- 22 Jun, 2014 11 commits
-
-
Joshua Tauberer authored
if we handle mail for both a domain and any subdomain, only create a zone for the domain and put the subdomain's DNS records in the main domain's zone file
-
Joshua Tauberer authored
first pass at a management tool for checking what the user must do to finish his configuration: set NS records, DS records, sign his certificates, etc.
-
Joshua Tauberer authored
dont ask for a CSR country code on second runs because the CSR is already generated and any new country code won't be used anyway
-
Joshua Tauberer authored
Add authentication to mailinabox-daemon; resolves #67
-
Michael Kropat authored
-
Michael Kropat authored
-
Michael Kropat authored
Conflicts: management/daemon.py
-
Joshua Tauberer authored
Tell Flask to log to syslog
-
Joshua Tauberer authored
-
Michael Kropat authored
The updated instruction is not very user-friendly. I think the right solution is to wrap the `/dns` commands in a `tools/dns.py` style script, along the lines of `tools/mail.py`.
-
Michael Kropat authored
-
- 21 Jun, 2014 8 commits
-
-
Michael Kropat authored
-
Michael Kropat authored
Intended to be the simplest auth possible: every time the service starts, a random key is written to `/var/lib/mailinabox/api.key`. In order to authenticate to the service, the client must pass the contents of `api.key` in an HTTP basic auth header. In this way, users who do not have read access to that file are not able to communicate with the service.
-
Michael Kropat authored
- Writes Flask warnings and errors to `/var/log/syslog` - Helps to debug issues when running in production
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
Don't check NS records for now because they will only appear on zones. If a hostname is a subdomain on a zone and not itself a zone, it will lack NS records. Also stop testing for ADSP, which we dropped in 126ea94c.
-
Joshua Tauberer authored
-
- 20 Jun, 2014 2 commits
-
-
Joshua Tauberer authored
It just echos back the subject given to it.
-
Joshua Tauberer authored
manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for
-
- 19 Jun, 2014 6 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
drop support for ADSP which since last November is no longer recommended per http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/
-
Joshua Tauberer authored
-
Joshua Tauberer authored
use DANE when sending mail: if the recipient MX has a DANE TLSA record in DNS then Postfix will necessarily encrypt the mail in transport
-
Joshua Tauberer authored
Postfix has a tls_security_level called "dane" which uses DNS-Based Authentication of Named Entities (DANE) to require, if specified in the DNS of the MX host, an encrpyted connection with a known certificate. This commit adds TLSA records.
-
- 18 Jun, 2014 3 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server see #71
-
Joshua Tauberer authored
-
- 17 Jun, 2014 4 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
dont create a separate zone for PUBLIC_HOSTNAME if it is a subdomain of another zone (hmm, this is a general principle that could apply to any two domains the box is serving)
-
Joshua Tauberer authored
-
Joshua Tauberer authored
* sign zones * in a cron job, periodically re-sign zones because they expire (not tested)
-
- 13 Jun, 2014 3 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
two more cases of shelling out external programs in a more secure way, see cecda9ce
-
Joshua Tauberer authored
Now that dns_update is a part of the management daemon, we no longer are using STORAGE_ROOT/dns for anything.
-
- 10 Jun, 2014 3 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-