.editorconfig

+; top-most EditorConfig file
+root = true
+
+; Unix-style newlines
+[*]
+charset = utf-8
+end_of_line = LF
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = tab
+
+[*.{htm,html}]
+indent_style = space
+indent_size = 4

.git-scripts/syntax.sh

+#!/bin/bash
+
+IFS=$'\n'
+EX=0
+ERRS="" ;
+WARNS="" ;
+ERRCNT=0 ;
+WARNCNT=0 ;
+
+OUTCNT=0 ;
+FILECNT=0 ;
+DONECNT=0 ;
+
+CMD="find . -type f \( -name \"*.php\" -o -name \"*.lng\" \) -print" ;
+
+if [[ "$1" == "commit" ]] ; then
+	CMD="git diff-tree --no-commit-id --name-only -r ${CI_COMMIT_SHA} | grep -E '\.(php|lng)$'" ;
+fi
+
+FILECNT=$(eval "${CMD} | wc -l") ;
+
+for F in $(eval "$CMD") ; do
+	if [[ ! -e "${F}" || ! -f "${F}" ]] ; then
+		continue ;
+	fi
+	R=$(php -d error_reporting=E_ALL -d display_errors=On -l "$F" 2>/dev/null) ;
+	RET=$? ;
+	R=$(echo "${R}" | sed "/^$/d")
+	if [ $RET -gt 0 ] ; then
+		EX=1 ;
+		echo -n "E" ;
+		ERRS="${ERRS}${F}:"$'\n'"${R}"$'\n\n' ;
+		ERRCNT=$((ERRCNT + 1)) ;
+	else
+		if [[ "$R" == "Deprecated: "* ]] ; then
+			echo -n "W" ;
+			WARNS="${WARNS}${F}:"$'\n'"${R}"$'\n\n' ;
+			WARNCNT=$((WARNCNT + 1)) ;
+		else 
+			echo -n "." ;
+		fi
+	fi
+	OUTCNT=$((OUTCNT + 1)) ;
+	DONECNT=$((DONECNT + 1)) ;
+	if [ $OUTCNT -ge 40 ] ; then
+		OUTCNT=0 ;
+		echo "[${DONECNT}/${FILECNT}]" ;
+	fi
+done
+
+echo ""
+echo "--------------------------";
+echo "${DONECNT} Files done"
+echo "${ERRCNT} Errors"
+if [ $ERRCNT -gt 0 ] ; then
+	echo "${ERRS}"
+	echo ""
+fi
+
+echo "${WARNCNT} Warnings"
+if [ $WARNCNT -gt 0 ] ; then
+	echo ""
+	echo "${WARNS}"
+	echo ""
+fi
+
+exit $EX

.gitattributes

+* text=auto
+*.php text eol=lf
\ No newline at end of file

.gitignore

+.idea
+/nbproject/private/
+.phplint-cache
+
+# Vim and patch specific excludes
+*.swp
+*.orig
+*.rej
+
+# macOS-specific things to exclude
+
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+Icon?
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Configuration for the Nova editor
+.nova
+
+# VS Code files for those working on multiple tools
+.vscode/*
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# Visual Studio IDE cache/options directory
+.vs/
+
+# do not version control generated config files
+/server/lib/mysql_clientdb.conf
+/server/lib/config.inc.php
+/server/lib/config.inc.local.php
+/interface/lib/config.inc.local.php
+/install/existing_db.sql

.gitlab-ci.yml

+# Defines stages which are to be executed
+stages:
+  - syntax
+  - syntax_diff
+  - test
+  - build
+
+#
+### Stage syntax
+#
+
+syntax:lint:
+  stage: syntax
+  image: edbizarro/gitlab-ci-pipeline-php:7.2
+  allow_failure: false
+  only:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+
+  script:
+    - echo "Syntax checking PHP files"
+    - bash ./.git-scripts/syntax.sh
+
+
+syntax_diff:lint:
+  stage: syntax
+  image: edbizarro/gitlab-ci-pipeline-php:7.2
+  allow_failure: false
+  only:
+    - web
+    - pushes
+    - branches
+
+  except:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+
+  script:
+    - echo "Syntax checking PHP files"
+    - bash ./.git-scripts/syntax.sh commit
+
+#syntax:lint:
+#  stage: syntax
+#  image: edbizarro/gitlab-ci-pipeline-php:7.2
+#  allow_failure: false
+#  only:
+#    - schedules
+#    - web
+#    - merge_requests
+#
+#  script:
+#    - composer require overtrue/phplint
+#    - echo "Syntax checking PHP files"
+#    - echo "For more information http://www.icosaedro.it/phplint/"
+#    - vendor/bin/phplint
+
+
+#test:install:
+#  stage: test
+#  image: jerob/docker-ispconfig
+#  only:
+#    - schedules
+#    - web
+#    - /^\d+\.\d+\.\d+$/
+#  
+#  script:
+#    - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
+#    - apt-get update
+#    - apt-get --yes install curl
+#    - curl --insecure https://127.0.0.1:8080/login/
+#    - ps xaf
+#    
+#  needs: ["syntax:lint"]
+
+build:package:
+    stage: build
+    image: edbizarro/gitlab-ci-pipeline-php:7.2
+    only:
+        refs:
+            - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+            - web
+
+    script:
+        - echo "Building release."
+        - if [[ "$VER" == "" ]] ; then VER="$CI_COMMIT_TAG" ; fi
+        - if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
+        - if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
+        - RET=0
+        - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
+        - if [[ $RET > 1 ]] ; then exit $RET ; fi
+        - echo "Listing tar contents for verification"
+        - tar -tvf ISPConfig-${VER}.tar.gz
+        - echo "Uploading file to download server"
+        - curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/
+        - if [[ "$VER" =~ ^[0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?$ ]] ; then echo "Stable release ${VER}" ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/ISPConfig-3-stable.tar.gz ; echo -n "${VER}" > ispconfig3_version.txt ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ispconfig3_version.txt ftp://${DEPLOY_FTP_SERVER}/web/ ; else echo "Dev release ${VER}" ; fi
+        - rm ISPConfig-${VER}.tar.gz
+        - echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
+        
+    needs: ["syntax:lint"]
+    allow_failure: false

.gitlab/issue_templates/Bug.md

+<!-- Before creating a bug report, please:
+- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
+- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
+- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
+-->
+
+## Summary
+<!-- What is happening and what is wrong with that? -->
+
+## Steps to reproduce
+1. [First step]
+2. [Second step]
+3. [and so on...]
+
+## Correct behaviour
+<!-- What should happen instead? -->
+
+## Environment
+Server OS + version: (Debian 10/Ubuntu 20.04/CentOS 8/...) \
+ISPConfig version: (3.1.15p3/3.2.3/3.2dev/...)
+<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
+Software version of the related software:
+<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
+```
+Output of the command
+```
+
+## Proposed fix
+optional, of course.  
+if you want to post code snippets, please use
+```  
+your code  
+```
+or attach a code file. Best is to create a merge request of course.
+
+## References
+if you know of related bugs or feature requests, please reference them by using `#<issuenumber>`, e. g. #6105
+if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !1444 
+if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
+
+## Screenshots
+optional, of course.  
+Add screenshots of the problem by clicking "Attach a file" on the bottom right.
+
+## Related log entries

.phplint.yml

+path: ./
+jobs: 5
+cache: .phplint-cache
+extensions:
+  - php
+  - lng
+exclude:
+  - vendor
+

