.editorconfig

+; top-most EditorConfig file
+root = true
+
+; Unix-style newlines
+[*]
+charset = utf-8
+end_of_line = LF
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = tab
+
+[*.{htm,html}]
+indent_style = space
+indent_size = 4

.git-scripts/syntax.sh

+#!/bin/bash
+
+IFS=$'\n'
+EX=0
+ERRS="" ;
+WARNS="" ;
+ERRCNT=0 ;
+WARNCNT=0 ;
+
+OUTCNT=0 ;
+FILECNT=0 ;
+DONECNT=0 ;
+
+CMD="find . -type f \( -name \"*.php\" -o -name \"*.lng\" \) -print" ;
+
+if [[ "$1" == "commit" ]] ; then
+	CMD="git diff-tree --no-commit-id --name-only -r ${CI_COMMIT_SHA} | grep -E '\.(php|lng)$'" ;
+fi
+
+FILECNT=$(eval "${CMD} | wc -l") ;
+
+for F in $(eval "$CMD") ; do
+	if [[ ! -e "${F}" || ! -f "${F}" ]] ; then
+		continue ;
+	fi
+	R=$(php -d error_reporting=E_ALL -d display_errors=On -l "$F" 2>/dev/null) ;
+	RET=$? ;
+	R=$(echo "${R}" | sed "/^$/d")
+	if [ $RET -gt 0 ] ; then
+		EX=1 ;
+		echo -n "E" ;
+		ERRS="${ERRS}${F}:"$'\n'"${R}"$'\n\n' ;
+		ERRCNT=$((ERRCNT + 1)) ;
+	else
+		if [[ "$R" == "Deprecated: "* ]] ; then
+			echo -n "W" ;
+			WARNS="${WARNS}${F}:"$'\n'"${R}"$'\n\n' ;
+			WARNCNT=$((WARNCNT + 1)) ;
+		else 
+			echo -n "." ;
+		fi
+	fi
+	OUTCNT=$((OUTCNT + 1)) ;
+	DONECNT=$((DONECNT + 1)) ;
+	if [ $OUTCNT -ge 40 ] ; then
+		OUTCNT=0 ;
+		echo "[${DONECNT}/${FILECNT}]" ;
+	fi
+done
+
+echo ""
+echo "--------------------------";
+echo "${DONECNT} Files done"
+echo "${ERRCNT} Errors"
+if [ $ERRCNT -gt 0 ] ; then
+	echo "${ERRS}"
+	echo ""
+fi
+
+echo "${WARNCNT} Warnings"
+if [ $WARNCNT -gt 0 ] ; then
+	echo ""
+	echo "${WARNS}"
+	echo ""
+fi
+
+exit $EX

.gitattributes

+* text=auto
+*.php text eol=lf
\ No newline at end of file

.gitignore

+.idea
+/nbproject/private/
+.phplint-cache
+
+# Vim and patch specific excludes
+*.swp
+*.orig
+*.rej
+
+# macOS-specific things to exclude
+
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+Icon?
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Configuration for the Nova editor
+.nova
+
+# VS Code files for those working on multiple tools
+.vscode/*
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# Visual Studio IDE cache/options directory
+.vs/
+
+# do not version control generated config files
+/server/lib/mysql_clientdb.conf
+/server/lib/config.inc.php
+/server/lib/config.inc.local.php
+/interface/lib/config.inc.local.php
+/install/existing_db.sql

.gitlab-ci.yml

+# Defines stages which are to be executed
+stages:
+  - syntax
+  - syntax_diff
+  - test
+  - build
+
+#
+### Stage syntax
+#
+
+syntax:lint:
+  stage: syntax
+  image: edbizarro/gitlab-ci-pipeline-php:7.2
+  allow_failure: false
+  only:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+
+  script:
+    - echo "Syntax checking PHP files"
+    - bash ./.git-scripts/syntax.sh
+
+
+syntax_diff:lint:
+  stage: syntax
+  image: edbizarro/gitlab-ci-pipeline-php:7.2
+  allow_failure: false
+  only:
+    - web
+    - pushes
+    - branches
+
+  except:
+    - schedules
+    - web
+    - merge_requests
+    - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+
+  script:
+    - echo "Syntax checking PHP files"
+    - bash ./.git-scripts/syntax.sh commit
+
+#syntax:lint:
+#  stage: syntax
+#  image: edbizarro/gitlab-ci-pipeline-php:7.2
+#  allow_failure: false
+#  only:
+#    - schedules
+#    - web
+#    - merge_requests
+#
+#  script:
+#    - composer require overtrue/phplint
+#    - echo "Syntax checking PHP files"
+#    - echo "For more information http://www.icosaedro.it/phplint/"
+#    - vendor/bin/phplint
+
+
+#test:install:
+#  stage: test
+#  image: jerob/docker-ispconfig
+#  only:
+#    - schedules
+#    - web
+#    - /^\d+\.\d+\.\d+$/
+#  
+#  script:
+#    - $CI_PROJECT_DIR/helper_scripts/test_install_docker.sh
+#    - apt-get update
+#    - apt-get --yes install curl
+#    - curl --insecure https://127.0.0.1:8080/login/
+#    - ps xaf
+#    
+#  needs: ["syntax:lint"]
+
+build:package:
+    stage: build
+    image: edbizarro/gitlab-ci-pipeline-php:7.2
+    only:
+        refs:
+            - /^\d+\.\d+\.\d+([p|b]\d+)?$/
+            - web
+
+    script:
+        - echo "Building release."
+        - if [[ "$VER" == "" ]] ; then VER="$CI_COMMIT_TAG" ; fi
+        - if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
+        - if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
+        - RET=0
+        - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
+        - if [[ $RET > 1 ]] ; then exit $RET ; fi
+        - echo "Listing tar contents for verification"
+        - tar -tvf ISPConfig-${VER}.tar.gz
+        - echo "Uploading file to download server"
+        - curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/
+        - if [[ "$VER" =~ ^[0-9]+\.[0-9]+\.[0-9]+(p[0-9]+)?$ ]] ; then echo "Stable release ${VER}" ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ISPConfig-${VER}.tar.gz ftp://${DEPLOY_FTP_SERVER}/web/ISPConfig-3-stable.tar.gz ; echo -n "${VER}" > ispconfig3_version.txt ; curl -u "${DEPLOY_FTP_USER}:${DEPLOY_FTP_PASSWORD}" -T ispconfig3_version.txt ftp://${DEPLOY_FTP_SERVER}/web/ ; else echo "Dev release ${VER}" ; fi
+        - rm ISPConfig-${VER}.tar.gz
+        - echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
+        
+    needs: ["syntax:lint"]
+    allow_failure: false

.gitlab/issue_templates/Bug.md

+<!-- Before creating a bug report, please:
+- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
+- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
+- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
+-->
+
+## Summary
+<!-- What is happening and what is wrong with that? -->
+
+## Steps to reproduce
+1. [First step]
+2. [Second step]
+3. [and so on...]
+
+## Correct behaviour
+<!-- What should happen instead? -->
+
+## Environment
+Server OS + version: (Debian 10/Ubuntu 20.04/CentOS 8/...) \
+ISPConfig version: (3.1.15p3/3.2.3/3.2dev/...)
+<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
+Software version of the related software:
+<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
+```
+Output of the command
+```
+
+## Proposed fix
+optional, of course.  
+if you want to post code snippets, please use
+```  
+your code  
+```
+or attach a code file. Best is to create a merge request of course.
+
+## References
+if you know of related bugs or feature requests, please reference them by using `#<issuenumber>`, e. g. #6105
+if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !1444 
+if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
+
+## Screenshots
+optional, of course.  
+Add screenshots of the problem by clicking "Attach a file" on the bottom right.
+
+## Related log entries

