install/install.php

@@ -85,8 +85,6 @@ if(realpath(dirname(__FILE__)) != $cur_dir) {
 	chdir( realpath(dirname(__FILE__)) );
 }
 
-//** Install logfile
-define('ISPC_LOG_FILE', '/var/log/ispconfig_install.log');
 define('ISPC_INSTALL_ROOT', realpath(dirname(__FILE__).'/../'));
 
 //** Include the templating lib
@@ -156,10 +154,15 @@ swriteln($inst->lng('    Default values are in [brackets] and can be accepted wi
 swriteln($inst->lng('    Tap in "quit" (without the quotes) to stop the installer.'."\n\n"));
 
 //** Check log file is writable (probably not root or sudo)
-if(!is_writable(dirname(ISPC_LOG_FILE))){
-	die("ERROR: Cannot write to the ".dirname(ISPC_LOG_FILE)." directory. Are you root or sudo ?\n\n");
+if(!is_writable(dirname($conf['ispconfig_log_dir']))){
+	die("ERROR: Cannot write to the ".$conf['ispconfig_log_dir']." directory. Are you root or sudo ?\n\n");
 }
 
+if(!is_dir($conf['ispconfig_log_dir'])) {
+	mkdir($conf['ispconfig_log_dir'], 0755, true);
+}
+define('ISPC_LOG_FILE', $conf['ispconfig_log_dir'] . '/install.log');
+
 //** Check for ISPConfig 2.x versions
 if(is_dir('/root/ispconfig') || is_dir('/home/admispconfig')) {
 	if(is_dir('/home/admispconfig')) {
@@ -664,7 +667,7 @@ if($conf['powerdns']['installed'] == true && isset($conf['powerdns']['init_scrip
 if($conf['bind']['installed'] == true && isset($conf['bind']['init_script']) && $conf['bind']['init_script'] != '') system($inst->getinitcommand($conf['bind']['init_script'], 'restart').' &> /dev/null');
 //if($conf['squid']['installed'] == true && isset($conf['squid']['init_script']) && $conf['squid']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['squid']['init_script']))     system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null');
 if($conf['nginx']['installed'] == true && isset($conf['nginx']['init_script']) && $conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'restart').' &> /dev/null');
-if($conf['ufw']['installed'] == true && isset($conf['ufw']['init_script']) && $conf['ufw']['init_script'] != '') system($inst->getinitcommand($conf['ufw']['init_script'], 'restart').' &> /dev/null');
+if(isset($conf['ufw']['installed']) && $conf['ufw']['installed'] == true && isset($conf['ufw']['init_script']) && $conf['ufw']['init_script'] != '') system($inst->getinitcommand($conf['ufw']['init_script'], 'restart').' &> /dev/null');
 if($conf['xmpp']['installed'] == true && isset($conf['xmpp']['init_script']) && $conf['xmpp']['init_script'] != '') system($inst->getinitcommand($conf['xmpp']['init_script'], 'restart').' &> /dev/null');
 
 

install/lib/classes/tpl.inc.php

@@ -30,7 +30,7 @@ if (!defined('vlibTemplateClassLoaded')) {
 	include_once ISPC_INSTALL_ROOT.'/install/lib/classes/tpl_error.inc.php';
 	include_once ISPC_INSTALL_ROOT.'/install/lib/classes/tpl_ini.inc.php';
 
-	class tpl{
+	class tpl extends stdClass{
 
 		/*-----------------------------------------------------------------------------\
         |                                 ATTENTION                                    |

install/lib/install.lib.php

@@ -85,7 +85,7 @@ function get_distname() {
 				}
 				
 				$distname = 'Ubuntu';
-				$distid = 'debian40';
+				$distid = 'debian60';
 				$distbaseid = 'debian';
 
