3e0cb809 · 3e0cb809 · 3e0cb809 · 3e0cb809 · 3e0cb809 · 3e0cb809
--- a/install/tpl/mysql-virtual_policy_greylist.cf.master
+++ b/install/tpl/mysql-virtual_policy_greylist.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
+hosts = {mysql_server_ip}
 query = SELECT 'greylisting' FROM
-  (SELECT `greylisting`, 1 as `prio` FROM `mail_user` WHERE `server_id` = {server_id} AND `email` = '%s' 
-  UNION SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s' 
-  UNION SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' ORDER BY `prio` ASC LIMIT 1) as rules 
+  (
+   SELECT `greylisting`, 1 as `prio` FROM `mail_user` WHERE `server_id` = {server_id} AND `email` = '%s'
+   UNION
+   SELECT `greylisting`, 2 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '%s'
+   UNION
+   SELECT `greylisting`, 3 as `prio` FROM `mail_forwarding` WHERE `server_id` = {server_id} AND `source` = '@%d' ORDER BY `prio` ASC LIMIT 1
+  ) AS rules
  WHERE rules.greylisting = 'y'
-
-hosts = {mysql_server_ip}
--- a/install/tpl/mysql-virtual_recipient.cf.master
+++ b/install/tpl/mysql-virtual_recipient.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-table        = mail_access
-select_field = access
-where_field  = source
-additional_conditions = and type = 'recipient' and active = 'y' and server_id = {server_id}
-hosts = {mysql_server_ip}
\ No newline at end of file
+hosts = {mysql_server_ip}
+query = select access from mail_access where source = '%s' and type = 'recipient' and active = 'y' and server_id = {server_id}
--- a/install/tpl/mysql-virtual_relaydomains.cf.master
+++ b/install/tpl/mysql-virtual_relaydomains.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-table = mail_transport
-select_field = domain
-where_field = domain
-additional_conditions = and active = 'y' and server_id = {server_id}
-hosts = {mysql_server_ip}
\ No newline at end of file
+hosts = {mysql_server_ip}
+query = select domain from mail_transport where domain = '%s' and active = 'y' and server_id = {server_id}
--- a/install/tpl/mysql-virtual_relayrecipientmaps.cf.master
+++ b/install/tpl/mysql-virtual_relayrecipientmaps.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-table = mail_relay_recipient
-select_field = access
-where_field = source
-additional_conditions = and active = 'y' and server_id = {server_id}
-hosts = {mysql_server_ip}
\ No newline at end of file
+hosts = {mysql_server_ip}
+query = select access from mail_relay_recipient where source = '%s' and active = 'y' and server_id = {server_id}
--- a/install/tpl/mysql-virtual_sender.cf.master
+++ b/install/tpl/mysql-virtual_sender.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-table        = mail_access
-select_field = access
-where_field  = source
-additional_conditions = and type = 'sender' and active = 'y' and server_id = {server_id}
-hosts = {mysql_server_ip}
\ No newline at end of file
+hosts = {mysql_server_ip}
+query = select access from mail_access where source = '%s' and type = 'sender' and active = 'y' and server_id = {server_id}
--- a/install/tpl/mysql-virtual_sender_login_maps.cf.master
+++ b/install/tpl/mysql-virtual_sender_login_maps.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-query = SELECT destination FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND allow_send_as = 'y' AND server_id = {server_id} UNION SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id};
-hosts = {mysql_server_ip}
\ No newline at end of file
+hosts = {mysql_server_ip}
+query = SELECT destination FROM mail_forwarding WHERE source = '%s' AND active = 'y' AND allow_send_as = 'y' AND server_id = {server_id}
+        UNION
+        SELECT email FROM mail_user WHERE email = '%s' AND disablesmtp = 'n' AND server_id = {server_id};
--- a/install/tpl/mysql-virtual_transports.cf.master
+++ b/install/tpl/mysql-virtual_transports.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-table = mail_transport
-select_field = transport
-where_field = domain
-additional_conditions = and active = 'y' and server_id = {server_id}
-hosts = {mysql_server_ip}
\ No newline at end of file
+hosts = {mysql_server_ip}
+query = select transport from mail_transport where domain = '%s' and active = 'y' and server_id = {server_id}
--- a/install/tpl/mysql-virtual_uids.cf.master
+++ b/install/tpl/mysql-virtual_uids.cf.master
 user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
-table = mail_user
-select_field = uid
-where_field = email
-additional_conditions = and postfix = 'y' and server_id = {server_id}
 hosts = {mysql_server_ip}
+query = select uid from mail_user where email = '%s' and postfix = 'y' and server_id = {server_id}
--- a/install/tpl/named.conf.options.master
+++ b/install/tpl/named.conf.options.master
@@ -5,9 +5,9 @@ options {
 	// to talk to, you may need to fix the firewall to allow multiple
 	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

-	// If your ISP provided one or more IP addresses for stable 
-	// nameservers, you probably want to use them as forwarders.  
-	// Uncomment the following block, and insert the addresses replacing 
+	// If your ISP provided one or more IP addresses for stable
+	// nameservers, you probably want to use them as forwarders.
+	// Uncomment the following block, and insert the addresses replacing
 	// the all-0's placeholder.

