Compare revisions

a54517c2 · a54517c2 · a54517c2 · a54517c2 · a54517c2 · a54517c2
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -383,7 +383,7 @@ class installer_dist extends installer_base {
 			if(is_file($config_dir.'/master.cf')){
 				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
 			}
-			if(is_file($config_dir.'/master.cf~')){
+			if(is_file($config_dir.'/master.cf~2')){
 				chmod($config_dir.'/master.cf~2', 0400);
 			}
 			//* Configure master.cf and add a line for deliver
@@ -1072,6 +1072,10 @@ class installer_dist extends installer_base {
 		$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

+		//* chown the extensions directory to the ispconfig user and group
+		$command = 'chown ispconfig:ispconfig '.$install_dir.'/extensions';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
 		//* chown the server files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/server';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");

--- a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
+++ b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
@@ -105,6 +105,9 @@ $policy_bank{'ORIGINATING'} = {
  originating => 1,
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
 };
+$policy_bank{'MYNETS'} = {
+  originating => 1,
+};

 # IP-Addresses for internal networks => load policy MYNETS
 # - requires -o smtp_send_xforward_command=yes in postfix master.cf

--- a/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
+++ b/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
@@ -4,41 +4,83 @@
 # for the ISPConfig controlpanel
 ######################################################

-{vhost_port_listen} Listen {vhost_port}
-<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
-  NameVirtualHost *:{vhost_port}
-</tmpl_if>
+<tmpl_var name="vhost_port_listen"> Listen <tmpl_var name="vhost_port">
+NameVirtualHost *:<tmpl_var name="vhost_port">

-<VirtualHost _default_:{vhost_port}>
+<VirtualHost _default_:<tmpl_var name="vhost_port">>
  ServerAdmin webmaster@localhost

  Alias /mail /var/www/ispconfig/mail
  
+  <Directory /var/www/ispconfig/>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
+  <Directory /usr/local/ispconfig/interface/web/>
+    <FilesMatch "\.ph(p3?|tml)$">
+      SetHandler None
+    </FilesMatch>
+  </Directory>
+  
  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
-      Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
+      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
-      <FilesMatch "\.ph(p[3-5]?|tml)$">
+      <FilesMatch "\.php$">
           SetHandler fcgid-script
      </FilesMatch>
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
      Order allow,deny
      Allow from all
+      </tmpl_if>
    </Directory>
    DirectoryIndex index.php
+    IPCCommTimeout  7200
+    MaxRequestLen 15728640
+  </IfModule>
+  
+  <IfModule mod_proxy_fcgi.c>
+    DocumentRoot /usr/local/ispconfig/interface/web
+    SuexecUserGroup ispconfig ispconfig
+    DirectoryIndex index.php
+
+    <Directory /usr/local/ispconfig/interface/web>
+      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
+      AllowOverride AuthConfig Indexes Limit Options FileInfo
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
+      Order allow,deny
+      Allow from all
+      </tmpl_if>
+      <FilesMatch \.php$>
+         #SetHandler "proxy:unix:/var/lib/php5-fpm/ispconfig.sock|fcgi://localhost"
+         SetHandler "proxy:fcgi://127.0.0.1:9000"
+      </FilesMatch>
+    </Directory>
  </IfModule>

-  <IfModule mod_php5.c>
+  <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
+    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
+      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
      Options +FollowSymLinks
      AllowOverride None
+      <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+      Require all granted
+      <tmpl_else>
      Order allow,deny
      Allow from all
-	  php_value magic_quotes_gpc        0
+      </tmpl_if>
+      php_value magic_quotes_gpc        0
    </Directory>
  </IfModule>

@@ -51,20 +93,53 @@
  </IfModule>

  # SSL Configuration
-  {ssl_comment}SSLEngine On
-  {ssl_comment}SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
-  {ssl_comment}SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
+  <tmpl_var name="ssl_comment">SSLEngine On
+  <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
+  <tmpl_else>
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
+  </tmpl_if>
+  <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
+  <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
+  <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

-</VirtualHost>
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+  <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
+  <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLCompression Off
+  </tmpl_if>
+  <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
+  <tmpl_var name="ssl_comment">SSLSessionTickets Off
+  </tmpl_if>

-<Directory /var/www/php-cgi-scripts>
-    AllowOverride None
-    Order Deny,Allow
-    Deny from all
-</Directory>
+  <IfModule mod_headers.c>
+    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
+    <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
+    Header set X-Content-Type-Options: nosniff
+    Header set X-Frame-Options: SAMEORIGIN
+    Header set X-XSS-Protection: "1; mode=block"
+    Header always edit Set-Cookie (.*) "$1; HTTPOnly"
+    <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
+    <IfModule mod_version.c>
+      <IfVersion >= 2.4.7>
+          Header setifempty Strict-Transport-Security "max-age=15768000"
+      </IfVersion>
+      <IfVersion < 2.4.7>
+          Header set Strict-Transport-Security "max-age=15768000"
+      </IfVersion>
+    </IfModule>
+    RequestHeader unset Proxy early
+  </IfModule>
+
+  <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+  <tmpl_var name="ssl_comment">SSLUseStapling On
+  <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
+  <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
+  </tmpl_if>
+  
+  # Redirect http to https
+  ErrorDocument 400 "<script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Error 400 - trying to redirect</h1>"
+
+</VirtualHost>

