Merge branch 'master' of http://git.ispconfig.org/ispconfig/ispconfig3

docs/autoinstall_samples/autoinstall.conf_sample.php

-<?php
-$autoinstall['language'] = 'en'; // de, en (default)
-$autoinstall['install_mode'] = 'standard'; // standard (default), expert
-
-$autoinstall['hostname'] = 'server1.example.com'; // default
-$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
-$autoinstall['mysql_root_user'] = 'root'; // default: root
-$autoinstall['mysql_root_password'] = 'howtoforge';
-$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
-$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
-$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
-$autoinstall['ispconfig_port'] = '8080'; // default: 8080
-$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
-
-/* SSL Settings */
-$autoinstall['ssl_cert_country'] = 'AU';
-$autoinstall['ssl_cert_state'] = 'Some-State';
-$autoinstall['ssl_cert_locality'] = 'Chicago';
-$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
-$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
-$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
-
-/* optional expert mode settings, needed only for expert mode */
-$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
-$autoinstall['mysql_ispconfig_password'] = md5(uniqid(rand()));
-$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
-$autoinstall['mysql_master_hostname'] = 'master.example.com';
-$autoinstall['mysql_master_root_user'] = 'root';
-$autoinstall['mysql_master_root_password'] = 'howtoforge';
-$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
-$autoinstall['configure_mail'] = 'y'; // y (default), n
-$autoinstall['configure_jailkit'] = 'y'; // y (default), n
-$autoinstall['configure_ftp'] = 'y'; // y (default), n
-$autoinstall['configure_dns'] = 'y'; // y (default), n
-$autoinstall['configure_apache'] = 'y'; // y (default), n
-$autoinstall['configure_nginx'] = 'y'; // y (default), n
-$autoinstall['configure_firewall'] = 'y'; // y (default), n
-$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
-
-/* optional update settings, needed only for updates */
-$autoupdate['do_backup'] = 'yes'; // yes (default), no
-$autoupdate['mysql_root_password'] = 'howtoforge';
-$autoupdate['mysql_master_hostname'] = 'master.example.com';
-$autoupdate['mysql_master_root_user'] = 'root';
-$autoupdate['mysql_master_root_password'] = 'howtoforge';
-$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
-$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
-$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
-$autoupdate['ispconfig_port'] = '8080'; // default: 8080
-$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
-$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
+<?php
+$autoinstall['language'] = 'en'; // de, en (default)
+$autoinstall['install_mode'] = 'standard'; // standard (default), expert
+
+$autoinstall['hostname'] = 'server1.example.com'; // default
+$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
+$autoinstall['mysql_root_user'] = 'root'; // default: root
+$autoinstall['mysql_root_password'] = 'howtoforge';
+$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
+$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
+$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
+$autoinstall['ispconfig_port'] = '8080'; // default: 8080
+$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
+
+/* SSL Settings */
+$autoinstall['ssl_cert_country'] = 'AU';
+$autoinstall['ssl_cert_state'] = 'Some-State';
+$autoinstall['ssl_cert_locality'] = 'Chicago';
+$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
+$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
+$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
+
+/* optional expert mode settings, needed only for expert mode */
+$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
+$autoinstall['mysql_ispconfig_password'] = md5(uniqid(rand()));
+$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
+$autoinstall['mysql_master_hostname'] = 'master.example.com';
+$autoinstall['mysql_master_root_user'] = 'root';
+$autoinstall['mysql_master_root_password'] = 'howtoforge';
+$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoinstall['configure_mail'] = 'y'; // y (default), n
+$autoinstall['configure_jailkit'] = 'y'; // y (default), n
+$autoinstall['configure_ftp'] = 'y'; // y (default), n
+$autoinstall['configure_dns'] = 'y'; // y (default), n
+$autoinstall['configure_apache'] = 'y'; // y (default), n
+$autoinstall['configure_nginx'] = 'y'; // y (default), n
+$autoinstall['configure_firewall'] = 'y'; // y (default), n
+$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
+
+/* optional update settings, needed only for updates */
+$autoupdate['do_backup'] = 'yes'; // yes (default), no
+$autoupdate['mysql_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_hostname'] = 'master.example.com';
+$autoupdate['mysql_master_root_user'] = 'root';
+$autoupdate['mysql_master_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
+$autoupdate['ispconfig_port'] = '8080'; // default: 8080
+$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
 ?>
\ No newline at end of file