 				preg_match("/.*VERSION=\"(.*)\".*/ui", $os_release, $ver);
@@ -98,6 +98,10 @@ function get_distname() {
 				$mainver = current($mainver).'.'.next($mainver);
 			}
 			switch ($mainver){
+			case "24.04":
+				$relname = "(Noble Numbat)";
+				$distconfid = 'ubuntu2404';
+				break;
 			case "22.04":
 				$relname = "(Jammy Jellyfish)";
 				$distconfid = 'ubuntu2204';
@@ -252,6 +256,13 @@ function get_distname() {
 			$distid = 'debian60';
 			$distbaseid = 'debian';
 			swriteln("Operating System: Debian 11.0 (Bullseye) or compatible\n");
+		} elseif(substr(trim(file_get_contents('/etc/debian_version')),0,2) == '12') {
+			$distname = 'Debian';
+			$distver = 'Bookworm';
+			$distconfid = 'debian120';
+			$distid = 'debian60';
+			$distbaseid = 'debian';
+			swriteln("Operating System: Debian 12.0 (Bookworm) or compatible\n");
 		} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '/sid')) {
 			$distname = 'Debian';
 			$distver = 'Testing';
@@ -263,7 +274,7 @@ function get_distname() {
 			$distname = 'Debian';
 			$distver = 'Unknown';
 			$distid = 'debian60';
-			$distconfid = 'debian100';
+			$distconfid = 'debian120';
 			$distbaseid = 'debian';
 			swriteln("Operating System: Debian or compatible, unknown version.\n");
 		}

install/patches/upd_0100.php

+<?php
+
+if(!defined('INSTALLER_RUN')) die('Patch update file access violation.');
+
+class upd_0100 extends installer_patch_update {
+
+	public function onAfterSQL() {
+		global $inst;
+
+        // Remove old server plugins, unless they are currently enabled
+        if(!is_link('/usr/local/ispconfig/server/plugins-enabled/nginx_reverseproxy_plugin.inc.php'))
+            unlink('/usr/local/ispconfig/server/plugins-available/nginx_reverseproxy_plugin.inc.php');
+        if(!is_link('/usr/local/ispconfig/server/plugins-enabled/bind_dlz_plugin.inc.php'))
+            unlink('/usr/local/ispconfig/server/plugins-available/bind_dlz_plugin.inc.php');
+	}
+
+}

install/sql/incremental/upd_0099.sql

+ALTER TABLE `spamfilter_policy` 
+CHANGE `warnvirusrecip` `warnvirusrecip` VARCHAR(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT 'N', 
+CHANGE `warnbannedrecip` `warnbannedrecip` VARCHAR(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT 'N', 
+CHANGE `warnbadhrecip` `warnbadhrecip` VARCHAR(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL DEFAULT 'N';
+ALTER TABLE `sys_ini` CHANGE `default_logo` `default_logo` TEXT CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL;
+ALTER TABLE `sys_ini` CHANGE `custom_logo` `custom_logo` TEXT CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci NULL;
\ No newline at end of file

install/sql/incremental/upd_0100.sql

+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon Trust Services', 'amazontrust.com', 'Y', '', 0);
+
+-- 5374-mail-last-accessed-frontend
+ALTER TABLE `mail_user` ADD `last_access` int(11) NULL DEFAULT NULL after `disabledoveadm`;
+
+ALTER TABLE `web_domain` ADD `disable_symlinknotowner` enum('n','y') NOT NULL default 'n' AFTER `last_jailkit_hash`;
+UPDATE `web_domain` SET `backup_format_web` = 'tar_gzip' WHERE  `backup_format_web` = 'rar';
+UPDATE `web_domain` SET `backup_format_db` = 'zip' WHERE  `backup_format_db` = 'rar';
\ No newline at end of file

install/sql/incremental/upd_dev_collection.sql

+ALTER TABLE `web_database_user` ADD `database_password_sha2` varchar(70) DEFAULT NULL AFTER `database_password`;
+ALTER TABLE `web_database_user` ADD `database_password_postgres` varchar(255) DEFAULT NULL AFTER `database_password_mongo`;
+ALTER TABLE `client` ADD `limit_database_postgresql` INT NOT NULL DEFAULT '-1' AFTER `limit_database`;
+ALTER TABLE `client_template` ADD `limit_database_postgresql` INT NOT NULL DEFAULT '-1' AFTER `limit_database`;
+ALTER TABLE `server_php` ADD `php_cli_binary` varchar(255) DEFAULT NULL AFTER `php_fpm_socket_dir`;
+ALTER TABLE `server_php` ADD `php_jk_section` varchar(255) DEFAULT NULL AFTER `php_cli_binary`;
+ALTER TABLE `mail_domain` ADD `local_delivery` enum('n','y') NOT NULL DEFAULT 'y' AFTER `active`;

