power-mailinabox/CHANGELOG.md
Joshua Tauberer 3c50c9a18b when serving a 'www.' domain, check if the parent domain's ssl certificate can be used besides checking PRIMARY_HOSTNAME
Removing buy_certificate.py which is not working and I don't want to update its call signatures.
2015-02-17 00:42:25 +00:00

7.2 KiB

CHANGELOG

Development

Mail:

  • If the box manages mail for a domain and a subdomain of that domain, outbound mail from the subdomain was not DKIM-signed and would therefore fail DMARC tests on the receiving end, possibly result in the mail heading into spam folders.
  • Auto-configuration for Mozilla Thunderbird, Evolution, KMail, and Kontact is now available.
  • Domains that only have a catch-all alias or domain alias no longer automatically create/require admin@ and postmaster@ addresses since they'll forward anyway.
  • Roundcube is updated to version 1.1.0.
  • Authentication-Results headers for DMARC are now added to incoming mail.

DNS:

  • If a custom CNAME record is set on a 'www' subdomain, the default A/AAAA records were preventing the CNAME from working.
  • If a custom DNS A record overrides one provided by the box, the a corresponding default IPv6 record by the box is removed since it will probably be incorrect.
  • Internationalized domain names (IDNs) are now supported for DNS and web, but email is not yet tested.

Web:

  • Static websites now deny access to certain dot (.) files and directories which typically have sensitive info: .ht*, .svn*, .git*, .hg*, .bzr*.
  • The nginx server no longer reports its version and OS for better privacy.
  • The HTTP->HTTPS redirect is now more efficient.
  • When serving a 'www.' domain, reuse the SSL certificate for the parent domain if it covers the 'www' subdomain too

Control panel:

  • Status checks now check that system services are actually running by pinging each port that should have something running on it.
  • The status checks are now parallelized so they may be a little faster.
  • The interface for setting website domain-specific directories is simplified.
  • The mail guide now says that to use Outlook, Outlook 2007 or later on Windows 7 and later is required.

Setup:

  • Install cron if it isn't already installed.
  • Fix a units problem in the minimum memory check.
  • If you override the STORAGE_ROOT, your setting will now persist if you re-run setup.
  • Hangs due to apt wanting the user to resolve a conflict should now be fixed (apt will just clobber the problematic file now).

v0.06 (January 4, 2015)

Mail:

  • Set better default system limits to accommodate boxes handling mail for 20+ users.

Contacts/calendar:

  • Update to ownCloud to 7.0.4.
  • Contacts syncing via ActiveSync wasn't working.

Control panel:

  • New control panel for setting custom DNS settings (without having to use the API).
  • Status checks showed a false positive for Spamhause blacklists and for secondary DNS in some cases.
  • Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required.
  • The local DNS cache is cleared before running the status checks using 'rncd' now rather than restarting 'bind9', which should be faster and wont interrupt other services.
  • Multi-domain and wildcard certificate can now be installed through the control panel.
  • The DNS API now allows the setting of SRV records.

Misc:

  • IPv6 configuration error in postgrey, nginx.
  • Missing dependency on sudo.

v0.05 (November 18, 2014)

Mail:

  • The maximum size of outbound mail sent via webmail and Exchange/ActiveSync has been increased to 128 MB, the same as when using SMTP.
  • Spam is no longer wrapped as an attachment inside a scary Spamassassin explanation. The original message is simply moved straight to the Spam folder unchanged.
  • There is a new iOS/Mac OS X Configuration Profile link in the control panel which makes it easier to configure IMAP/SMTP/CalDAV/CardDAV on iOS devices and Macs.
  • "Domain aliases" can now be configured in the control panel.
  • Updated to Roundcube 1.0.3.
  • IMAP/SMTP is now recommended even on iOS devices as Exchange/ActiveSync is terribly buggy.

Control panel:

  • Installing an SSL certificate for the primary hostname would cause problems until a restart (services needed to be restarted).
  • Installing SSL certificates would fail if /tmp was on a different filesystem.
  • Better error messages when installing a SSL certificate fails.
  • The local DNS cache is now cleared each time the system status checks are run.
  • Documented how to use +tag addressing.
  • Minor UI tweaks.

Other:

  • Updated to ownCloud 7.0.3.
  • The ownCloud API is now exposed properly.
  • DNSSEC now works on .guide domains now too (RSASHA256).

v0.04 (October 15, 2014)

Breaking changes:

  • On-disk backups are now retained for a minimum of 3 days instead of 14. Beyond that the user is responsible for making off-site copies.
  • IMAP no longer supports the legacy SSLv3 protocol. SSLv3 is now known to be insecure. I don't believe any modern devices will be affected by this. HTTPS and SMTP submission already had SSLv3 disabled.

Control panel:

  • The control panel has a new page for installing SSL certificates.
  • The control panel has a new page for hosting static websites.
  • The control panel now shows mailbox sizes on disk.
  • It is now possible to create catch-all aliases from the control panel.
  • Many usability improvements in the control panel.

DNS:

  • Custom DNS A/AAAA records on subdomains were ignored.
  • It is now possible to set up a secondary DNS server.
  • DNS zones were updating even when nothing changed.
  • Strict SPF and DMARC settings are now set on all subdomains not used for mail.

Security:

  • DNSSEC is now supported for the .email TLD which required a different key algorithm.
  • Nginx and Postfix now use 2048 bits of DH parameters instead of 1024.

Other:

  • Spam filter learning by dragging mail in and out of the Spam folder should hopefully be working now.
  • Some things were broken if the machine had an IPv6 address.
  • Other things were broken if the machine was on a non-utf8 locale.
  • No longer implementing webfinger.
  • Removes apache before installing nginx, in case it has been installed by distro.

v0.03 (September 24, 2014)

  • Update existing installs of Roundcube.
  • Disabled catch-alls pending figuring out how to get users to take precedence.
  • Z-Push was not working because in v0.02 we had accidentally moved to a different version.
  • Z-Push is now locked to a specific commit so it doesn't change on us accidentally.
  • The start script is now symlinked to /usr/local/bin/mailinabox.

v0.02 (September 21, 2014)

  • Open the firewall to an alternative SSH port if set.
  • Fixed missing dependencies.
  • Set Z-Push to use sync command with ownCloud.
  • Support more concurrent connections for z-push.
  • In the status checks, handle wildcard certificates.
  • Show the status of backups in the control panel.
  • The control panel can now update a user's password.
  • Some usability improvements in the control panel.
  • Warn if a SSL cert is expiring in 30 days.
  • Use SHA2 to generate CSRs.
  • Better logic for determining when to take a full backup.
  • Reduce DNS TTL, not that it seems to really matter.
  • Add SSHFP DNS records.
  • Add an API for setting custom DNS records
  • Update to ownCloud 7.0.2.
  • Some things were broken if the machine had an IPv6 address.
  • Use a dialogs library to ask users questions during setup.
  • Other fixes.

v0.01 (August 19, 2014)

First release.