CHANGELOG
=========

v0.08 (April 1, 2015)
---------------------

Mail:

* The Roundcube vacation_sieve plugin by @arodier is now installed to make it easier to set vacation auto-reply messages from within Roundcube.
* Authentication-Results headers for DMARC, added in v0.07, were mistakenly added for outbound mail --- that's now removed.
* The Trash folder is now created automatically for new mail accounts, addressing a Roundcube error.

DNS:

* Custom DNS TXT records were not always working and they can now override the default SPF, DKIM, and DMARC records.

System:

* ownCloud updated to version 8.0.2.
* Brute-force SSH and IMAP login attempts are now prevented by properly configuring fail2ban.
* Status checks are run each night and any changes from night to night are emailed to the box administrator (the first user account).

Control panel:

* The new check that system services are running mistakenly checked that the Dovecot Managesieve service is publicly accessible. Although the service binds to the public network interface we don't open the port in ufw. On some machines it seems that ufw blocks the connection from the status checks (which seems correct) and on some machines (mine) it doesn't, which is why I didn't notice the problem.
* The current backup chain will now try to predict how many days until it is deleted (always at least 3 days after the next full backup).
* The list of aliases that forward to a user are removed from the Mail Users page because when there are many alises it is slow and times-out.
* Some status check errors are turned into warnings, especially those that might not apply if External DNS is used.

GET requests might be cached. Definitely happens on Internet Explorer. Makes it look like the user is getting unauthorized access.

See https://discourse.mailinabox.email/t/fresh-install-can-login-to-webmail-but-not-admin/394/4.

fixes #323
fixes #324

set the SPF record after custom DNS records so that the SPF record doesn't prevent all custom TXT records from coming in

Change read_password() logic to catch short passwords

Currently read_password does not verify password length. But further down the chain, passwords are checked to make sure they are longer than four characters.

If during initial setup, the user enters a password that is shorter than four characters, this will not be caught here, but when the script actually calls management/mailconfig.py to add the user, it will fail without a chance to correct the short password.

The setup script will then continue without an inital user being created and this will confuse users.

status checks: turn missing DNSSEC into a warning instead of an error; omit an error about missing TLSA if DNSSEC isn't in use; if DNSSEC is in use, make a missing TLSA record a warning instead of an error

turn some nameserver status check errors into warnings if the domain resolves correctly since the user might be using External DNS, closes #330

The contacts and calendar apps are now maintained outside of ownCloud core, so we now pull them in from github tags and must enable them explicitly.

see a8669197

see 4d22fb9b

fixes #360

drop the list of aliases from the users control panel page because with more than 50 aliases it seems to be so slow it times out

see https://discourse.mailinabox.email/t/small-bug-in-admin-panel-when-49-aliases/378

I added OpenDMARC's milter in fba4d470. But this started
setting Authentication-Results headers on outbound mail with failures. Not sure why it
fails at that point, but it shouldn't be set at all. The failure might cause recipients
to junk the mail. See #358.

This commit removes the milter from the SMTP submission (port 587) listener.

run status checks each night and email the administrator with the changes from the previous day's results

If the migration file is missing but the storage directory exists, assume this is a fresh directory -- don't bother trying to migrate, and do write the migration file with the current migration ID.

Merge branch 'master' of https://github.com/zealot128-os/mailinabox

Closes #334

Merge branch 'master' of https://github.com/h8h/mailinabox

see #353, #319

Configure fail2ban jails to prevent dumb brute-force attacks against postfix, dovecot and ssh. See #319

Update MX records using DNS Update API / Management UI

Give the DNS update tool the ability to customize MX records. Useful if you want a subdomain to send mail to another host.

Changed MX check to respect priorities other than 10.

The status check on MX records now correctly handles domains with
multiple MX records.

Reordered the if a little, added some string parsing, and modified the
OK text to include a warning.

Do not show '_secondary_nameserver' in Custom DNS table

It's redundant and potentially confusing, as any secondary NS shows in "Using a
Secondary Nameserver".

when serving a 'www.' domain, check if the parent domain's ssl certificate can be used besides checking PRIMARY_HOSTNAME

Removing buy_certificate.py which is not working and I don't want to update its call signatures.