v56.1

Changelog

🔽 - The change was imported from the upstream update
🌟 - Change specific to Power Mail-in-a-Box

Setup

• 🌟 Recreate the management daemon's Python environment after an OS in-place upgrade (e.g. Debian 10 -> 11);
• • This essentially prevents a setup failure (rendering the admin panel unusable) after upgrading the underlying distro in-place;
• • See #42 for more details!

v56.0

Changelog

🔽 - The change was imported from the upstream update
🌟 - Change specific to Power Mail-in-a-Box

Software Updates

• 🔽 Roundcube Webmail updated to version 1.5.2;
• • 🔽 Persistent Login plugin was updated to the latest commit (updates Dutch localization);
• • 🔽 CardDAV plugin was updated to version 4.3.0;
• 🔽 Nextcloud was updated to version 20.0.14;
• • 🔽 Contacts plugin was updated to version 4.0.7;
• • 🔽 Calendar plugin was updated to version 3.0.5;
• Admin panel updates:
• • 🌟 Bootstrap was updated to version 4.6.1;
• • 🌟 FontAwesome was updated to version 5.15.4;

Setup

• 🔽 Prevent setup failure if a previous attempt failed while updating Nextcloud;
• 🌟 Prevent setup failure when attempting to remove owncloud (which could only eventually work if you're trying to leap from very early MIAB v0.40);

Control Panel

• 🔽 Gracefully ignore custom DNS entries not under a zone managed by the box (instead of bailing out with an error);
• 🔽 Fix a typo on DNSSEC instructions;

System

• 🔽 Set systemd journald log retention to 10 days (from no limit) to reduce disk usage;
• 🔽 Fixed log processing for submission lines that have a sasl_sender or other extra information;

DNS

• 🔽 Reduce DNS secondary nameserver refesh failure retry period (from 24h to 1h), in line with recommendations;

Backups

• 🌟 Fixed an issue where backups would be broken when using Backblaze B2 on Debian 10 installations
• • This is derived from the Duplicity package provided on Debian 10 still being built on top of Python 2. Debian 10 users are advised to upgrade to Debian 11 at their earliest convenience.

v55.1

Changelog

🔽- The change was imported from the upstream update
🌟- Change specific to Power Mail-in-a-Box

Web

• 🌟 It is now possible to add custom nginx upstream {} blocks. Add them to www/.upstream.conf:
• • On nginx, you cannot add upstream {} directives inside server {} blocks. However, all <domain>.conf files are included inside server {} blocks. Hence, prior to this release, upstream {} directives were a no-go.
• 🌟 Power Mail-in-a-Box now creates two PHP sockets. One of them (php-default) is reserved for applications that are managed by the box. The other one (php-fpm) is for user applications if they happen to need PHP.
• • This solution isolates both environments and is considered a bit more secure. The update was done so that no breaking changes happen to user configurations.

Setup

• 🌟 pollinate will be ran twice if the first time fails.
• • On non-cloud images (i.e. baremetal servers) the pollinate package could come ill-configured. If pollinate fails, we try again using a server that we know exists and works (entropy.ubuntu.com)

Meta

• The main branch has been renamed to main from master;
• • The master branch will remain updated as deleting it outright would break version-checking status checks on v55.0 and prior. It will be deleted in a few weeks.

v55.0

New versioning spec

Power Mail-in-a-Box will now be versioned as vXX.YY, where:

• XX is the upstream version;
• YY is the modification version, starting from 0.
• Once a new version is released at upstream, XX is updated to reflect the new upstream change, and YY is bumped back to 0.

Previously the spec was vXX.POWER.YY, or maybe even v0.XX.POWER.YY

Changelog

🔽- The change was imported from the upstream update
🌟- Change specific to Power Mail-in-a-Box

OS Support

• 🌟 Debian 11 (bullseye) is now supported!
• • Debian 10 (buster) and Ubuntu 20.04 (Focal Fossa) will remain supported for the time being.

Control Panel

• 🌟 The SMTP Relay feature was subject to an overhaul. It now features a more guided setup form, including features like SPF and DKIM.
• • So far I was able to confirm this wizard works with SendGrid and SendInBlue, but I assume it should work for the majority of the relay providers out there. Please report any issue you find.
• 🌟 Custom DNS entries can now have individual TTL values. This should be specially useful for folks using the box for Dynamic DNS;
• • Users are not able to customize the TTL value for the autogenerated entries; The TTL value is silently clamped between 30 seconds and 30 days;
• 🌟 Rsync backup targets can now specify a specific port to connect to (instead of the default, port 22);
• 🌟 Fixed a display issue when Rsync was being used as a backup with a non-absolute path;
• 🔽 The control panel menus are now hidden before login;
• 🔽 Non-admins can login and view mail and contacts/calendar information;
• 🔽 When logging in, users are no longer taken to the status checks page by default (as it takes quite a bit to load);
• 🔽 The backup retention period now displays for B2 backup targets;
• 🔽 Munin is now accessible even with 2FA enabled;
• 🔽 Failed logins no longer hint whether the username exists or not;
• 🔽 Logins are now tied to a session backend allowing "true" logouts (i.e. invalidated tokens);
• 🔽 DNSSEC recommendations have been cleaned up;
• 🔽 The admin panel now supports dark mode (this feature is going to be disabled temporarily as it doesn't play nice as-is);