-<Directory /var/www/php-fcgi-scripts>
-    AllowOverride None
-    Order Deny,Allow
-    Deny from all
-</Directory>
--- a/install/dist/tpl/gentoo/dovecot2.conf.master
+++ b/install/dist/tpl/gentoo/dovecot2.conf.master
+# Do not change this file, as changes will be overwritten by any ISPConfig update.
+# Put your custom settings in /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master.
+# To start using those changes, do a force upgrade and let it reconfigure your services. (ispconfig_update.sh --force)
+listen = *,[::]
+protocols = imap pop3
+auth_mechanisms = plain login
+disable_plaintext_auth = no
+log_timestamp = "%Y-%m-%d %H:%M:%S "
+mail_privileged_group = vmail
+postmaster_address = postmaster@example.com
+ssl_cert = </etc/postfix/smtpd.cert
+ssl_key = </etc/postfix/smtpd.key
+ssl_dh = </etc/dovecot/dh.pem
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = no
+mail_max_userip_connections = 100
+mail_plugins = quota
+passdb {
+  args = /etc/dovecot/dovecot-sql.conf
+  driver = sql
+}
+userdb {
+  driver = prefetch
+}
+userdb {
+  args = /etc/dovecot/dovecot-sql.conf
+  driver = sql
+}
+plugin {
+  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
+
+  # no longer needed, as 'sieve' is in userdb extra fields:
+  sieve=/var/vmail/%d/%n/.sieve
+
+  sieve_before=/var/vmail/%d/%n/.ispconfig-before.sieve
+  sieve_after=/var/vmail/%d/%n/.ispconfig.sieve
+  sieve_max_script_size = 2M
+  sieve_max_actions = 100
+  sieve_max_redirects = 25
+}
+service auth {
+  unix_listener /var/spool/postfix/private/auth {
+    group = postfix
+    mode = 0660
+    user = postfix
+  }
+  unix_listener auth-userdb {
+    group = vmail
+    mode = 0600
+    user = vmail
+  }
+  user = root
+}
+service lmtp {
+  unix_listener /var/spool/postfix/private/dovecot-lmtp {
+   group = postfix
+   mode = 0600
+   user = postfix
+  }
+}
+lmtp_rcpt_check_quota = yes
+service imap-login {
+  client_limit = 1000
+  process_limit = 512
+}
+protocol imap {
+  mail_plugins = $mail_plugins quota imap_quota
+  auth_verbose = yes
+}
+protocol pop3 {
+  pop3_uidl_format = %08Xu%08Xv
+  mail_plugins = $mail_plugins quota
+  auth_verbose = yes
+}
+protocol lda {
+  postmaster_address = webmaster@localhost
+  mail_plugins = $mail_plugins sieve quota
+}
+protocol lmtp {
+  postmaster_address = webmaster@localhost
+  mail_plugins = $mail_plugins quota sieve
+}
+
+
+#2.3+ service stats {
+#2.3+     unix_listener stats-reader {
+#2.3+         user = vmail
+#2.3+         group = vmail
+#2.3+         mode = 0660
+#2.3+     }
+#2.3+
+#2.3+     unix_listener stats-writer {
+#2.3+         user = vmail
+#2.3+         group = vmail
+#2.3+         mode = 0660
+#2.3+     }
+#2.3+ }
+
+service quota-status {
+  executable = quota-status -p postfix
+  unix_listener /var/spool/postfix/private/quota-status {
+    group = postfix
+    mode = 0660
+    user = postfix
+  }
+  client_limit = 1
+}
+plugin {
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "552 5.2.2 Mailbox is full"
+}
+
+!include_try conf.d/99-ispconfig-custom-config.conf
\ No newline at end of file
--- a/install/install.php
+++ b/install/install.php
@@ -85,8 +85,6 @@ if(realpath(dirname(__FILE__)) != $cur_dir) {
 	chdir( realpath(dirname(__FILE__)) );
 }

-//** Install logfile
-define('ISPC_LOG_FILE', '/var/log/ispconfig_install.log');
 define('ISPC_INSTALL_ROOT', realpath(dirname(__FILE__).'/../'));

 //** Include the templating lib
@@ -156,10 +154,15 @@ swriteln($inst->lng('    Default values are in [brackets] and can be accepted wi
 swriteln($inst->lng('    Tap in "quit" (without the quotes) to stop the installer.'."\n\n"));

 //** Check log file is writable (probably not root or sudo)
-if(!is_writable(dirname(ISPC_LOG_FILE))){
-	die("ERROR: Cannot write to the ".dirname(ISPC_LOG_FILE)." directory. Are you root or sudo ?\n\n");
+if(!is_writable(dirname($conf['ispconfig_log_dir']))){
+	die("ERROR: Cannot write to the ".$conf['ispconfig_log_dir']." directory. Are you root or sudo ?\n\n");
 }

+if(!is_dir($conf['ispconfig_log_dir'])) {
+	mkdir($conf['ispconfig_log_dir'], 0755, true);
+}
+define('ISPC_LOG_FILE', $conf['ispconfig_log_dir'] . '/install.log');
+
 //** Check for ISPConfig 2.x versions
 if(is_dir('/root/ispconfig') || is_dir('/home/admispconfig')) {
 	if(is_dir('/home/admispconfig')) {
@@ -252,6 +255,9 @@ unset($tmp);
 include_once 'lib/mysql.lib.php';
 $inst->db = new db();

+//* Check MySQL version
+$inst->check_mysql_version();
+
 //** Begin with standard or expert installation

