Commit graph

1042 commits

Author SHA1 Message Date
Joshua Tauberer
d4ce50de86 new tool to purchase and install a SSL certificate using Gandi.net's API 2014-06-23 10:53:29 +00:00
Joshua Tauberer
45e93f7dcc strengthen the cyphers and protocols allowed by Dovecot and Postfix submission 2014-06-22 19:03:11 +00:00
Joshua Tauberer
4668367420 first pass at a management tool for checking what the user must do to finish his configuration: set NS records, DS records, sign his certificates, etc. 2014-06-22 15:54:22 +00:00
Joshua Tauberer
ec6c7d84c1 dont ask for a CSR country code on second runs because the CSR is already generated and any new country code won't be used anyway 2014-06-22 15:36:14 +00:00
Michael Kropat
d100a790a0 Remove API_KEY_FILE setting 2014-06-22 08:45:29 -04:00
Michael Kropat
554a28479f Merge remote-tracking branch 'upstream/master' into mgmt-auth
Conflicts:
	management/daemon.py
2014-06-21 21:29:25 -04:00
Michael Kropat
88e496eba4 Update setup scripts to auth against the API 2014-06-22 00:02:52 +00:00
Michael Kropat
067052d4ea Add key-based authentication to management service
Intended to be the simplest auth possible: every time the service
starts, a random key is written to `/var/lib/mailinabox/api.key`. In
order to authenticate to the service, the client must pass the contents
of `api.key` in an HTTP basic auth header. In this way, users who do not
have read access to that file are not able to communicate with the
service.
2014-06-21 23:42:48 +00:00
Joshua Tauberer
67d31ed998 move the SSL setup into its own bash script since it is used for much more than email now 2014-06-21 22:16:46 +00:00
Joshua Tauberer
0ab43ef4fd have webfinger output a JSON file in STORAGE_ROOT/webfinger/(acct/..) 2014-06-21 17:08:18 +00:00
Joshua Tauberer
326cc2a451 obviously put our stuff in /usr/local and not /usr 2014-06-21 12:35:00 -04:00
Joshua Tauberer
85169dc960 preliminary support for webfinger
It just echos back the subject given to it.
2014-06-20 01:55:16 +00:00
Joshua Tauberer
5faa1cae71 manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:55:12 +00:00
Joshua Tauberer
782ad04b10 use DANE when sending mail: if the recipient MX has a DANE TLSA record in DNS then Postfix will necessarily encrypt the mail in transport 2014-06-19 01:58:14 +00:00
Joshua Tauberer
afb6c26c8b run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server
see #71
2014-06-18 19:45:47 -04:00
Joshua Tauberer
33f06f29c1 let the user override some DNS records 2014-06-17 22:21:51 +00:00
Joshua Tauberer
88709506f8 add DNSSEC
* sign zones
* in a cron job, periodically re-sign zones because they expire (not tested)
2014-06-17 22:21:12 +00:00
Joshua Tauberer
c925f72b0b remove obsoleted parts of setup/dns.sh
Now that dns_update is a part of the management daemon, we no
longer are using STORAGE_ROOT/dns for anything.
2014-06-12 20:18:55 -04:00
Joshua Tauberer
d28d07f78e increase the postfix message size limit from 10MB to 128MB 2014-06-10 10:21:43 +00:00
Joshua Tauberer
cad868c6c9 reorganize mail.sh a little 2014-06-10 10:19:49 +00:00
Joshua Tauberer
5490142df5 re-do the backup script to use the duplicity program
Duplicity will manage the process of creating incremental backups for us.
Although duplicity can both encrypt & copy files to a remote host, I really
don't like PGP and so I don't want to use that.

Instead, we'll back up to a local directory unencrypted, then manually
encrypt the full & incremental backup files. Synchronizing the encrypted
backup directory to a remote host is a TODO.
2014-06-09 09:34:52 -04:00
Joshua Tauberer
70bd96f643 Merge pull request #70 from mkropat/ipv6-support
Support dual-stack IPv4/IPv6 mail servers
2014-06-08 19:03:33 -04:00
Michael Kropat
fb957d2de7 Populate default values before echoing help text
Testing showed that it may take a few seconds for the default values to
populate.  If the help text is shown, “Enter the public IP address…,”
but no prompt is shown, the user may get confused and try to enter the
IP address before mailinabox has had a chance to figure out and display
a suitable default value.
2014-06-08 18:44:08 -04:00
Joshua Tauberer
cd1802fecc Filter privacy-sensitive headers on outgoing mail
This re-implements part of PR #69 by @mkropat, who wrote:

By default, Postfix adds a Received header — on all mail that you send —
that lists the IP of the device you sent the mail from.  This feature is
great if you're a mail provider and you need to debug why one user is
having sending issues.  This feature is not so great if you run your own
mail server and you don't want every recipient of every email you send
to know the device and IP you sent the email from.