CONTRIBUTING.md

+# Contributing to ISPConfig
+ISPConfig is a open source project and community contributions are very welcome. To contribute, please stick to the guidelines.
+
+This document is under development and will be continuously improved.
+
+Please do not refactor existing code and do not change the signature or the behaviour of central functions or libraries. Such changes may only be made by the core development team. We have had many bad experiences with such changes affecting the stability of ISPConfig, so we no longer accept submissions containing such changes. Merge requests containing such changes will be closed and not merged.
+
+# Issues
+* Before opening a new issue, use the search function to check if there isn't a bug report / feature request already.
+* If you are reporting a bug, please share your OS and PHP (CLI) version.
+* If you want to report several bugs or request several features, open a separate issue for each one of them.
+* Do note re-open issues that were closed by the core dev team unless something new and important that is not mentioned in the original issue needs to be added. Permanently re-opening issues that we commented on and closed will get your account banned. You may add comments to issues without re-opening them though.
+
+# Branches
+* If you are a new user, please send an email to: dev [at] ispconfig [dot] org to receive rights to fork the project.
+* Please create an issue for each contribution you want to make.
+* Do not put multiple contributions into a single branch and merge request. Each contribution should have it's own branch.
+* Do not use the develop branch in your forked project for your contribution. Create a separate branch for each issue.
+* Give your branch a name, e. g. `6049-update-the-contributing-doc ` where 6049 is the issue number.
+
+# Merge requests
+Please give your merge request a description that shortly states what it is about. Merge requests without a good title or with missing description will get delayed because it is more effort for us to check the meaning of the changes made.
+Once again: Do not put multiple things into a single merge request. If you for example fix two issues where one affects apache and one mail users, use separate issues and separate merge requests.
+You can group multiple issues in a single merge request if they have the same specific topic, e. g. if you have one issue stating that a language entry in mail users is missing and a second issue that a language entry for server config is missing, you can put both issues into a single branch and merge request. Be sure to include all issue ids (if multiple) into the merge request's description in this case.
+* Open a issue for the bug you want to fix / the feature you want to implement
+* After opening the issue, commit your changes to your branch
+* Note the issue # in every commit
+* Update the documentation (New devs will not have access to this. Please send a email to docs@ispconfig.org)
+* Add translations for every language
+* Use a short title
+* Write a clear description - for example, when updating the contributing guidelines with issue #6049: \
+"Update of our contributing guidelines \
+Closes #6049"
+* Please be aware that we are not able to accept merge request that do not stick to the coding guidelines. We need to insist on that to keep the code clean and maintainable.
+
+# Some guidelines for web development with php.
+-----------------------------------------------------
+* Don't use features that are not supported in PHP 5.4, for compatibility with LTS OS releases, ISPConfig must support PHP 5.4+
+* Don't use shorttags. A Shorttag is `<?` and that is confusing with `<?xml` -> always use `<?php`
+* Don't use namespaces
+* Column names in database tables and database table names are in lowercase
+* Classes for the interface are located in interface/lib/classes/ and loaded with $app->uses() or $app->load() functions.
+* Classes for the server are located in server/lib/classes/ and loaded with $app->uses() or $app->load() functions.
+
+### Indentations
+
+Indentations are always done with tabs. Do **not** use spaces.
+It is recommended to set your IDE to display tabs with a width of 4 spaces.
+
+### Variable and method / function names
+
+Methods and functions should always be written in camel-case. Variables and properties should always be lowercase instead.
+
+**Correct:**
+```php
+class MyClass {
+    private $issue_list = [];
+
+    private function getMyValue() {
+
+    }
+}
+```
+
+**Wrong:**
+```php
+class my_class {
+    private $IssueList = [];
+
+    private function get_my_value() {
+
+    }
+}
+```
+
+### Blocks
+
+#### Curly braces
+
+Opening curly braces always have to be in the same line as the preceding condition. They are separated by a single space from the closing paranthesis.
+Closing curly braces are always on a separate line after the last statement in the block. The only exception is a do-while block where the logic is inverted.
+
+Curly braces are **always** to be used. Do not leave them out, even if there is only a single statement in the corresponding block.
+
+**Correct:**
+```php
+if($variable === true) {
+
+}
+
+while($condition) {
+
+}
+
+do {
+
+} while($condition);
+```
+
+**Wrong:**
+```php
+if($variable === true){
+
+}
+
+if($variable === true)
+{
+
+}
+
+if($variable === true)
+   $x = 'no braces';
+
+while($condition) { }
+```
+
+#### Short style
+
+The short style of conditional assignments is allowed to be used, but it must not affect readability, e. g. they shall not be nested.
+
+**Allowed:**
+```php
+$a = 0;
+if($condition === true) {
+    $a = 1;
+}
+
+$a = ($condition === true ? 1 : 0);
+```
+
+**Disallowed:**
+```php
+$x = ($condition === true ? ($further == 'foo' ? true : false) : true);
+```
+
+
+#### Spaces and paranthesis
+
+The rules for using spaces are:
+- no space after `if`/`while` etc. and the following opening paranthesis
+- single space after closing paranthesis and before opening curly brace
+- no spaces at the end of a line
+- no spaces after opening paranthesis and before closing paranthesis
+- single space before and after comparators
+
+**Correct:**
+```php
+if($variable === $condition) {
+
+}
+
+while(($condition !== false || $condition2 === true) && $n <= 15) {
+    $n++;
+}
+```
+
+**Wrong:**
+```php
+if ($variable===$condition) {
+
+}
+
+while(($condition!==false||$condition2===true))&&$n<=15){
+
+}
+```
+
+#### Newlines inside of conditions
+
+Breaking up conditions into separate lines can be done if it positively affects readability.
+
+```php
+if($condition === true && ($state === 'completed' || $state === 'pending') && ($processed_by !== null || $process_time < time())) {
+
+}
+```
+can also be written as
+```php
+if($condition === true
+    && ($state === 'completed' || $state === 'pending')
+    && ($processed_by !== null || $process_time < time())
+    ) {
+
+}
+```
+This must not be abused, e. g. the following is not allowed:
+
+```php
+if($a == 1
+    || $b == 2) {
+
+    }
+```
+
+### Arrays
+
+#### Short syntax
+
+Please **do** use short array syntax. We have deprecated the old-style array syntax.
+
+**Correct**:
+```php
+$var = [];
+
+$var2 = [
+    'conf' => [
+        'setting1' => 'value1'
+    ]
+];
+```
+
+**Wrong:**
+```php
+$var = array();
+
+$var2 = array(
+    'conf' => array(
+        'setting1' => 'value1'
+    )
+);
+```
+
+#### Spaces and newlines
+
+When defining an empty array, both brackets shall be on the same line. When defining an array with values, the style depends on the values you are going to assign.
+
+##### List of values
+
+When defining an array with a list of values, e. g. numbers or names, they should be on the same line as the brackets without using new lines, as long as the line does not exceed a total number of characters of about 90. After each comma there has to be a single space.
+
+##### Nested array
+
+When defining a nested array onle the opening bracket is to be on the same line. The closing bracket has to be on a separate line indented by `tabs * level of array`.
+
+##### Examples
+
+```php
+// empty array
+$a = [];
+
+// array with list of values
+$array = [4, 3, 76, 12];
+
+// array with long list of values
+$array = [
+    'This is one entry', 'This is a second one', 'Another one', 'Further entries', 'foo', 'bar', 34, 42, $variable, // newline here for better readability
+    'Next entry', 'the last entry'
+];
+
+// nested array
+$array = [
+    'conf' => [
+        'level' => 1,
+        'settings' => [
+            'window' => 'open',
+            'door' => 'closed
+        ]
+    ]
+];
+```
+
+**Not-to-dos:**
+```php
+$array=[
+];
+
+$array = [
+    1,
+    4,
+    35,
+    23,
+    345,
+    11,
+    221,
+    'further',
+    '...'
+];
+
+$array=['conf'=>['settings'=>['window' => 'open', 'door' => 'closed]]];
+```
+
+### Strings 
+
+Whenever possible use single quotes `'` instead of double qoutes `"`. Try not to embedd variables in string. Concatenate them instead.
+
+**Correct:**
+```php
+// simple text
+$var = 'This is a text';
+
+// array index
+$array['index'] = 'value';
+
+// text with variables
+$var = 'This is a text with ' . $value . ' values inside and at the end: ' . $sum_value;
+
+// dynamic array index
+$idx = 'index' . $key;
+$value = $array[$idx];
+```
+
+**Wrong:**
+```php
+// simple text
+$var = "This is a text";
+
+// array index
+$array["index"] = 'value';
+
+// text with variables
+$var = "This is a text with $value values inside and at the end: {$sum_value}";
+
+// dynamic array index
+$value = $array['index' . $key];
+$value = $array["index{$key}"];
+```
+
+# Where to store custom settings
+## Interface settings
+The recommended place to store global interface settings is the ini style global config system 
+(see system.ini.master file in install/tpl/ to set defaults). The settings file 
+gets stored inside the ispconfig database. Settings can be accessed with the function:
+
+```
+$app->uses('ini_parser,getconf');
+$interface_settings = $app->getconf->get_global_config('modulename');
+```
+
+where modulename corresponds to the config section in the system.ini.master file.
+To make the settings editable under System > interface config, add the new configuration
+fields to the file interface/web/admin/form/system_config.tform.php and the corresponding
+tempalte file in the templates subfolder of the admin module.
+
+## Server settings
+Server settings are stored in the ini style server config system (see server.ini.master template file)
+The settings file gets stored inside the ispconfig database in the server table. Settings can be 
+accessed with the function $app->getconf->get_server_config(....)
+
+Example to access the web configuration:
+
+```
+$app->uses('ini_parser,getconf');
+$web_config = $app->getconf->get_server_config($server_id,'web');
+```
+
+# Learn about the form validators
+There are form validators in interface/lib/classes/tform.inc.php to make validating forms easier.
+Read about: REGEX,UNIQUE,NOTEMPTY,ISEMAIL,ISINT,ISPOSITIVE,ISIPV4,ISIPV6,ISIP,CUSTOM