 $conf['services']['mail'] = false;
@@ -508,6 +514,9 @@ if($conf['apparmor']['installed']){

 if($install_mode == 'standard' || strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {
 	//* Check for Firewall
+	if(!isset($conf['firewall']['installed'])) {
+		$conf['firewall']['installed'] = false;
+	}
 	if(!$conf['ufw']['installed'] && !$conf['firewall']['installed']) {
 		$conf['ufw']['installed'] = $inst->force_configure_app('Ubuntu Firewall', ($install_mode == 'expert'));
 		$conf['firewall']['installed'] = $inst->force_configure_app('Bastille Firewall', ($install_mode == 'expert'));
@@ -631,12 +640,12 @@ swriteln('Detect IP addresses');
 $inst->detect_ips();

 swriteln('Restarting services ...');
-if($conf['mysql']['installed'] == true && $conf['mysql']['init_script'] != '') system($inst->getinitcommand($conf['mysql']['init_script'], 'restart').' >/dev/null 2>&1');
-if($conf['postfix']['installed'] == true && $conf['postfix']['init_script'] != '') system($inst->getinitcommand($conf['postfix']['init_script'], 'restart'));
-if($conf['saslauthd']['installed'] == true && $conf['saslauthd']['init_script'] != '') system($inst->getinitcommand($conf['saslauthd']['init_script'], 'restart'));
-if($conf['amavis']['installed'] == true && $conf['amavis']['init_script'] != '') system($inst->getinitcommand($conf['amavis']['init_script'], 'restart'));
-if($conf['rspamd']['installed'] == true && $conf['rspamd']['init_script'] != '') system($inst->getinitcommand($conf['rspamd']['init_script'], 'restart'));
-if($conf['clamav']['installed'] == true && $conf['clamav']['init_script'] != '' && $conf['amavis']['installed'] == true) system($inst->getinitcommand($conf['clamav']['init_script'], 'restart'));
+if($conf['mysql']['installed'] == true && isset($conf['mysql']['init_script']) && $conf['mysql']['init_script'] != '') system($inst->getinitcommand($conf['mysql']['init_script'], 'restart').' >/dev/null 2>&1');
+if($conf['postfix']['installed'] == true && isset($conf['postfix']['init_script']) && $conf['postfix']['init_script'] != '') system($inst->getinitcommand($conf['postfix']['init_script'], 'restart'));
+if($conf['saslauthd']['installed'] == true && isset($conf['saslauthd']['init_script']) && $conf['saslauthd']['init_script'] != '') system($inst->getinitcommand($conf['saslauthd']['init_script'], 'restart'));
+if($conf['amavis']['installed'] == true && isset($conf['amavis']['init_script']) && $conf['amavis']['init_script'] != '') system($inst->getinitcommand($conf['amavis']['init_script'], 'restart'));
+if($conf['rspamd']['installed'] == true && isset($conf['rspamd']['init_script']) && $conf['rspamd']['init_script'] != '') system($inst->getinitcommand($conf['rspamd']['init_script'], 'restart'));
+if($conf['clamav']['installed'] == true && isset($conf['clamav']['init_script']) && $conf['clamav']['init_script'] != '' && $conf['amavis']['installed'] == true) system($inst->getinitcommand($conf['clamav']['init_script'], 'restart'));
 if($conf['courier']['installed'] == true){
 	if($conf['courier']['courier-authdaemon'] != '') system($inst->getinitcommand($conf['courier']['courier-authdaemon'], 'restart'));
 	if($conf['courier']['courier-imap'] != '') system($inst->getinitcommand($conf['courier']['courier-imap'], 'restart'));
@@ -644,22 +653,22 @@ if($conf['courier']['installed'] == true){
 	if($conf['courier']['courier-pop'] != '') system($inst->getinitcommand($conf['courier']['courier-pop'], 'restart'));
 	if($conf['courier']['courier-pop-ssl'] != '') system($inst->getinitcommand($conf['courier']['courier-pop-ssl'], 'restart'));
 }
-if($conf['dovecot']['installed'] == true && $conf['dovecot']['init_script'] != '') system($inst->getinitcommand($conf['dovecot']['init_script'], 'restart'));
-if($conf['mailman']['installed'] == true && $conf['mailman']['init_script'] != '') system('nohup '.$inst->getinitcommand($conf['mailman']['init_script'], 'restart').' >/dev/null 2>&1 &');
-if($conf['apache']['installed'] == true && $conf['apache']['init_script'] != '') system($inst->getinitcommand($conf['apache']['init_script'], 'restart'));
+if($conf['dovecot']['installed'] == true && isset($conf['dovecot']['init_script']) && $conf['dovecot']['init_script'] != '') system($inst->getinitcommand($conf['dovecot']['init_script'], 'restart'));
+if($conf['mailman']['installed'] == true && isset($conf['mailman']['init_script']) && $conf['mailman']['init_script'] != '') system('nohup '.$inst->getinitcommand($conf['mailman']['init_script'], 'restart').' >/dev/null 2>&1 &');
+if($conf['apache']['installed'] == true && isset($conf['apache']['init_script']) && $conf['apache']['init_script'] != '') system($inst->getinitcommand($conf['apache']['init_script'], 'restart'));
 //* Reload is enough for nginx
 if($conf['nginx']['installed'] == true){
 	if($conf['nginx']['php_fpm_init_script'] != '') system($inst->getinitcommand($conf['nginx']['php_fpm_init_script'], 'reload'));
-	if($conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'reload'));
+	if(isset($conf['nginx']['init_script']) && $conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'reload'));
 }
-if($conf['pureftpd']['installed'] == true && $conf['pureftpd']['init_script'] != '') system($inst->getinitcommand($conf['pureftpd']['init_script'], 'restart'));
-if($conf['mydns']['installed'] == true && $conf['mydns']['init_script'] != '') system($inst->getinitcommand($conf['mydns']['init_script'], 'restart').' &> /dev/null');
-if($conf['powerdns']['installed'] == true && $conf['powerdns']['init_script'] != '') system($inst->getinitcommand($conf['powerdns']['init_script'], 'restart').' &> /dev/null');
-if($conf['bind']['installed'] == true && $conf['bind']['init_script'] != '') system($inst->getinitcommand($conf['bind']['init_script'], 'restart').' &> /dev/null');
-//if($conf['squid']['installed'] == true && $conf['squid']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['squid']['init_script']))     system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null');
-if($conf['nginx']['installed'] == true && $conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'restart').' &> /dev/null');
-if($conf['ufw']['installed'] == true && $conf['ufw']['init_script'] != '') system($inst->getinitcommand($conf['ufw']['init_script'], 'restart').' &> /dev/null');
-if($conf['xmpp']['installed'] == true && $conf['xmpp']['init_script'] != '') system($inst->getinitcommand($conf['xmpp']['init_script'], 'restart').' &> /dev/null');
+if($conf['pureftpd']['installed'] == true && isset($conf['pureftpd']['init_script']) && $conf['pureftpd']['init_script'] != '') system($inst->getinitcommand($conf['pureftpd']['init_script'], 'restart'));
+if($conf['mydns']['installed'] == true && isset($conf['mydns']['init_script']) && $conf['mydns']['init_script'] != '') system($inst->getinitcommand($conf['mydns']['init_script'], 'restart').' &> /dev/null');
+if($conf['powerdns']['installed'] == true && isset($conf['powerdns']['init_script']) && $conf['powerdns']['init_script'] != '') system($inst->getinitcommand($conf['powerdns']['init_script'], 'restart').' &> /dev/null');
+if($conf['bind']['installed'] == true && isset($conf['bind']['init_script']) && $conf['bind']['init_script'] != '') system($inst->getinitcommand($conf['bind']['init_script'], 'restart').' &> /dev/null');
+//if($conf['squid']['installed'] == true && isset($conf['squid']['init_script']) && $conf['squid']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['squid']['init_script']))     system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null');
+if($conf['nginx']['installed'] == true && isset($conf['nginx']['init_script']) && $conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'restart').' &> /dev/null');
+if(isset($conf['ufw']['installed']) && $conf['ufw']['installed'] == true && isset($conf['ufw']['init_script']) && $conf['ufw']['init_script'] != '') system($inst->getinitcommand($conf['ufw']['init_script'], 'restart').' &> /dev/null');
+if($conf['xmpp']['installed'] == true && isset($conf['xmpp']['init_script']) && $conf['xmpp']['init_script'] != '') system($inst->getinitcommand($conf['xmpp']['init_script'], 'restart').' &> /dev/null');


