Merge Docker and Master #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
===== May 8, 2015 Mail: * Spam checking is now performed on messages larger than the previous limit of 64KB. * POP3S is now enabled (port 995). * Roundcube is updated to version 1.1.1. * Minor security improvements (more mail headers with user agent info are anonymized; crypto settings were tightened). ownCloud: * Downloading files you uploaded to ownCloud broke because of a change in ownCloud 8. DNS: * Internationalized Domain Names (IDNs) should now work in email. If you had custom DNS or custom web settings for internationalized domains, check that they are still working. * It is now possible to set multiple TXT and other types of records on the same domain in the control panel. * The custom DNS API was completely rewritten to support setting multiple records of the same type on a domain. Any existing client code using the DNS API will have to be rewritten. (Existing code will just get 404s back.) * On some systems the `nsd` service failed to start if network inferfaces were not ready. System / Control Panel: * In order to guard against misconfiguration that can lead to domain control validation hijacking, email addresses that begin with admin, administrator, postmaster, hostmaster, and webmaster can no longer be used for (new) mail user accounts, and aliases for these addresses may direct mail only to the box's administrator(s). * Backups now use duplicity's built-in gpg symmetric AES256 encryption rather than my home-brewed encryption. Old backups will be incorporated inside the first backup after this update but then deleted from disk (i.e. your backups from the previous few days will be backed up). * There was a race condition between backups and the new nightly status checks. * The control panel would sometimes lock up with an unnecessary loading indicator. * You can no longer delete your own account from the control panel. Setup: * All Mail-in-a-Box release tags are now signed on github, instructions for verifying the signature are added to the README, and the integrity of some packages downloaded during setup is now verified against a SHA1 hash stored in the tag itself. * Bugs in first user account creation were fixed.
… the control panel instructions as if the cert were self-signed
The OVH VPS provider creates systems without /dev/stdout. I have never seen that before. But fine. We were passing it as a command line option to `openssl req`, but outputting to stdout is the default so it's not necessary to specify /dev/stdout. Fixes mail-in-a-box#277. Also https://discourse.mailinabox.email/t/500-internal-server-error/475/10.
Starting with my dnswl.org modifications to postgrey.
…broke smtpd_tls_protocols The submission port began offering SSLv3. With `encrypt`, the smtpd_tls_protocols option is ignored and smtpd_tls_mandatory_protocols must be set instead. see e39b777
…-text search in dovecot.
Resolved conflict between two patches.
…ial locations. Fixed conflicting edits to ppa/Makefile due to cherry-pick.
Fixing minor misspelling of the word: encrypted
* install the munin-node package * don't install munin-plugins-extra (if the user wants it they can add it) * expose the munin www directory via the management daemon so that it can handle authorization, rather than manintaining a separate password file
remove unnecessary source call
* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version. * Roundcube now allows persistent logins using Roundcube-Persistent-Login-Plugin. * ownCloud is updated to version 8.0.3. * SPF records for non-mail domains were tightened. * The minimum greylisting delay has been reduced from 5 minutes to 3 minutes. * Users and aliases weren't working if they were entered with any uppercase letters. Now only lowercase is allowed. * After installing an SSL certificate from the control panel, the page wasn't being refreshed. * Backups broke if the box's hostname was changed after installation. * Dotfiles (i.e. .svn) stored in ownCloud Files were not accessible from ownCloud's mobile/desktop clients. * Fix broken install on OVH VPS's.
…ng them in a separate postgrey fork repository
… dnswl's license terms
…d anyway, don't let that cause PRIMARY_HOSTNAME from being dropped from nginx.conf Could be related to https://discourse.mailinabox.email/t/nginx-lost-admin-record-after-install-ssl-cert-problem/528.
This doesn't change anything. Just preparation for the next commit.
* Split the nginx templates again so we have just the part needed to make a domain do a redirect separate from the rest. * Add server blocks to the nginx config for these domains. * List these domains in the SSL certificate install admin panel. * Generate default 'www' records just for domains we provide default redirects for. Fixes mail-in-a-box#321.
…the root of a domain, use a minimal nginx config template (same as the new default www redirects)
…ssword so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac
* Set ssl_stapling_verify to off per https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx ('on' has no security benefits). * Set resolver to 127.0.0.1, instead of Google Public DNS, because we might as well use our local nameserver anyway. * Remove the commented line which per the link above would never be necessary anyway. OCSP seems to work just fine after these changes.
server is redirecting the request for this address in a way that will never complete
fix loop redirecting
Conflicts: setup/questions.sh Merge Docker and Master branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.