install/sql/ispconfig3.sql

@@ -233,6 +233,7 @@ CREATE TABLE `client` (
   `default_dbserver` int(11) NOT NULL DEFAULT '1',
   `dns_servers` text,
   `limit_database` int(11) NOT NULL DEFAULT '-1',
+  `limit_database_postgresql` int(11) NOT NULL default '-1',
   `limit_database_user` int(11) NOT NULL DEFAULT '-1',
   `limit_database_quota` int(11) NOT NULL default '-1',
   `limit_cron` int(11) NOT NULL DEFAULT '0',
@@ -363,6 +364,7 @@ CREATE TABLE `client_template` (
   `limit_dns_record` int(11) NOT NULL default '-1',
   `db_servers` text,
   `limit_database` int(11) NOT NULL default '-1',
+  `limit_database_postgresql` int(11) NOT NULL default '-1',
   `limit_database_user` int(11) NOT NULL DEFAULT '-1',
   `limit_database_quota` int(11) NOT NULL default '-1',
   `limit_cron` int(11) NOT NULL default '0',
@@ -559,6 +561,7 @@ INSERT INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `s
 (NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
 (NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
 (NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon Trust Services', 'amazontrust.com', 'Y', '', 0),
 (NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
 (NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
 (NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
@@ -893,6 +896,7 @@ CREATE TABLE `mail_domain` (
   `relay_user` varchar(255) NOT NULL DEFAULT '',
   `relay_pass` varchar(255) NOT NULL DEFAULT '',
   `active` enum('n','y') NOT NULL DEFAULT 'n',
+  `local_delivery` enum('n','y') NOT NULL DEFAULT 'y',
   PRIMARY KEY  (`domain_id`),
   KEY `server_id` (`server_id`,`domain`),
   KEY `domain_active` (`domain`,`active`)
@@ -1096,6 +1100,7 @@ CREATE TABLE `mail_user` (
   `disablelda` enum('n','y') NOT NULL default 'n',
   `disablelmtp` enum('n','y') NOT NULL default 'n',
   `disabledoveadm` enum('n','y') NOT NULL default 'n',
+  `last_access` int(11) NULL DEFAULT NULL,
   `disablequota-status` enum('n','y') NOT NULL default 'n',
   `disableindexer-worker` enum('n','y') NOT NULL default 'n',
   `last_quota_notification` date NULL default NULL,
@@ -1460,6 +1465,8 @@ CREATE TABLE `server_php` (
   `php_fpm_ini_dir` varchar(255) DEFAULT NULL,
   `php_fpm_pool_dir` varchar(255) DEFAULT NULL,
   `php_fpm_socket_dir` varchar(255) DEFAULT NULL,
+  `php_cli_binary` varchar(255) DEFAULT NULL,
+  `php_jk_section` varchar(255) DEFAULT NULL,
   `active` enum('n','y') NOT NULL DEFAULT 'y',
   `sortprio` int(20) NOT NULL DEFAULT 100,
   PRIMARY KEY (`server_php_id`)
@@ -1532,9 +1539,9 @@ CREATE TABLE `spamfilter_policy` (
   `addr_extension_spam` varchar(64) default NULL,
   `addr_extension_banned` varchar(64) default NULL,
   `addr_extension_bad_header` varchar(64) default NULL,
-  `warnvirusrecip` enum('N','Y') default 'N',
-  `warnbannedrecip` enum('N','Y') default 'N',
-  `warnbadhrecip` enum('N','Y') default 'N',
+  `warnvirusrecip` VARCHAR(1) NULL default 'N',
+  `warnbannedrecip` VARCHAR(1) NULL default 'N',
+  `warnbadhrecip` VARCHAR(1) NULL default 'N',
   `newvirus_admin` varchar(64) default NULL,
   `virus_admin` varchar(64) default NULL,
   `banned_admin` varchar(64) default NULL,
@@ -1741,8 +1748,8 @@ CREATE TABLE `sys_group` (
 CREATE TABLE `sys_ini` (
   `sysini_id` int(11) unsigned NOT NULL auto_increment,
   `config` longtext,
-  `default_logo` text NOT NULL,
-  `custom_logo` text NOT NULL,
+  `default_logo` text NULL,
+  `custom_logo` text NULL,
   PRIMARY KEY  (`sysini_id`)
 ) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
@@ -1945,7 +1952,9 @@ CREATE TABLE IF NOT EXISTS `web_database_user` (
   `database_user` varchar(64) DEFAULT NULL,
   `database_user_prefix` varchar(50) NOT NULL default '',
   `database_password` varchar(64) DEFAULT NULL,
+  `database_password_sha2` varchar(70) DEFAULT NULL,
   `database_password_mongo` varchar(32) DEFAULT NULL,
+  `database_password_postgres` varchar(255) DEFAULT NULL,
   PRIMARY KEY (`database_user_id`)
 )  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
@@ -2046,6 +2055,7 @@ CREATE TABLE `web_domain` (
   `delete_unused_jailkit` enum('n','y') NOT NULL default 'n',
   `last_jailkit_update` date NULL DEFAULT NULL,
   `last_jailkit_hash` varchar(255) DEFAULT NULL,
+  `disable_symlinknotowner` enum('n','y') NOT NULL default 'n',
   PRIMARY KEY  (`domain_id`),
   UNIQUE KEY `serverdomain` (  `server_id` , `ip_address`,  `domain` )
 ) ENGINE=InnoDB ROW_FORMAT=DYNAMIC DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