.phplint.yml

+path: ./
+jobs: 5
+cache: .phplint-cache
+extensions:
+  - php
+  - lng
+exclude:
+  - vendor
+

CODING_NOTES.php.txt

-Some guidelines for web development with php.
------------------------------------------------------
-* Unix Line Breaks Only, NO windows breaks please.
-* Tabs set at 4 spaces either as tabs or spaces.
-* no accidental _<?php space before, within or after a file
-* every php file starts and end with <?php ?> no spaces before or after
-* error_reporting(E_ALL|E_STRICT) , yep php5
-* Magic quotes is gone in php6, get used to it now. config = magic_quotes_gpc() Everything must be quoted
-* Don't use ereg,split and other old function -> gone in php 5.4 or 6 (different information on php.net) http://www.php.net/manual/en/migration53.deprecated.php
-* Don't use shorttags. A Shorttag is <? and that is confusing with <?xml -> always <?php
-
-please mark any section that need review or work on with
-// TODO 
-* Add documentation about access levels (public, private, protected).
-* Make function / var names on the following way, first word lower, next word(s) first letter upper like. getFirstResult();
-
-Pear coding guidelines
-
-//*****************************************************************************
-// Commenting style
-//*****************************************************************************
-phpdoc is used for creating and autogenerating the documentation, this means that
-some of the comments can be formatted to be included in documentation.
-ie the source files are scanned then processed and html docs are created. 
-
-The comments break down into the following types
-// is uses for removing lines and debug dev etc
-//** and //* are used as "sub comments"
-/* 
-    is used to comment out blocks
-*/
-/** is used to create documentaion
-* thats over 
-* lines
-*/
-
-If you need to block out a section then use
-/*
-function redundant_code(){
-    something here
-}
-*/
-
-To block out single lines use // and all // are assumed to be redundant test code and NOT comments
-
-// print_r($foo);
-
-For inline comment use //** and //* eg
-
-//** Decide what do do
-switch($decide){
-    //* blow it up
-    case 'baloon':
-        $foo->gas(+1);
-        // test_pressure(); << inline comment
-        break;
-
-    //* Do default action
-    default:
-        do_land();
-        get_gps();
-        //* following grant greaceful exit
-        //basket_exit_crash();
-        basket_exit();
-
-}
-
-Do not use the phpdoc on every function, eg 
-
-/**
-* Login a user
-* @param string user  username
-* @param string password of user
-*/
->>
-function login($user, $pass){
-.......
-}
-<<
-as this function explains its self, the following clean code will suffice
->>
-function login($user, $pass){
-.......
-}
-
-If you do need to explain a function then put un the summary syntax eg
-
-/** Pass an array of values where third param is bar
-* $foo['bar'] = 1; // allow a user
-* $foo['bar'] = 2; // destroy user
-* $foo['bar'] = -1; // recreate
-*/
-public function do_something($x, $y, $foo){
-... do something interesting    
-}
-
-//*****************************************************************************
-// Where to store custom settings
-//*****************************************************************************
-
--- Interface settings
-
-The recommended place to store global interface settings is the ini style global config system 
-(see system.ini.master file in install/tpl/ to set defaults). The settings file 
-gets stored inside the ispconfig database. Settings can be accessed with the function:
-
-$app->uses('ini_parser,getconf');
-$interface_settings = $app->getconf->get_global_config('modulename');
-
-where modulename corresponds to the config section in the system.ini.master file.
-To make the settings editable under System > interface config, add the new configuration
-fields to the file interface/web/admin/form/system_config.tform.php and the corresponding
-tempalte file in the templates subfolder of the admin module.
-
--- Server settings
-
-Server settings are stored in the ini style server config system (see server.ini.master template file)
-The settings file gets stored inside the ispconfig database in the server table. Settings can be 
-accessed with the function $app->getconf->get_server_config(....)
-
-Example to access the web configuration:
-
-$app->uses('ini_parser,getconf');
-$web_config = $app->getconf->get_server_config($server_id,'web');
-
-
-//*****************************************************************************
-// Learn about the form validators
-//*****************************************************************************
-There are form validators in interface/lib/classes/tform.inc.php to make validating forms easier.
-Read about: REGEX,UNIQUE,NOTEMPTY,ISEMAIL,ISINT,ISPOSITIVE,ISIPV4,CUSTOM
-