 $inst->create_mount_script();

--- a/install/lib/classes/tpl.inc.php
+++ b/install/lib/classes/tpl.inc.php
@@ -30,7 +30,7 @@ if (!defined('vlibTemplateClassLoaded')) {
 	include_once ISPC_INSTALL_ROOT.'/install/lib/classes/tpl_error.inc.php';
 	include_once ISPC_INSTALL_ROOT.'/install/lib/classes/tpl_ini.inc.php';

-	class tpl{
+	class tpl extends stdClass{

 		/*-----------------------------------------------------------------------------\
        |                                 ATTENTION                                    |
@@ -931,7 +931,7 @@ if (!defined('vlibTemplateClassLoaded')) {
 		{
 			array_push($this->_namespace, $varname);
 			$tempvar = count($this->_namespace) - 1;
-			$retstr = "for (\$_".$tempvar."=0 ; \$_".$tempvar." < count(\$this->_arrvars";
+			$retstr = "for (\$_".$tempvar."=0 ; \$_".$tempvar." < \$this->_tpl_count(\$this->_arrvars";
 			for ($i=0; $i < count($this->_namespace); $i++) {
 				$retstr .= "['".$this->_namespace[$i]."']";
 				if ($this->_namespace[$i] != $varname) $retstr .= "[\$_".$i."]";
@@ -1170,7 +1170,15 @@ if (!defined('vlibTemplateClassLoaded')) {

 			array_push($this->_currentincludedir, dirname($this->_tmplfilename));
 			$this->_includedepth++;
-			$success = @eval($this->_tmplfilep);
+			try {
+				$success = @eval($this->_tmplfilep);
+			} catch(Exception $ex) {
+				print $this->_tmplfilep;
+				throw $ex;
+			} catch(TypeError $ex) {
+				print $this->_tmplfilep;
+				throw $ex;
+			}
 			$this->_includedepth--;
 			array_pop($this->_currentincludedir);

@@ -1268,6 +1276,27 @@ if (!defined('vlibTemplateClassLoaded')) {
 			return $return;
 		}

+		/**
+		* Used during in evaled code to replace PHP count function for PHP 8 compatibility
+		* @var variable to be counted
+		*/
+		private function _tpl_count($var)
+		{
+			$retvar = 0;
+			if(isset($var)) {
+				if(is_array($var)) {
+					$retvar = count($var);
+				} elseif(is_null($var)) {
+					$retvar = 0;
+				} else {
+					$retvar = 1;
+				}
+			} else {
+				$retvar = 0;
+			}
+			return $retvar;
+		}
+
 		/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    The following functions have no use and are included just so that if the user
    is making use of vlibTemplateCache functions, this doesn't crash when changed to

