v0.50 (September 25, 2020)
-------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses. -----BEGIN PGP SIGNATURE----- iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9t2AgPHGp0QG9jY2Ft cy5pbmZvAAoJELkgQfTBC92BZNkH/1jIGoWTz0xlS+e+TeXpHoCp/7zYAvQq/a/y vj9t1N1+bBg6Ywbd8UxyvOHwuL/UQU/5LTq6hk3gD+2ARfJUvDRbb047Xzlisg3N LhNoVhVbsxqKP1X2ZjeIBq9DgzMavuB64Bwd5UNdceM0Addi8KuCDOMF+FNY2t8k xytGjYdBi1/BG6SLBX+FAm5yrJghmkUJs2FnJjebSyyeV2HP3L1iBrk2N8UBd6PU fVjde534lgygFZK/8yXJpY2olfLMYJv7CaOMxvaW6RpbMI8VeLwDLfRt5LcrQZqq YXkuEnUI0eygbQYkeK/Vr1Vey6uQAWzIfbImEglHfvOXsZSYFXs= =SJNM -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl9vB/0ACgkQLzJ3OKPA rjpXTg/+L2W6LXtqJcDdPiLb7uRJ1a+R7DAPPLhZOXT8alFt6g2nAJHHI3NxKWVM KsrSGlL+XSw744tfEzw21WsDuoME2F536/q4V4iprQx0LSJ61EQtqFYABbHT7lSc EyJellcIBxvK9ZTrHhJy3jVJL5eEkrHr4YpaRd68CZGneziMbxZusrlD23OfOn+U Pi6O39+Xh9lB4nxMfzkjYwCPEyNsTaCieKforPE+7TYh6d5NFHp22e2/yNEwYHhv 90txul+/ByeT6UNFsVQ+QXCpMr/m06W9zbCDgrArol12MlgeAg4bL2trgDUV2D9j Dpfo1SYo/VUYetlT98adxW7BK2JuGe3SsFDrgjNPDyMBZRoybLY/l1X5TF5d7dq/ bhgDcHXSJ6iBmhZ8nGDuBWhiEld9orn/9vfj/nHmleurXxgDwMcGKn0eINDuX8Xd NauJdhyOiZLfy8+Rha9ltLlFC/sX8nq0o6iM1Xr+4UOTFVVxlVadkPTMOxuRIQfD +JaMRCoXLfbAknoGdKfAcxEAzzyylO6z4Ztj/fVp9SHjQgby1paLpJMHEVUaQzEZ VYqdOzmz7vrV1H5OHOIy6mthQrTw+Mg4KubJs7w99e3pZKJBpvp55+DLvA0JhKLD dVXqr7rBTkLk/tg4u2SWlj3aZOnkzMz0Iwiu5X+hx3kLl0f3Zgk= =VgsY -----END PGP SIGNATURE----- Merge v0.50 from upstream
This commit is contained in:
commit
7de99aa690
16 changed files with 2652 additions and 38 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -5,3 +5,4 @@ tools/__pycache__/
|
|||
externals/
|
||||
.env
|
||||
.vagrant
|
||||
api/docs/api-docs.html
|
33
CHANGELOG.md
33
CHANGELOG.md
|
@ -1,6 +1,39 @@
|
|||
CHANGELOG
|
||||
=========
|
||||
|
||||
v0.50 (September 25, 2020)
|
||||
--------------------------
|
||||
|
||||
Setup:
|
||||
|
||||
* When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.
|
||||
|
||||
Mail:
|
||||
|
||||
* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
|
||||
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
|
||||
|
||||
DNS:
|
||||
|
||||
* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
|
||||
* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.
|
||||
|
||||
TLS:
|
||||
|
||||
* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
|
||||
|
||||
Control Panel:
|
||||
|
||||
* The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
|
||||
* User passwords can now have spaces.
|
||||
* Status checks for automatic subdomains have been moved into the section for the parent domain.
|
||||
* Typo fixed.
|
||||
|
||||
Web:
|
||||
|
||||
* The default web page served on fresh installations now adds the `noindex` meta tag.
|
||||
* The HSTS header is revised to also be sent on non-success responses.
|
||||
|
||||
v0.48 (August 26, 2020)
|
||||
-----------------------
|
||||
|
||||
|
|
24
README.md
24
README.md
|
@ -102,20 +102,21 @@ Our goals are to:
|
|||
|
||||
Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.