CONTRIBUTING.md

+# Contributing to ISPConfig
+ISPConfig is a open source project and community contributions are very welcome. To contribute, please stick to the guidelines.
+
+This document is under development and will be continuously improved.
+
+Please do not refactor existing code and do not change the signature or the behaviour of central functions or libraries. Such changes may only be made by the core development team. We have had many bad experiences with such changes affecting the stability of ISPConfig, so we no longer accept submissions containing such changes. Merge requests containing such changes will be closed and not merged.
+
+# Issues
+* Before opening a new issue, use the search function to check if there isn't a bug report / feature request already.
+* If you are reporting a bug, please share your OS and PHP (CLI) version.
+* If you want to report several bugs or request several features, open a separate issue for each one of them.
+* Do note re-open issues that were closed by the core dev team unless something new and important that is not mentioned in the original issue needs to be added. Permanently re-opening issues that we commented on and closed will get your account banned. You may add comments to issues without re-opening them though.
+
+# Branches
+* If you are a new user, please send an email to: dev [at] ispconfig [dot] org to receive rights to fork the project.
+* Please create an issue for each contribution you want to make.
+* Do not put multiple contributions into a single branch and merge request. Each contribution should have it's own branch.
+* Do not use the develop branch in your forked project for your contribution. Create a separate branch for each issue.
+* Give your branch a name, e. g. `6049-update-the-contributing-doc ` where 6049 is the issue number.
+
+# Merge requests
+Please give your merge request a description that shortly states what it is about. Merge requests without a good title or with missing description will get delayed because it is more effort for us to check the meaning of the changes made.
+Once again: Do not put multiple things into a single merge request. If you for example fix two issues where one affects apache and one mail users, use separate issues and separate merge requests.
+You can group multiple issues in a single merge request if they have the same specific topic, e. g. if you have one issue stating that a language entry in mail users is missing and a second issue that a language entry for server config is missing, you can put both issues into a single branch and merge request. Be sure to include all issue ids (if multiple) into the merge request's description in this case.
+* Open a issue for the bug you want to fix / the feature you want to implement
+* After opening the issue, commit your changes to your branch
+* Note the issue # in every commit
+* Update the documentation (New devs will not have access to this. Please send a email to docs@ispconfig.org)
+* Add translations for every language
+* Use a short title
+* Write a clear description - for example, when updating the contributing guidelines with issue #6049: \
+"Update of our contributing guidelines \
+Closes #6049"
+* Please be aware that we are not able to accept merge request that do not stick to the coding guidelines. We need to insist on that to keep the code clean and maintainable.
+
+# Some guidelines for web development with php.
+-----------------------------------------------------
+* Don't use features that are not supported in PHP 5.4, for compatibility with LTS OS releases, ISPConfig must support PHP 5.4+
+* Don't use shorttags. A Shorttag is `<?` and that is confusing with `<?xml` -> always use `<?php`
+* Don't use namespaces
+* Column names in database tables and database table names are in lowercase
+* Classes for the interface are located in interface/lib/classes/ and loaded with $app->uses() or $app->load() functions.
+* Classes for the server are located in server/lib/classes/ and loaded with $app->uses() or $app->load() functions.
+
+### Indentations
+
+Indentations are always done with tabs. Do **not** use spaces.
+It is recommended to set your IDE to display tabs with a width of 4 spaces.
+
+### Variable and method / function names
+
+Methods and functions should always be written in camel-case. Variables and properties should always be lowercase instead.
+
+**Correct:**
+```php
+class MyClass {
+    private $issue_list = [];
+
+    private function getMyValue() {
+
+    }
+}
+```
+
+**Wrong:**
+```php
+class my_class {
+    private $IssueList = [];
+
+    private function get_my_value() {
+
+    }
+}
+```
+
+### Blocks
+
+#### Curly braces
+
+Opening curly braces always have to be in the same line as the preceding condition. They are separated by a single space from the closing paranthesis.
+Closing curly braces are always on a separate line after the last statement in the block. The only exception is a do-while block where the logic is inverted.
+
+Curly braces are **always** to be used. Do not leave them out, even if there is only a single statement in the corresponding block.
+
+**Correct:**
+```php
+if($variable === true) {
+
+}
+
+while($condition) {
+
+}
+
+do {
+
+} while($condition);
+```
+
+**Wrong:**
+```php
+if($variable === true){
+
+}
+
+if($variable === true)
+{
+
+}
+
+if($variable === true)
+   $x = 'no braces';
+
+while($condition) { }
+```
+
+#### Short style
+
+The short style of conditional assignments is allowed to be used, but it must not affect readability, e. g. they shall not be nested.
+
+**Allowed:**
+```php
+$a = 0;
+if($condition === true) {
+    $a = 1;
+}
+
+$a = ($condition === true ? 1 : 0);
+```
+
+**Disallowed:**
+```php
+$x = ($condition === true ? ($further == 'foo' ? true : false) : true);
+```
+
+
+#### Spaces and paranthesis
+
+The rules for using spaces are:
+- no space after `if`/`while` etc. and the following opening paranthesis
+- single space after closing paranthesis and before opening curly brace
+- no spaces at the end of a line
+- no spaces after opening paranthesis and before closing paranthesis
+- single space before and after comparators
+
+**Correct:**
+```php
+if($variable === $condition) {
+
+}
+
+while(($condition !== false || $condition2 === true) && $n <= 15) {
+    $n++;
+}
+```
+
+**Wrong:**
+```php
+if ($variable===$condition) {
+
+}
+
+while(($condition!==false||$condition2===true))&&$n<=15){
+
+}
+```
+
+#### Newlines inside of conditions
+
+Breaking up conditions into separate lines can be done if it positively affects readability.
+
+```php
+if($condition === true && ($state === 'completed' || $state === 'pending') && ($processed_by !== null || $process_time < time())) {
+
+}
+```
+can also be written as
+```php
+if($condition === true
+    && ($state === 'completed' || $state === 'pending')
+    && ($processed_by !== null || $process_time < time())
+    ) {
+
+}
+```
+This must not be abused, e. g. the following is not allowed:
+
+```php
+if($a == 1
+    || $b == 2) {
+
+    }
+```
+
+### Arrays
+
+#### Short syntax
+
+Please **do** use short array syntax. We have deprecated the old-style array syntax.
+
+**Correct**:
+```php
+$var = [];
+
+$var2 = [
+    'conf' => [
+        'setting1' => 'value1'
+    ]
+];
+```
+
+**Wrong:**
+```php
+$var = array();
+
+$var2 = array(
+    'conf' => array(
+        'setting1' => 'value1'
+    )
+);
+```
+
+#### Spaces and newlines
+
+When defining an empty array, both brackets shall be on the same line. When defining an array with values, the style depends on the values you are going to assign.
+
+##### List of values
+
+When defining an array with a list of values, e. g. numbers or names, they should be on the same line as the brackets without using new lines, as long as the line does not exceed a total number of characters of about 90. After each comma there has to be a single space.
+
+##### Nested array
+
+When defining a nested array onle the opening bracket is to be on the same line. The closing bracket has to be on a separate line indented by `tabs * level of array`.
+
+##### Examples
+
+```php
+// empty array
+$a = [];
+
+// array with list of values
+$array = [4, 3, 76, 12];
+
+// array with long list of values
+$array = [
+    'This is one entry', 'This is a second one', 'Another one', 'Further entries', 'foo', 'bar', 34, 42, $variable, // newline here for better readability
+    'Next entry', 'the last entry'
+];
+
+// nested array
+$array = [
+    'conf' => [
+        'level' => 1,
+        'settings' => [
+            'window' => 'open',
+            'door' => 'closed
+        ]
+    ]
+];
+```
+
+**Not-to-dos:**
+```php
+$array=[
+];
+
+$array = [
+    1,
+    4,
+    35,
+    23,
+    345,
+    11,
+    221,
+    'further',
+    '...'
+];
+
+$array=['conf'=>['settings'=>['window' => 'open', 'door' => 'closed]]];
+```
+
+### Strings 
+
+Whenever possible use single quotes `'` instead of double qoutes `"`. Try not to embedd variables in string. Concatenate them instead.
+
+**Correct:**
+```php
+// simple text
+$var = 'This is a text';
+
+// array index
+$array['index'] = 'value';
+
+// text with variables
+$var = 'This is a text with ' . $value . ' values inside and at the end: ' . $sum_value;
+
+// dynamic array index
+$idx = 'index' . $key;
+$value = $array[$idx];
+```
+
+**Wrong:**
+```php
+// simple text
+$var = "This is a text";
+
+// array index
+$array["index"] = 'value';
+
+// text with variables
+$var = "This is a text with $value values inside and at the end: {$sum_value}";
+
+// dynamic array index
+$value = $array['index' . $key];
+$value = $array["index{$key}"];
+```
+
+# Where to store custom settings
+## Interface settings
+The recommended place to store global interface settings is the ini style global config system 
+(see system.ini.master file in install/tpl/ to set defaults). The settings file 
+gets stored inside the ispconfig database. Settings can be accessed with the function:
+
+```
+$app->uses('ini_parser,getconf');
+$interface_settings = $app->getconf->get_global_config('modulename');
+```
+
+where modulename corresponds to the config section in the system.ini.master file.
+To make the settings editable under System > interface config, add the new configuration
+fields to the file interface/web/admin/form/system_config.tform.php and the corresponding
+tempalte file in the templates subfolder of the admin module.
+
+## Server settings
+Server settings are stored in the ini style server config system (see server.ini.master template file)
+The settings file gets stored inside the ispconfig database in the server table. Settings can be 
+accessed with the function $app->getconf->get_server_config(....)
+
+Example to access the web configuration:
+
+```
+$app->uses('ini_parser,getconf');
+$web_config = $app->getconf->get_server_config($server_id,'web');
+```
+
+# Learn about the form validators
+There are form validators in interface/lib/classes/tform.inc.php to make validating forms easier.
+Read about: REGEX,UNIQUE,NOTEMPTY,ISEMAIL,ISINT,ISPOSITIVE,ISIPV4,ISIPV6,ISIP,CUSTOM

LICENSE

+Copyright (c) 2007-2020, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

+# ISPConfig - Hosting Control Panel
+![ISPConfig logo](https://www.ispconfig.org/wp-content/themes/ispconfig/images/ispconfig_logo.png "") \
+Development branch: [![pipeline status](https://git.ispconfig.org/ispconfig/ispconfig3/badges/develop/pipeline.svg)](https://git.ispconfig.org/ispconfig/ispconfig3/commits/develop)
+
+## Functions
+- Manage multiple servers from one control panel
+- Single server, multiserver and mirrored clusters.
+- Webserver management
+- Mailserver management
+- DNS server management
+- Virtualization (OpenVZ)
+- Administrator, reseller, client and mailuser login
+- Open Source software ([BSD license](LICENSE))
+
+## Supported daemons
+- HTTP: Apache2 and NGINX
+- HTTP stats: Webalizer, GoAccess and AWStats
+- Let's Encrypt: Acme.sh and certbot
+- SMTP: Postfix
+- POP3/IMAP: Dovecot
+- Spamfilter: Rspamd and Amavis
+- FTP: PureFTPD
+- DNS: BIND9 and PowerDNS[^1]
+- Database: MariaDB and MySQL
+
+[^1]: not actively tested
+
+## Supported operating systems
+- Debian 9 - 12, and testing
+- Ubuntu 16.04 - 22.04
+- CentOS 7 and 8
+
+## Auto-install script
+You can install the "Perfect Server" with ISPConfig using [our official autoinstaller](https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/)
+
+## Migration tool
+The Migration Tool helps you to import data from other control panels (currently ISPConfig 2 and 3 – 3.2, Plesk 10 – 12.5, Plesk Onyx, CPanel[^2] and Confixx 3). For more information, see https://www.ispconfig.org/add-ons/ispconfig-migration-tool/
+
+[^2]: The Migration Toolkit now contains beta support for migrating CPanel to ISPConfig.
+
+## Documentation
+You can support ISPConfig development by buying the manual: https://www.ispconfig.org/documentation/
+
+## Contributing
+If you like to contribute to the ISPConfig development, please read the contributing guidelines: [CONTRIBUTING.MD](CONTRIBUTING.md)
+

TODO.txt

+Please see our GitLab issues for feature requests and bug reports.
 