Mail

• 🔽 SMTPUTF8 is now disabled in Postfix, because so far it's still not supported by Dovecot either;
• • Incoming mail to internationalized addresses was bouncing. This fixes incoming mail to internationalized domains (which was probably working prior to v0.40), but it will prevent sending outbound mail to addresses with internationalized local-parts;

Miscellaneous

• 🔽 Enabled fail2ban's IPv6 support;
• 🔽 The mail log tool now doesn't crash if there are email addresess in log messages with invalid UTF-8 characters;
• 🔽 Additional nsd.conf files can be placed in /etc/nsd.conf.d;

Software Updates

• 🔽 Roundcube Webmail was updated to version 1.5.0;
• • 🌟 Persistent Login plugin was updated to the latest commit (includes mandarin localization);
• • 🌟 CardDAV plugin was updated to version 4.2.0;
• 🌟 Nextcloud was updated to version 20.0.13;
• • 🌟 Nextcloud Contacts Plugin was updated to version 4.0.3;
• • 🌟 Nextcloud Calendar Plugin was updated to version 2.3.4;

v0.54.POWER.5

Bugfixes

• Reverted a change in the last release that could break NSD in some network configurations;

Other

• Fixed a typo in the admin panel.

v0.54.POWER.4

Bugfixes

• Some setup-time configuration fixes for DNS (both local - bind9/named - and authoritative - nsd);

v0.54.POWER.3

This is an hotfix release (again)

Fixes

• Import paths were not defined properly for B2 (Ubuntu), breaking backups in those platforms.

v0.54.POWER.2

This is an hotfix release

Fixes

• Fixed some errors on the setup scripts introduced in the previous update.

v0.54.POWER.1

Bugfixes

• Fixed Backblaze B2 backups being broken on both Ubuntu and Debian:
• • This issue has been caused by the versions of duplicity shipped with the distributions being incompatible with the latest version of the B2 libraries. However, the fix wasn't the same for them - read more below;

Other changes

• The setup scripts are now slightly less noisy.
• • In particular, the PGP key generation step will no longer throw a tantrum on how grep is not being correctly used.

A note on Duplicity/Backblaze B2

• The issue on Ubuntu 20.04 is that Duplicity (version 0.8.12) relied on some non-public API from the b2sdk library that was then changed, and thus Duplicity wouldn't do the backups. The solution was simply to pin that library to version 1.7.0 (the latest version where Duplicity was still functional);
• Debian's case is trickier. Duplicity (version 0.7.18.2) runs on Python 2 and relies on a deprecated version of the b2 library (which was then separated into b2 as a command-line tool and b2sdk as the underlying library). The solution for this involved some decisions I'm not exactly proud of, namely:
• • Installing pip for Python 2 on Debian 10 systems;
• • Removing b2sdk and replacing it with b2 (version 1.4.2) - once again only on Debian 10.

Debian 11 will ship with duplicity 0.8.17 so the issue mentioned here will probably not happen anymore - but the fix for the issue seen in Ubuntu only came out in version 0.8.20 so it's still possible we might have to pin the SDK to version 1.7.0 in Debian 11 regardless.

TL;DR for Debian 10 users: Whenever Debian 11 comes out and I'm able to get a compatible version out, you might want to upgrade ASAP.

v0.54.POWER.0

Changes imported from upstream (Mail-in-a-Box v0.54)

Mail

• Forwarded mail using mail filter rules (in Roundcube; "sieve" rules) stopped re-writing the envelope address at some point, causing forwarded mail to often be marked as spam by the final recipient. These forwards will now re-write the envelope as the Mail-in-a-Box user receiving the mail to comply with SPF/DMARC rules;
• • TL;DR: Forwarding mail could have been done incorrectly, causing it to go to spam. That is now fixed;
• Sending mail is now possible on port 465 with the "SSL" or "TLS" option in mail clients, and this is now the recommended setting.
• • Port 587 with STARTTLS remains available but should be avoided when configuring new mail clients;
• Roundcube's login cookie is updated to use a new (stronger) encryption algorithm (AES-256-CBC instead of DES-EDE-CBC);

DNS

• The ECDSAP256SHA256 DNSSEC algorithm (which is stronger) is now available. If a DS record is set for any of your domain names that have DNS hosted on your box, you will be prompted by status checks to update the DS record at your convenience;
• Null MX records are added for domains that do not serve mail;

Software updates

• Calendar has been updated to version 2.2.0;

Miscellaneous

• Minor improvements and fixes to the setup scripts, control panel and status checks;