docs/autoinstall_samples/autoinstall.ini.sample

-[install]
-language=en
-install_mode=standard
-hostname=server1.example.com
-mysql_hostname=localhost
-mysql_root_user=root
-mysql_root_password=ispconfig
-mysql_database=dbispconfig
-mysql_charset=utf8
-http_server=apache
-ispconfig_port=8080
-ispconfig_use_ssl=y
-
-[ssl_cert]
-ssl_cert_country=AU
-ssl_cert_state=Some-State
-ssl_cert_locality=Chicago
-ssl_cert_organisation=Internet Widgits Pty Ltd
-ssl_cert_organisation_unit=IT department
-ssl_cert_common_name=server1.example.com
-
-[expert]
-mysql_ispconfig_user=ispconfig
-mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
-join_multiserver_setup=n
-mysql_master_hostname=master.example.com
-mysql_master_root_user=root
-mysql_master_root_password=ispconfig
-mysql_master_database=dbispconfig
-configure_mail=y
-configure_jailkit=y
-configure_ftp=y
-configure_dns=y
-configure_apache=y
-configure_nginx=y
-configure_firewall=y
-install_ispconfig_web_interface=y
-
-[update]
-do_backup=yes
-mysql_root_password=ispconfig
-mysql_master_hostname=master.example.com
-mysql_master_root_user=root
-mysql_master_root_password=ispconfig
-mysql_master_database=dbispconfig
-reconfigure_permissions_in_master_database=no
-reconfigure_services=yes
-ispconfig_port=8080
-create_new_ispconfig_ssl_cert=no
+[install]
+language=en
+install_mode=standard
+hostname=server1.example.com
+mysql_hostname=localhost
+mysql_root_user=root
+mysql_root_password=ispconfig
+mysql_database=dbispconfig
+mysql_charset=utf8
+http_server=apache
+ispconfig_port=8080
+ispconfig_use_ssl=y
+
+[ssl_cert]
+ssl_cert_country=AU
+ssl_cert_state=Some-State
+ssl_cert_locality=Chicago
+ssl_cert_organisation=Internet Widgits Pty Ltd
+ssl_cert_organisation_unit=IT department
+ssl_cert_common_name=server1.example.com
+
+[expert]
+mysql_ispconfig_user=ispconfig
+mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
+join_multiserver_setup=n
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+configure_mail=y
+configure_jailkit=y
+configure_ftp=y
+configure_dns=y
+configure_apache=y
+configure_nginx=y
+configure_firewall=y
+install_ispconfig_web_interface=y
+
+[update]
+do_backup=yes
+mysql_root_password=ispconfig
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+reconfigure_permissions_in_master_database=no
+reconfigure_services=yes
+ispconfig_port=8080
+create_new_ispconfig_ssl_cert=no
 reconfigure_crontab=yes
\ No newline at end of file

docs/examples/blacklist_helo.master

+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.  .local is particularly problematic, and commented out by default.
+#
+# Note that any server hitting this check is misconfigured, all of the names below are bogus
+# and not allowed per RFC 2821.
+#
+# If your own users are blocked by this, they are not authenticating to your server when
+# sending (this check is after permit_sasl, which permits authenticated senders).
+#
+# Instructions:
+#
+# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
+# updates.
+
+# probably just put REJECT lines in here,
+# as OK lines will bypass a lot of other checks you may want done
+# (use DUNNO instead of OK)
+#
+
+# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
+/.*\.administrator$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.admin$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.bac$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dlink$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dns$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.domain$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dynamic$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyndns\.org$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyn$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gateway$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.intern$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.janak$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.kornet$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lab$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lan$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localdomain$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localhost$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+# .local is used by spammers a lot, but too many otherwise legit servers hit it
+# (instead of REJECT, should send to greylisting)
+#/.*\.local$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.loc$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lokal$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.nat$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.pc$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.privat$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.private$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.router$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.setup$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.119$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.beeline$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt_3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt-3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.hananet$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.skbroadband$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.tbroad$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+

install/dist/lib/gentoo.lib.php

@@ -775,7 +775,11 @@ class installer extends installer_base
 			//$content = str_replace('{fpm_port}', ($conf['nginx']['php_fpm_start_port']+1), $content);
 			$content = str_replace('{fpm_socket}', $fpm_socket, $content);
 			$content = str_replace('{cgi_socket}', $cgi_socket, $content);
-
+			
+			// SSL in apps vhost is off by default. Might change later.
+			$content = str_replace('{ssl_on}', 'off', $content);
+			$content = str_replace('{ssl_comment}', '#', $content);
+			
 			wf($vhost_conf_dir.'/apps.vhost', $content);
 
