Commit graph

2424 commits

Author SHA1 Message Date
Joshua Tauberer
a71a58e816
Re-order DS record algorithms by digest type and revise warning message (#2002) 2021-08-22 14:45:56 -04:00
Joshua Tauberer
67b5711c68 Recommend that DS records be updated to not use SHA1 and exclude MUST NOT methods (SHA1) and the unlikely option RSASHA1-NSEC3-SHA1 (7) + SHA-384 (4) from the DS record suggestions 2021-08-22 14:43:46 -04:00
myfirstnameispaul
20ccda8710 Re-order DS record algorithms by digest type and revise warning message.
Note that 7, 4 is printed last in the status checks page but does not appear in the file, and I couldn't figure out why.
2021-08-22 14:29:36 -04:00
NewbieOrange
0ba841c7b6
fail2ban now supports ipv6 (#2015)
Since fail2ban 0.10.0, ipv6 support has been added. The current Ubuntu 18.04 repository has fail2ban 0.10.2, which does have ipv6 protection.
2021-08-22 14:13:58 -04:00
lamkin
daad122236
Ignore bad encoding in email addresses when parsing maillog files (#2017)
local/domain parts of email address should be standard ASCII or
UTF-8. Some email addresses contain extended ASCII, leading to
decode failure by the UTF-8 codec (and thus failure of the
Usage-Report script)

This change allows maillog parsing to continue over lines
containing such addresses
2021-08-16 11:46:32 -04:00
David
2c975e43cc
Add all supported deployments; adjust box sizes to reflect a very bad case scenario 2021-08-14 16:51:49 +01:00
David
a4c5f14237
Revert nsd changes 2021-08-02 15:02:54 +01:00
David
8b2f7f2e4c
v0.54.POWER.4 2021-07-29 01:42:55 +01:00
David
aae5fb4b74
nsd: Don't rely on private and public ip's being the same 2021-07-29 01:33:49 +01:00
David
fd15b28b3d
bind9: Configure on default/bind9 and default/named 2021-07-29 01:33:24 +01:00
NewbieOrange
21ad26e452
Disable auto-complete for 2FA code in the control panel login form (#2013) 2021-07-28 16:39:40 -04:00
David
e98d830f7f
v0.54.POWER.3 2021-07-04 11:24:11 +01:00
David
c171b6491a
Forgot to account that b2sdk had modules :c 2021-07-04 11:17:21 +01:00
David
9ab5733af4
v0.54.POWER.2 2021-07-03 22:55:12 +01:00
David
8cb60ecad7
Fix script warnings on Ubuntu 2021-07-03 22:50:49 +01:00
David
63081c647a
v0.54.POWER.1 2021-07-03 21:27:01 +01:00
David
b2854c3afb
duplicity on debian 10 runs on python 2 2021-07-03 21:26:07 +01:00
David
dc7bae04c7
Fix pgp.sh complaining about grep 2021-07-03 01:08:40 +01:00
David
b53add2798
Make output from setup scripts a little bit less noisy 2021-07-03 00:46:31 +01:00
David
e1aabc4504
Backups: Alternative imports for legacy path (debian 10) 2021-07-03 00:25:42 +01:00
David
f55c0a68b6
Management: Add get_os_code() function 2021-07-03 00:21:21 +01:00
David
c125f462e1
Add get_os_code helper function to setup scripts 2021-07-02 21:28:25 +01:00
David
3018cdd698
v0.54.POWER.0 2021-06-28 00:17:23 +01:00
David
edfb1cf623
Resolve dovecot deprecations 2021-06-27 23:11:24 +01:00
David
d0b5794588
New version notice - point to the correct page 2021-06-27 22:26:19 +01:00
David
afe7123f70
Merge v0.54 from upstream 2021-06-27 22:24:26 +01:00
Joshua Tauberer
4cb46ea465 v0.54 2021-06-20 15:50:04 -04:00
David Duque
9f9eb920b3
v0.53.POWER.2 2021-05-16 23:20:55 +01:00
David Duque
217b0b51ff
Bad bootstrap script, fixing! 2021-05-16 23:20:20 +01:00
David Duque
f382a55a0a
v0.53.POWER.1 2021-05-16 21:41:37 +01:00
David Duque
483817440e
Fetch updates from upstream 2021-05-16 21:18:40 +01:00
Joshua Tauberer
35fa3fe891 Changelog entries 2021-05-15 16:50:19 -04:00
Joshua Tauberer
d510c8ae2a Enable and recommend port 465 for mail submission instead of port 587 (fixes #1849)
Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
2021-05-15 16:42:14 -04:00
Joshua Tauberer
e283a12047 Add null SPF, DMARC, and MX records for automatically generated autoconfig, autodiscover, and mta-sts subdomains; add null MX records for custom A-record subdomains
All A/AAAA-resolvable domains that don't send or receive mail should have these null records.