LICENSE

+Copyright (c) 2007-2020, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

+# ISPConfig - Hosting Control Panel
+![ISPConfig logo](https://www.ispconfig.org/wp-content/themes/ispconfig/images/ispconfig_logo.png "") \
+Development branch: [![pipeline status](https://git.ispconfig.org/ispconfig/ispconfig3/badges/develop/pipeline.svg)](https://git.ispconfig.org/ispconfig/ispconfig3/commits/develop)
+
+## Functions
+- Manage multiple servers from one control panel
+- Single server, multiserver and mirrored clusters.
+- Webserver management
+- Mailserver management
+- DNS server management
+- Virtualization (OpenVZ)
+- Administrator, reseller, client and mailuser login
+- Open Source software ([BSD license](LICENSE))
+
+## Supported daemons
+- HTTP: Apache2 and NGINX
+- HTTP stats: Webalizer, GoAccess and AWStats
+- Let's Encrypt: Acme.sh and certbot
+- SMTP: Postfix
+- POP3/IMAP: Dovecot
+- Spamfilter: Rspamd and Amavis
+- FTP: PureFTPD
+- DNS: BIND9 and PowerDNS[^1]
+- Database: MariaDB and MySQL
+
+[^1]: not actively tested
+
+## Supported operating systems
+- Debian 9 - 12, and testing
+- Ubuntu 16.04 - 22.04
+- CentOS 7 and 8
+
+## Auto-install script
+You can install the "Perfect Server" with ISPConfig using [our official autoinstaller](https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/)
+
+## Migration tool
+The Migration Tool helps you to import data from other control panels (currently ISPConfig 2 and 3 – 3.2, Plesk 10 – 12.5, Plesk Onyx, CPanel[^2] and Confixx 3). For more information, see https://www.ispconfig.org/add-ons/ispconfig-migration-tool/
+
+[^2]: The Migration Toolkit now contains beta support for migrating CPanel to ISPConfig.
+
+## Documentation
+You can support ISPConfig development by buying the manual: https://www.ispconfig.org/documentation/
+
+## Contributing
+If you like to contribute to the ISPConfig development, please read the contributing guidelines: [CONTRIBUTING.MD](CONTRIBUTING.md)
+

TODO.txt

+Please see our GitLab issues for feature requests and bug reports.
+
+https://git.ispconfig.org/ispconfig/ispconfig3/issues

config/exim4/exim4.conf.template

-######################################################################
-#                    MAIN CONFIGURATION SETTINGS                     #
-######################################################################
-
-# MySQL defines
-MYSQL_SERVER=localhost
-MYSQL_USER=root
-MYSQL_PASSWORD=matze
-MYSQL_DB=mailserver
-MYSQL_EMAILTABLE=mail_email
-MYSQL_DOMAINTABLE=mail_domain
-MYSQL_WHITETABLE=mail_whitelist
-MYSQL_BLACKTABLE=mail_blacklist
-
-# Server ID for Multiserver Setups
-MAILSERVER_ID=1
-MAILSERVER_HOSTNAME=mail.
-MAILSERVER_EXIM_BINARY=/usr/sbin/exim4
-MAILSERVER_SPAMC_BINARY=/usr/bin/spamc
-
-# Mailman vars
-MAILMAN_HOME=/var/lib/mailman
-MAILMAN_WRAP=MAILMAN_HOME/mail/wrapper
-MAILMAN_UID=list
-MAILMAN_GID=list
-
-# MySQL queries
-# MYSQL_Q_LDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND type = 'local'
-# MYSQL_Q_RDOMAIN=SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND type = 'relay'
-
-MYSQL_Q_VSCAN=SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND opt_virscan='yes'
-
-
-MM_HOME=${lookup mysql{SELECT mm_home FROM mail_mailman_domain WHERE domain='${quote_mysql:domain}'}}
-MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
-MM_WRAP=${lookup mysql{SELECT mm_wrap FROM mail_mailman_domain WHERE domain='${quote_mysql:domain}'}}
-
-# MySQL connection
-hide mysql_servers = "MYSQL_SERVER/MYSQL_DB/MYSQL_USER/MYSQL_PASSWORD"
-
-# starting 'normal' config
-
-primary_hostname = MAILSERVER_HOSTNAME
-
-domainlist local_domains = mysql;SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND (type = 'local' OR type = 'alias')
-domainlist relay_to_domains = mysql;SELECT DISTINCT domain FROM MYSQL_DOMAINTABLE WHERE domain='${quote_mysql:$domain}' AND type = 'relay'
-hostlist   relay_from_hosts = 127.0.0.1
-domainlist mmdomains = ${lookup mysql {SELECT domain FROM mail_mailman_domain}}
-
-acl_smtp_rcpt = acl_check_rcpt
-
-qualify_domain = 
-# qualify_recipient =
-
-# allow_domain_literals
-
-never_users = root
-trusted_users = mail
-
-host_lookup = *
-rfc1413_hosts = *
-rfc1413_query_timeout = 15s
-
-check_spool_space = 50M
-check_log_space = 20M
-return_size_limit = 20k
-message_size_limit = 20M
-
-# sender_unqualified_hosts =
-# recipient_unqualified_hosts =
-
-# percent_hack_domains =
-
-ignore_bounce_errors_after = 2d
-timeout_frozen_after = 7d
-
-deliver_queue_load_max = 8
-queue_only_load = 10
-remote_max_parallel = 15
-
-#tls_certificate = 
-#tls_privatekey = 
-#tls_advertise_hosts = *
-
-# SSL/TLS cert and key
-tls_certificate = /etc/exim4/smtpd.cert
-tls_privatekey = /etc/exim4/smtpd.key
-
-# Advertise TLS to anyone
-tls_advertise_hosts = *
-
-# Require auth over SSL only.
-# auth_over_tls_hosts = *
-
-spamd_address = 127.0.0.1 783
-
-######################################################################
-#                       ACL CONFIGURATION                            #
-#         Specifies access control lists for incoming SMTP mail      #
-######################################################################
-
-begin acl
-
-acl_check_rcpt:
-  accept  hosts = :
-  deny    domains       = +local_domains
-          local_parts   = ^[.] : ^.*[@%!/|]
-  deny    domains       = !+local_domains
-          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
-  accept  local_parts   = postmaster
-          domains       = +local_domains
-  require verify        = sender
-  accept  domains       = +local_domains
-          endpass
-          verify        = recipient
-  accept  domains       = +relay_to_domains
-          endpass
-          verify        = recipient
-  accept  hosts         = +relay_from_hosts
-  accept  authenticated = *
-  deny    message       = relay not permitted
-
-acl_check_data:
-  warn  message = X-Spam-Score: $spam_score ($spam_bar)
-        spam = nobody:true
-  warn  message = X-Spam-Report: $spam_report
-        spam = nobody:true
-  warn  message = Subject: *SPAM* $h_Subject
-        spam = nobody
-
-  # reject spam at high scores (> 12)
-  deny   message = This message scored $spam_score spam points.
-         spam = nobody:true
-         condition = ${if >{$spam_score_int}{120}{1}{0}}
-
-
-
-######################################################################
-#                      ROUTERS CONFIGURATION                         #
-#               Specifies how addresses are handled                  #
-######################################################################
-#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
-# An address is passed to each router in turn until it is accepted.  #
-######################################################################
-
-begin routers
-
-fail_router:
-  driver = redirect
-  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND enabled='no'}{$value}}
-  data = ":fail:"
-  allow_fail
-
-mailman_router:
-   driver = accept
-   domains = +mmdomains
-   require_files = MM_LISTCHK
-   local_part_suffix_optional
-   local_part_suffix =  -admin     : \
-            -bounces   : -bounces+* : \
-            -confirm   : -confirm+* : \
-            -join      : -leave     : \
-            -owner      : -request   : \
-            -subscribe : -unsubscribe
-   transport = mailman_transport
-
-dnslookup:
-  driver = dnslookup
-  domains = ! +local_domains
-  transport = remote_smtp
-  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
-  no_more
-
-domain_aliases:
-   driver=redirect
-   domains=${lookup mysql{SELECT domain FROM mail_domain WHERE type = 'alias'}}
-   data=$local_part@${lookup mysql{SELECT destination FROM mail_domain WHERE domain='${domain}'}}
-
-blacklist_router:
-  driver = manualroute
-  senders = ${lookup mysql {SELECT DISTINCT MYSQL_BLACKTABLE.address FROM MYSQL_BLACKTABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_BLACKTABLE.address}{$value}}
-  condition = "${if !def:h_X-Spam-Flag: {1}{0}}"
-  headers_add = X-Spam-Flag: YES
-  route_list = * localhost
-  self = pass
-
-#system_aliases:
-#  driver = redirect
-#  allow_fail
-#  allow_defer
-#  data = ${lookup{$local_part}lsearch{/etc/aliases}}
-# user = exim
-#  file_transport = address_file
-#  pipe_transport = address_pipe
-
-#mysql_systemalias:
-#   driver = redirect
-#   allow_fail
-#   allow_defer
-#   data = ${lookup mysql{SELECT dest FROM mail_systemalias WHERE local_part='${quote_mysql:$local_part}'}}