 			// PHP-FPM

install/install.php

@@ -188,7 +188,7 @@ do {
 } while (!$check);
 
 // Check if the mysql functions are loaded in PHP
-if(!function_exists('mysql_connect')) die('No PHP MySQL functions available. Please ensure that the PHP MySQL module is loaded.');
+if(!function_exists('mysqli_connect')) die('No PHP MySQLi functions available. Please ensure that the PHP MySQL module is loaded.');
 
 //** Get MySQL root credentials
 $finished = false;
@@ -208,7 +208,7 @@ do {
 	}
 
 	//* Initialize the MySQL server connection
-	if(@mysql_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
+	if(@mysqli_connect($tmp_mysql_server_host, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password, $tmp_mysql_server_database, (int)$tmp_mysql_server_port)) {
 		$conf['mysql']['host'] = $tmp_mysql_server_host;
 		$conf['mysql']['port'] = $tmp_mysql_server_port;
 		$conf['mysql']['admin_user'] = $tmp_mysql_server_admin_user;
@@ -217,7 +217,7 @@ do {
 		$conf['mysql']['charset'] = $tmp_mysql_server_charset;
 		$finished = true;
 	} else {
-		swriteln($inst->lng('Unable to connect to the specified MySQL server').' '.mysql_error());
+		swriteln($inst->lng('Unable to connect to the specified MySQL server').' '.mysqli_connect_error());
 	}
 } while ($finished == false);
 unset($finished);
@@ -553,7 +553,7 @@ if($install_mode == 'standard') {
 			$tmp_mysql_server_database = $inst->free_query('MySQL master server database name', $conf['mysql']['master_database'],'mysql_master_database');
 
 			//* Initialize the MySQL server connection
-			if(@mysql_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
+			if(@mysqli_connect($tmp_mysql_server_host, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password, $tmp_mysql_server_database, (int)$tmp_mysql_server_port)) {
 				$conf['mysql']['master_host'] = $tmp_mysql_server_host;
 				$conf['mysql']['master_port'] = $tmp_mysql_server_port;
 				$conf['mysql']['master_admin_user'] = $tmp_mysql_server_admin_user;
@@ -561,7 +561,7 @@ if($install_mode == 'standard') {
 				$conf['mysql']['master_database'] = $tmp_mysql_server_database;
 				$finished = true;
 			} else {
-				swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
+				swriteln($inst->lng('Unable to connect to mysql server').' '.mysqli_connect_error());
 			}
 		} while ($finished == false);
 		unset($finished);

install/lib/installer_base.lib.php

@@ -896,6 +896,8 @@ class installer_base {
 		}
 		unset($server_ini_array);
 		
+		$tmp = str_replace('.','\.',$conf['hostname']);
+
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
 			'{vmail_userid}' => $cf['vmail_userid'],
@@ -903,6 +905,7 @@ class installer_base {
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
+			'{myhostname}' => $tmp,
 		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
@@ -933,6 +936,27 @@ class installer_base {
 		if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
 		exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
 
+		//* Create auxillary postfix conf files
+		$configfile = 'helo_access';
+		if(is_file($config_dir.'/'.$configfile)) {
+			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+			chmod($config_dir.'/'.$configfile.'~', 0400);
+		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		$content = strtr($content, $postconf_placeholders);
+		# todo: look up this server's ip addrs and loop through each
+		# todo: look up domains hosted on this server and loop through each
+		wf($config_dir.'/'.$configfile, $content);
+
+		$configfile = 'blacklist_helo';
+		if(is_file($config_dir.'/'.$configfile)) {
+			copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+			chmod($config_dir.'/'.$configfile.'~', 0400);
+		}
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		$content = strtr($content, $postconf_placeholders);
+		wf($config_dir.'/'.$configfile, $content);
+
 		//* Make a backup copy of the main.cf file
 		copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
 
@@ -2052,6 +2076,10 @@ Email Address []:
 			}
 			$content = str_replace('{use_tcp}', $use_tcp, $content);
 			$content = str_replace('{use_socket}', $use_socket, $content);
+			
+			// SSL in apps vhost is off by default. Might change later.
+			$content = str_replace('{ssl_on}', 'off', $content);
+			$content = str_replace('{ssl_comment}', '#', $content);
 
 			wf($vhost_conf_dir.'/apps.vhost', $content);
 