----------------------------------------
-- ISPConfig 3 ToDo list
----------------------------------------
-
-Please feel free to edit this file, add new tasks,
-remove done tasks or assign yourself to a task.
-
-Form Validators
---------------------------------------
-
-Installer
---------------------------------------
-
-- Add a function to let a server join a existing installation.
-
-
-Server
---------------------------------------
-
-- Add a backend plugin to configure network card settings. The IP address
-  settings are stored in the server_ip table.
--- This works now on Debian Squeeze (Lenny too I would guess) 2011-06-28
-
-
-Mail module
---------------------------------------
-
-- Show mail statistics in the interface. The mail statistics are stored
-  in the database table mail_traffic and are collected by the file
-  server/cron_daily.php
--- For Courier this works but not Dovecot. Maybe the intention needs
-	reviewed as some clients think this should be the number of emails
-	and not the size of the emails.  (I agree that size is important)
-		lathama
-
-Administration module
---------------------------------------
-
-
-- Firewall Solution -- Andrew lathama Latham lathama@gmail.com
-	* Monitor existing IPTABLES rules is done and in the monitor page.
-	* Add IPTABLES rules
-		semi-functional and in development also functional in multiserver
-	* Delete IPTABLES rules
-		semi-functional and in development also functional in multiserver
-	* Merge IPTABLES rules made from the CLI with those made from ISPConfig3
-		Interesting topic about merging control with with the GUI and the CLI
-		interface for a systems adminitstrator who might add a rule during an
-		attack or for trouble shooting and forget to remove it.
-	* Fail2Ban
-		Add configuration for fail2ban on certian systems.  Imagine an admin
-		wishes to use fail2ban on one service but not others. Rare but an issue
-		when a large number of clients use a single NAT for all users and failed
-		logins and traffic looks like an attack.  Maybe a whitelist configuration
-		as an optional setting.
-	* Remoting
-		Enable remoting hooks for updating IPTABLES
-	* Service Checks
-		Adding saftey checks to make sure that the admin does not lock his/herself
-		out of the system by accident.  We all make mistakes.
-
--- Note: I'd love a pure iptables firewall as well. I've made such a script for
-   my work, which uses a simple config file to open/close ports and support for 
-   ip exclusions. I think we could use it as a base to start with, it's up on the dev forum
-   url: http://www.howtoforge.com/forums/showthread.php?p=261311 (Mark_NL)
-
-Clients module
---------------------------------------
-
-
-Sites (web) module
---------------------------------------
-
-
-BE-Designer module
---------------------------------------
-
-WARNING: Please do not use the BE Designer at the moment, the serializing
- function of the module editor may break some of the existing modules.
-
-
-Remoting framework
---------------------------------------
-- Add more connections to other data.  Remoting hooks for FS and Email Quota
-
-Interface
---------------------------------------
-
-- Enhance the list function to allow sorting by column
-- Enhance the paging in lists (e.g. like this: [1 2 3 4 ... 10])
-
-General tasks
---------------------------------------
-
-- Add, extend or modify comments in PEAR syntax so that they can be read with
-  phpdocumentor.
-
-- Doxygen might be a good idea (phpdocumentor looks nice but no active development)
--- http://drupal.org/node/1354 may have some good ideas.
--- http://engineeredweb.com/blog/10/9/4-reasons-consider-doxygen-over-phpdocumentor
+https://git.ispconfig.org/ispconfig/ispconfig3/issues

config/amavis/amavis_sql.conf

- $sql_select_policy =
-   'SELECT *,spamfilter_users.id'.
-   ' FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id'.
-   ' WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC';
-
-
-$sql_select_white_black_list = 'SELECT wb FROM spamfilter_wblist'.
-    ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))' .
-    ' ORDER BY spamfilter_wblist.priority DESC';
\ No newline at end of file