--- a/install/lib/install.lib.php
+++ b/install/lib/install.lib.php
@@ -85,7 +85,7 @@ function get_distname() {
 				}
 				
 				$distname = 'Ubuntu';
-				$distid = 'debian40';
+				$distid = 'debian60';
 				$distbaseid = 'debian';

 				preg_match("/.*VERSION=\"(.*)\".*/ui", $os_release, $ver);
@@ -98,6 +98,14 @@ function get_distname() {
 				$mainver = current($mainver).'.'.next($mainver);
 			}
 			switch ($mainver){
+			case "24.04":
+				$relname = "(Noble Numbat)";
+				$distconfid = 'ubuntu2404';
+				break;
+			case "22.04":
+				$relname = "(Jammy Jellyfish)";
+				$distconfid = 'ubuntu2204';
+				break;
 			case "20.04":
 				$relname = "(Focal Fossa)";
 				$distconfid = 'ubuntu2004';
@@ -248,6 +256,13 @@ function get_distname() {
 			$distid = 'debian60';
 			$distbaseid = 'debian';
 			swriteln("Operating System: Debian 11.0 (Bullseye) or compatible\n");
+		} elseif(substr(trim(file_get_contents('/etc/debian_version')),0,2) == '12') {
+			$distname = 'Debian';
+			$distver = 'Bookworm';
+			$distconfid = 'debian120';
+			$distid = 'debian60';
+			$distbaseid = 'debian';
+			swriteln("Operating System: Debian 12.0 (Bookworm) or compatible\n");
 		} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '/sid')) {
 			$distname = 'Debian';
 			$distver = 'Testing';
@@ -259,7 +274,7 @@ function get_distname() {
 			$distname = 'Debian';
 			$distver = 'Unknown';
 			$distid = 'debian60';
-			$distconfid = 'debian100';
+			$distconfid = 'debian120';
 			$distbaseid = 'debian';
 			swriteln("Operating System: Debian or compatible, unknown version.\n");
 		}
@@ -295,88 +310,93 @@ function get_distname() {
 	}

 	//** RHEL (including compatible clones) & Fedora
-        elseif(file_exists('/etc/redhat-release') && file_exists('/etc/os-release')) {
-
-		$content = file_get_contents('/etc/os-release');
-
-		preg_match('/(?<=PRETTY_NAME=\").+?(?=\")/', $content, $prettyname);
-		preg_match('/(?<=NAME=\").+?(?=\")/', $content, $name);
-		preg_match('/(?<=VERSION=\").+?(?=\")/', $content, $version);
-		preg_match('/(?<=VERSION_ID=\").+?(?=\")/', $content, $versionid);
-
-                if(stristr($prettyname[0], 'Fedora 32 (Thirty Two)')) {
-                        $distname = 'Fedora';
-                        $distver = '32';
-                        $distid = 'fedora32';
-                        $distbaseid = 'fedora';
-                        swriteln("Operating System: Fedora 32 or compatible\n");
-                } elseif(stristr($prettyname[0], 'Fedora 33 (Thirty Three)')) {
-                        $distname = 'Fedora';
-                        $distver = '33';
-                        $distid = 'fedora33';
-                        $distbaseid = 'fedora';
-                        swriteln("Operating System: Fedora 33 or compatible\n");
-                //** RHEL 7 and compatible clones
-                } elseif(preg_match('/^(?:7|7\.[0-9]{1,2})$/', $versionid[0])) {
-                        preg_match_all('/([0-9]{1,2})\.?([0-9]{0,2})\.?([0-9]*)/', file_get_contents('/etc/redhat-release'), $centos7_version);
-                        $distname = $name[0];
-                        $distver = is_array($centos7_version)? implode('.', array_filter(array($centos7_version[1][0],$centos7_version[2][0],$centos7_version[3][0]),'strlen')) : $version[0];
-                        $distid = 'centos72';
-			$distbaseid = 'fedora';
-                        swriteln("Operating System: " . $distname . " " .  $distver . "\n");
-		//** RHEL 8 and compatible clones
-                } elseif(preg_match('/^(?:8|8\.[0-9]{1,2})$/', $versionid[0])) {
-                        $distname = $name[0];
-                        $distver = $version[0];
-                        $distid = 'centos80';
-                        $distbaseid = 'fedora';
-                        swriteln("Operating System: " . $prettyname[0] . "\n");
-		} else {
-                        $distname = 'Redhat';
-                        $distver = 'Unknown';
-                        $distid = 'fedora9';
-                        $distbaseid = 'fedora';
-                        swriteln("Operating System: Redhat or compatible\n");
-		}
+	elseif(file_exists('/etc/redhat-release') && file_exists('/etc/os-release')) {
+
+	$content = file_get_contents('/etc/os-release');
+
+	preg_match('/(?<=PRETTY_NAME=\").+?(?=\")/', $content, $prettyname);
+	preg_match('/(?<=NAME=\").+?(?=\")/', $content, $name);
+	preg_match('/(?<=VERSION=\").+?(?=\")/', $content, $version);
+	preg_match('/(?<=VERSION_ID=\").+?(?=\")/', $content, $versionid);
+
+	if(stristr($prettyname[0], 'Fedora 32 (Thirty Two)')) {
+		$distname = 'Fedora';
+		$distver = '32';
+		$distid = 'fedora32';
+		$distbaseid = 'fedora';
+		swriteln("Operating System: Fedora 32 or compatible\n");
+	} elseif(stristr($prettyname[0], 'Fedora 33 (Thirty Three)')) {
+		$distname = 'Fedora';
+		$distver = '33';
+		$distid = 'fedora33';
+		$distbaseid = 'fedora';
+		swriteln("Operating System: Fedora 33 or compatible\n");
+	//** RHEL 7 and compatible clones
+	} elseif(preg_match('/^(?:7|7\.[0-9]{1,2})$/', $versionid[0])) {
+		preg_match_all('/([0-9]{1,2})\.?([0-9]{0,2})\.?([0-9]*)/', file_get_contents('/etc/redhat-release'), $centos7_version);
+		$distname = $name[0];
+		$distver = is_array($centos7_version)? implode('.', array_filter(array($centos7_version[1][0],$centos7_version[2][0],$centos7_version[3][0]),'strlen')) : $version[0];
+		$distid = 'centos72';
+		$distbaseid = 'fedora';
+		swriteln("Operating System: " . $distname . " " .  $distver . "\n");
+	//** RHEL 8 and compatible clones
+	} elseif(preg_match('/^(?:8|8\.[0-9]{1,2})$/', $versionid[0])) {
+		$distname = $name[0];
+		$distver = $version[0];
+		$distid = 'centos80';
+		$distbaseid = 'fedora';
+		swriteln("Operating System: " . $prettyname[0] . "\n");
+	//** RHEL 9 and compatible clones
+	} elseif(preg_match('/^(?:9|9\.[0-9]{1,2})$/', $versionid[0])) {
+		$distname = $name[0];
+		$distver = $version[0];
+		$distid = 'centos90';
+		$distbaseid = 'fedora';
+		swriteln("Operating System: " . $prettyname[0] . "\n");
+	} else {
+		$distname = 'Redhat';
+		$distver = 'Unknown';
+		$distid = 'fedora9';
+		$distbaseid = 'fedora';
+		swriteln("Operating System: Redhat or compatible\n");
+	}
 	//** CentOS 6
-        } elseif(file_exists('/etc/redhat-release') && !file_exists('/etc/os-release') && !file_exists('/etc/els-release')) {
+	} elseif(file_exists('/etc/redhat-release') && !file_exists('/etc/os-release') && !file_exists('/etc/els-release')) {

