- 11 Apr, 2015 6 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
add a 'backup --verify' command to run duplicity's verify command to check that the backup files are OK
-
Joshua Tauberer authored
Merge branch 'dhpiggott-gpg-encrypt-backups'
-
Joshua Tauberer authored
* use the AES256 cipher, be explicit that only the first line of secret_key.txt is used, and sanity check that the passphrase is long enough * change overship of the encrypted files to the user-data user * simplify variable names in management/backup.py * although I appreciate long comments I am trimming the commentary about the backup migration * revise the control panel template to not refer to the old unencrypted files * add CHANGELOG entry
-
David Piggott authored
[Josh merged some subsequent commits:] * Guard via idempotency against termination between migration operations * Final corrections and tweaks * Pass passphrase through to all duplicity calls Empirical evidence (a failed cron job) shows that cleanup requires the passphrase (so it presumably needs to decrypt metadata), and though remove-older-than has been working fine without it, it won't do any harm to set it in case that changes or there are any special cases. * Add back the archive-dir override but locate it at STORAGE_ROOT/backup/cache
-
- 09 Apr, 2015 8 commits
-
-
Joshua Tauberer authored
prevent accidental domain control validation hijacking by limiting use of admin@ etc. addresses in users/aliases
-
Joshua Tauberer authored
-
Joshua Tauberer authored
I changed my mind. In 1bf8f199 I allowed Unicode domain names to go into the database. I thought that was nice because it's what the user *means*. But it's not how the web works. Web and DNS were working, but mail wasn't. Postfix (as shipped with Ubuntu 14.04 without support for SMTPUTF8) exists in an ASCII-only world. When it goes to the users/aliases table, it queries in ASCII (IDNA) only and had no hope of delivering mail if the domain was in full Unicode in the database. I was thinking ahead to SMTPUTF8, where we *could* put Unicode in the database (though that would prevent IDNA-encoded addressing from being deliverable) not realizing it isn't well supported yet anyway. It's IDNA that goes on the wire in most places anyway (SMTP without SMTPUTF8 (and therefore how Postfix queries our users/aliases tables), DNS zone files, nginx config, CSR 'CN' field, X509 Common Name and Subject Alternative Names fields), so we should really be talking in terms of IDNA (i.e. ASCII). This partially reverts commit 1bf8f199, where I added a lot of Unicode=>IDNA conversions when writing configuration files. Instead I'm doing Unicode=>IDNA before email addresses get into the users/aliases table. Now we assume the database uses IDNA-encoded ASCII domain names. When adding/removing aliases, addresses are converted to ASCII (w/ IDNA). User accounts must be ASCII-only anyway because of Dovecot's auth limitations, so we don't do any IDNA conversion (don't want to change the user's login info behind their back!). The aliases control panel page converts domains back to Unicode for display to be nice. The status checks converts the domains to Unicode just for the output headings. A migration is added to convert existing aliases with Unicode domains into IDNA. Any custom DNS or web settings with Unicode may need to be changed. Future support for SMTPUTF8 will probably need to add columns in the users/aliases table so that it lists both IDNA and Unicode forms.
-
Joshua Tauberer authored
-
Joshua Tauberer authored
fix(read_password): regex check for spaces, quotes
-
Joshua Tauberer authored
* Add pop3s to the ufw firewall rules. * Updated some comments. * Updated CHANGELOG. Merge branch 'master' of https://github.com/pichak/mailinabox
-
Morteza Milani authored
UIDL assigns a unique string to each email. This allows emails to be left on the server after a client downloads them.