-
-mysql_email_alias:
-   driver = redirect
-   allow_fail
-   allow_defer
-   data = ${lookup mysql{ SELECT destination FROM mail_redirect WHERE email='${local_part}@${domain}' AND type = 'alias'}}
-
-#spamcheck_router:
-#  driver = manualroute
-#  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spamscan='yes'}{$value}}
-#  senders = ! ${lookup mysql {SELECT DISTINCT MYSQL_WHITETABLE.address FROM MYSQL_WHITETABLE WHERE '${quote_mysql:$sender_address}' LIKE MYSQL_WHITETABLE.address}{$value}}
-#  condition = ${if and { \
-#    {!eq {$received_protocol}{spam-scanned}} \
-#    {!eq {$received_protocol}{local}} \
-#    } {1}{0}}
-#  headers_remove = X-Spam-Flag
-#  route_list = "* localhost byname"
-#  transport = spamcheck
-#  verify = false
-
-#spampurge_router:
-#  driver = manualroute
-#  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND spampurge='yes'}{$value}}
-#  condition = "${if eq{$h_X-Spam-Flag:}{YES} {1}{0}}"
-#  route_list = "* localhost byname"
-#  transport = devnull_transport
-#  verify = false
-
-autoresponder_router:
-  driver = accept
-  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND autoresponder='yes'}{$value}}
-  transport = autoresponder_transport
-  unseen  
-
-cc_router:
-  driver = redirect
-  data = ${lookup mysql {SELECT cc FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}
-  unseen
-
-forward_router:
-  driver = redirect
-  data = ${lookup mysql {SELECT forward FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND forward != ''}{$value}}
-
-local_mailbox_router:
-  driver = accept
-  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}') AND maildir != ''}{$value}}
-  transport = local_delivery
-  
-mysql_default_router:
-   driver=redirect
-   data=${lookup mysql{ SELECT dest FROM mail_virtual_default WHERE domain='${domain}'}}
-   allow_fail
-   allow_defer
-
-#domain_catchall_director:
-#  driver = redirect
-#  domains = ${lookup mysql {SELECT SUBSTRING_INDEX(email,'@',-1) FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}}
-#  data = ${lookup mysql {SELECT forward FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@') AND forward != ''}{$value}}
-      
-######################################################################
-#                      TRANSPORTS CONFIGURATION                      #
-######################################################################
-#                       ORDER DOES NOT MATTER                        #
-#     Only one appropriate transport is called for each delivery.    #
-######################################################################
-
-begin transports
-
-remote_smtp:
-  driver = smtp
-
-devnull_delivery:
-  driver = appendfile
-  file = /dev/null
-  group = mail
-
-address_pipe:
-  driver = pipe
-  return_output
-
-address_file:
-  driver = appendfile
-  delivery_date_add
-  envelope_to_add
-  return_path_add
-
-address_reply:
-  driver = autoreply
-
-mailman_transport:
-   driver = pipe
-   command = /var/mailman/lists.mas-services.co.uk/mail/mailman \
-            '${if def:local_part_suffix \
-            {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
-            {post}}' \
-            $local_part
-   current_directory = ${lookup mysql{SELECT mm_home FROM mail_mailman_domain WHERE domain='${domain}'}}
-   home_directory = ${lookup mysql{SELECT mm_home FROM mail_mailman_domain WHERE domain='${domain}'}}
-   user = ${lookup mysql{SELECT mm_user FROM mail_mailman_domain WHERE domain='${domain}'}}
-   group = ${lookup mysql{SELECT mm_group FROM mail_mailman_domain WHERE domain='${domain}'}}
-
-spamcheck:
-  driver = pipe
-  command = MAILSERVER_EXIM_BINARY -oMr spam-scanned -bS
-  use_bsmtp = true
-  transport_filter = MAILSERVER_SPAMC_BINARY
-  home_directory = "/tmp"
-  current_directory = "/tmp"
-  user = mail
-  group = mail
-  log_output = true
-  return_fail_output = true
-  return_path_add = false
-  message_prefix =
-  message_suffix =
-
-local_delivery:
-  driver = appendfile
-  directory = ${lookup mysql {SELECT concat(maildir,'/Maildir') FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}
-  maildir_format
-  user = mail
-  group = mail
-  quota = ${lookup mysql{select quota from MYSQL_EMAILTABLE where email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{${value}M}}
-  quota_is_inclusive = false
-  #quota_size_regex = ,S=(\d+):
-  quota_warn_threshold = 75%
-  maildir_use_size_file = false
-  quota_warn_message = "To: $local_part@$domain\n\
-  			Subject: Mailbox quota warning\n\n\
-			This message was automatically generated by the mail delivery software.\n\n\
-			You are now using over 75% of your allocated mail storage quota.\n\n\
-			If your mailbox fills completely, further incoming messages will be automatically\n\
-			returned to their senders.\n\n\
-			Please take note of this and remove unwanted mail from your mailbox.\n"
-  mode = 0660
-  directory_mode = 0770
-  
-#mysql_delivery:
-#   driver = appendfile
-#   maildir_format
-#   directory = \
-#      ${lookup mysql{SELECT maildir FROM passwd \
-#      WHERE email='${local_part}@${domain}'}}
-#   user = \
-#      ${lookup mysql{SELECT uid FROM passwd \
-#      WHERE email='${local_part}@${domain}'}}
-#   group = \
-#      ${lookup mysql{SELECT gid FROM passwd \
-#      WHERE email='${local_part}@${domain}'}}
-
-
-autoresponder_transport:
-  driver = autoreply
-  to = ${sender_address}
-  from = "vacation@${domain}"
-  subject = "Autoresponder: ${local_part}@${domain}"
-  text = ${lookup mysql {SELECT autoresponder_text FROM MYSQL_EMAILTABLE WHERE email=CONCAT('${quote_mysql:$local_part}','@','${quote_mysql:$domain}')}{$value}}
-
-devnull_transport:
-  driver = appendfile
-  file = /dev/null
-  user = mail
-
-######################################################################
-#                      RETRY CONFIGURATION                           #
-######################################################################
-
-begin retry
-
-# This single retry rule applies to all domains and all errors. It specifies
-# retries every 15 minutes for 2 hours, then increasing retry intervals,
-# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
-# hours, then retries every 6 hours until 4 days have passed since the first
-# failed delivery.
-
-# Domain               Error       Retries
-# ------               -----       -------
-
-*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
-
-
-
-######################################################################
-#                      REWRITE CONFIGURATION                         #
-######################################################################
-
-# There are no rewriting specifications in this default configuration file.
-begin rewrite
-
-
-
-######################################################################
-#                   AUTHENTICATION CONFIGURATION                     #
-######################################################################
-
-# There are no authenticator specifications in this default configuration file.
-
-begin authenticators
-
-fixed_plain:
-  driver = plaintext
-  public_name = PLAIN
-  server_condition = ${lookup mysql{SELECT email FROM MYSQL_EMAILTABLE WHERE email='${quote_mysql:$2}' AND cryptpwd=encrypt('${quote_mysql:$3}', cryptpwd)}{1}fail}
-  server_set_id = $2
-
-fixed_login:
-  driver = plaintext
-  public_name = LOGIN
-  server_prompts = "Username:: : Password::"
-  server_condition = ${lookup mysql{SELECT email FROM MYSQL_EMAILTABLE WHERE email='${quote_mysql:$1}' AND cryptpwd=encrypt('${quote_mysql:$2}', cryptpwd)}{1}fail}
-  server_set_id = $1
-  
-cram:
-  driver = cram_md5
-  public_name = CRAM-MD5
-  server_secret = "${lookup mysql {SELECT clearpwd FROM mail_box WHERE email = '${sg {$1}{'}{}}' AND is_enabled = 'yes'} {$value} fail}"
-  server_set_id = $1
-
-
-######################################################################
-#                   CONFIGURATION FOR local_scan()                   #
-######################################################################
-
-# If you have built Exim to include a local_scan() function that contains
-# tables for private options, you can define those options here. Remember to
-# uncomment the "begin" line. It is commented by default because it provokes
-# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS
-# set in the Local/Makefile.
-
-# begin local_scan
-
-
-# End of Exim configuration file
-

