1. 06 Jul, 2015 2 commits
    • anoma's avatar
      Ultra safe dovecot findtime and maxretry settings · e591d908
      anoma authored
      Explicitly set the timings and counts for the dovecot jail rather than change the global [DEFAULT] and inherit it for this one jail. These settings are far too safe so a future PR should increase security here.
      e591d908
    • anoma's avatar
      Revert to defaults FAIL2BAN findtime and maxretry · b6f26c0f
      anoma authored
      Reverts the remaining FAIL2BAN settings to default: findtime 600 and maxretry 3. As jail settings override default settings this was hardly being used anyway so it is better to explicitly set it per jail as and when required.
      b6f26c0f
  2. 04 Jul, 2015 2 commits
  3. 03 Jul, 2015 4 commits
    • Joshua Tauberer's avatar
      v0.12 · b503ea1c
      Joshua Tauberer authored
      --------------------
      
      This is a minor update to v0.11, which was a major update. Please read v0.11's advisories.
      
      * The administrator@ alias was incorrectly created starting with v0.11. If your first install was v0.11, check that the administrator@ alias forwards mail to you.
      * Intrusion detection rules (fail2ban) are relaxed (i.e. less is blocked).
      * SSL certificates could not be installed for the new automatic 'www.' redirect domains.
      * PHP's default character encoding is changed from no default to UTF8. The effect of this change is unclear but should prevent possible future text conversion issues.
      * User-installed SSL private keys in the BEGIN PRIVATE KEY format were not accepted.
      * SSL certificates with SAN domains with IDNA encoding were broken in v0.11.
      * Some IDNA functionality was using IDNA 2003 rather than IDNA 2008.
      b503ea1c
    • Joshua Tauberer's avatar
      091c2e45
    • Joshua Tauberer's avatar
      update changelog · 0a78d1d2
      Joshua Tauberer authored
      0a78d1d2
    • Joshua Tauberer's avatar
      ff4780d5
  4. 02 Jul, 2015 10 commits
  5. 30 Jun, 2015 8 commits
    • Joshua Tauberer's avatar
      Merge pull request #471 from hnk/patch-1 · c0ddceb2
      Joshua Tauberer authored
      Set PHPs default charset to UTF-8, since we use it. Closes #367.
      c0ddceb2
    • Joshua Tauberer's avatar
      don't automatically create the administrator@ alias (e.g. on first user... · 42a50623
      Joshua Tauberer authored
      don't automatically create the administrator@ alias (e.g. on first user creation) because we dont know what it should be an alias to (leave this to be resolved manually), fixes #470
      
      Was broken by 462a79cf.
      42a50623
    • Joshua Tauberer's avatar
      idna domains in certificate subject alternative names were not handled... · e3252f53
      Joshua Tauberer authored
      idna domains in certificate subject alternative names were not handled correctly after switching to cryptography package
      e3252f53
    • Joshua Tauberer's avatar
      some IDNA functionality was still using Python's built-in IDNA 2003 encoder... · aa334283
      Joshua Tauberer authored
      some IDNA functionality was still using Python's built-in IDNA 2003 encoder rather than the idna package's IDNA 2008 encoder
      aa334283
    • Hnk Reno's avatar
    • Joshua Tauberer's avatar
      f89a98c7
    • Joshua Tauberer's avatar
    • Joshua Tauberer's avatar
      v0.11 · 23d2df7a
      Joshua Tauberer authored
      ---------------------
      
      Advisories:
      * Users can no longer spoof arbitrary email addresses in outbound mail. When sending mail, the email address configured in your mail client must match the SMTP login username being used, or the email address must be an alias with the SMTP login username listed as one of the alias's targets.
      * This update replaces your DKIM signing key with a stronger key. Because of DNS caching/propagation, mail sent within a few hours after this update could be marked as spam by recipients. If you use External DNS, you will need to update your DNS records.
      * The box will now install software from a new Mail-in-a-Box PPA on Launchpad.net, where we are distributing two of our own packages: a patched postgrey and dovecot-lucene.
      
      Mail:
      * Greylisting will now let some reputable senders pass through immediately.
      * Searching mail (via IMAP) will now be much faster using the dovecot lucene full text search plugin.
      * Users can no longer spoof arbitrary email addresses in outbound mail (see above).
      * Fix for deleting admin@ and postmaster@ addresses.
      * Roundcube is updated to version 1.1.2, plugins updated.
      * Exchange/ActiveSync autoconfiguration was not working on all devices (e.g. iPhone) because of a case-sensitive URL.
      * The DKIM signing key has been increased to 2048 bits, from 1024, replacing the existing key.
      
      Web:
      * 'www' subdomains now automatically redirect to their parent domain (but you'll need to install an SSL certificate).
      * OCSP no longer uses Google Public DNS.
      * The installed PHP version is no longer exposed through HTTP response headers, for better security.
      
      DNS:
      * Default IPv6 AAAA records were missing since version 0.09.
      
      Control panel:
      * Resetting a user's password now forces them to log in again everywhere.
      * Status checks were not working if an ssh server was not installed.
      * SSL certificate validation now uses the Python cryptography module in some places where openssl was used.
      * There is a new tab to show the installed version of Mail-in-a-Box and to fetch the latest released version.
      
      System:
      * The munin system monitoring tool is now installed and accessible at /admin/munin.
      * ownCloud updated to version 8.0.4. The ownCloud installation step now is reslient to download problems. The ownCloud configuration file is now stored in STORAGE_ROOT to fix loss of data when moving STORAGE_ROOT to a new machine.
      * The setup scripts now run `apt-get update` prior to installing anything to ensure the apt database is in sync with the packages actually available.
      23d2df7a
  6. 27 Jun, 2015 2 commits
  7. 26 Jun, 2015 2 commits
  8. 25 Jun, 2015 7 commits
  9. 24 Jun, 2015 3 commits