install/tpl/amavisd_user_config.master

@@ -85,6 +85,9 @@ $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
   originating => 1,
 };
+$policy_bank{'MYNETS'} = {
+  originating => 1,
+};
 
 # IP-Addresses for internal networks => load policy MYNETS
 # - requires -o smtp_send_xforward_command=yes in postfix master.cf

install/tpl/config.inc.php.master

@@ -158,6 +158,7 @@ $conf['timezone'] = '{timezone}';
 
 //** Misc.
 $conf['interface_logout_url'] = ''; // example: http://www.domain.tld/
+$conf['interface_base_url'] = ''; // example: http://www.domain.tld (no trailing slash)
 
 
 //** Auto Load Modules

install/tpl/debian_postfix.conf.master

@@ -26,15 +26,16 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
 smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo{reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_reject_unlisted_sender = no
-smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining{reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
-maildrop_destination_concurrency_limit = 1
-maildrop_destination_recipient_limit   = 1
+# Needed for courier pop3/imap only
+# maildrop_destination_concurrency_limit = 1
+# maildrop_destination_recipient_limit   = 1
 virtual_transport = maildrop
 header_checks = regexp:{config_dir}/header_checks
 mime_header_checks = regexp:{config_dir}/mime_header_checks

install/tpl/fedora_postfix.conf.master

@@ -22,15 +22,16 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
 smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo{reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_reject_unlisted_sender = no
-smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining{reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
-maildrop_destination_concurrency_limit = 1
-maildrop_destination_recipient_limit   = 1
+# Needed for courier pop3/imap only
+# maildrop_destination_concurrency_limit = 1
+# maildrop_destination_recipient_limit   = 1
 virtual_transport = maildrop
 header_checks = regexp:{config_dir}/header_checks
 mime_header_checks = regexp:{config_dir}/mime_header_checks

install/tpl/gentoo_postfix.conf.master

@@ -29,12 +29,13 @@ smtpd_helo_required = yes
 smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_reject_unlisted_sender = no
-smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining{reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
-maildrop_destination_concurrency_limit = 1
-maildrop_destination_recipient_limit   = 1
+# Needed for courier pop3/imap only
+# maildrop_destination_concurrency_limit = 1
+# maildrop_destination_recipient_limit   = 1
 virtual_transport = maildrop
 header_checks = regexp:{config_dir}/header_checks
 mime_header_checks = regexp:{config_dir}/mime_header_checks

install/tpl/jk_init.ini.master

@@ -28,6 +28,10 @@ includesections = uidbasics, logbasics
 comment = alias for jk_lsh
 includesections = jk_lsh
 