-                $content = file_get_contents('/etc/redhat-release');
+		$content = file_get_contents('/etc/redhat-release');

-                if(stristr($content, 'CentOS Linux release 6') || stristr($content, 'CentOS release 6')) {
-                        preg_match_all('/(6\.?([0-9]{0,2})\.?(\s)?([a-zA-Z()]+))$/', $content, $centos6_version);
-                        $distname = 'CentOS Linux';
+		if(stristr($content, 'CentOS Linux release 6') || stristr($content, 'CentOS release 6')) {
+			preg_match_all('/(6\.?([0-9]{0,2})\.?(\s)?([a-zA-Z()]+))$/', $content, $centos6_version);
+			$distname = 'CentOS Linux';
 			$distver = $centos6_version[0][0] ? $centos6_version[0][0] : '6';
 			$distid = 'centos53';
 			$distbaseid = 'fedora';
-                        swriteln("Operating System: " . $distname . " " .  $distver . "\n");
-
-                } else {
-                        $distname = 'Redhat';
-                        $distver = 'Unknown';
-                        $distid = 'fedora9';
-                        $distbaseid = 'fedora';
-                }
+			swriteln("Operating System: " . $distname . " " .  $distver . "\n");
+        } else {
+			$distname = 'Redhat';
+			$distver = 'Unknown';
+			$distid = 'fedora9';
+			$distbaseid = 'fedora';
+		}
 	//** CentOS 6 Extended Lifecycle Support by CloudLinux
-        } elseif(file_exists('/etc/redhat-release') && file_exists('/etc/els-release') && !file_exists('/etc/os-release')) {
+	} elseif(file_exists('/etc/redhat-release') && file_exists('/etc/els-release') && !file_exists('/etc/os-release')) {

-                $content = file_get_contents('/etc/els-release');
+		$content = file_get_contents('/etc/els-release');

-                if(stristr($content, 'CentOS Linux release 6') || stristr($content, 'CentOS release 6')) {
-                        preg_match_all('/(6)\.?([0-9]{0,2})?\.?\s([a-zA-Z(), ]+)?$/', $content, $centos6_version);
-                        $distname = 'CentOS Linux';
-                        $distver = $centos6_version[0][0] ? $centos6_version[0][0] : '6';
-                        $distid = 'centos53';
+		if(stristr($content, 'CentOS Linux release 6') || stristr($content, 'CentOS release 6')) {
+			preg_match_all('/(6)\.?([0-9]{0,2})?\.?\s([a-zA-Z(), ]+)?$/', $content, $centos6_version);
+			$distname = 'CentOS Linux';
+			$distver = $centos6_version[0][0] ? $centos6_version[0][0] : '6';
+			$distid = 'centos53';
 			$distbaseid = 'fedora';
-                        swriteln("Operating System: " . $distname . " " .  $distver . "\n");
-                } else {
-                        $distname = 'Redhat';
-                        $distver = 'Unknown';
-                        $distid = 'fedora9';
-                        $distbaseid = 'fedora';
-                }
-        }
-
+			swriteln("Operating System: " . $distname . " " .  $distver . "\n");
+		} else {
+			$distname = 'Redhat';
+			$distver = 'Unknown';
+			$distid = 'fedora9';
+			$distbaseid = 'fedora';
+		}
+	}

