- 30 Jun, 2014 1 commit
-
-
Joshua Tauberer authored
-
- 26 Jun, 2014 1 commit
-
-
Joshua Tauberer authored
-
- 24 Jun, 2014 1 commit
-
-
Joshua Tauberer authored
-
- 23 Jun, 2014 4 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
move the SSH password login check into whats_next.py (it used to be in start.sh and then moved to an unused script when it became a problem for Vagrant)
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
- 22 Jun, 2014 14 commits
-
-
Joshua Tauberer authored
Moved the configuration to a single YAML file, rather than one per domain, to be clearer. re-does 33f06f29
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
if we handle mail for both a domain and any subdomain, only create a zone for the domain and put the subdomain's DNS records in the main domain's zone file
-
Joshua Tauberer authored
first pass at a management tool for checking what the user must do to finish his configuration: set NS records, DS records, sign his certificates, etc.
-
Joshua Tauberer authored
dont ask for a CSR country code on second runs because the CSR is already generated and any new country code won't be used anyway
-
Joshua Tauberer authored
Add authentication to mailinabox-daemon; resolves #67
-
Michael Kropat authored
-
Michael Kropat authored
-
Michael Kropat authored
Conflicts: management/daemon.py
-
Joshua Tauberer authored
Tell Flask to log to syslog
-
Joshua Tauberer authored
-
Michael Kropat authored
The updated instruction is not very user-friendly. I think the right solution is to wrap the `/dns` commands in a `tools/dns.py` style script, along the lines of `tools/mail.py`.
-
Michael Kropat authored
-
- 21 Jun, 2014 8 commits
-
-
Michael Kropat authored
-
Michael Kropat authored
Intended to be the simplest auth possible: every time the service starts, a random key is written to `/var/lib/mailinabox/api.key`. In order to authenticate to the service, the client must pass the contents of `api.key` in an HTTP basic auth header. In this way, users who do not have read access to that file are not able to communicate with the service.
-
Michael Kropat authored
- Writes Flask warnings and errors to `/var/log/syslog` - Helps to debug issues when running in production
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
Don't check NS records for now because they will only appear on zones. If a hostname is a subdomain on a zone and not itself a zone, it will lack NS records. Also stop testing for ADSP, which we dropped in 126ea94c.
-
Joshua Tauberer authored
-
- 20 Jun, 2014 2 commits
-
-
Joshua Tauberer authored
It just echos back the subject given to it.
-
Joshua Tauberer authored
manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for
-
- 19 Jun, 2014 6 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
-
Joshua Tauberer authored
drop support for ADSP which since last November is no longer recommended per http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/
-
Joshua Tauberer authored
-
Joshua Tauberer authored
use DANE when sending mail: if the recipient MX has a DANE TLSA record in DNS then Postfix will necessarily encrypt the mail in transport
-
Joshua Tauberer authored
Postfix has a tls_security_level called "dane" which uses DNS-Based Authentication of Named Entities (DANE) to require, if specified in the DNS of the MX host, an encrpyted connection with a known certificate. This commit adds TLSA records.
-
- 18 Jun, 2014 3 commits
-
-
Joshua Tauberer authored
-
Joshua Tauberer authored
run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server see #71
-
Joshua Tauberer authored
-