docs/INSTALL.txt

+
+The installation instructions for ISPConfig can be found here:
+
+https://www.ispconfig.org/page/en/documentation.html
+
+

docs/Remote_API_docs.txt

+
+
+The remote API documentation is in the remoting_client/API-docs subfolder.

docs/autoinstall_samples/autoinstall.conf_sample.php

+<?php
+$autoinstall['language'] = 'en'; // de, en (default)
+$autoinstall['install_mode'] = 'standard'; // standard (default), expert
+
+$autoinstall['hostname'] = 'server1.example.com'; // default
+$autoinstall['mysql_hostname'] = 'localhost'; // default: localhost
+$autoinstall['mysql_port'] = '3306'; // default: 3306
+$autoinstall['mysql_root_user'] = 'root'; // default: root
+$autoinstall['mysql_root_password'] = 'howtoforge';
+$autoinstall['mysql_database'] = 'dbispconfig'; // default: dbispcongig
+$autoinstall['mysql_charset'] = 'utf8'; // default: utf8
+$autoinstall['http_server'] = 'nginx'; // apache (default), nginx
+$autoinstall['ispconfig_port'] = '8080'; // default: 8080
+$autoinstall['ispconfig_use_ssl'] = 'y'; // y (default), n
+$autoinstall['ispconfig_admin_password'] = 'admin'; // default: admin
+$autoinstall['create_ssl_server_certs'] = 'y';
+$autoinstall['ignore_hostname_dns'] = 'n';
+$autoinstall['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoinstall['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* SSL Settings */
+$autoinstall['ssl_cert_country'] = 'AU';
+$autoinstall['ssl_cert_state'] = 'Some-State';
+$autoinstall['ssl_cert_locality'] = 'Chicago';
+$autoinstall['ssl_cert_organisation'] = 'Internet Widgits Pty Ltd';
+$autoinstall['ssl_cert_organisation_unit'] = 'IT department';
+$autoinstall['ssl_cert_common_name'] = $autoinstall['hostname'];
+$autoinstall['ssl_cert_email'] = 'hostmaster@'.$autoinstall['hostname'];
+
+/* optional expert mode settings, needed only for expert mode */
+$autoinstall['mysql_ispconfig_user'] = 'ispconfig'; // default: ispconfig
+$autoinstall['mysql_ispconfig_password'] = bin2hex(random_bytes(20));
+$autoinstall['join_multiserver_setup'] = 'n'; // y, n (default)
+$autoinstall['mysql_master_hostname'] = 'master.example.com';
+$autoinstall['mysql_master_root_user'] = 'root';
+$autoinstall['mysql_master_root_password'] = 'howtoforge';
+$autoinstall['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoinstall['configure_mail'] = 'y'; // y (default), n
+$autoinstall['configure_jailkit'] = 'y'; // y (default), n
+$autoinstall['configure_ftp'] = 'y'; // y (default), n
+$autoinstall['configure_dns'] = 'y'; // y (default), n
+$autoinstall['configure_apache'] = 'y'; // y (default), n
+$autoinstall['configure_nginx'] = 'y'; // y (default), n
+$autoinstall['configure_firewall'] = 'y'; // y (default), n
+$autoinstall['install_ispconfig_web_interface'] = 'y'; // y (default), n
+
+/* optional update settings, needed only for updates */
+$autoupdate['do_backup'] = 'yes'; // yes (default), no
+$autoupdate['mysql_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_hostname'] = 'master.example.com';
+$autoupdate['mysql_master_root_user'] = 'root';
+$autoupdate['mysql_master_root_password'] = 'howtoforge';
+$autoupdate['mysql_master_database'] = 'dbispconfig'; // default: dbispconfig
+$autoupdate['reconfigure_permissions_in_master_database'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_services'] = 'yes'; // yes (default), no
+$autoupdate['ispconfig_port'] = '8080'; // default: 8080
+$autoupdate['create_new_ispconfig_ssl_cert'] = 'no'; // no (default), yes
+$autoupdate['reconfigure_crontab'] = 'yes'; // yes (default), no
+$autoupdate['create_ssl_server_certs'] = 'y';
+$autoupdate['ignore_hostname_dns'] = 'n';
+$autoupdate['ispconfig_postfix_ssl_symlink'] = 'y';
+$autoupdate['ispconfig_pureftpd_ssl_symlink'] = 'y';
+
+/* These are for service-detection (defaulting to old behaviour where all changes were automatically accepted) */
+$autoupdate['svc_detect_change_mail_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_web_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_dns_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_xmpp_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_firewall_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_vserver_server'] = 'yes'; // yes (default), no
+$autoupdate['svc_detect_change_db_server'] = 'yes'; // yes (default), no
+
+?>

docs/autoinstall_samples/autoinstall.ini.sample

+[install]
+language=en
+install_mode=standard
+hostname=server1.example.com
+mysql_hostname=localhost
+mysql_port=3306
+mysql_root_user=root
+mysql_root_password=ispconfig
+mysql_database=dbispconfig
+mysql_charset=utf8
+http_server=apache
+ispconfig_port=8080
+ispconfig_use_ssl=y
+ispconfig_admin_password=admin
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+[ssl_cert]
+ssl_cert_country=AU
+ssl_cert_state=Some-State
+ssl_cert_locality=Chicago
+ssl_cert_organisation=Internet Widgits Pty Ltd
+ssl_cert_organisation_unit=IT department
+ssl_cert_common_name=server1.example.com
+ssl_cert_email=hostmaster@example.com
+
+[expert]
+mysql_ispconfig_user=ispconfig
+mysql_ispconfig_password=afStEratXBsgatRtsa42CadwhQ
+join_multiserver_setup=n
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+configure_mail=y
+configure_jailkit=y
+configure_ftp=y
+configure_dns=y
+configure_apache=y
+configure_nginx=y
+configure_firewall=y
+install_ispconfig_web_interface=y
+
+[update]
+do_backup=yes
+mysql_root_password=ispconfig
+mysql_master_hostname=master.example.com
+mysql_master_root_user=root
+mysql_master_root_password=ispconfig
+mysql_master_database=dbispconfig
+reconfigure_permissions_in_master_database=no
+reconfigure_services=yes
+ispconfig_port=8080
+create_new_ispconfig_ssl_cert=no
+reconfigure_crontab=yes
+create_ssl_server_certs=y
+ignore_hostname_dns=n
+ispconfig_postfix_ssl_symlink=y
+ispconfig_pureftpd_ssl_symlink=y
+
+; These are for service-detection (defaulting to old behaviour where all changes were automatically accepted)
+svc_detect_change_mail_server=yes
+svc_detect_change_web_server=yes
+svc_detect_change_dns_server=yes
+svc_detect_change_xmpp_server=yes
+svc_detect_change_firewall_server=yes
+svc_detect_change_vserver_server=yes
+svc_detect_change_db_server=yes

docs/examples/blacklist_helo.master

+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.  .local is particularly problematic, and commented out by default.
+#
+# Note that any server hitting this check is misconfigured, all of the names below are bogus
+# and not allowed per RFC 2821.
+#
+# If your own users are blocked by this, they are not authenticating to your server when
+# sending (this check is after permit_sasl, which permits authenticated senders).
+#
+# Instructions:
+#
+# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
+# updates.
+
+# probably just put REJECT lines in here,
+# as OK lines will bypass a lot of other checks you may want done
+# (use DUNNO instead of OK)
+#
+
+# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
+/.*\.administrator$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.admin$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.bac$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dlink$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dns$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.domain$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dynamic$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyndns\.org$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.dyn$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gateway$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.intern$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.janak$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.kornet$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lab$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lan$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localdomain$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.localhost$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+# .local is used by spammers a lot, but too many otherwise legit servers hit it
+# (instead of REJECT, should send to greylisting)
+#/.*\.local$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.loc$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.lokal$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.nat$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.pc$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.privat$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.private$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.router$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.setup$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+
+/.*\.119$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.beeline$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt_3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.gt-3g$/    REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.hananet$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.skbroadband$/  REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+/.*\.tbroad$/   REJECT HELO hostname is using a top level domain that does not exist.  See RFC 2821 section 3.6.
+