|
||||
|
||||
The Box
|
||||
-------
|
||||
|
||||
In The Box
|
||||
----------
|
||||
|
||||
Mail-in-a-Box turns a fresh ~~Ubuntu 18.04 LTS~~ Debian 10 (Buster) 64-bit machine into a working mail server by installing and configuring various components.
|
||||
|
||||
It is a one-click email appliance. There are no user-configurable setup options. It "just works".
|
||||
It is a one-click email appliance. There are no user-configurable setup options. It "just works."
|
||||
|
||||
The components installed are:
|
||||
|
||||
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers
|
||||
* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (also using dovecot), and email client autoconfig settings (served by [nginx](http://nginx.org/))
|
||||
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([Dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers
|
||||
* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by [nginx](http://nginx.org/))
|
||||
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)) and greylisting ([postgrey](http://postgrey.schweikert.ch/))
|
||||
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), [MTA-STS](https://tools.ietf.org/html/rfc8461), and [SSHFP](https://tools.ietf.org/html/rfc4255) policy records automatically set
|
||||
* HTTPS TLS certificates are automatically provisioned using [Let's Encrypt](https://letsencrypt.org/) (needed for webmail, CardDAV/CalDAV, ActiveSync, MTA-STS policy, etc.).
|
||||
* TLS certificates are automatically provisioned using [Let's Encrypt](https://letsencrypt.org/) for protecting https and all of the other services on the box
|
||||
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), and basic system monitoring ([munin](http://munin-monitoring.org/))
|
||||
|
||||
It also includes system management tools:
|
||||
|
@ -124,10 +125,11 @@ It also includes system management tools:
|
|||
* A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
|
||||
* An API for all of the actions on the control panel
|
||||
|
||||
It also supports static website hosting since the box is serving HTTPS anyway.
|
||||
It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)
|
||||
|
||||
For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).
|
||||
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
|
@ -146,7 +148,7 @@ by him:
|
|||
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
|
||||
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
|
||||
|
||||
$ git verify-tag v0.48
|
||||
$ git verify-tag v0.50
|
||||
gpg: Signature made ..... using RSA key ID C10BDD81
|
||||
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
|
||||
gpg: WARNING: This key is not certified with a trusted signature!
|
||||
|
@ -159,7 +161,7 @@ and on his [personal homepage](https://razor.occams.info/). (Of course, if this
|
|||
|
||||
Checkout the tag corresponding to the most recent release:
|
||||
|
||||
$ git checkout v0.48
|
||||
$ git checkout v0.50
|
||||
|
||||
Begin the installation.
|
||||
|
||||
|
@ -169,6 +171,9 @@ For help, DO NOT contact Josh directly --- I don't do tech support by email or t
|
|||
|
||||
Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
|
||||
|
||||
Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.
|
||||
This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
|
||||
|
||||
Contributing and Development
|
||||
----------------------------
|
||||
|
||||
|
@ -182,6 +187,7 @@ This project was inspired in part by the ["NSA-proof your email in 2 hours"](htt
|
|||
|
||||
Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).
|
||||
|
||||
|
||||
The History
|
||||
-----------
|
||||
|
||||
|
|
23
api/docs/generate-docs.sh
Executable file
23
api/docs/generate-docs.sh
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
# Requirements:
|
||||
# - Node.js
|
||||
# - redoc-cli (`npm install redoc-cli -g`)
|
||||
|
||||
redoc-cli bundle ../mailinabox.yml \
|
||||
-t template.hbs \
|
||||
-o api-docs.html \
|
||||
--templateOptions.metaDescription="Mail-in-a-Box HTTP API" \
|
||||
--title="Mail-in-a-Box HTTP API" \
|
||||
--options.expandSingleSchemaField \
|
||||
--options.hideSingleRequestSampleTab \
|
||||
--options.jsonSampleExpandLevel=10 \
|
||||
--options.hideDownloadButton \
|
||||
--options.theme.logo.maxHeight=180px \
