commits
  6. 29 Mar, 2015 2 commits
    • Joshua Tauberer's avatar
      Merge pull request #366 from hnk/hnk-patch-read_password · f4fa9c93
      Joshua Tauberer authored
      Change read_password() logic to catch short passwords
      f4fa9c93
    • Hnk Reno's avatar
      Change read_password() logic to better catch improper passwords · 6c64723d
      Hnk Reno authored
      Currently read_password does not verify password length. But further down the chain, passwords are checked to make sure they are longer than four characters.
      
      If during initial setup, the user enters a password that is shorter than four characters, this will not be caught here, but when the script actually calls management/mailconfig.py to add the user, it will fail without a chance to correct the short password.
      
      The setup script will then continue without an inital user being created and this will confuse users.
      6c64723d
  7. 28 Mar, 2015 4 commits
  8. 22 Mar, 2015 5 commits
  9. 21 Mar, 2015 3 commits
  10. 19 Mar, 2015 1 commit
  11. 09 Mar, 2015 1 commit
  12. 08 Mar, 2015 4 commits
  13. 04 Mar, 2015 2 commits
  14. 28 Feb, 2015 1 commit