docs/old_server_plugins/bind_dlz_plugin.inc.php

+<?php
+
+/*
+Copyright (c) 2009, Falko Timme, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+TABLE STRUCTURE of the "named" database:
+
+CREATE TABLE IF NOT EXISTS `records` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `ttl` int(11) NOT NULL default '3600',
+  `type` varchar(255) NOT NULL,
+  `host` varchar(255) NOT NULL default '@',
+  `mx_priority` int(11) default NULL,
+  `data` text,
+  `primary_ns` varchar(255) default NULL,
+  `resp_contact` varchar(255) default NULL,
+  `serial` bigint(20) default NULL,
+  `refresh` int(11) default NULL,
+  `retry` int(11) default NULL,
+  `expire` int(11) default NULL,
+  `minimum` int(11) default NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `type` (`type`),
+  KEY `host` (`host`),
+  KEY `zone` (`zone`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+CREATE TABLE IF NOT EXISTS `xfr` (
+  `id` int(11) NOT NULL auto_increment,
+  `zone` varchar(255) NOT NULL,
+  `client` varchar(255) NOT NULL,
+  `ispconfig_id` int(11) NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `zone` (`zone`),
+  KEY `client` (`client`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
+
+*/
+
+class bind_dlz_plugin {
+
+	var $plugin_name = 'bind_dlz_plugin';
+	var $class_name  = 'bind_dlz_plugin';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall()
+	{
+		global $conf;
+
+		if(isset($conf['bind']['installed']) && $conf['bind']['installed'] == true) {
+			// Temporarily disabled until the installer supports the automatic creation of the necessary
+			// database or at least to select between filebased nd db based bind, as not all bind versions
+			// support dlz out of the box. To enable this plugin manually, create a symlink from the plugins-enabled
+			// directory to this file in the plugins-available directory.
+			return false;
+			//return true;
+		} else {
+			return false;
+		}
+
+	}
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad()
+	{
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		//* SOA
+		$app->plugins->registerEvent('dns_soa_insert', $this->plugin_name, 'soa_insert');
+		$app->plugins->registerEvent('dns_soa_update', $this->plugin_name, 'soa_update');
+		$app->plugins->registerEvent('dns_soa_delete', $this->plugin_name, 'soa_delete');
+
+		//* RR
+		$app->plugins->registerEvent('dns_rr_insert', $this->plugin_name, 'rr_insert');
+		$app->plugins->registerEvent('dns_rr_update', $this->plugin_name, 'rr_update');
+		$app->plugins->registerEvent('dns_rr_delete', $this->plugin_name, 'rr_delete');
+	}
+
+
+	function soa_insert($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y') return;
+
+		$origin = substr($data["new"]["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+		$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".
+			"(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);
+		//unset($_db);
+	}
+
+	function soa_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->soa_delete($event_name, $data);
+		}
+		else
+		{
+			if($data["old"]["active"] == 'Y')
+			{
+				$origin = substr($data["new"]["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+				$serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);
+
+				$ttl = $data["new"]["ttl"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);
+				//unset($_db);
+			}
+			else
+			{
+				$this->soa_insert($event_name, $data);
+				$ispconfig_id = $data["new"]["id"];
+
+				if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))
+				{
+					foreach($records as $record)
+					{
+						foreach ($record as $key => $val) {
+							$data["new"][$key] = $val;
+						}
+						$this->rr_insert("dns_rr_insert", $data);
+					}
+				}
+			}
+		}
+
+	}
+
+	function soa_delete($event_name, $data)
+	{
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+	function rr_insert($event_name, $data)
+	{
+		global $app, $conf;
+		if($data["new"]["active"] != 'Y') return;
+
+		$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+		$origin = substr($zone["origin"], 0, -1);
+		$ispconfig_id = $data["new"]["id"];
+
+		$type = $data["new"]["type"];
+
+		if (substr($data["new"]["name"], -1) == '.') {
+			$name = substr($data["new"]["name"], 0, -1);
+		} else {
+			$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+		}
+
+		if ($name == $origin || $name == '') {
+			$name = '@';
+		}
+
+		switch ($type)
+		{
+		case "CNAME":
+		case "MX":
+		case "NS":
+		case "ALIAS":
+		case "PTR":
+		case "SRV":
+			if(substr($data["new"]["data"], -1) != '.'){
+				$content = $data["new"]["data"] . '.';
+			} else {
+				$content = $data["new"]["data"];
+			}
+			break;
+		case "HINFO":
+			$content = $data["new"]["data"];
+			$quote1 = strpos($content, '"');
+
+			if($quote1 !== FALSE) {
+				$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+			}
+
+			if ($quote1 !== FALSE && $quote2 !== FALSE) {
+				$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+				$content = $text_between_quotes.substr($content, ($quote2 + 2));
+			}
+			break;
+		default:
+			$content = $data["new"]["data"];
+		}
+
+		$ttl = $data["new"]["ttl"];
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		if ($type == 'MX') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);
+		} elseif ($type == 'SRV') {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);
+		} else {
+			$app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".
+				" VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+		}
+
+		//unset($_db);
+	}
+
+	function rr_update($event_name, $data)
+	{
+		global $app, $conf;
+
+		if ($data["new"]["active"] != 'Y')
+		{
+			if($data["old"]["active"] != 'Y') return;
+			$this->rr_delete($event_name, $data);
+		}
+		else
+		{
+			if ($data["old"]["active"] == 'Y')
+			{
+				$zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);
+				$origin = substr($zone["origin"], 0, -1);
+				$ispconfig_id = $data["new"]["id"];
+
+				$type = $data["new"]["type"];
+
+				if (substr($data["new"]["name"], -1) == '.') {
+					$name = substr($data["new"]["name"], 0, -1);
+				} else {
+					$name = ($data["new"]["name"] == "") ? $name = '@' : $data["new"]["name"];
+				}
+
+				if ($name == $origin || $name == '') {
+					$name = '@';
+				}
+
+				switch ($type)
+				{
+				case "CNAME":
+				case "MX":
+				case "NS":
+				case "ALIAS":
+				case "PTR":
+				case "SRV":
+					if(substr($data["new"]["data"], -1) != '.'){
+						$content = $data["new"]["data"] . '.';
+					} else {
+						$content = $data["new"]["data"];
+					}
+					break;
+				case "HINFO":
+					$content = $data["new"]["data"];
+					$quote1 = strpos($content, '"');
+					if($quote1 !== FALSE){
+						$quote2 = strpos(substr($content, ($quote1 + 1)), '"');
+					}
+					if($quote1 !== FALSE && $quote2 !== FALSE){
+						$text_between_quotes = str_replace(' ', '_', substr($content, ($quote1 + 1), (($quote2 - $quote1))));
+						$content = $text_between_quotes.substr($content, ($quote2 + 2));
+					}
+					break;
+				default:
+					$content = $data["new"]["data"];
+				}
+
+				$ttl = $data["new"]["ttl"];
+				$prio = (int)$data["new"]["aux"];
+
+				//$_db = clone $app->db;
+				//$_db->dbName = 'named';
+
+				if ($type == 'MX') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);
+				} elseif ($type == 'SRV') {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);
+				} else {
+					$app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);
+				}
+
+				//unset($_db);
+			} else {
+				$this->rr_insert($event_name, $data);
+			}
+		}
+	}
+
+	function rr_delete($event_name, $data) {
+		global $app, $conf;
+
+		//$_db = clone $app->db;
+		//$_db->dbName = 'named';
+
+		$app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));
+		//unset($_db);
+	}
+
+} // end class
+?>