+[openssl]
+comment = Generic openssl files (excluded: /etc/ssl/private, /usr/lib/ssl/private)
+paths =  /bin/openssl, /etc/ssl/openssl.cnf, /etc/ssl/certs, /usr/lib/ssl/cert.pem, /usr/lib/ssl/certs, /usr/lib/ssl/misc, /usr/lib/ssl/openssl.cnf, /usr/share/ca-certificates
+
 [cvs]
 comment = Concurrent Versions System
 paths = cvs
@@ -67,7 +71,7 @@ devices = /dev/null
 
 [basicshell]
 comment = bash based shell with several basic utilities
-paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8, uname, expr, xargs
+paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8, uname, expr, xargs, /etc/inputrc
 users = root
 groups = root
 includesections = uidbasics
@@ -240,7 +244,17 @@ includesections = php_common
 
 [php8_2]
 comment = php version 8.2
-paths = /usr/bin/php8.2, /usr/lib/php/8.2/, /usr/lib/php/20210902/, /usr/share/php/8.2/, /etc/php/8.2/cli/, /etc/php/8.2/mods-available/
+paths = /usr/bin/php8.2, /usr/lib/php/8.2/, /usr/lib/php/20220829/, /usr/share/php/8.2/, /etc/php/8.2/cli/, /etc/php/8.2/mods-available/
+includesections = php_common
+
+[php8_3]
+comment = php version 8.3
+paths = /usr/bin/php8.3, /usr/lib/php/8.3/, /usr/lib/php/20230831/, /usr/share/php/8.3/, /etc/php/8.3/cli/, /etc/php/8.3/mods-available/
+includesections = php_common
+
+[php8_4]
+comment = php version 8.4
+paths = /usr/bin/php8.4, /usr/lib/php/8.4/, /usr/lib/php/20240841/, /usr/share/php/8.4/, /etc/php/8.4/cli/, /etc/php/8.4/mods-available/
 includesections = php_common
 
 [imagemagick]