 	//** Gentoo
 	elseif(file_exists('/etc/gentoo-release')) {
@@ -538,16 +558,15 @@ function remove_blank_lines($input, $file = 1){
 		$content = $input;
 	}
 	$lines = explode("\n", $content);
+	$new_lines = array();
 	if(!empty($lines)){
 		foreach($lines as $line){
 			if(trim($line) != '') $new_lines[] = $line;
 		}
 	}
-	if(is_array($new_lines)){
-		$content = implode("\n", $new_lines);
-	} else {
-		$content = '';
-	}
+
+	$content = implode("\n", $new_lines);
+
 	if($file){
 		wf($input, $content);
 	}else{

--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
--- a/install/lib/mysql.lib.php
+++ b/install/lib/mysql.lib.php
@@ -64,9 +64,11 @@ class db
 	public function __destruct() {
 		if($this->_iConnId) mysqli_close($this->_iConnId);
 	}
-	
+
 	private function do_connect() {
 		global $conf;
+
+		mysqli_report(MYSQLI_REPORT_OFF);
 		
 		if($this->_iConnId) return true;
 		$this->dbHost = $conf['mysql']['host'];
@@ -77,7 +79,7 @@ class db
 		$this->dbCharset = $conf["mysql"]["charset"];
 		$this->dbNewLink = false;
 		$this->dbClientFlags = null;
-		
+
 		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
 		$try = 0;
 		while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
@@ -92,19 +94,19 @@ class db
 			$this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
 			return false;
 		}
-		
+
 		if($this->dbName) $this->setDBName($this->dbName);

 		$this->_setCharset();
 	}
-	
+
 	public function setDBData($host, $user, $password, $port) {
 		$this->dbHost = $host;
 		$this->dbUser = $user;
 		$this->dbPass = $password;
 		$this->dbPort = $port;
 	}
-	
+
 	public function setDBName($name) {
 		$this->dbName = $name;
 		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
@@ -114,7 +116,7 @@ class db
 			return false;
 		}
 	}
-	
+
 	public function close() {
 		if($this->_iConnId) mysqli_close($this->_iConnId);
 		$this->_iConnId = null;
@@ -192,7 +194,7 @@ class db
 	}

 	private function _query($sQuery = '') {
-		
+
 		$aArgs = func_get_args();
 		$this->do_connect();

@@ -284,7 +286,7 @@ class db
 	 * @return array result row or NULL if none found
 	 */
 	public function queryOneRecord($sQuery = '') {
-		
+
 		$aArgs = func_get_args();
 		if(!empty($aArgs)) {
 			$sQuery = array_shift($aArgs);
@@ -293,7 +295,7 @@ class db
 		}
 		array_unshift($aArgs, $sQuery);
 		}
-  
+
 		$oResult = call_user_func_array([&$this, 'query'], $aArgs);
 		if(!$oResult) return null;

@@ -534,7 +536,7 @@ class db
 			if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
 		}
 	}
-	
+
 	/* TODO: rewrite SQL */
 	function update($tablename, $form, $bedingung, $debug = 0)
 	{
@@ -761,14 +763,14 @@ class db
 			break;
 		}
 	}
-	
+
 	/**
 	 * Get the database type (mariadb or mysql)
 	 *
 	 * @access public
 	 * @return string 'mariadb' or string 'mysql'
 	 */
-	
+
 	public function getDatabaseType() {
 		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
 		if(stristr($tmp['version'],'mariadb')) {
@@ -777,7 +779,7 @@ class db
 			return 'mysql';
 		}
 	}
-	
+
 	/**
 	 * Get the database version
 	 *
@@ -785,7 +787,7 @@ class db
 	 * @param bool   $major_version_only = true will return the major version only, e.g. 8 for MySQL 8
 	 * @return string version number
 	 */
-	
+
 	public function getDatabaseVersion($major_version_only = false) {
 		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
 		$version = explode('-', $tmp['version']);

