merge master branch

CHANGELOG.md

@@ -6,11 +6,28 @@ This branch supports Ubuntu 18.04 **only**. When upgrading, **always** upgrade y
 In Development
 --------------
 
-* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
+Setup:
+
+* Update to Roundcube 1.3.8.
+* Add missing rsyslog package to install line since some OS images don't have it installed by default.
+* A log file for nsd was added.
+
+Control Panel:
 
-* Update to Nextcloud 13.0.5.
+* The users page now documents that passwords should only have ASCII characters to prevent character encoding mismaches between clients and the server.
+* The users page no longer shows user mailbox sizes because this was extremely slow for very large mailboxes.
+* The Mail-in-a-Box version is now shown in the system status checks even when the new-version check is disabled.
+* The alises page now warns that alises should not be used to forward mail off of the box. Mail filters within Roundcube are better for that.
+* The explanation of greylisting has been improved.
+
+v0.29 (October 25, 2018)
+------------------------
+
+* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
+* Update to Nextcloud 13.0.6.
 * Update to Roundcube 1.3.7.
 * Update to Z-Push 2.4.4.
+* Backup dates listed in the control panel now use an internationalized format.
 
 v0.28 (July 30, 2018)
 ---------------------
@@ -37,7 +54,6 @@ Mail:
 
 Control Panel:
 
-* We now use EFF's `certbot` tool to provision HTTPS certificates instead of our home-grown free_tls_certificates package.
 * The undocumented feature for proxying web requests to another server now sets X-Forwarded-For.
 
 v0.26c (February 13, 2018)

README.md

@@ -58,7 +58,7 @@ by me:
 	$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
 	gpg: key C10BDD81: public key "Joshua Tauberer <[email protected]>" imported
 
-	$ git verify-tag v0.28
+	$ git verify-tag v0.29
 	gpg: Signature made ..... using RSA key ID C10BDD81
 	gpg: Good signature from "Joshua Tauberer <[email protected]>"
 	gpg: WARNING: This key is not certified with a trusted signature!
@@ -71,7 +71,7 @@ and on my [personal homepage](https://razor.occams.info/). (Of course, if this r
 
 Checkout the tag corresponding to the most recent release:
 
-	$ git checkout v0.28
+	$ git checkout v0.29
 
 Begin the installation.
 

management/mail_log.py

@@ -257,7 +257,7 @@ def scan_mail_log(env):
 
         print(textwrap.fill(
             "The following mail was greylisted, meaning the emails were temporarily rejected. "
-            "Legitimate senders will try again within ten minutes.",
+            "Legitimate senders must try again after three minutes.",
             width=80, initial_indent=" ", subsequent_indent=" "
         ), end='\n\n')
 

management/templates/mail-guide.html

@@ -59,7 +59,7 @@ <h3>Other information about mail on your box</h3>
 		</div>
 		<div class="panel-body">
 			<h4>Greylisting</h4>
-			<p>Your box using a technique called greylisting to cut down on spam. Greylisting works by delaying mail from people you haven&rsquo;t received mail from before for up to about 10 minutes. The vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please give it up to 10-15 minutes to arrive.</p>
+			<p>Your box uses a technique called greylisting to cut down on spam. Greylisting works by initially rejecting mail from people you haven&rsquo;t received mail from before. Legitimate mail servers will attempt redelivery shortly afterwards, but the vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please be aware there will be a minimum of 3 minutes delay, depending how soon the remote server attempts redelivery.</p>
 
 			<h4>+tag addresses</h4>
 			<p>Every incoming email address also receives mail for <code>+tag</code> addresses. If your email address is <code>[email protected]</code>, you&rsquo;ll also automatically get mail sent to <code>[email protected]</code>. Use this as a fast way to segment incoming mail for your own filtering rules without having to create aliases in this control panel.</p>

setup/bootstrap.sh

@@ -7,7 +7,7 @@
 #########################################################
 
 if [ -z "$TAG" ]; then
-	TAG=v0.28
+	TAG=v0.29
 fi
 
 # Are we running as root?

setup/dns.sh

@@ -26,6 +26,7 @@ cat > /etc/nsd/nsd.conf << EOF;
 # Do not edit. Overwritten by Mail-in-a-Box setup.
 server:
   hide-version: yes
+  logfile: "/var/log/nsd.log"
 
   # identify the server (CH TXT ID.SERVER entry).
   identity: ""
@@ -41,6 +42,18 @@ server:
 
 EOF
 
+# Add log rotation
+cat > /etc/logrotate.d/nsd <<EOF;
+/var/log/nsd.log {
+  weekly
+  missingok
+  rotate 12
+  compress
+  delaycompress
+  notifempty
+}
+EOF
+
 # Since we have bind9 listening on localhost for locally-generated
 # DNS queries that require a recursive nameserver, and the system
 # might have other network interfaces for e.g. tunnelling, we have

setup/nextcloud.sh

@@ -75,8 +75,8 @@ InstallNextcloud() {
 	fi
 }
 
-nextcloud_ver=13.0.5
-nextcloud_hash=e2b4a4bebd4fac14feae1e6e8997682f73fa8b50
+nextcloud_ver=13.0.6
+nextcloud_hash=33e41f476f0e2be5dc7cdb9d496673d9647aa3d6
 
 # Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
 if [ ! -d /usr/local/lib/owncloud/ ] \

setup/system.sh

@@ -126,7 +126,7 @@ echo Installing system packages...
 apt_install python3 python3-dev python3-pip \
 	netcat-openbsd wget curl git sudo coreutils bc \
 	haveged pollinate unzip \
-	unattended-upgrades cron ntp fail2ban
+	unattended-upgrades cron ntp fail2ban rsyslog
 
 # ### Suppress Upgrade Prompts
 # When Ubuntu 20 comes out, we don't want users to be prompted to upgrade,

setup/webmail.sh

@@ -28,8 +28,8 @@ apt_install \
 # Install Roundcube from source if it is not already present or if it is out of date.
 # Combine the Roundcube version number with the commit hash of plugins to track
 # whether we have the latest version of everything.
-VERSION=1.3.7
-HASH=df0e29d09aae0b7a7ae98023dcd1ae3c6be77cd0
+VERSION=1.3.8
+HASH=90c7900ccf7b2f46fe49c650d5adb9b85ee9cc22
 PERSISTENT_LOGIN_VERSION=dc5ca3d3f4415cc41edb2fde533c8a8628a94c76
 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
 CARDDAV_VERSION=2.0.4