install/tpl/jk_init_el.ini.master

+# jk_init.ini:  jailkit initialization config
+
+# Includes paths to handle Enterprise Linux systems like RHEL and its derivatives AlmaLinux, Rocky Linux et cetera
+# if other paths are needed please create an issue with the details or even a merge request at:
+# https://git.ispconfig.org/ispconfig/ispconfig3
+
+[uidbasics]
+comment = common files for all jails that need user/group information
+paths = /lib*/libnsl.so.*, /lib*/libnss*.so.*, /lib/*/libnsl.so.*, /lib/*/libnss*.so.*, /etc/nsswitch.conf, /etc/ld.so.conf
+
+[netbasics]
+comment = common files for all jails that need any internet connectivity
+paths = /lib*/libnss_dns.so.*, /lib*/libnss_mdns*.so.*, /lib/*/libnss_dns.so.*, /lib/*/libnss_mdns*.so.*, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services, /etc/ssl/certs/, /usr/lib/ssl/certs
+
+[logbasics]
+comment = timezone information and log sockets
+paths = /etc/localtime
+need_logsocket = 1
+
+[enterpriselinuxbasics]
+comment = Various Enterprise Linux specific directories and programs
+paths = /usr/lib/locale, /usr/share/modulefiles, /usr/share/Modules, /usr/share/tcl*, /usr/bin/lesspipe.sh, /usr/libexec/grepconf.sh, /usr/bin/tclsh, /usr/bin/tty
+includesections = enterpriselinux_etc_env
+
+[enterpriselinux_etc_env]
+comment = Enterprise Linux /etc specific environment related files
+paths = /etc/profile, /etc/modulefiles, /etc/alternatives/modulecmd, /etc/DIR_COLORS*,  /etc/sysconfig/bash-prompt-default, /etc/profile.d/bash_completion.sh, /etc/profile.d/color*, /etc/profile.d/lang*, /etc/profile.d/less*, /etc/profile.d/sh.local, /etc/profile.d/vim*, /etc/profile.d/composer*, /etc/profile.d/conda*, /etc/profile.d/guestfish.sh, /etc/locale.conf, /etc/inputrc
+emptydirs = /etc/ssl, /etc/pki
+
+[jk_lsh]
+comment = Jailkit limited shell
+paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
+users = root
+groups = root
+includesections = uidbasics, logbasics
+
+[limitedshell]
+comment = alias for jk_lsh
+includesections = jk_lsh
+
+[cvs]
+comment = Concurrent Versions System
+paths = cvs
+devices = /dev/null
+
+[git]
+comment = Fast Version Control System
+paths = /usr/bin/git*, /usr/lib/git-core, /usr/share/git-core, pager
+includesections = editors, perl, netbasics, basicshell, coreutils
+
+[scp]
+comment = ssh secure copy
+paths = scp
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+
+[sftp]
+comment = ssh secure ftp
+paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+
+[ssh]
+comment = ssh secure shell
+paths = ssh
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/tty, /dev/null
+
+[rsync]
+paths = rsync
+includesections = netbasics, uidbasics
+
+[procmail]
+comment = procmail mail delivery
+paths = procmail, /bin/sh
+devices = /dev/null
+
+[basicshell]
+comment = bash based shell with several basic utilities
+paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8, uname, expr, xargs
+users = root
+groups = root
+includesections = uidbasics, enterpriselinuxbasics
+
+[interactiveshell]
+comment = for ssh access to a full shell
+includesections = uidbasics, basicshell, terminfo, editors, extendedshell
+
+[midnightcommander]
+comment = Midnight Commander
+paths = mc, mcedit, mcview, /usr/share/mc
+includesections = basicshell, terminfo
+
+[extendedshell]
+comment = bash shell including things like awk, bzip, tail, less
+paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
+includesections = basicshell, midnightcommander, editors
+
+[terminfo]
+comment = terminfo databases, required for example for ncurses or vim
+paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo
+
+[editors]
+comment = vim, joe and nano
+includesections = terminfo
+paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim
+
+[netutils]
+comment = several internet utilities like curl, wget, ftp, rsync, scp, ssh
+paths = curl, wget, lynx, ftp, host, rsync, smbclient
+includesections = netbasics, ssh, sftp, scp
+
+[apacheutils]
+comment = htpasswd utility
+paths = htpasswd
+
+[extshellplusnet]
+comment = alias for extendedshell + netutils + apacheutils
+includesections = extendedshell, netutils, apacheutils
+
+[openvpn]
+comment = jail for the openvpn daemon
+paths = /usr/sbin/openvpn
+users = root,nobody
+groups = root,nogroup
+devices = /dev/urandom, /dev/random, /dev/net/tun
+includesections = netbasics, uidbasics
+need_logsocket = 1
+
+[apache]
+comment = the apache webserver, very basic setup, probably too limited for you
+paths = /usr/sbin/apache
+users = root, www-data
+groups = root, www-data
+includesections = netbasics, uidbasics
+
+[perl]
+comment = the perl interpreter and libraries
+paths = perl, /usr/lib64/perl, /usr/lib64/perl5, /usr/share/perl, /usr/share/perl5
+
+[xauth]
+comment = getting X authentication to work
+paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
+
+[xclients]
+comment = minimal files for X clients
+paths = /usr/X11R6/lib/X11/rgb.txt
+includesections = xauth
+
+[vncserver]
+comment = the VNC server program
+paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
+includesections = xclients
+
+[ping]
+comment = Ping program
+paths_w_setuid = /bin/ping
+
+#[xterm]