config/amavis/amavisd.conf

-use strict;
-
-# Configuration file for amavisd-new
-# Defaults modified for the Debian amavisd-new package
-# $Id: amavisd.conf,v 1.27.2.2 2004/11/18 23:27:55 hmh Exp $
-#
-# This software is licensed under the GNU General Public License (GPL).
-# See comments at the start of amavisd-new for the whole license text.
-
-#Sections:
-# Section I    - Essential daemon and MTA settings
-# Section II   - MTA specific
-# Section III  - Logging
-# Section IV   - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
-# Section V    - Per-recipient and per-sender handling, whitelisting, etc.
-# Section VI   - Resource limits
-# Section VII  - External programs, virus scanners, SpamAssassin
-# Section VIII - Debugging
-
-#GENERAL NOTES:
-#  This file is a normal Perl code, interpreted by Perl itself.
-#  - make sure this file (or directory where it resides) is NOT WRITABLE
-#    by mere mortals (not even vscan/amavis; best to make it owned by root),
-#    otherwise it represents a severe security risk!
-#  - for values which are interpreted as booleans, it is recommended
-#    to use 1 for true, undef for false.
-#    THIS IS DIFFERENT FROM OLD AMAVIS VERSIONS where "no" also meant false,
-#    now it means true, like any nonempty string does!
-#  - Perl syntax applies. Most notably: strings in "" may include variables
-#    (which start with $ or @); to include characters @ and $ in double
-#    quoted strings, precede them by a backslash; in single-quoted strings
-#    the $ and @ lose their special meaning, so it is usually easier to use
-#    single quoted strings (or qw operator) for e-mail addresses.
-#    Still, in both cases a backslash needs to be doubled.
-#  - variables with names starting with a '@' are lists, the values assigned
-#    to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
-#    note the comma-separation and parenthesis. If strings in the list
-#    do not contain spaces nor variables, a Perl operator qw() may be used
-#    as a shorthand to split its argument on whitespace and produce a list
-#    of strings, e.g. qw( one@foo example.com three );  Note that the argument
-#    to qw is quoted implicitly and no variable interpretation is done within
-#    (no '$' variable evaluations). The #-initiated comments can NOT be used
-#    within a string. In other words, $ and # lose their special meaning
-#    within a qw argument, just like within '...' strings.
-#  - all e-mail addresses in this file and as used internally by the daemon
-#    are in their raw (rfc2821-unquoted and non-bracketed) form, i.e. 
-#    Bob "Funny" Dude@example.com, not: "Bob \"Funny\" Dude"@example.com
-#    and not <"Bob \"Funny\" Dude"@example.com>; also: '' and not '<>'.
-#  - the term 'default value' in examples below refers to the value of a
-#    variable pre-assigned to it by the program; any explicit assignment
-#    to a variable in this configuration file overrides the default value;
-
-
-#
-# Section I - Essential daemon and MTA settings
-#
-
-# $MYHOME serves as a quick default for some other configuration settings.
-# More refined control is available with each individual setting further down.
-# $MYHOME is not used directly by the program. No trailing slash!
-$MYHOME = '/var/lib/amavis';   # (default is '/var/amavis')
-
-# $mydomain serves as a quick default for some other configuration settings.
-# More refined control is available with each individual setting further down.
-# $mydomain is never used directly by the program.
-$mydomain = 'example.com';      # (no useful default)
-
-# $myhostname = 'host.example.com';  # fqdn of this host, default by uname(3)
-
-# Set the user and group to which the daemon will change if started as root
-# (otherwise just keeps the UID unchanged, and these settings have no effect):
-$daemon_user  = 'amavis';	# (no default (undef))
-$daemon_group = 'amavis';	# (no default (undef))
-
-# Runtime working directory (cwd), and a place where
-# temporary directories for unpacking mail are created.
-# if you change this, you might want to modify the cleanup()
-# function in /etc/init.d/amavisd-new
-# (no trailing slash, may be a scratch file system)
-$TEMPBASE = $MYHOME;           # (must be set if other config vars use is)
-#$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?
-
-# $helpers_home sets environment variable HOME, and is passed as option
-# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
-# on a normal persistent file system, not a scratch or temporary file system
-#$helpers_home = $MYHOME;      # (defaults to $MYHOME)
-
-# Run the daemon in the specified chroot jail if nonempty:
-#$daemon_chroot_dir = $MYHOME;  # (default is undef, meaning: do not chroot)
-
-$pid_file  = "/var/run/amavis/amavisd.pid";  # (default: "$MYHOME/amavisd.pid")
-$lock_file = "/var/run/amavis/amavisd.lock"; # (default: "$MYHOME/amavisd.lock")
-
-# set environment variables if you want (no defaults):
-$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory
-#...
-
-
-# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
-# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'
-
-# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
-# (set host and port number as required; host can be specified
-# as IP address or DNS name (A or CNAME, but MX is ignored)
-$forward_method = 'smtp:127.0.0.1:10025';  # where to forward checked mail
-$notify_method = $forward_method;          # where to submit notifications
-
-# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
-#       uncomment the appropriate settings below if using other setups!
-
-# SENDMAIL MILTER, using amavis-milter.c helper program:
-# SEE amavisd-new-milter package docs FOR DEBIAN INSTRUCTIONS
-#$forward_method = undef;  # no explicit forwarding, sendmail does it by itself
-# milter; option -odd is needed to avoid deadlocks
-#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
-# just a thought: can we use use -Am instead of -odd ?
-
-# SENDMAIL (old non-milter setup, as relay):
-#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
-#$notify_method = $forward_method;
-
-# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
-#$forward_method = undef;  # no explicit forwarding, amavis.c will call LDA
-#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
-
-# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
-#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
-#$notify_method = $forward_method;
-
-# prefer to collect mail for forwarding as BSMTP files?
-#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
-#$notify_method = $forward_method;
-
-
-# Net::Server pre-forking settings
-# You may want $max_servers to match the width of your MTA pipe
-# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
-# master.cf file, like the '2' in the:  smtp-amavis unix - - n - 2 smtp
-#
-$max_servers  =  2;   # number of pre-forked children          (default 2)
-$max_requests = 10;   # retire a child after that many accepts (default 10)
-
-$child_timeout=5*60;  # abort child if it does not complete each task in n sec
-                      # (default: 8*60 seconds)
-
-# Check also the settings of @av_scanners at the end if you want to use
-# virus scanners. If not, you may want to delete the whole long assignment
-# to the variable @av_scanners, which will also remove the virus checking
-# code (e.g. if you only want to do spam scanning).
-
-# Here is a QUICK WAY to completely DISABLE some sections of code
-# that WE DO NOT WANT (it won't even be compiled-in).
-# For more refined controls leave the following two lines commented out,
-# and see further down what these two lookup lists really mean.
-#
-# @bypass_virus_checks_acl = qw( . );  # uncomment to DISABLE anti-virus code
-# @bypass_spam_checks_acl  = qw( . );  # uncomment to DISABLE anti-spam code
-#
-# Any setting can be changed with a new assignment, so make sure
-# you do not unintentionally override these settings further down!
-@bypass_spam_checks_acl  = qw( . );    # No default dependency on spamassassin
-
-# Lookup list of local domains (see README.lookups for syntax details)
-#
-# NOTE:
-#   For backwards compatibility the variable names @local_domains (old) and
-#   @local_domains_acl (new) are synonyms. For consistency with other lookups
-#   the name @local_domains_acl is now preferred. It also makes it more
-#   obviously distinct from the new %local_domains hash lookup table.
-#
-# local_domains* lookup tables are used in deciding whether a recipient
-# is local or not, or in other words, if the message is outgoing or not.
-# This affects inserting spam-related headers for local recipients,
-# limiting recipient virus notifications (if enabled) to local recipients,
-# in deciding if address extension may be appended, and in SQL lookups
-# for non-fqdn addresses. Set it up correctly if you need features
-# that rely on this setting (or just leave empty otherwise).
-#
-# With Postfix (2.0) a quick reminder on what local domains normally are:
-# a union of domains specified in: $mydestination, $virtual_alias_domains,
-# $virtual_mailbox_domains, and $relay_domains.
-#
-@local_domains_acl = ( ".$mydomain" );  # $mydomain and its subdomains
-# @local_domains_acl = ( ".$mydomain", "my.other.domain" );
-# @local_domains_acl = qw();  # default is empty, no recipient treated as local
-# @local_domains_acl = qw( .example.com );
-# @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
-
-# or alternatively(A), using a Perl hash lookup table, which may be assigned
-# directly, or read from a file, one domain per line; comments and empty lines