|
||||
--options.theme.logo.maxWidth=180px \
|
||||
--options.theme.colors.primary.main="#C52" \
|
||||
--options.theme.typography.fontSize=16px \
|
||||
--options.theme.typography.fontFamily="Raleway, sans-serif" \
|
||||
--options.theme.typography.headings.fontFamily="Ubuntu, Arial, sans-serif" \
|
||||
--options.theme.typography.code.fontSize=15px \
|
||||
--options.theme.typography.code.fontFamily='"Source Code Pro", monospace'
|
31
api/docs/template.hbs
Normal file
31
api/docs/template.hbs
Normal file
|
@ -0,0 +1,31 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<meta charset="utf8" />
|
||||
<title>{{title}}</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="description" content="{{templateOptions.metaDescription}}" />
|
||||
<link rel="icon" type="image/png" href="https://mailinabox.email/static/logo_small.png">
|
||||
<link rel="apple-touch-icon" type="image/png" href="https://mailinabox.email/static/logo_small.png">
|
||||
<link href="https://fonts.googleapis.com/css?family=Raleway:400,700" rel="stylesheet" />
|
||||
<link href="https://fonts.googleapis.com/css?family=Ubuntu:300" rel="stylesheet" />
|
||||
<link href="https://fonts.googleapis.com/css?family=Source+Code+Pro:500" rel="stylesheet" />
|
||||
<style>
|
||||
body {
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: #000 !important;
|
||||
}
|
||||
</style>
|
||||
{{{redocHead}}}
|
||||
</head>
|
||||
|
||||
<body>
|
||||
{{{redocHTML}}}
|
||||
</body>
|
||||
|
||||
</html>
|
2531
api/mailinabox.yml
Normal file
2531
api/mailinabox.yml
Normal file
File diff suppressed because it is too large
Load diff
|
@ -2,6 +2,7 @@
|
|||
|
||||
<head>
|
||||
<title>Redirecting...</title>
|
||||
<meta name="robots" content="noindex">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
|
|
@ -351,14 +351,10 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
|
|||
("_mta-sts", "TXT", "v=STSv1; id=" + mta_sts_policy_id, "Optional. Part of the MTA-STS policy for incoming mail. If set, a MTA-STS policy must also be published.")
|
||||
])
|
||||
|
||||
# Rules can be custom configured accoring to https://tools.ietf.org/html/rfc8460.
|
||||
# Enable SMTP TLS reporting (https://tools.ietf.org/html/rfc8460) if the user has set a config option.
|
||||
# Skip if the rules below if the user has set a custom _smtp._tls record.
|
||||
if not has_rec("_smtp._tls", "TXT", prefix="v=TLSRPTv1;"):
|
||||
tls_rpt_string = ""
|
||||
tls_rpt_email = env.get("MTA_STS_TLSRPT_EMAIL", "postmaster@%s" % env['PRIMARY_HOSTNAME'])
|
||||
if tls_rpt_email: # if a reporting address is not cleared
|
||||
tls_rpt_string = " rua=mailto:%s" % tls_rpt_email
|
||||
mta_sts_records.append(("_smtp._tls", "TXT", "v=TLSRPTv1;%s" % tls_rpt_string, "Optional. Enables MTA-STS reporting."))
|
||||
if env.get("MTA_STS_TLSRPT_RUA") and not has_rec("_smtp._tls", "TXT", prefix="v=TLSRPTv1;"):
|
||||
mta_sts_records.append(("_smtp._tls", "TXT", "v=TLSRPTv1; rua=" + env["MTA_STS_TLSRPT_RUA"], "Optional. Enables MTA-STS reporting."))
|
||||
for qname, rtype, value, explanation in mta_sts_records:
|
||||
if value is None or value.strip() == "": continue # skip IPV6 if not set
|
||||
if not has_rec(qname, rtype):
|
||||
|
@ -967,7 +963,8 @@ def set_secondary_dns(hostnames, env):
|
|||
try:
|
||||
response = resolver.resolve(item, "A")
|
||||
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
|
||||
response = resolver.resolve(item, "AAAA")
|
||||
try:
|
||||
response = resolver.query(item, "AAAA")
|
||||
except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
|
||||
raise ValueError("Could not resolve the IP address of %s." % item)
|
||||
else:
|
||||
|
@ -975,12 +972,8 @@ def set_secondary_dns(hostnames, env):
|
|||
try:
|
||||
if "/" in item[4:]:
|
||||
v = ipaddress.ip_network(item[4:]) # raises a ValueError if there's a problem
|
||||
if not isinstance(v, ipaddress.IPv4Network) and not isinstance(v, ipaddress.IPv6Network):
|
||||
raise ValueError("That's neither an IPv4 or IPv6 subnet.")
|
||||
else:
|
||||
v = ipaddress.ip_address(item[4:]) # raises a ValueError if there's a problem
|
||||
if not isinstance(v, ipaddress.IPv4Address) and not isinstance(v, ipaddress.IPv6Address):
|
||||
raise ValueError("That's neither an IPv4 or IPv6 address.")