+#comment = xterm
+#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
+#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
+
+[coreutils]
+comment = Progs from coreutils
+paths = arch, b2sum, base32, base64, basename, cat, chcon, chgrp, chmod, chown, cksum, comm, cp, csplit, cut, date, dir, dircolors, dirname, du, echo, env, expand, expr, factor, false, fmt, fold, groups, head, hostid, id, install, join, link, ln, logname, ls, md5sum, mkdir, mkfifo, mknod, mktemp, mv, nice, nl, nohup, nproc, numfmt, od, paste, pathchk, pinky, pr, printenv, printf, ptx, pwd, readlink, realpath, rm, rmdir, runcon, seq, sha1sum, sha224sum, sha256sum, sha384sum, sha512sum, shred, shuf, sleep, sort, split, stat, stdbuf, stty, sum, tac, tail, tee, test, timeout, touch, tr, true, truncate, tsort, uname, unexpand, uniq, unlink, users, vdir, wc, who, whoami, yes
+
+[webutils]
+comment = Collection of commonly used utils for webapps
+paths = /usr/bin/gm, /usr/bin/convert, /usr/bin/identify, /usr/bin/composite, /usr/bin/combine, /usr/bin/cwebp, /usr/bin/pdf*
+
+[mysqlutils]
+comment = MySQL client utils
+paths = mysql, mysqldump, mysqlshow
+
+[composer]
+comment = composer
+paths = composer, /usr/local/bin/composer, /usr/share/doc/composer
+includesections = php, uidbasics, netbasics
+
+[node]
+comment = NodeJS
+paths = npm, npx, node, nodejs, semver, /usr/lib/nodejs, /usr/share/nodejs, /usr/share/npm, /usr/share/node-mime, /usr/lib/node_modules, /usr/local/lib/nodejs, /usr/local/lib/node_modules, /etc/npmrc, /etc/npmignore, elmi-to-json, /usr/local/bin/elmi-to-json
+
+[env]
+comment = /usr/bin/env for environment variables
+paths = env
+
+[php]
+comment = default php version and libraries
+paths = /usr/bin/php
+includesections = php_common
+
+[php_common]
+comment = Common PHP directories and libraries
+# notice:  potential information leak
+#  do not add all of /etc/php/ or any of the fpm directories
+#  or the php config (which includes custom php snippets) from *all*
+#  sites which use fpm will be copied to *every* jailkit
+paths = /usr/bin/php, /usr/bin/phar, /usr/lib64/php/, /usr/share/php/, /usr/share/zoneinfo/
+includesections = env, logbasics, netbasics, mysqlutils, webutils, imagemagick
+
+[php5_4]
+comment = PHP 5.4
+paths = /opt/remi/php54/root/bin/php, /usr/bin/php54, /opt/remi/php54/root/bin/phar, /opt/remi/php54/root/usr/lib64/, /opt/remi/php54/root/usr/share/
+includesections = php_common
+
+[php5_5]
+comment = PHP 5.5
+paths = /opt/remi/php55/root/bin/php, /usr/bin/php55, /opt/remi/php55/root/bin/phar, /opt/remi/php55/root/usr/lib64/, /opt/remi/php55/root/usr/share/
+includesections = php_common
+
+[php5_6]
+comment = PHP 5.6
+paths = /opt/remi/php56/root/bin/php, /usr/bin/php56, /opt/remi/php56/root/bin/phar, /opt/remi/php56/root/usr/lib64/, /opt/remi/php56/root/usr/share/
+includesections = php_common
+
+[php7_0]
+comment = PHP 7.0
+paths = /opt/remi/php70/root/bin/php, /usr/bin/php70, /opt/remi/php70/root/bin/phar, /opt/remi/php70/root/usr/lib64/, /opt/remi/php70/root/usr/share/
+includesections = php_common
+
+[php7_1]
+comment = PHP 7.1
+paths = /opt/remi/php71/root/bin/php, /usr/bin/php71, /opt/remi/php71/root/bin/phar, /opt/remi/php71/root/usr/lib64/, /opt/remi/php71/root/usr/share/
+includesections = php_common
+
+[php7_2]
+comment = PHP 7.2
+paths = /opt/remi/php72/root/bin/php, /usr/bin/php72, /opt/remi/php72/root/bin/phar, /opt/remi/php72/root/usr/lib64/, /opt/remi/php72/root/usr/share/
+includesections = php_common
+
+[php7_3]
+comment = PHP 7.3
+paths = /opt/remi/php73/root/bin/php, /usr/bin/php73, /opt/remi/php73/root/bin/phar, /opt/remi/php73/root/usr/lib64/, /opt/remi/php73/root/usr/share/
+includesections = php_common
+
+[php7_4]
+comment = PHP 7.4
+paths = /opt/remi/php74/root/bin/php, /usr/bin/php74, /opt/remi/php74/root/bin/phar, /opt/remi/php74/root/usr/lib64/, /opt/remi/php74/root/usr/share/
+includesections = php_common
+
+[php8_0]
+comment = PHP 8.0
+paths = /opt/remi/php80/root/bin/php, /usr/bin/php80, /opt/remi/php80/root/bin/phar, /opt/remi/php80/root/usr/lib64/, /opt/remi/php80/root/usr/share/
+includesections = php_common
+
+[php8_1]
+comment = PHP 8.1
+paths = /opt/remi/php81/root/bin/php, /usr/bin/php81, /opt/remi/php81/root/bin/phar, /opt/remi/php81/root/usr/lib64/, /opt/remi/php81/root/usr/share/
+includesections = php_common
+
+[php8_2]
+comment = PHP 8.2
+paths = /opt/remi/php82/root/bin/php, /usr/bin/php82, /opt/remi/php82/root/bin/phar, /opt/remi/php82/root/usr/lib64/, /opt/remi/php82/root/usr/share/
+includesections = php_common
+
+[php8_3]
+comment = PHP 8.3
+paths = /opt/remi/php83/root/bin/php, /usr/bin/php83, /opt/remi/php83/root/bin/phar, /opt/remi/php83/root/usr/lib64/, /opt/remi/php83/root/usr/share/
+includesections = php_common
+
+[php8_4]
+comment = PHP 8.4
+paths = /opt/remi/php84/root/bin/php, /usr/bin/php84, /opt/remi/php84/root/bin/phar, /opt/remi/php84/root/usr/lib64/, /opt/remi/php84/root/usr/share/
+includesections = php_common
+
+[imagemagick]
+comment = ImageMagick needed for php-imagemagick extension
+paths = /usr/share/ImageMagick-*, /etc/ImageMagick-*, /usr/lib64/ImageMagick-*
+
+