-# are ignored, a dot before a domain name implies its subdomains:
-#
-#read_hash(\%local_domains, '/etc/amavis/local_domains');
-
-#or alternatively(B), using a list of regular expressions:
-# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
-#
-# see README.lookups for syntax and semantics
-
-
-#
-# Section II - MTA specific (defaults should be ok)
-#
-
-# if $relayhost_is_client is true, the IP address in $notify_method and
-# $forward_method is dynamically overridden with SMTP client peer address
-# (if available), which makes it possible for several hosts to share one 
-# daemon.  The static port number is also overridden, and is dynamically 
-# calculated  as being one above the incoming SMTP/LMTP session port number.
-#
-# These are logged at level 3, so enable logging until you know you got it
-# right.
-$relayhost_is_client = 0;         # (defaults to false)
-
-$insert_received_line = 1;        # behave like MTA: insert 'Received:' header
-			          # (does not apply to sendmail/milter)
-			          # (default is true (1) )
-
-# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
-#   (used with amavis helper clients like amavis-milter.c and amavis.c,
-#   NOT needed for Postfix and Exim  or dual-sendmail - keep it undefined.)
-#$unix_socketname = "/var/lib/amavis/amavisd.sock"; # amavis helper protocol socket
-$unix_socketname = undef;         # disable listening on a unix socket
-                                  # (default is undef, i.e. disabled)
-
-# Do we receive quoted or raw addresses from the helper program?
-# (does not apply to SMTP;  defaults to true)
-#$gets_addr_in_quoted_form = 1;   # "Bob \"Funny\" Dude"@example.com
-#$gets_addr_in_quoted_form = 0;   # Bob "Funny" Dude@example.com
-
-
-
-# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
-#   (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
-$inet_socket_port = 10024;        # accept SMTP on this local TCP port
-                                  # (default is undef, i.e. disabled)
-# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
-
-# SMTP SERVER (INPUT) access control
-# - do not allow free access to the amavisd SMTP port !!!
-#
-# when MTA is at the same host, use the following (one or the other or both):
-$inet_socket_bind = '127.0.0.1';  # limit socket bind to loopback interface
-                                  # (default is '127.0.0.1')
-@inet_acl = qw( 127.0.0.1 );      # allow SMTP access only from localhost IP
-                                  # (default is qw( 127.0.0.1 ) )
-
-# when MTA (one or more) is on a different host, use the following:
-# @inet_acl = qw(127/8 10.1.0.1 10.1.0.2);  # adjust the list as appropriate
-# $inet_socket_bind = undef;      # bind to all IP interfaces if undef
-#
-# Example1:
-# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
-# permit only SMTP access from loopback and rfc1918 private address space
-#
-# Example2:
-# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
-#		  127.0.0.1 10/8 172.16/12 192.168/16 );
-# matches loopback and rfc1918 private address space except host 192.168.1.12
-# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
-#
-# Example3:
-# @inet_acl = qw( 127/8
-#		  !172.16.3.0   !172.16.3.127 172.16.3.0/25
-#		  !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
-# matches loopback and both halves of the 172.16.3/24 C-class,
-# split into two subnets, except all four broadcast addresses
-# for these subnets
-#
-# See README.lookups for details on specifying access control lists.
-
-
-#
-# Section III - Logging
-#
-
-# true (e.g. 1) => syslog;  false (e.g. 0) => logging to file
-$DO_SYSLOG = 1;                 # (defaults to false)
-#$SYSLOG_LEVEL = 'user.info';     # (facility.priority, default 'mail.info')
-
-# Log file (if not using syslog)
-$LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)
-
-#NOTE: levels are not strictly observed and are somewhat arbitrary
-# 0: startup/exit/failure messages, viruses detected
-# 1: args passed from client, some more interesting messages
-# 2: virus scanner output, timing
-# 3: server, client
-# 4: decompose parts
-# 5: more debug details
-#$log_level = 2;		# (defaults to 0)
-
-# Customizable template for the most interesting log file entry (e.g. with
-# $log_level=0) (take care to properly quote Perl special characters like '\')
-# For a list of available macros see README.customize .
-
-# only log infected messages (useful with log level 0):
-# $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
-# [? %#V |[? %#F ||, from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]#
-# |, from=[?%o|(?)|<%o>], to=[<%R>|,][? %i ||, quarantine %i]]';
-
-# log both infected and noninfected messages (default):
-$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
-[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
-
-
-#
-# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
-#
-
-# Select notifications text encoding when Unicode-aware Perl is converting
-# text from internal character representation to external encoding (charset
-# in MIME terminology). Used as argument to Perl Encode::encode subroutine.
-#
-#   to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
-#$hdr_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
-#
-#   to be used in notification body text: its encoding and Content-type.charset
-#$bdy_encoding = 'iso-8859-1';  # (default: 'iso-8859-1')
-
-# Default template texts for notifications may be overruled by directly
-# assigning new text to template variables, or by reading template text
-# from files. A second argument may be specified in a call to read_text(),
-# specifying character encoding layer to be used when reading from the
-# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
-# Text will be converted to internal character representation by Perl 5.8.0
-# or later; second argument is ignored otherwise. See PerlIO::encoding,
-# Encode::PerlIO and perluniintro man pages.
-#
-# $notify_sender_templ      = read_text('/var/amavis/notify_sender.txt');
-# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
-# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
-# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
-# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
-# $notify_spam_admin_templ  = read_text('/var/amavis/notify_spam_admin.txt');
-
-# If notification template files are collectively available in some directory,
-# use read_l10n_templates which calls read_text for each known template.
-#
-#   read_l10n_templates('/etc/amavis/en_US');
-#
-# Debian available locales: en_US, pt_BR, de_DE, it_IT
-read_l10n_templates('en_US', '/etc/amavis');
-
-
-# Here is an overall picture (sequence of events) of how pieces fit together
-# (only virus controls are shown, spam controls work the same way):
-#
-#   bypass_virus_checks? ==> PASS
-#   no viruses?   ==> PASS
-#   log virus     if $log_templ is nonempty
-#   quarantine    if $virus_quarantine_to is nonempty
-#   notify admin  if $virus_admin (lookup) nonempty
-#   notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
-#   add address extensions if adding extensions is enabled and virus will pass
-#   send (non-)delivery notifications
-#      to sender if DSN needed (BOUNCE or ($warn_virus_sender and D_PASS))
-#   virus_lovers or final_destiny==D_PASS  ==> PASS
-#   DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
-#
-# Equivalent flow diagram applies for spam checks.
-# If a virus is detected, spam checking is skipped entirely.
-
-# The following symbolic constants can be used in *destiny settings:
-#
-# D_PASS     mail will pass to recipients, regardless of bad contents;
-#
-# D_DISCARD  mail will not be delivered to its recipients, sender will NOT be
-#            notified. Effectively we lose mail (but will be quarantined
-#            unless disabled). Losing mail is not decent for a mailer,
-#            but might be desired.
-#
-# D_BOUNCE   mail will not be delivered to its recipients, a non-delivery
-#            notification (bounce) will be sent to the sender by amavisd-new;
-#            Exception: bounce (DSN) will not be sent if a virus name matches
-#            $viruses_that_fake_sender_re, or to messages from mailing lists
-#            (Precedence: bulk|list|junk);
-#
-# D_REJECT   mail will not be delivered to its recipients, sender should
-#            preferably get a reject, e.g. SMTP permanent reject response
-#            (e.g. with milter), or non-delivery notification from MTA
-#            (e.g. Postfix). If this is not possible (e.g. different recipients
-#            have different tolerances to bad mail contents and not using LMTP)
-#            amavisd-new sends a bounce by itself (same as D_BOUNCE).
-#
-# Notes:
-#   D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
-#            for informing the sender about non-delivery, and how informative
-#            the notification can be (amavisd-new knows more than MTA);
-#   With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
-#            notification, colloquially called 'bounce') - depending on MTA;
-#            Best suited for sendmail milter, especially for spam.
-#   With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
-#            reason for mail non-delivery, but unable to reject the original
-#            SMTP session). Best suited to reporting viruses, and for Postfix
-#            and other dual-MTA setups, which can't reject original client SMTP
-#            session, as the mail has already been enqueued.
-
-$final_virus_destiny      = D_DISCARD; # (defaults to D_BOUNCE)
-$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