- 01 Apr, 2015 2 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
CHANGELOG ========= v0.08 (April 1, 2015) --------------------- Mail: * The Roundcube vacation_sieve plugin by @arodier is now installed to make it easier to set vacation auto-reply messages from within Roundcube. * Authentication-Results headers for DMARC, added in v0.07, were mistakenly added for outbound mail --- that's now removed. * The Trash folder is now created automatically for new mail accounts, addressing a Roundcube error. DNS: * Custom DNS TXT records were not always working and they can now override the default SPF, DKIM, and DMARC records. System: * ownCloud updated to version 8.0.2. * Brute-force SSH and IMAP login attempts are now prevented by properly configuring fail2ban. * Status checks are run each night and any changes from night to night are emailed to the box administrator (the first user account). Control panel: * The new check that system services are running mistakenly checked that the Dovecot Managesieve service is publicly accessible. Although the service binds to the public network interface we don't open the port in ufw. On some machines it seems that ufw blocks the connection from the status checks (which seems correct) and on some machines (mine) it doesn't, which is why I didn't notice the problem. * The current backup chain will now try to predict how many days until it is deleted (always at least 3 days after the next full backup). * The list of aliases that forward to a user are removed from the Mail Users page because when there are many alises it is slow and times-out. * Some status check errors are turned into warnings, especially those that might not apply if External DNS is used.
-
- 31 Mar, 2015 1 commit
-
-
Joshua Tauberer authored
GET requests might be cached. Definitely happens on Internet Explorer. Makes it look like the user is getting unauthorized access. See https://discourse.mailinabox.email/t/fresh-install-can-login-to-webmail-but-not-admin/394/4.
-
- 30 Mar, 2015 3 commits
-
-
Sascha Reynolds authored
* Passwords must be at least four characters. So we need to check them here to ensure that first user creation works during initial setup * Change quotes to match rest of code
-
Joshua Tauberer authored
fixes #323 fixes #324
-
Joshua Tauberer authored
set the SPF record after custom DNS records so that the SPF record doesn't prevent all custom TXT records from coming in
-
- 29 Mar, 2015 2 commits
-
-
Joshua Tauberer authored
Change read_password() logic to catch short passwords
-
Hnk Reno authored
Currently read_password does not verify password length. But further down the chain, passwords are checked to make sure they are longer than four characters. If during initial setup, the user enters a password that is shorter than four characters, this will not be caught here, but when the script actually calls management/mailconfig.py to add the user, it will fail without a chance to correct the short password. The setup script will then continue without an inital user being created and this will confuse users.
-
- 28 Mar, 2015 4 commits
-
-
Joshua Tauberer authored
status checks: turn missing DNSSEC into a warning instead of an error; omit an error about missing TLSA if DNSSEC isn't in use; if DNSSEC is in use, make a missing TLSA record a warning instead of an error
-
Joshua Tauberer authored
turn some nameserver status check errors into warnings if the domain resolves correctly since the user might be using External DNS, closes #330
-
Joshua Tauberer authored
The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly.
-
Joshua Tauberer authored
see a8669197
-
- 22 Mar, 2015 5 commits
-
-
Joshua Tauberer authored
see 4d22fb9b fixes #360
-
Joshua Tauberer authored
drop the list of aliases from the users control panel page because with more than 50 aliases it seems to be so slow it times out see https://discourse.mailinabox.email/t/small-bug-in-admin-panel-when-49-aliases/378
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
- 21 Mar, 2015 3 commits
-
-
Joshua Tauberer authored
I added OpenDMARC's milter in fba4d470. But this started setting Authentication-Results headers on outbound mail with failures. Not sure why it fails at that point, but it shouldn't be set at all. The failure might cause recipients to junk the mail. See #358. This commit removes the milter from the SMTP submission (port 587) listener.
-
Joshua Tauberer authored
run status checks each night and email the administrator with the changes from the previous day's results
-
Joshua Tauberer authored
-
- 19 Mar, 2015 1 commit
-
-
Joshua Tauberer authored
If the migration file is missing but the storage directory exists, assume this is a fresh directory -- don't bother trying to migrate, and do write the migration file with the current migration ID.
-
- 09 Mar, 2015 1 commit
-
-
Toilal authored
-
- 08 Mar, 2015 4 commits
-
-
Joshua Tauberer authored
Merge branch 'master' of https://github.com/zealot128-os/mailinabox Closes #334
-
Joshua Tauberer authored
Merge branch 'master' of https://github.com/h8h/mailinabox see #353, #319
-
Joshua Tauberer authored
-
H8H authored
Configure fail2ban jails to prevent dumb brute-force attacks against postfix, dovecot and ssh. See #319
-