install/tpl/master_cf_amavis10025.master

 
+# Data returning from Amavis content filtering, defaults to incomming amavis port(10024) +1
 127.0.0.1:10025 inet n - n - - smtpd
         -o content_filter=
         -o local_recipient_maps=

install/tpl/master_cf_amavis10027.master

 
+# Data returning from Amavis DKIM signing, defaults to incomming amavis port(10026) +1
 127.0.0.1:10027 inet n - n - - smtpd
         -o content_filter=
         -o local_recipient_maps=

install/tpl/mysql-virtual_domains.cf.master

@@ -2,5 +2,5 @@ user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
-query = SELECT domain FROM mail_domain WHERE domain = '%s' AND active = 'y' AND server_id = {server_id}
+query = SELECT domain FROM mail_domain WHERE domain = '%s' AND active = 'y' AND local_delivery = 'y' AND server_id = {server_id}
            AND NOT EXISTS (SELECT source FROM mail_forwarding WHERE source = '@%s' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id})

install/tpl/opensuse_postfix.conf.master

@@ -24,15 +24,16 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
 smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo{reject_unknown_helo_hostname}, permit
 smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
 smtpd_reject_unlisted_sender = no
-smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining{reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
-maildrop_destination_concurrency_limit = 1
-maildrop_destination_recipient_limit   = 1
+# Needed for courier pop3/imap only
+# maildrop_destination_concurrency_limit = 1
+# maildrop_destination_recipient_limit   = 1
 virtual_transport = maildrop
 header_checks = regexp:{config_dir}/header_checks
 mime_header_checks = regexp:{config_dir}/mime_header_checks