To limit this filtering to outgoing mail only, we apply the filters just
to the submission port.  See these guides [1] [2] for more context.

  [1] http://askubuntu.com/a/78168/11259
  [2] http://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/
2014-06-08 18:35:09 -04:00
Michael Kropat
ae67409603 Support dual-stack IPv4/IPv6 mail servers
Addresses #3

Added support by adding parallel code wherever `$PUBLIC_IP` was used.
Providing an IPv6 address is completely optional.

Playing around on my IPv6-enabled mail server revealed that — before
this change — mailinabox might try to use an IPv6 address as the value
for `$PUBLIC_IP`, which wouldn't work out well.
2014-06-08 18:32:52 -04:00
Joshua Tauberer
2c4212fa36 use editconf.py to mangle /etc/postfix/master.cf
* using it to enable the Postfix submission service
* per @mkropat's suggestion in #69, set an option to distinguish submission from regular smpd in syslog by giving submission a new name (doing this here to test that editconf is working right on master.cf)
2014-06-08 17:31:12 -04:00
Michael Kropat
42bf624045 Protect private key from being world-readable
Postfix, Dovecot, and nginx all read the key file while they're running
as root — before dropping permissions — so no authorization is needed on
the private key file beyond being root-readable.
2014-06-07 19:40:50 -04:00
Joshua Tauberer
b60ca25e53 add comments to the new get_default_hostname etc. functions, and simplify the logic in the Vagrantfile and start.sh so that we always call into the same two functions 2014-06-07 14:57:03 -04:00
Michael Kropat
43ef49c737 Improve hostname/IP default values
Default IP+hostname values were incorrect for my VPS provider. I
improved the detection, which should give correct results results for
almost any provider. Specific issues addressed:

- icanhazip.com detection was only enabled in non-interactive mode
- `hostname` is by convention a short (non-fqdn) name in Ubuntu
- `hostname --fqdn` fails if provider does not pouplate `hosts` file
- `hostname -i` fails if provider does not populate `hosts` file
- `curl` without `--fail` will someday return crazy results
  when icanhazip.com returns 500 errors or similar
2014-06-07 14:11:42 -04:00
Joshua Tauberer
f1dac1fe13 show less output when updating DNS configuration 2014-06-06 10:51:36 -04:00
Joshua Tauberer
f9c3f33e74 move the SSH password login check out of setup because it interfers with Vagrant and into a separate script that we'll use for auditing in a later phase 2014-06-06 10:51:36 -04:00
Joshua Tauberer
cab7321dbb remove vestigal docker compatibility that prevented starting services during setup 2014-06-04 20:04:26 -04:00
Joshua Tauberer
295981828f Vagrantize
* adding a Vagrantfile
* in a non-interactive setup like this, create the user's first email account for them
* let the machine auto-detect its IP address using http://icanhazip.com/
* use our own justtesting.email domain to provision a subdomain for users so they can quickly get started
2014-06-04 19:39:58 -04:00
Joshua Tauberer
2f0d036504 the bc package is no longer needed since redoing dns_update 2014-06-04 17:27:01 -04:00
Joshua Tauberer
a35fa12465 script to check the SSL certificate, with instructions for turning the self-signed certificate into a properly signed certificate 2014-06-04 11:38:20 +00:00
Joshua Tauberer
ea62c2419d typo in updating DKIM, dont regenerate the DKIM private key each time setup is run 2014-06-03 21:42:33 +00:00
Joshua Tauberer
2a9349a64e show the SSL certificate's fingerprint during setup so the user can sort of pin it 2014-06-03 21:39:49 +00:00
Joshua Tauberer
bb7905aefd on second and later runs of start.sh, recall the inputs the user entered the last time 2014-06-03 21:31:13 +00:00
Joshua Tauberer
24edd5ce91 the SSL CSR must be generated with a country code 2014-06-03 21:17:10 +00:00
Joshua Tauberer
89730bd643 new backup script, see #11 2014-06-03 21:16:38 +00:00
Joshua Tauberer
c54b0cbefc move management into a daemon service running as root
* Created a new Python/flask-based management daemon.
* Moved the mail user management core code from tools/mail.py to the new daemon.
* tools/mail.py is a wrapper around the daemon and can be run as a non-root user.
* Adding a new initscript for the management daemon.
* Moving dns_update.sh to the management daemon, called via curl'ing the daemon's API.

This also now runs the DNS update after mail users and aliases are added/removed,
which sets up new domains' DNS as needed.
2014-06-03 13:56:40 +00:00
Joshua Tauberer
da15ae5375 rename the scripts directory to setup 2014-06-03 11:12:38 +00:00