install/lib/mysql.lib.php

@@ -776,7 +776,7 @@ class db_result {
 	 *
 	 * @access private
 	 */
-	public function db_result($iResId, $iConnection) {
+	public function __construct($iResId, $iConnection) {
 		$this->_iResId = $iResId;
 		$this->_iConnection = $iConnection;
 	}
@@ -902,7 +902,7 @@ class fakedb_result {
 	 *
 	 * @access private
 	 */
-	public function fakedb_result($aData) {
+	public function __construct($aData) {
 		$this->aResultData = $aData;
 		$this->aLimitedData = $aData;
 		reset($this->aLimitedData);

install/tpl/blacklist_helo.master

+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.
+#
+# See docs/extras/blacklist_helo.master from ispconfig source for a more complete example list.
+#
+# If you make changes here, also copy them to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# so your changes are not overwritten with ispconfig updates.
+
+
+#/.*\.administrator$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.admin$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.dns$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.domain$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+#/.*\.dynamic$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+

install/tpl/debian_postfix.conf.master

@@ -24,6 +24,8 @@ relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
 relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
 smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
 smtpd_client_message_rate_limit = 100
@@ -41,3 +43,8 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes

install/tpl/fedora_postfix.conf.master

@@ -21,6 +21,8 @@ relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
 relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
 smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
 smtpd_client_message_rate_limit = 100
@@ -38,3 +40,8 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes

install/tpl/gentoo_postfix.conf.master

@@ -20,6 +20,8 @@ relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
 relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
 smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
 smtpd_client_message_rate_limit = 100
@@ -37,3 +39,8 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes

install/tpl/helo_access.master

+# helo_access - before permit_sasl
+# be sure to list your own hostname(s), domain(s) and IP address(es) here
+
+# Reject others identifying with this machine's hostnames and IP addresses
+/^{myhostname}$/  REJECT
+#/^((smtp|mx|mail)\.domain1\.com$/	REJECT
+#/^mail\.domain2\.com$/		REJECT
+
+# TODO: this server's ip addr loop here
+#/^\[?1\.2\.3\.4\]?$/	REJECT
+#/^\[?12\.34\.56\.78\]?$/	REJECT
+#/^\[?123\.234\.123\.234\]?$/	REJECT
+
+# Reject others identifying as domains we host
+# TODO: this server's hosted mail domains loop here
+#/^domain1\.com$/	REJECT
+#/^domain2\.com$/	REJECT
+#/^domain3\.net$/	REJECT
+

install/tpl/mysql-virtual_outgoing_bcc.cf

-user = {mysql_server_ispconfig_user}
-password = {mysql_server_ispconfig_password}
-dbname = {mysql_server_database}
-table = mail_user
-select_field = sender_cc
-where_field = email
-additional_conditions = and postfix = 'y' and disabledeliver = 'n' and disables$
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+table = mail_user
+select_field = sender_cc
+where_field = email
+additional_conditions = and postfix = 'y' and disabledeliver = 'n' and disables$
 hosts = 127.0.0.1
\ No newline at end of file

install/tpl/mysql-virtual_outgoing_bcc.cf.master

-user = {mysql_server_ispconfig_user}
-password = {mysql_server_ispconfig_password}
-dbname = {mysql_server_database}
-table = mail_user
-select_field = sender_cc
-where_field = email
-additional_conditions = and postfix = 'y' and disabledeliver = 'n' and disablesmtp = 'n'
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+table = mail_user
+select_field = sender_cc
+where_field = email
+additional_conditions = and postfix = 'y' and disabledeliver = 'n' and disablesmtp = 'n'
 hosts = 127.0.0.1
\ No newline at end of file

install/tpl/opensuse_postfix.conf.master

@@ -23,6 +23,8 @@ relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
 relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
 smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
 smtpd_client_message_rate_limit = 100
@@ -40,3 +42,8 @@ smtpd_tls_protocols = !SSLv2,!SSLv3
 smtp_tls_protocols = !SSLv2,!SSLv3
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes

install/uninstall-fedora.php

@@ -65,16 +65,16 @@ if($do_uninstall == 'yes') {
 	//exec("/etc/init.d/mysqld stop");
 	//exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
 	//exec("/etc/init.d/mysqld start");
-	$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
+	$link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
 	if (!$link) {
 		echo "Unable to connect to the database'.mysql_error($link)";
 	} else {
-		$result=mysql_query("DROP DATABASE ".$conf['db_database']."';", $link);
-		if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysql_error($link)."\n";
-		$result=mysql_query("DROP USER '".$conf['db_user'] ."';");
-		if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysql_error($link)."\n";
+		$result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
+		if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
+		$result=mysqli_query($link, "DROP USER '".$conf['db_user'] ."';");
+		if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
 	}
-	mysql_close($link);