docs/old_server_plugins/nginx_reverseproxy_plugin.inc.php

+<?php
+
+class nginx_reverseproxy_plugin {
+
+	var $plugin_name = 'nginx_reverseproxy_plugin';
+	var $class_name = 'nginx_reverseproxy_plugin';
+
+	// private variables
+	var $action = '';
+
+	//* This function is called during ispconfig installation to determine
+	//  if a symlink shall be created for this plugin.
+	function onInstall() {
+		global $conf;
+
+		if(isset($conf['services']['proxy']) && $conf['services']['proxy'] == true && isset($conf['nginx']['installed']) && $conf['nginx']['installed'] == true) {
+			return true;
+		} else {
+			return false;
+		}
+
+	}
+
+
+	/*
+	 	This function is called when the plugin is loaded
+	*/
+
+	function onLoad() {
+		global $app;
+
+		/*
+		Register for the events
+		*/
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'ssl');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'ssl');
+
+		$app->plugins->registerEvent('web_domain_insert', $this->plugin_name, 'insert');
+		$app->plugins->registerEvent('web_domain_update', $this->plugin_name, 'update');
+		$app->plugins->registerEvent('web_domain_delete', $this->plugin_name, 'delete');
+
+		// $app->plugins->registerEvent('proxy_reverse_insert',$this->plugin_name,'rewrite_insert');
+		// $app->plugins->registerEvent('proxy_reverse_update',$this->plugin_name,'rewrite_update');
+		// $app->plugins->registerEvent('proxy_reverse_delete',$this->plugin_name,'rewrite_delete');
+
+
+
+	}
+
+
+	function insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+
+	function update($event_name, $data) {
+		global $app, $conf;
+
+		if($this->action != 'insert') $this->action = 'update';
+
+		if($data['new']['type'] != 'vhost' && $data['new']['type'] != 'vhostsubdomain' && $data['new']['type'] != 'vhostalias' && $data['new']['parent_domain_id'] > 0) {
+
+			$old_parent_domain_id = intval($data['old']['parent_domain_id']);
+			$new_parent_domain_id = intval($data['new']['parent_domain_id']);
+
+			// If the parent_domain_id has been chenged, we will have to update the old site as well.
+			if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {
+				$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);
+				$data['new'] = $tmp;
+				$data['old'] = $tmp;
+				$this->action = 'update';
+				$this->update($event_name, $data);
+			}
+
+			// This is not a vhost, so we need to update the parent record instead.
+			$tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);
+			$data['new'] = $tmp;
+			$data['old'] = $tmp;
+			$this->action = 'update';
+		}
+
+
+
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		// Create group and user, if not exist
+		$app->uses('system');
+
+		//* Create the vhost config file
+		$app->load('tpl');
+
+		$tpl = new tpl();
+		$tpl->newTemplate('nginx_reverseproxy_vhost.conf.master');
+
+		$vhost_data = $data['new'];
+		$vhost_data['config_dir'] = $config['nginx']['config_dir'];
+
+		$vhost_data['ssl_domain'] = $data['new']['ssl_domain'];
+		// Check if a SSL cert exists
+		$ssl_dir = $config['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+
+		if($vhost_data['nginx_directives']) {
+			$vhost_data['nginx_directives'] = preg_replace("/\[IP\]/", $vhost_data['ip_address'], $vhost_data['nginx_directives']);
+		}
+
+
+		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+			$vhost_data['ssl_enabled'] = 1;
+			$app->log('Enable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		} else {
+			$vhost_data['ssl_enabled'] = 0;
+			$app->log('Disable SSL for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		if(@is_file($bundle_file)) $vhost_data['has_bundle_cert'] = 1;
+
+
+		$tpl->setVar($vhost_data);
+
+
+
+		// get alias domains (co-domains and subdomains)
+		$aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);
+		$server_alias = array();
+		switch($data['new']['subdomain']) {
+		case 'www':
+			$server_alias[] .= 'www.'.$data['new']['domain'].' ';
+			break;
+		case '*':
+			$server_alias[] .= '*.'.$data['new']['domain'].' ';
+			break;
+		}
+		if(is_array($aliases)) {
+			foreach($aliases as $alias) {
+				switch($alias['subdomain']) {
+				case 'www':
+					$server_alias[] .= 'www.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				case '*':
+					$server_alias[] .= '*.'.$alias['domain'].' '.$alias['domain'].' ';
+					break;
+				default:
+					$server_alias[] .= $alias['domain'].' ';
+					break;
+				}
+				$app->log('Add server alias: '.$alias['domain'], LOGLEVEL_DEBUG);
+
+			}
+		}
+
+		//* If we have some alias records
+		if(count($server_alias) > 0) {
+			$server_alias_str = '';
+			$n = 0;
+
+			// begin a new ServerAlias line after 30 alias domains
+			foreach($server_alias as $tmp_alias) {
+				if($n % 30 == 0) $server_alias_str .= " ";
+				$server_alias_str .= $tmp_alias;
+			}
+			unset($tmp_alias);
+
+			$tpl->setVar('alias', trim($server_alias_str));
+		} else {
+			$tpl->setVar('alias', '');
+		}
+
+
+		$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['new']['domain'].'.vhost';
+		//* Make a backup copy of vhost file
+		copy($vhost_file, $vhost_file.'~');
+
+		//* Write vhost file
+		file_put_contents($vhost_file, $tpl->grab());
+		$app->log('Writing the vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['new']['domain'].'.vhost';
+		if($data['new']['active'] == 'y' && !is_link($vhost_symlink)) {
+			symlink($vhost_file, $vhost_symlink);
+			$app->log('Creating symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		// Remove the symlink, if site is inactive
+		if($data['new']['active'] == 'n' && is_link($vhost_symlink)) {
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+		}
+
+		if(!is_dir('/var/log/ispconfig/nginx/'.$data['new']['domain'])) $app->system->exec_safe('mkdir -p ?', '/var/log/ispconfig/nginx/'.$data['new']['domain']);
+
+		// remove old symlink and vhost file, if domain name of the site has changed
+		if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+			if(is_dir('/var/log/ispconfig/nginx/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/nginx/'.$data['old']['domain']);
+		}
+
+		// request a httpd reload when all records have been processed
+		$app->services->restartServiceDelayed('nginx', 'restart');
+
+		// Remove the backup copy of the config file.
+		if(@is_file($vhost_file.'~')) unlink($vhost_file.'~');
+
+
+		//* Unset action to clean it for next processed vhost.
+		$this->action = '';
+
+	}
+
+
+
+
+	// Handle the creation of SSL certificates
+	function ssl($event_name, $data) {
+		global $app, $conf;
+
+		if(!is_dir($conf['nginx']['config_dir'].'/ssl')) $app->system->exec_safe('mkdir -p ?', $conf['nginx']['config_dir'].'/ssl');
+		$ssl_dir = $conf['nginx']['config_dir'].'/ssl';
+		$domain = $data['new']['ssl_domain'];
+		$key_file = $ssl_dir.'/'.$domain.'.key.org';
+		$key_file2 = $ssl_dir.'/'.$domain.'.key';
+		$csr_file = $ssl_dir.'/'.$domain.'.csr';
+		$crt_file = $ssl_dir.'/'.$domain.'.crt';
+
+
+		//* Save a SSL certificate to disk
+		if($data["new"]["ssl_action"] == 'save') {
+			$web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);
+
+			$src_ssl_dir = $web["document_root"]."/ssl";
+			//$domain = $data["new"]["ssl_domain"];
+			//$csr_file = $ssl_dir.'/'.$domain.".csr";
+			//$crt_file = $ssl_dir.'/'.$domain.".crt";
+			//$bundle_file = $ssl_dir.'/'.$domain.".bundle";
+			$app->system->exec_safe('rsync -v -e ssh root@?:? ?', $web['ip_address'], '~/'.$src_ssl_dir, $ssl_dir);
+
+			$app->log('Syncing SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+		//* Delete a SSL certificate
+		if($data['new']['ssl_action'] == 'del') {
+			//$ssl_dir = $data['new']['document_root'].'/ssl';
+			$domain = $data['new']['ssl_domain'];
+			$csr_file = $ssl_dir.'/'.$domain.'.csr';
+			$crt_file = $ssl_dir.'/'.$domain.'.crt';
+			$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+			unlink($csr_file);
+			unlink($crt_file);
+			unlink($bundle_file);
+			$app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);
+		}
+
+
+	}
+
+
+	function delete($event_name, $data) {
+		global $app, $conf;
+
+		// load the server configuration options
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+
+		if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {
+
+			//* This is a website
+			// Deleting the vhost file, symlink and the data directory
+			$vhost_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_symlink);
+			$app->log('Removing symlink: '.$vhost_symlink.'->'.$vhost_file, LOGLEVEL_DEBUG);
+
+			$vhost_file = $nginx_config['nginx_vhost_conf_dir'].'/'.$data['old']['domain'].'.vhost';
+			unlink($vhost_file);
+			$app->log('Removing vhost file: '.$vhost_file, LOGLEVEL_DEBUG);
+
+
+
+			// Delete the log file directory
+			$vhost_logfile_dir = '/var/log/ispconfig/nginx/'.$data['old']['domain'];
+			if($data['old']['domain'] != '' && !stristr($vhost_logfile_dir, '..')) $app->system->exec_safe('rm -rf ?', $vhost_logfile_dir);
+			$app->log('Removing website logfile directory: '.$vhost_logfile_dir, LOGLEVEL_DEBUG);
+
+		}
+	}
+
+	function rewrite_insert($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->update($event_name, $data);
+	}
+
+	function rewrite_update($event_name, $data) {
+		global $app, $conf;
+
+		$rules = $this->_getRewriteRules($app);
+
+		$app->uses('getconf');
+		$nginx_config = $app->getconf->get_server_config($conf['server_id'], 'web');
+
+		$app->load('tpl');
+		$tpl = new tpl();
+		$tpl->newTemplate("nginx_reverseproxy_rewrites.conf.master");
+		if (!empty($rules))$tpl->setLoop('nginx_rewrite_rules', $rules);
+
+		$rewrites_file = $nginx_config['nginx_vhost_conf_dir'].'/default.rewrites.conf';
+		//* Make a backup copy of vhost file
+		copy($rewrites_file, $rewrites_file.'~');
+
+		//* Write vhost file
+		file_put_contents($rewrites_file, $tpl->grab());
+		$app->log('Writing the nginx rewrites file: '.$rewrites_file, LOGLEVEL_DEBUG);
+		unset($tpl);
+
+
+		// Set the symlink to enable the vhost
+		$rewrite_symlink = $nginx_config['nginx_vhost_conf_enabled_dir'].'/default.rewrites.conf';
+
+		if(!is_link($rewrite_symlink)) {
+			symlink($rewrites_file, $rewrite_symlink);
+			$app->log('Creating symlink for nginx rewrites: '.$rewrite_symlink.'->'.$rewrites_file, LOGLEVEL_DEBUG);
+		}
+	}
+
+	function rewrite_delete($event_name, $data) {
+		global $app, $conf;
+
+		// just run the update function
+		$this->rewrite_update($event_name, $data);
+	}
+
+
+	function _getRewriteRules($app)
+	{
+		$rules = array();
+		$rules = $app->db->queryAllRecords("SELECT rewrite_url_src, rewrite_url_dst FROM proxy_reverse ORDER BY rewrite_id ASC");
+		return $rules;
+	}
+
+} // end class
+
+?>