-$final_spam_destiny       = D_REJECT;  # (defaults to D_REJECT)
-$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested
-
-# Alternatives to consider for spam:
-# - use D_PASS if clients will do filtering based on inserted mail headers;
-# - use D_DISCARD, if kill_level is set safely high;
-# - use D_BOUNCE instead of D_REJECT if not using milter;
-#
-# D_BOUNCE is preferred for viruses, but consider:
-# - use D_DISCARD to avoid bothering the rest of the network, it is hopeless
-#   to try to keep up with the viruses that faker the envelope sender anyway,
-#   and bouncing only increases the network cost of viruses for everyone
-# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
-# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
-#   virus storm;
-#
-# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
-# to D_BOUNCE.
-#
-# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
-# and D_PASS made settings $warnvirussender and $warnspamsender only still
-# useful with D_PASS.
-
-# The following $warn*sender settings are ONLY used when mail is
-# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
-# Bounces or rejects produce non-delivery status notification anyway.
-
-# Notify virus sender?
-#$warnvirussender = 1;	# (defaults to false (undef))
-
-# Notify spam sender?
-#$warnspamsender = 1;	# (defaults to false (undef))
-
-# Notify sender of banned files?
-#$warnbannedsender = 1;	# (defaults to false (undef))
-
-# Notify sender of syntactically invalid header containing non-ASCII characters?
-#$warnbadhsender = 1;	# (defaults to false (undef))
-
-# Notify virus (or banned files) RECIPIENT?
-#  (not very useful, but some policies demand it)
-#$warnvirusrecip = 1;	# (defaults to false (undef))
-#$warnbannedrecip = 1;	# (defaults to false (undef))
-
-# Notify also non-local virus/banned recipients if $warn*recip is true?
-#  (including those not matching local_domains*)
-#$warn_offsite = 1;    # (defaults to false (undef), i.e. only notify locals)
-
-
-# Treat envelope sender address as unreliable and don't send sender
-# notification / bounces if name(s) of detected virus(es) match the list.
-# Note that virus names are supplied by external virus scanner(s) and are
-# not standardized, so virus names may need to be adjusted.
-# See README.lookups for syntax, check also README.policy-on-notifications
-#
-$viruses_that_fake_sender_re = new_RE(
-  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
-  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
-  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
-  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
-  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan
-  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc
-  [qr'^(EICAR|Joke\.|Junk\.)'i         => 0],
-  [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i  => 0],
-  [qr/.*/ => 1],  # true by default  (remove or comment-out if undesired)
-);
-
-# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
-# - the administrator address may be a simple fixed e-mail address (a scalar),
-#   or may depend on the SENDER address (e.g. its domain), in which case
-#   a ref to a hash table can be specified (specify lower-cased keys,
-#   dot is a catchall, see README.lookups).
-#
-#   Empty or undef lookup disables virus admin notifications.
-
-# $virus_admin = undef;   # do not send virus admin notifications (default)
-# $virus_admin = {'not.example.com' => '', '.' => 'virusalert@example.com'};
-# $virus_admin = 'virus-admin@example.com';
-$virus_admin = "postmaster\@$mydomain";		# due to D_DISCARD default
-
-# equivalent to $virus_admin, but for spam admin notifications:
-# $spam_admin = "spamalert\@$mydomain";
-# $spam_admin = undef;    # do not send spam admin notifications (default)
-# $spam_admin = {'not.example.com' => '', '.' => 'spamalert@example.com'};
-
-#advanced example, using a hash lookup table:
-#$virus_admin = {
-# 'baduser@sub1.example.com' => 'HisBoss@sub1.example.com',
-# '.sub1.example.com'  => 'virusalert@sub1.example.com',
-# '.sub2.example.com'  => '',                  # don't send admin notifications
-# 'a.sub3.example.com' => 'abuse@sub3.example.com',
-# '.sub3.example.com'  => 'virusalert@sub3.example.com',
-# '.example.com'       => 'noc@example.com',   # catchall for our virus senders
-# '.'                  => 'virusalert@hq.example.com',  # catchall for the rest
-#};
-
-
-# whom notification reports are sent from (ENVELOPE SENDER);
-# may be a null reverse path, or a fully qualified address:
-#   (admin and recip sender addresses default to $mailfrom
-#   for compatibility, which in turn defaults to undef (empty) )
-#   If using strings in double quotes, don't forget to quote @, i.e. \@
-#
-#$mailfrom_notify_admin     = "virusalert\@$mydomain";
-#$mailfrom_notify_recip     = "virusalert\@$mydomain";
-#$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
-
-# 'From' HEADER FIELD for sender and admin notifications.
-# This should be a replyable address, see rfc1894. Not to be confused
-# with $mailfrom_notify_sender, which is the envelope return address
-# and should be empty (null reverse path) according to rfc2821.
-#
-# The syntax of the 'From' header field is specified in rfc2822, section
-# '3.4. Address Specification'. Note in particular that display-name must be
-# a quoted-string if it contains any special characters like spaces and dots.
-#
-# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
-# $hdrfrom_notify_sender = 'amavisd-new <postmaster@example.com>';
-# $hdrfrom_notify_sender = '"Content-Filter Master" <postmaster@example.com>';
-#   (defaults to: "amavisd-new <postmaster\@$myhostname>")
-# $hdrfrom_notify_admin = $mailfrom_notify_admin;
-#   (defaults to: $mailfrom_notify_admin)
-# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
-#   (defaults to: $mailfrom_notify_spamadmin)
-
-# whom quarantined messages appear to be sent from (envelope sender);
-# keeps original sender if undef, or set it explicitly, default is undef
-$mailfrom_to_quarantine = '';   # override sender address with null return path
-
-
-# Location to put infected mail into: (applies to 'local:' quarantine method)
-#   empty for not quarantining, may be a file (mailbox),
-#   or a directory (no trailing slash)
-#   (the default value is undef, meaning no quarantine)
-#
-$QUARANTINEDIR = '/var/lib/amavis/virusmails';
-
-#$virus_quarantine_method = "local:virus-%i-%n";    # default
-#$spam_quarantine_method  = "local:spam-%b-%i-%n";  # default
-#
-#use the new 'bsmtp:' method as an alternative to the default 'local:'
-#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
-#$spam_quarantine_method  = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
-
-# When using the 'local:' quarantine method (default), the following applies:
-#
-# A finer control of quarantining is available through variable
-# $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
-# or a ref to a hash lookup table, or a regexp lookup table object,
-# which makes possible to set up per-recipient quarantine addresses.
-#
-# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
-# per-recipient lookup result from the hash table %$virus_quarantine_to)
-# is/are interpreted as follows:
-#
-# VARIANT 1:
-#   empty or undef disables quarantine;
-#
-# VARIANT 2:
-#   a string NOT containing an '@';
-# amavisd will behave as a local delivery agent (LDA) and will quarantine
-# viruses to local files according to hash %local_delivery_aliases (pseudo
-# aliases map) - see subroutine mail_to_local_mailbox() for details.
-# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
-# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
-#
-# * if $QUARANTINEDIR is a directory, each quarantined virus will go
-#   to a separate file in the $QUARANTINEDIR directory (traditional
-#   amavis style, similar to maildir mailbox format);
-#
-# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
-#   mailbox. All quarantined messages will be appended to this file.
-#   Amavisd child process must obtain an exclusive lock on the file during
-#   delivery, so this may be less efficient than using individual files
-#   or forwarding to MTA, and it may not work across NFS or other non-local
-#   file systems (but may be handy for pickup of quarantined files via IMAP
-#   for example);
-#
-# VARIANT 3:
-#   any email address (must contain '@').
-# The e-mail messages to be quarantined will be handed to MTA
-# for delivery to the specified address. If a recipient address local to MTA
-# is desired, you may leave the domain part empty, e.g. 'infected@', but the
-# '@' character must nevertheless be included to distinguish it from variant 2.
-#
-# This method enables more refined delivery control made available by MTA
-# (e.g. its aliases file, other local delivery agents, dealing with
-# privileges and file locking when delivering to user's mailbox, nonlocal
-# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
-# will not be handed back to amavisd for checking, as this will cause a loop
-# (hopefully broken at some stage)! If this can be assured, notifications
-# will benefit too from not being unnecessarily virus-scanned.
-#
-# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
-# setup, but probably not safe with sendmail milter interface without
-# precaution.
-
-# (the default value is undef, meaning no quarantine)
-
-$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
-#$virus_quarantine_to = 'infected@';           # forward to MTA for delivery
-#$virus_quarantine_to = "virus-quarantine\@$mydomain";   # similar