 	// forwarders {
@@ -21,8 +21,9 @@ options {
 	dnssec-enable yes;
 	dnssec-validation yes;
 	dnssec-lookaside auto;
+	
+	allow-transfer {none;};

 	auth-nxdomain no;    # conform to RFC1035
 	listen-on-v6 { any; };
 };
-
--- a/install/tpl/nginx_apps.vhost.master
+++ b/install/tpl/nginx_apps.vhost.master
@@ -2,7 +2,7 @@ server {
        listen {apps_vhost_port} {ssl_on};
        listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on;

-        {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        {ssl_comment}ssl_protocols TLSv1.2;
        {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
        {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;

@@ -115,7 +115,7 @@ server {
        location /phpMyAdmin {
               rewrite ^/* /phpmyadmin last;
        }
-		
+
        location /squirrelmail {
               root /usr/share/;
               index index.php index.html index.htm;
@@ -200,7 +200,7 @@ server {
               fastcgi_pass unix:{cgi_socket};
        }

-        location /images/mailman {
+        location ^~ /images/mailman {
               alias /usr/share/images/mailman;
        }


--- a/install/tpl/nginx_ispconfig.vhost.master
+++ b/install/tpl/nginx_ispconfig.vhost.master
 server {
        listen {vhost_port} {ssl_on};
        listen [::]:{vhost_port} {ssl_on} ipv6only=on;
-		
-		{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+		{ssl_comment}ssl_protocols TLSv1.2;
        {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
        {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
        {ssl_comment}ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
        {ssl_comment}ssl_prefer_server_ciphers on;
-		
+
 		# redirect to https if accessed with http
 		{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;

@@ -44,7 +44,7 @@ server {
        location ~ /\. {
               deny  all;
        }
-		
+
 #        location /phpmyadmin {
 #               root /usr/share/;
 #               index index.php index.html index.htm;
@@ -64,7 +64,7 @@ server {
 #        location /phpMyAdmin {
 #               rewrite ^/* /phpmyadmin last;
 #        }
-#		
+#
 #        location /squirrelmail {
 #               root /usr/share/;
 #               index index.php index.html index.htm;

--- a/install/tpl/opensuse_dovecot.conf.master
+++ b/install/tpl/opensuse_dovecot.conf.master
@@ -1274,11 +1274,17 @@ plugin {
  # 
  # Location of the active script. When ManageSieve is used this is actually 
  # a symlink pointing to the active script in the sieve storage directory. 
-  sieve=~/.dovecot.sieve
-  #
+  sieve=~/.sieve
+
  # The path to the directory where the personal Sieve scripts are stored. For 
  # ManageSieve this is where the uploaded scripts are stored.
  sieve_dir=~/sieve
+
+  sieve_before=/var/vmail/%d/%n/.ispconfig-before.sieve
+  sieve_after=/var/vmail/%d/%n/.ispconfig.sieve
+  sieve_max_script_size = 2M
+  sieve_max_actions = 100
+  sieve_max_redirects = 25
 }