This simplifies the handling of domains a bit by handling automatically generated subdomains more like other domains.
2021-05-15 16:42:14 -04:00
Joshua Tauberer
e421addf1c Pre-load domain purpopses when building DNS zonefiles rather than querying mail domains at each subdomain 2021-05-09 08:16:07 -04:00
Joshua Tauberer
354a774989 Remove a debug line added in 8cda58fb 2021-05-09 07:34:44 -04:00
Joshua Tauberer
aaa81ec879 Fix indentation issue in bc4ae51c2d 2021-05-08 09:06:18 -04:00
Joshua Tauberer
dbd6dae5ce Fix exit status issue cased by 69fc2fdd 2021-05-08 09:02:48 -04:00
John @ S4
d4c5872547
Make clear that non-AWS S3 backups are supported (#1947)
Just a few wording changes to show that it is possible to make S3 backups to other services than AWS - prompted by a thread on MIAB discourse.
2021-05-08 08:32:58 -04:00
Thomas Urban
3701e05d92
Rewrite envelope from address in sieve forwards (#1949)
Fixes #1946.
2021-05-08 08:30:53 -04:00
Hala Alajlan
bc4ae51c2d
Handle query dns timeout unhandled error (#1950)
Co-authored-by: hala alajlan <halalajlan@gmail.com>
2021-05-08 08:26:40 -04:00
Jawad Seddar
12aaebfc54
custom.yaml: add support for X-Frame-Options header and proxy_redirect off (#1954) 2021-05-08 08:25:33 -04:00
jvolkenant
49813534bd
Updated Nextcloud to 20.0.8, contacts to 3.5.1, calendar to 2.2.0 (#1960) 2021-05-08 08:24:04 -04:00
jvolkenant
16e81e1439
Fix to allow for non forced "enforce" MTA_STS_MODE (#1970) 2021-05-08 08:18:49 -04:00
Joshua Tauberer
b7b67e31b7 Merged point release branch for v0.53a
Changed the Z-Push download URL.
2021-05-08 08:14:39 -04:00
Joshua Tauberer
2e7f2835e7 v0.53a 2021-05-08 08:13:37 -04:00
Joshua Tauberer
8a5f9f464a Download Z-Push from alternate site
The old server has been down for a few days.

Solution from https://discourse.mailinabox.email/t/temporary-fix-for-failed-wget-o-tmp-z-push-zip-https-stash-z-hub-io/8028. Fixes #1974.
2021-05-08 07:59:53 -04:00
Joshua Tauberer
69fc2fdd3a Hide spurrious Nextcloud setup output 2021-05-03 19:41:00 -04:00
Joshua Tauberer
9b07d86bf7 Use $(...) notation instead of legacy backtick notation for embedded shell commands
shellcheck reported

    SC2006: Use $(...) notation instead of legacy backticked `...`.

Fixed by applying shellcheck's diff output as a patch.
2021-05-03 19:28:23 -04:00
Joshua Tauberer
ae3feebd80 Fix warnings reported by shellcheck
* SC2068: Double quote array expansions to avoid re-splitting elements.
* SC2186: tempfile is deprecated. Use mktemp instead.
* SC2124: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
* SC2102: Ranges can only match single chars (mentioned due to duplicates).
* SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
2021-05-03 19:25:09 -04:00