--- a/install/patches/upd_0100.php
+++ b/install/patches/upd_0100.php
+<?php
+
+if(!defined('INSTALLER_RUN')) die('Patch update file access violation.');
+
+class upd_0100 extends installer_patch_update {
+
+	public function onAfterSQL() {
+		global $inst;
+
+        // Remove old server plugins, unless they are currently enabled
+        if(!is_link('/usr/local/ispconfig/server/plugins-enabled/nginx_reverseproxy_plugin.inc.php'))
+            unlink('/usr/local/ispconfig/server/plugins-available/nginx_reverseproxy_plugin.inc.php');
+        if(!is_link('/usr/local/ispconfig/server/plugins-enabled/bind_dlz_plugin.inc.php'))
+            unlink('/usr/local/ispconfig/server/plugins-available/bind_dlz_plugin.inc.php');
+	}
+
+}
--- a/install/sql/incremental/upd_0097.sql
+++ b/install/sql/incremental/upd_0097.sql
+ALTER TABLE `sys_user` ADD `otp_type` SET('none', 'email') NOT NULL DEFAULT 'none' AFTER `lost_password_reqtime`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
--- a/install/sql/incremental/upd_0098.sql
+++ b/install/sql/incremental/upd_0098.sql
+ALTER TABLE `mail_user` CHANGE `quota` `quota` BIGINT(20) NOT NULL DEFAULT '0';
+ALTER TABLE `server_php` ADD `sortprio` INT(20) NOT NULL DEFAULT '100' AFTER `active`;
+ALTER TABLE `mail_user` ADD COLUMN `imap_prefix` varchar(255) NULL default NULL AFTER `backup_copies`;
+-- #6456 comodoca.com needs to become sectigo.com
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'sectigo.com' WHERE `ca_issue` = 'comodo.com';
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'sectigo.com' WHERE `ca_issue` = 'comodoca.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Sectigo (formerly Comodo CA)' WHERE `ca_issue` = 'sectigo.com';
+-- not updating the dns_rr table to change all CAA records that have comodo.com / comodoca.com - we should not touch users records imo - TP
+-- #6445 Update the mailbox_soft_delete config option to it's new structure.
+-- UPDATE server SET config=REGEXP_REPLACE(config, 'mailbox_soft_delete=n', 'mailbox_soft_delete=0') WHERE config LIKE '%mailbox_soft_delete=n%'
+-- UPDATE server SET config=REGEXP_REPLACE(config, 'mailbox_soft_delete=y', 'mailbox_soft_delete=7') WHERE config LIKE '%mailbox_soft_delete=y%'
\ No newline at end of file
--- a/install/sql/incremental/upd_0099.sql
+++ b/install/sql/incremental/upd_0099.sql
+ALTER TABLE `spamfilter_policy` 
+CHANGE `warnvirusrecip` `warnvirusrecip` VARCHAR(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT 'N', 
+CHANGE `warnbannedrecip` `warnbannedrecip` VARCHAR(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT 'N', 
+CHANGE `warnbadhrecip` `warnbadhrecip` VARCHAR(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT 'N';
+ALTER TABLE `sys_ini` CHANGE `default_logo` `default_logo` TEXT CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL;
+ALTER TABLE `sys_ini` CHANGE `custom_logo` `custom_logo` TEXT CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL;
\ No newline at end of file
--- a/install/sql/incremental/upd_0100.sql
+++ b/install/sql/incremental/upd_0100.sql
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon Trust Services', 'amazontrust.com', 'Y', '', 0);
+
+-- 5374-mail-last-accessed-frontend
+ALTER TABLE `mail_user` ADD `last_access` int(11) NULL DEFAULT NULL after `disabledoveadm`;
+
+ALTER TABLE `web_domain` ADD `disable_symlinknotowner` enum('n','y') NOT NULL default 'n' AFTER `last_jailkit_hash`;
+UPDATE `web_domain` SET `backup_format_web` = 'tar_gzip' WHERE  `backup_format_web` = 'rar';
+UPDATE `web_domain` SET `backup_format_db` = 'zip' WHERE  `backup_format_db` = 'rar';
\ No newline at end of file
--- a/install/sql/incremental/upd_0101.sql
+++ b/install/sql/incremental/upd_0101.sql
+ALTER TABLE `web_database_user` ADD `database_password_sha2` varchar(70) DEFAULT NULL AFTER `database_password`;
+ALTER TABLE `web_database_user` ADD `database_password_postgres` varchar(255) DEFAULT NULL AFTER `database_password_mongo`;
+ALTER TABLE `client` ADD `limit_database_postgresql` INT NOT NULL DEFAULT '-1' AFTER `limit_database`;
+ALTER TABLE `client_template` ADD `limit_database_postgresql` INT NOT NULL DEFAULT '-1' AFTER `limit_database`;
+ALTER TABLE `server_php` ADD `php_cli_binary` varchar(255) DEFAULT NULL AFTER `php_fpm_socket_dir`;
+ALTER TABLE `server_php` ADD `php_jk_section` varchar(255) DEFAULT NULL AFTER `php_cli_binary`;
+ALTER TABLE `mail_domain` ADD `local_delivery` enum('n','y') NOT NULL DEFAULT 'y' AFTER `active`;
+ALTER TABLE `sys_remoteaction` CHANGE `action_type` `action_type` VARCHAR(64) NOT NULL;
+CREATE TABLE IF NOT EXISTS `sys_message` (
+  `message_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT 0,
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT 0,
+  `sys_perm_user` VARCHAR(5) DEFAULT 'r',
+  `sys_perm_group` VARCHAR(5) DEFAULT 'r',
+  `sys_perm_other` VARCHAR(5) DEFAULT '',
+  `message_state` enum('info','warning','error') NOT NULL DEFAULT 'info',
+  `message_date` datetime NULL DEFAULT NULL,
+  `message_ack` enum('y','n') NOT NULL DEFAULT 'n',
+  `relation` varchar(255) NULL DEFAULT NULL,
+  `message` TEXT DEFAULT NULL,
+  PRIMARY KEY (`message_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
-ALTER TABLE `sys_user` ADD `otp_type` SET('none', 'email') NOT NULL DEFAULT 'none' AFTER `lost_password_reqtime`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
--- a/install/tpl/amavisd_user_config.master
+++ b/install/tpl/amavisd_user_config.master
@@ -85,6 +85,9 @@ $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
  originating => 1,
 };
+$policy_bank{'MYNETS'} = {
+  originating => 1,
+};

 # IP-Addresses for internal networks => load policy MYNETS
 # - requires -o smtp_send_xforward_command=yes in postfix master.cf

--- a/install/tpl/apache_apps.vhost.master
+++ b/install/tpl/apache_apps.vhost.master
No results found