|
||||
except ValueError:
|
||||
raise ValueError("'%s' is not an IPv4 or IPv6 address or subnet." % item[4:])
|
||||
|
||||
|
|
|
@ -605,8 +605,6 @@ def validate_password(pw):
|
|||
# validate password
|
||||
if pw.strip() == "":
|
||||
raise ValueError("No password provided.")
|
||||
if re.search(r"[\s]", pw):
|
||||
raise ValueError("Passwords cannot contain spaces.")
|
||||
if len(pw) < 8:
|
||||
raise ValueError("Passwords must be at least eight characters.")
|
||||
|
||||
|
|
|
@ -288,7 +288,7 @@ function aliases_remove(elem) {
|
|||
},
|
||||
function(r) {
|
||||
// Responses are multiple lines of pre-formatted text.
|
||||
show_modal_error("Remove User", $("<pre/>").text(r));
|
||||
show_modal_error("Remove Alias", $("<pre/>").text(r));
|
||||
show_aliases();
|
||||
});
|
||||
});
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
<div class="col-sm-offset-1 col-sm-11">
|
||||
<p class="small">
|
||||
Multiple secondary servers can be separated with commas or spaces (i.e., <code>ns2.hostingcompany.com ns3.hostingcompany.com</code>).
|
||||
To enable zone transfers to additional servers without listing them as secondary nameservers, add an IP address or subnet using <code>xfr:10.20.30.40</code> or <code>xfr:10.20.30.40/24</code>.
|
||||
To enable zone transfers to additional servers without listing them as secondary nameservers, add an IP address or subnet using <code>xfr:10.20.30.40</code> or <code>xfr:10.0.0.0/8</code>.
|
||||
</p>
|
||||
<p id="secondarydns-clear-instructions" style="display: none" class="small">
|
||||
Clear the input field above and click Update to use this machine itself as secondary DNS, which is the default/normal setup.
|
||||
|
|
|
@ -207,9 +207,9 @@ def make_domain_config(domain, templates, ssl_certificates, env):
|
|||
|
||||
# Add the HSTS header.
|
||||
if hsts == "yes":
|
||||
nginx_conf_extra += "add_header Strict-Transport-Security max-age=15768000;\n"
|
||||
nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000\" always;\n"
|
||||
elif hsts == "preload":
|
||||
nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\";\n"
|
||||
nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\" always;\n"
|
||||
|
||||
# Add in any user customizations in the includes/ folder.
|
||||
nginx_conf_custom_include = os.path.join(env["STORAGE_ROOT"], "www", safe_domain_name(domain) + ".conf")
|
||||
|
|
|
@ -10,7 +10,7 @@ if [ -z "$TAG" ]; then
|
|||
# Make s
|
||||
OS=`lsb_release -d | sed 's/.*:\s*//'`
|
||||
if [ "$OS" == "Debian GNU/Linux 10 (buster)" -o "$(echo $OS | grep -o 'Ubuntu 20.04')" == "Ubuntu 20.04" ]; then
|
||||
TAG=v0.48.POWER.0
|
||||
TAG=v0.50.POWER.0
|
||||
else
|
||||
echo "This script must be run on a system running Debian 10 OR Ubuntu 20.04 LTS."
|
||||
exit 1
|
||||
|
|
|
@ -144,7 +144,7 @@ service imap-login {
|
|||
}
|
||||
}
|
||||
protocol imap {
|
||||
mail_max_userip_connections = 20
|
||||
mail_max_userip_connections = 40
|
||||
}
|
||||
EOF
|
||||
|
||||
|
|
|
@ -134,11 +134,11 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
|
|||
# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
|
||||
# PHP 7.
|
||||
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^[89] ]]; then
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
||||
exit 1
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration."
|
||||
return 0
|
||||
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
||||
exit 1
|
||||
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration."
|
||||
return 0
|
||||
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then
|
||||
# If we are running Nextcloud 13, upgrade to Nextcloud 14
|
||||
InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a
|
||||
|
|
|
@ -33,9 +33,6 @@ def read_password():
|
|||
if len(first) < 8:
|
||||
print("Passwords must be at least eight characters.")
|
||||
continue
|
||||
if re.search(r'[\s]', first):
|
||||
print("Passwords cannot contain spaces.")
|
||||
continue
|
||||
second = getpass.getpass(' (again): ')
|
||||
if first != second:
|
||||
print("Passwords not the same. Try again.")
|
||||
|
|
Loading…
Reference in a new issue