jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,568 Commits 33 Branches 583 Tags
00d6dfbaccec869c4a2099374c6d08a92b0415fa
Commit Graph

241 Commits

Author SHA1 Message Date
Girish Ramakrishnan dc8ec9dcd8 mail: move dkim keys into the database 2021-10-11 20:30:42 -07:00
Girish Ramakrishnan f01764617c mail: fix rebuild 
also fixes dangerous code that downloads mail backup if infra version is 'none'
 2021-10-09 08:15:10 -07:00
Girish Ramakrishnan 000db4e33d mail: add flag to enable/disable pop3 access per mailbox 2021-10-08 10:43:17 -07:00
Girish Ramakrishnan f17e3b3a62 mail: export pop3 port 2021-10-07 22:06:26 -07:00
Girish Ramakrishnan 6a3cec3de8 services: add recoveryMode 2021-10-01 14:01:30 -07:00
Girish Ramakrishnan 04ff8dab1b Fix progress message 2021-09-27 11:17:10 -07:00
Girish Ramakrishnan d390495608 provision: download mail backup during restore 2021-09-26 22:55:23 -07:00
Girish Ramakrishnan 7ea9252059 services: simplify startup logic 2021-09-26 22:48:14 -07:00
Girish Ramakrishnan b135aec525 pass debug argument to background safe() calls 2021-09-23 17:28:22 -07:00
Girish Ramakrishnan d1e8fded65 mail: expose 465 for mail submission 
Port 465 is implicit TLS. rfc8314 is now pushing this as a standard
and some mail clients like outlook have already taken this to heart.

Note that this port is sometimes confused with SMTPS. Unlike SMTPS,
this is being used for "submissions" (by a client) as opposed to
server transfer protocol.

This is more secure than port 587+STARTTLS. We reject credentials
on insecure connections but it's too late.

See also:

https://www.fastmail.help/hc/en-us/articles/360058753834
https://www.agwa.name/blog/post/starttls_considered_harmful
https://linuxguideandhints.com/misc/port465.html
 2021-09-20 15:42:16 -07:00
Girish Ramakrishnan c5794b5ecd get rid of all the NOOP_CALLBACKs 2021-09-17 09:40:26 -07:00
Girish Ramakrishnan 1df0c12d6f mail: fix location change 2021-09-03 12:57:10 -07:00
Girish Ramakrishnan 51d067cbe3 sysinfo: async'ify 
in the process, provision, dyndns, mail, dns also got further asyncified
 2021-09-02 16:19:46 -07:00
Girish Ramakrishnan 42774eac8c docker.js and services.js: async'ify 2021-08-26 18:23:31 -07:00
Girish Ramakrishnan 95af5ef138 mailer: fix crash 2021-08-22 09:52:01 -07:00
Girish Ramakrishnan 411cc7daa1 merge settingsdb into settings code 2021-08-19 17:45:40 -07:00
Girish Ramakrishnan 4cd5137292 mailer: fix error handling 
previous mailer code has no callback and thus no way to pass back errors.
now with asyncification it passes back the error
 2021-08-19 12:40:53 -07:00
Girish Ramakrishnan fa9938f50a mailboxdb: merge into mail.js 2021-08-18 12:48:34 -07:00
Girish Ramakrishnan 5dd6f85025 reverseproxy: async'ify 2021-08-17 14:34:55 -07:00
Girish Ramakrishnan 5bcf1bc47b merge domaindb.js into domains.js 2021-08-16 14:41:42 -07:00
Girish Ramakrishnan a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan e59d0e878d merge taskdb into tasks.js 2021-07-14 10:37:12 -07:00
Girish Ramakrishnan caa8104dda fix ldap test 2021-07-07 15:30:31 -07:00
Girish Ramakrishnan ac484a02f2 merge maildb.js into mail.js 2021-06-29 15:59:02 -07:00
Girish Ramakrishnan 39e7d9cc7a Further rename of admin -> dashboard 2021-05-05 13:14:48 -07:00
Girish Ramakrishnan 44ac406e57 admin -> dashboard 2021-05-05 12:29:04 -07:00
Girish Ramakrishnan 7f6a0555b2 store custom app certificates in subdomains table 
the REST route and model code is still ununsed as before since there
is no way to set the certs from the UI.
 2021-05-05 10:58:20 -07:00
Girish Ramakrishnan c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan d29d46d812 mail: add active flag to mailboxes and lists 2021-04-15 11:49:19 -07:00
Girish Ramakrishnan 91a4ae90f2 better logs 2021-03-23 13:06:37 -07:00
Girish Ramakrishnan c3d30a1d99 mail: rework STARTTLS strategy 
instead of fixing all apps which is a royal pain, we instead make Haraka
offer STARTTLS for 2587 and no STARTTLS for 2525.
 2021-03-21 20:38:05 -07:00
Girish Ramakrishnan 9c413ffe3d do not overwrite existing dmarc 
fixes #769
 2021-02-24 09:08:56 -08:00
Girish Ramakrishnan 382ae7424d async 3: the whilst and doWhilst test funcs are async 2021-02-04 16:39:47 -08:00
Girish Ramakrishnan 9f9575f46a Fixes to service configuration 
restart service does not rebuild automatically, we should add a route
for that. we need to figure where to scale services etc if we randomly
create containers like that.
 2021-01-21 17:41:22 -08:00
Girish Ramakrishnan 6bd87485c6 rename addons.js to services.js 
services is the named container (services view)
addons is more like a heroku concept
 2021-01-21 11:31:35 -08:00
Girish Ramakrishnan 9d4082356b mail: on location change, ignore error if dns cannot be updated 2020-12-07 00:02:56 -08:00
Girish Ramakrishnan 5e483e4f3a delete any solr index when removing mailbox 2020-12-02 00:26:38 -08:00
Girish Ramakrishnan e511b70d8f bring back resolvconf and unbound DNS 
bd9c664b1a tried to remove it and use
the system resolver. However, we found that debian has a quirk that it adds
it adds the fqdn as 127.0.1.1. This means that the docker containers
resolve the my.example.com domain to that and can't connect.

This affects any apps doing a turn test (CLOUDRON_TURN/STUN_SERVER)
and also apps like SOGo which use the mail server hostname directly (since
they require proper certs).

https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution

So, the solution is to go back to unbound, now that port 53 binding is specially
handled anyway in docker.js
 2020-11-25 10:02:43 -08:00
Girish Ramakrishnan aad50fb5b2 add routes to get/set solr config 2020-11-19 20:19:24 -08:00
Girish Ramakrishnan bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Girish Ramakrishnan 8c0bd97064 mail: owner can be a group 2020-11-13 00:31:34 -08:00
Girish Ramakrishnan 5447aa7c80 missed this one 2020-09-15 14:46:47 -07:00
Girish Ramakrishnan 08f33f0e78 Add mail location audit log 2020-09-09 22:31:50 -07:00
Girish Ramakrishnan 0c5a637203 Fix progress indicator when mail location is being changed 2020-09-09 21:49:44 -07:00
Girish Ramakrishnan 5728bce6bc Fix typos 2020-08-24 10:28:53 -07:00
Girish Ramakrishnan d752403ed6 mail: add API to get/set banner 
part of #341
 2020-08-24 08:56:13 -07:00
Girish Ramakrishnan a48c08bd23 Fix async loop 2020-08-23 18:21:00 -07:00
Girish Ramakrishnan d36b06acf7 Fix mail location route 2020-08-20 23:12:43 -07:00
Girish Ramakrishnan 3507269321 Allow mail server name to be configurable 
Fixes #721
 2020-08-17 21:49:59 -07:00
Girish Ramakrishnan 096e244252 Fix typo that causes aliases in lists to bounce 
https://forum.cloudron.io/topic/2890/bug-with-mailing-lists-that-point-to-aliases
 2020-08-10 17:49:27 -07:00