docs/under_development/CHROOTED_DEBIAN_5.0.txt

+#!/bin/sh
+#
+# rev 0.6
+#
+# dxr@brutalsec.net
+#    01-09-2009
+#
+# We can create a script for configure chroot environment but,
+# YOU MUST UNDERSTAND HOW TO WORK IT for can solve possible 
+# problems in the future.
+# 
+# Every service has its own chroot environment:
+# BIND -> chroot
+# Apache -> chroot
+# Dovecot -> chroot
+# Pureftpd -> Apache's chroot
+# 
+# Only apache and php packages aren't installed in real system,
+# only in chroot environment with symbolic links from real system.
+# 
+# PLEASE, CONFIGURE CHROOT ENVIROMENT IF SECURITY IS REALLY 
+# IMPORTANT FOR YOU AND YOU KNOWN HOW TO WORK IT!
+#
+
+exit 1
+
+1. BACKUP before changing anything on the system
+2. Create partitions
+3. Remove possible Apache or PHP installations on real system
+4. Prepare Chroot environment
+5. Linking Webserver aplication from real system
+6. mini_sendmail
+7. Test services
+8. Howto install ispconfig3
+9. Migration
+
+
+1. BACKUP before changing anything on the system 
+# If is not a new installation, then
+
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+BACKUP BACKUP BACKUP BACKUP BACKUP BACKUP
+
+
+2. Create partitions
+
+/var/www/ Chroot partition (ext3)
+/var/www/html/ Chroot system
+/var/www/html/var/log/apache2 Log partition (ext3)
+/var/www/html/var/www/html Webs partition (xfs)
+/var/www/html/tmp Temporal dir (tmpfs, options: )
+
+/dev/lvm_foobar1/chroot_lv      -> /var/www/ (ext3)
+/dev/lvm_foobar2/apachelogs_lv  -> /var/www/html/var/log/apache2 (ext3)
+/dev/lvm_foobar3/hosting_lv     -> /var/www/html/var/www/html (xfs)
+
+mount /dev/lvm_foobar1/chroot_lv /var/www/
+mkdir -p /var/www/html/var/log/apache2 /var/www/html/var/www/html
+mount /dev/lvm_foobar2/apachelogs_lv /var/www/html/var/log/apache2
+mount /dev/lvm_foobar3/hosting_lv /var/www/html/var/www/html
+
+
+3. Remove possible Apache or PHP installations on real system
+# We never wont install apache or php in non-chroot system, if we have installed, we only have do a backup of configurations, uninstall, and check every symbolic link
+dpkg -l|egrep --color -i 'apache|php'
+
+
+4. Prepare Chroot environment
+
+# Install packages in real system
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support patch make gcc mysql-server subversion ssh openssh-server ntp ntpdate vim libdbd-mysql libdbi-perl dnsutils
+# The non webserver will install outside of chroot
+apt-get install postfix postfix-mysql postfix-doc mysql-client openssl getmail4 rkhunter amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl pure-ftpd-common pure-ftpd-mysql quota quotatool
+# If you will use courier:
+apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql courier-maildrop
+# If you will use dovecot:
+#apt-get install dovecot-imapd dovecot-pop3d
+# If you will use BIND:
+apt-get install bind9 bind9utils
+
+#
+# If we want execute php from real system (crontabs for example) we need install php dependencies in real system:
+# libgd2-xpm libt1-5 libmagick10 libc-client2007b libmcrypt4
+# cat /var/log/ispconfig/cron.log
+# ldd /usr/lib/php5/20060613/mcrypt.so
+#
+
+time debootstrap --arch=amd64 lenny /var/www/html/ ftp://ftp.fr.debian.org/debian/
+
+echo "/proc         /var/www/html/proc               proc           defaults        0       0">>/etc/fstab
+echo "devpts      /var/www/html/dev/pts            devpts         defaults        0       0">>/etc/fstab
+
+mount -a
+
+# We must create sshusers group
+echo "@sshusers       -       chroot  /var/www/html/">>/etc/security/limits.conf
+
+chroot /var/www/html apt-get update
+chroot /var/www/html apt-get install fakeroot --force-yes -y
+chroot /var/www/html apt-get install locales
+chroot /var/www/html dpkg-reconfigure locales
+
+mv /usr/lib/apache2 /usr/lib/apache2_old
+mv /var/log/apache2 /var/log/apache2_old
+mv /var/lock/apache2 /var/lock/apache2_old
+mv /var/lib/apache2 /var/lib/apache2_old
+mv /usr/lib/php5 /usr/lib/php5_old
+mv /etc/apache2 /etc/apache2_old
+mv /etc/suphp /etc/suphp_old
+
+chroot /var/www/html apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-chroot php-apc libtimedate-perl
+
+chroot /var/www/html /etc/init.d/apache2 stop
+
+chroot /var/www/html a2enmod mod_chroot
+chroot /var/www/html a2enmod suexec
+echo "ChrootDir /var/www/html" > /var/www/html/etc/apache2/conf.d/mod_chroot.conf
+sed -i -e 's#DocumentRoot /var/www/#DocumentRoot /var/www/html/#' /var/www/html/etc/apache2/sites-enabled/000-default
+sed -i -e 's#x-httpd-php=php:/usr/bin/php-cgi#x-httpd-php=php:/usr/bin/php-cgi\nx-httpd-suphp=php:/usr/bin/php-cgi\nx-httpd-php=php:/usr/bin/php-cgi#' /var/www/html/etc/suphp/suphp.conf
+sed -i -e 's#/var/run/apache2.pid#/var/run/apache2/apache2.pid#' /var/www/html/etc/apache2/envvars
+sed -i -e 's/^"syntax on/syntax on/' /etc/vim/vimrc
+sed -i -e 's/^"syntax on/syntax on/' /var/www/html/etc/vim/vimrc
+
+# Protect apache configuration. ONLY root can read it
+chown root:root /var/www/html/etc/apache2/ && chmod 700 /var/www/html/etc/apache2/
+chmod 711 /var/www/html/etc/php5/
+
+
+5. # Is good idea to add Nagios alarm for check every symbolic link is correct.
+ln -s /var/www/html/etc/apache2 /etc/apache2
+ln -s /var/www/html/etc/suphp /etc/suphp
+ln -s /var/www/html/var/run/apache2 /var/run/apache2
+ln -s /var/www/html/var/run/apache2.pid /var/run/apache2.pid
+ln -s /var/www/html/usr/sbin/apache2ctl /usr/sbin/apache2ctl
+ln -s /var/www/html/usr/sbin/apache2 /usr/sbin/apache2
+ln -s /var/www/html/usr/lib/apache2 /usr/lib/apache2
+ln -s /var/www/html/usr/sbin/a2enmod /usr/sbin/a2enmod
+ln -s /var/www/html/usr/sbin/a2dismod /usr/sbin/a2dismod
+ln -s /var/www/html/usr/sbin/a2ensite /usr/sbin/a2ensite
+ln -s /var/www/html/usr/sbin/a2dissite /usr/sbin/a2dissite
+ln -s /var/www/html/var/log/apache2 /var/log/apache2
+ln -s /var/www/html/var/lock/apache2 /var/lock/apache2
+ln -s /var/www/html/var/lib/apache2 /var/lib/apache2
+ln -s /var/www/html/usr/lib/php5 /usr/lib/php5
+ln -s /var/www/html/etc/init.d/apache2 /etc/init.d/apache2
+# Neccessary for to install ispconfig3 from real system:
+ln -s /var/www/html/usr/bin/php5 /usr/bin/php5
+ln -s /var/www/html/etc/alternatives/php /etc/alternatives/php
+ln -s /var/www/html/usr/bin/php /usr/bin/php
+ln -s /var/www/html/etc/php5 /etc/php5
+
+6. # Install mini_sendmail for chroot
+# We can use mini_sendmail for delivery emails directy in remote servers, but i prefer to control it in central mailserver for check spammers and limit it.
+
+cd /tmp/
+wget http://acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
+tar xzf mini_sendmail-1.3.6.tar.gz
+wget http://users1.leipzig.freifunk.net/%7Efirmware-build/brcm_2_4_Broadcom_default/build/openwrt_packages/mail/mini_sendmail/patches/200-fullname.patch
+patch -p0 < 200-fullname.patch
+cd mini_sendmail-1.3.6
+make
+# 2e555b2573c3ea65a467a5960f0b51f6  mini_sendmail
+mv /var/www/html/usr/lib/sendmail /var/www/html/usr/lib/sendmail_old
+mv /var/www/html/usr/sbin/sendmail /var/www/html/usr/sbin/sendmail_old
+cp mini_sendmail /var/www/html/usr/sbin/mini_sendmail
+cd /var/www/html/usr/lib/ && ln -s ../sbin/mini_sendmail sendmail
+cd /var/www/html/usr/sbin && ln -s mini_sendmail sendmail
+
+# ./mini_sendmail -h
+# usage:  ./mini_sendmail [-f<name>] [-t] [-s<server>] [-p<port>] [-T<timeout>] [-v] [address ...]
+
+#add to php.ini (/var/www/html/etc/php5/apache2/php.ini /var/www2/etc/php5/cli/php.ini /var/www2/etc/php5/cgi/php.ini line :672)
+# sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+sed -i -e 's#^;sendmail_path =$#sendmail_path = /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1#' /var/www/html/etc/php5/apache2/php.ini /var/www/html/etc/php5/cli/php.ini /var/www/html/etc/php5/cgi/php.ini
+
+
+7. 
+# Test
+apache2ctl restart
+
+# php -i|grep --color sendmail
+#sendmail_from => no value => no value
+#sendmail_path => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1 => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+#Path to sendmail => /usr/sbin/mini_sendmail -t -i -fhosting@alojamientotecnico.com -s127.0.0.1
+
+# Sould be good idea check /var/www/html/usr/lib/sendmail /var/www/html/usr/sbin/sendmail and /var/www/html/usr/sbin/mini_sendmail with nagios alarm ;)
+
+
+8. Install ispconfig ........
+
+cd /tmp/
+svn co svn://svn.ispconfig.org/ispconfig3 svn.ispconfig.org
+
+mv /usr/local/ispconfig /var/www/html/usr/local/
+ln -s /var/www/html/usr/local/ispconfig /usr/local/ispconfig
+mv /var/www/apps /var/www/html/var/www/
+mv /var/www/php-fcgi-scripts /var/www/html/var/www/
+mv /var/www/ispconfig /var/www/html/var/www/
+ln -s /var/www/html//var/www/ispconfig /var/www/ispconfig
+ln -s /var/www/html/var/www/php-fcgi-scripts /var/www/php-fcgi-scripts
+ln -s /var/www/html/var/www/apps /var/www/apps
+# After copy, we must clean unnecessary users and groups
+cp -r /etc/{passwd,group,apt} /var/www/html/etc/
+apache2ctl stop
+apache2ctl start
+
+
+### Migration to other server ###
+Really easy:
+
+Do step 1
+
+And after do a simple rsync:
+
+screen
+time rsync -a --progress root@host1:/var/www/ /var/www/
+
+# Install some apache's dependencies
+apt-get install debootstrap libpcre3 libaprutil1 libxml2 mime-support
+
+Do step 5
+Do step 6
+