 # Config files can also be included. deliver doesn't support them currently.

--- a/install/tpl/opensuse_dovecot2.conf.master
+++ b/install/tpl/opensuse_dovecot2.conf.master
@@ -6,7 +6,10 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
-ssl_protocols = !SSLv2 !SSLv3
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = no
+mail_plugins = quota
 passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
@@ -20,7 +23,15 @@ userdb {
 }
 plugin {
  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
+
+  # no longer needed, as 'sieve' is in userdb extra fields:
  sieve=/var/vmail/%d/%n/.sieve
+
+  sieve_before=/var/vmail/%d/%n/.ispconfig-before.sieve
+  sieve_after=/var/vmail/%d/%n/.ispconfig.sieve
+  sieve_max_script_size = 2M
+  sieve_max_actions = 100
+  sieve_max_redirects = 25
 }
 service auth {
  unix_listener /var/spool/postfix/private/auth {
@@ -42,6 +53,7 @@ service lmtp {
   user = postfix
  }
 }
+lmtp_rcpt_check_quota = yes
 service imap-login {
  client_limit = 1000
  process_limit = 500
@@ -69,10 +81,46 @@ mail_plugins = $mail_plugins quota
 #2.3+         group = vmail
 #2.3+         mode = 0660
 #2.3+     }
-#2.3+ 
+#2.3+
 #2.3+     unix_listener stats-writer {
 #2.3+         user = vmail
 #2.3+         group = vmail
 #2.3+         mode = 0660
 #2.3+     }
 #2.3+ }
+
+service quota-status {
+  executable = quota-status -p postfix
+  unix_listener /var/spool/postfix/private/quota-status {
+    group = postfix
+    mode = 0660
+    user = postfix
+  }
+  client_limit = 1
+}
+plugin {
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "552 5.2.2 Mailbox is full"
+}
+
+imap_capability=+SEPCIAL-USE XLIST
+namespace inbox {
+  inbox = yes
+  separator = .
+  mailbox Drafts {
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+  mailbox Sent {
+    special_use = \Sent
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+  mailbox Trash {
+    special_use = \Trash
+  }
+}
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
 alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
 alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
-virtual_alias_domains =
-virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
-virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
-virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
+virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
+virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
 sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
 greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination{rbl_list}, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
 smtpd_tls_key_file = {config_dir}/smtpd.key
 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
-relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
-relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
+relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
+relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
-smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks{rbl_list}, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_etrn_restrictions = permit_mynetworks, reject
+smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
 maildrop_destination_concurrency_limit = 1
 maildrop_destination_recipient_limit   = 1
@@ -37,8 +39,13 @@ nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
 smtp_tls_security_level = may
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_tls_protocols = !SSLv2,!SSLv3
-smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_tls_mandatory_ciphers = medium
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+tls_preempt_cipherlist = no
+# needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
+enable_original_recipient = yes
--- a/install/tpl/postfix_2-10.conf.master
+++ b/install/tpl/postfix_2-10.conf.master
+# Postfix configuration for version 2.10 and up
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+
+# This is supported in version 2.9, but lets not create another conf file for it
+address_verify_sender_ttl = 15686s
--- a/install/tpl/postfix_2-5.conf.master
+++ b/install/tpl/postfix_2-5.conf.master
+# Postfix configuration for version 2.5 and up
+
+# These will make postfix adapt more to load spikes
+#{stress_adaptive} in_flow_delay = ${stress?3}${stress:1}s
+#{stress_adaptive} smtp_connect_timeout = ${stress?10}${stress:30}s
+#{stress_adaptive} smtp_helo_timeout = ${stress?10}${stress:60}s
+#{stress_adaptive} smtp_mail_timeout = ${stress?10}${stress:60}s
+#{stress_adaptive} smtpd_error_sleep_time = ${stress?1}${stress:2}s
+#{stress_adaptive} smtpd_hard_error_limit = ${stress?1}${stress:10}
+#{stress_adaptive} smtpd_recipient_overshoot_limit = ${stress?60}${stress:600}
+#{stress_adaptive} smtpd_soft_error_limit = ${stress?2}${stress:5}
+#{stress_adaptive} smtpd_timeout = ${stress?10}${stress:60}s
+
--- a/install/tpl/postfix_3-0.conf.master
+++ b/install/tpl/postfix_3-0.conf.master
+# Postfix configuration for version 3.0 and up
+
+# These will make postfix adapt more to load spikes
+#{stress_adaptive} in_flow_delay = ${stress?{3}:{1}}s
+#{stress_adaptive} smtp_connect_timeout = ${stress?{10}:{30}}s
+#{stress_adaptive} smtp_helo_timeout = ${stress?{10}:{60}}s
+#{stress_adaptive} smtp_mail_timeout = ${stress?{10}:{60}}s
+#{stress_adaptive} smtpd_error_sleep_time = ${stress?{1}:{2}}s
+#{stress_adaptive} smtpd_hard_error_limit = ${stress?{1}:{10}}
+#{stress_adaptive} smtpd_recipient_overshoot_limit = ${stress?{60}:{600}}
+#{stress_adaptive} smtpd_soft_error_limit = ${stress?{2}:{5}}
+#{stress_adaptive} smtpd_timeout = ${stress?{10}:{60}}s
+
--- a/install/tpl/postfix_3-3.conf.master
+++ b/install/tpl/postfix_3-3.conf.master
+# Postfix configuration for version 3.3 and up
+
+# 3.2 and earlier should not have this set when using reject_unverified_recipient
+enable_original_recipient = no
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -94,7 +94,6 @@ php_ini_path_apache=/etc/php5/apache2/php.ini
 php_ini_path_cgi=/etc/php5/cgi/php.ini
 check_apache_config=y
 enable_sni=y
-enable_spdy=n
 skip_le_check=n
 enable_ip_wildcard=y
 overtraffic_notify_admin=y

--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -16,6 +16,7 @@ webmail_url=/webmail
 dkim_path=/var/lib/amavis/dkim
 smtp_enabled=y
 smtp_host=localhost
+enable_welcome_mail=y

 [monitor]

@@ -34,6 +35,8 @@ client_username_web_check_disabled=n
 backups_include_into_web_quota=n
 reseller_can_use_options=n
 web_php_options=no,fast-cgi,mod,php-fpm
+show_aps_menu=n
+client_protection=y


 [tools]
@@ -49,7 +52,6 @@ custom_login_link=
 dashboard_atom_url_admin=https://www.ispconfig.org/atom
 dashboard_atom_url_reseller=https://www.ispconfig.org/atom
 dashboard_atom_url_client=https://www.ispconfig.org/atom
-monitor_key=
 tab_change_discard=n
 tab_change_warning=n
 use_loadindicator=y