jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

301 Commits

Author SHA1 Message Date
Girish Ramakrishnan
15d0dd93f4 mail: allow underscore in mail address 2022-01-04 14:02:58 -08:00
Girish Ramakrishnan
43f33a34b8 switch mail container to http 2021-12-19 12:11:47 -08:00
Girish Ramakrishnan
aab69772e6 mailbox: add app owner type 
this is useful when we create mailboxes for the recvmail addon
 2021-12-02 22:28:06 -08:00
Girish Ramakrishnan
3dcbeb11b8 mail: use dashboardDomain and not mailDomain 
also remove unused mail_domain
 2021-11-25 15:04:30 -08:00
Girish Ramakrishnan
2f510c2625 capitalize sql keywords 2021-10-26 11:19:30 -07:00
Girish Ramakrishnan
f5e025c213 mail: mailbox listing does not return pop3 status 2021-10-26 11:11:07 -07:00
Girish Ramakrishnan
22e4d956fb mail: add option to force from address for relays 2021-10-16 22:30:28 -07:00
Girish Ramakrishnan
273a833935 mail: chmod the key file, so we can make the config dir readonly 2021-10-16 16:36:53 -07:00
Girish Ramakrishnan
da21e1ffd1 Fix typo in dkim path 2021-10-16 16:28:17 -07:00
Girish Ramakrishnan
4f9975de1b mail: set loglevel in recovery mode 2021-10-16 16:07:35 -07:00
Girish Ramakrishnan
dc8ec9dcd8 mail: move dkim keys into the database 2021-10-11 20:30:42 -07:00
Girish Ramakrishnan
f01764617c mail: fix rebuild 
also fixes dangerous code that downloads mail backup if infra version is 'none'
 2021-10-09 08:15:10 -07:00
Girish Ramakrishnan
000db4e33d mail: add flag to enable/disable pop3 access per mailbox 2021-10-08 10:43:17 -07:00
Girish Ramakrishnan
f17e3b3a62 mail: export pop3 port 2021-10-07 22:06:26 -07:00
Girish Ramakrishnan
6a3cec3de8 services: add recoveryMode 2021-10-01 14:01:30 -07:00
Girish Ramakrishnan
04ff8dab1b Fix progress message 2021-09-27 11:17:10 -07:00
Girish Ramakrishnan
d390495608 provision: download mail backup during restore 2021-09-26 22:55:23 -07:00
Girish Ramakrishnan
7ea9252059 services: simplify startup logic 2021-09-26 22:48:14 -07:00
Girish Ramakrishnan
b135aec525 pass debug argument to background safe() calls 2021-09-23 17:28:22 -07:00
Girish Ramakrishnan
d1e8fded65 mail: expose 465 for mail submission 
Port 465 is implicit TLS. rfc8314 is now pushing this as a standard
and some mail clients like outlook have already taken this to heart.

Note that this port is sometimes confused with SMTPS. Unlike SMTPS,
this is being used for "submissions" (by a client) as opposed to
server transfer protocol.

This is more secure than port 587+STARTTLS. We reject credentials
on insecure connections but it's too late.

See also:

https://www.fastmail.help/hc/en-us/articles/360058753834
https://www.agwa.name/blog/post/starttls_considered_harmful
https://linuxguideandhints.com/misc/port465.html
 2021-09-20 15:42:16 -07:00
Girish Ramakrishnan
c5794b5ecd get rid of all the NOOP_CALLBACKs 2021-09-17 09:40:26 -07:00
Girish Ramakrishnan
1df0c12d6f mail: fix location change 2021-09-03 12:57:10 -07:00
Girish Ramakrishnan
51d067cbe3 sysinfo: async'ify 
in the process, provision, dyndns, mail, dns also got further asyncified
 2021-09-02 16:19:46 -07:00
Girish Ramakrishnan
42774eac8c docker.js and services.js: async'ify 2021-08-26 18:23:31 -07:00
Girish Ramakrishnan
95af5ef138 mailer: fix crash 2021-08-22 09:52:01 -07:00
Girish Ramakrishnan
411cc7daa1 merge settingsdb into settings code 2021-08-19 17:45:40 -07:00
Girish Ramakrishnan
4cd5137292 mailer: fix error handling 
previous mailer code has no callback and thus no way to pass back errors.
now with asyncification it passes back the error
 2021-08-19 12:40:53 -07:00
Girish Ramakrishnan
fa9938f50a mailboxdb: merge into mail.js 2021-08-18 12:48:34 -07:00
Girish Ramakrishnan
5dd6f85025 reverseproxy: async'ify 2021-08-17 14:34:55 -07:00
Girish Ramakrishnan
5bcf1bc47b merge domaindb.js into domains.js 2021-08-16 14:41:42 -07:00
Girish Ramakrishnan
a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan
e59d0e878d merge taskdb into tasks.js 2021-07-14 10:37:12 -07:00
Girish Ramakrishnan
caa8104dda fix ldap test 2021-07-07 15:30:31 -07:00
Girish Ramakrishnan
ac484a02f2 merge maildb.js into mail.js 2021-06-29 15:59:02 -07:00
Girish Ramakrishnan
39e7d9cc7a Further rename of admin -> dashboard 2021-05-05 13:14:48 -07:00
Girish Ramakrishnan
44ac406e57 admin -> dashboard 2021-05-05 12:29:04 -07:00
Girish Ramakrishnan
7f6a0555b2 store custom app certificates in subdomains table 
the REST route and model code is still ununsed as before since there
is no way to set the certs from the UI.
 2021-05-05 10:58:20 -07:00
Girish Ramakrishnan
c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan
d29d46d812 mail: add active flag to mailboxes and lists 2021-04-15 11:49:19 -07:00
Girish Ramakrishnan
91a4ae90f2 better logs 2021-03-23 13:06:37 -07:00
Girish Ramakrishnan
c3d30a1d99 mail: rework STARTTLS strategy 
instead of fixing all apps which is a royal pain, we instead make Haraka
offer STARTTLS for 2587 and no STARTTLS for 2525.
 2021-03-21 20:38:05 -07:00
Girish Ramakrishnan
9c413ffe3d do not overwrite existing dmarc 
fixes #769
 2021-02-24 09:08:56 -08:00
Girish Ramakrishnan
382ae7424d async 3: the whilst and doWhilst test funcs are async 2021-02-04 16:39:47 -08:00
Girish Ramakrishnan
9f9575f46a Fixes to service configuration 
restart service does not rebuild automatically, we should add a route
for that. we need to figure where to scale services etc if we randomly
create containers like that.
 2021-01-21 17:41:22 -08:00
Girish Ramakrishnan
6bd87485c6 rename addons.js to services.js 
services is the named container (services view)
addons is more like a heroku concept
 2021-01-21 11:31:35 -08:00
Girish Ramakrishnan
9d4082356b mail: on location change, ignore error if dns cannot be updated 2020-12-07 00:02:56 -08:00
Girish Ramakrishnan
5e483e4f3a delete any solr index when removing mailbox 2020-12-02 00:26:38 -08:00
Girish Ramakrishnan
e511b70d8f bring back resolvconf and unbound DNS 
bd9c664b1a tried to remove it and use
the system resolver. However, we found that debian has a quirk that it adds
it adds the fqdn as 127.0.1.1. This means that the docker containers
resolve the my.example.com domain to that and can't connect.

This affects any apps doing a turn test (CLOUDRON_TURN/STUN_SERVER)
and also apps like SOGo which use the mail server hostname directly (since
they require proper certs).

https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution

So, the solution is to go back to unbound, now that port 53 binding is specially
handled anyway in docker.js
 2020-11-25 10:02:43 -08:00
Girish Ramakrishnan
aad50fb5b2 add routes to get/set solr config 2020-11-19 20:19:24 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00