-#$virus_quarantine_to = 'virus-quarantine@example.com';  # similar
-#$virus_quarantine_to = undef;                 # no quarantine
-#
-#$virus_quarantine_to = new_RE(                # per-recip multiple quarantines
-#  [qr'^user@example\.com$'i => 'infected@'],
-#  [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
-#  [qr'^(.*)(@[^@])?$'i      => 'virus-${1}${2}'],
-#  [qr/.*/                   => 'virus-quarantine'] );
-
-# similar for spam
-# (the default value is undef, meaning no quarantine)
-#
-$spam_quarantine_to = 'spam-quarantine';
-#$spam_quarantine_to = "spam-quarantine\@$mydomain";
-#$spam_quarantine_to = new_RE(                 # per-recip multiple quarantines
-#  [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
-#  [qr/.*/                   => 'spam-quarantine'] );
-
-# In addition to per-recip quarantine, a by-sender lookup is possible. It is
-# similar to $spam_quarantine_to, but the lookup key is the sender address:
-#$spam_quarantine_bysender_to = undef;   # dflt: no by-sender spam quarantine
-
-
-# Add X-Virus-Scanned header field to mail?
-$X_HEADER_TAG = 'X-Virus-Scanned';	# (default: undef)
-# Leave empty to add no header		# (default: undef)
-$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
-
-# a string to prepend to Subject (for local recipients only) if mail could
-# not be decoded or checked entirely, e.g. due to password-protected archives
-$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it
-
-$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
-#$remove_existing_x_scanned_headers= 1; # remove existing headers
-					# (defaults to false)
-#$remove_existing_spam_headers = 0;     # leave existing X-Spam* headers alone
-$remove_existing_spam_headers  = 1;     # remove existing spam headers if
-					# spam scanning is enabled (default)
-
-# set $bypass_decode_parts to true if you only do spam scanning, or if you
-# have a good virus scanner that can deal with compression and recursively
-# unpacking archives by itself, and save amavisd the trouble.
-# Disabling decoding also causes banned_files checking to only see
-# MIME names and MIME content types, not the content classification types
-# as provided by the file(1) utility.
-# It is a double-edged sword, make sure you know what you are doing!
-#
-#$bypass_decode_parts = 1;		# (defaults to false)
-
-# don't trust this file type or corresponding unpacker for this file type,
-# keep both the original and the unpacked file for a virus checker to see
-# (lookup key is what file(1) utility returned):
-#
-$keep_decoded_original_re = new_RE(
-# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
-  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables
-  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
-# qr'^Zip archive data',
-);
-
-# Checking for banned MIME types and names. If any mail part matches,
-# the whole mail is rejected, much like the way viruses are handled.
-# A list in object $banned_filename_re can be defined to provide a list
-# of Perl regular expressions to be matched against each part's:
-#
-#  * Content-Type value (both declared and effective mime-type),
-#    including the possible security risk content types
-#    message/partial and message/external-body, as specified by rfc2046;
-#
-#  * declared (i.e. recommended) file names as specified by MIME subfields
-#    Content-Disposition.filename and Content-Type.name, both in their
-#    raw (encoded) form and in rfc2047-decoded form if applicable;
-#
-#  * file content type as guessed by 'file' utility, both the raw
-#    result from 'file', as well as short type name, classified
-#    into names such as .asc, .txt, .html, .doc, .jpg, .pdf,
-#    .zip, .exe, ... - see subroutine determine_file_types().
-#    This step is done only if $bypass_decode_parts is not true.
-#
-#  * leave $banned_filename_re undefined to disable these checks
-#    (giving an empty list to new_RE() will also always return false)
-
-$banned_filename_re = new_RE(
-#  qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
-   qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double extensions
-   qr'[{}]',     # curly braces in names (serve as Class ID extensions - CLSID)
-#  qr'.\.(exe|vbs|pif|scr|bat|cmd|com)$'i,           # banned extension - basic
-#  qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
-#         jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
-#         vbe|vbs|wsc|wsf|wsh)$'ix,                  # banned extension - long
-#  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab.
-#  qr'^\.(zip|lha|tnef|cab)$'i,                      # banned file(1) types
-#  qr'^\.exe$'i,                                     # banned file(1) types
-#  qr'^application/x-msdownload$'i,                  # banned MIME types
-#  qr'^application/x-msdos-program$'i,
-   qr'^message/partial$'i,  # rfc2046. this one is deadly for Outcrook
-#  qr'^message/external-body$'i, # block rfc2046
-);
-# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
-# and http://www.cknow.com/vtutor/vtextensions.htm
-
-# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
-# as well as any file name which happens to end with .exe. If only matching
-# a file name is desired, but not the short name, a pattern qr'.\.exe$'i
-# or similar may be used, which requires that at least one character precedes
-# the '.exe', and so it will never match short file types, which always start
-# with a dot.
-
-
-#
-# Section V - Per-recipient and per-sender handling, whitelisting, etc.
-#
-
-# %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables:
-#   (these should be considered policy options, they do not disable checks,
-#   see bypass*checks for that!)
-#
-# Exclude certain RECIPIENTS from virus filtering by adding their lower-cased
-# envelope e-mail address (or domain only) to the hash %virus_lovers, or to
-# the access list @virus_lovers_acl - see README.lookups and examples.
-# Make sure the appropriate form (e.g. external/internal) of address
-# is used in case of virtual domains, or when mapping external to internal
-# addresses, etc. - this is MTA-specific.
-#
-# Notifications would still be generated however (see the overall
-# picture above), and infected mail (if passed) gets additional header:
-#   X-AMaViS-Alert: INFECTED, message contains virus: ...
-# (header not inserted with milter interface!)
-#
-# NOTE (milter interface only): in case of multiple recipients,
-# it is only possible to drop or accept the message in its entirety - for all
-# recipients. If all of them are virus lovers, we'll accept mail, but if
-# at least one recipient is not a virus lover, we'll discard the message.
-
-
-# %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re
-# lookup tables:
-#   (this is mainly a time-saving option, unlike virus_lovers* !)
-#
-# Similar in concept to %virus_lovers, a hash %bypass_virus_checks,
-# access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re
-# are used to skip entirely the decoding, unpacking and virus checking,
-# but only if ALL recipients match the lookup.
-#
-# %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re
-# do NOT GUARANTEE the message will NOT be checked for viruses - this may
-# still happen when there is more than one recipient for a message, and
-# not all of them match these lookup tables. To guarantee virus delivery,
-# a recipient must also match %virus_lovers/@virus_lovers_acl lookups
-# (but see milter limitations above),
-
-# NOTE: it would not be clever to base virus checks on SENDER address,
-# since there are no guarantees that it is genuine. Many viruses
-# and spam messages fake sender address. To achieve selective filtering
-# based on the source of the mail (e.g. IP address, MTA port number, ...),
-# use mechanisms provided by MTA if available.
-
-
-# Similar to lookup tables controlling virus checking, there exist
-# spam scanning, banned names/types, and headers_checks control counterparts:
-#   %spam_lovers, @spam_lovers_acl, $spam_lovers_re
-#   %banned_files_lovers, @banned_files_lovers_acl, $banned_files_lovers_re
-#   %bad_header_lovers, @bad_header_lovers_acl, $bad_header_lovers_re
-# and:
-#   %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re
-#   %bypass_banned_checks/@bypass_banned_checks_acl/$bypass_banned_checks_re
-#   %bypass_header_checks/@bypass_header_checks_acl/$bypass_header_checks_re
-# See README.lookups for details about the syntax.
-
-# The following example disables spam checking altogether,
-# since it matches any recipient e-mail address (any address
-# is a subdomain of the top-level root DNS domain):
-#   @bypass_spam_checks_acl = qw( . );
-
-#   @bypass_header_checks_acl = qw( user@example.com );
-#   @bad_header_lovers_acl    = qw( user@example.com );
-
-
-# See README.lookups for further detail, and examples below.
-
-# $virus_lovers{lc("postmaster\@$mydomain")} = 1;
-# $virus_lovers{lc('postmaster@example.com')} = 1;
-# $virus_lovers{lc('abuse@example.com')} = 1;
-# $virus_lovers{lc('some.user@')} = 1;  # this recipient, regardless of domain
-# $virus_lovers{lc('boss@example.com')} = 0; # never, even if domain matches
-# $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
-# $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
-#or:
-# @virus_lovers_acl = qw( me@lab.xxx.com !lab.xxx.com .xxx.com yyy.org );
-#
-# $bypass_virus_checks{lc('some.user2@butnot.example.com')} = 1;
-# @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );
-
-# @virus_lovers_acl = qw( postmaster@example.com );
-# $virus_lovers_re = new_RE( qr'^(helpdesk|postmaster)@example\.com$'i );
-
-# $spam_lovers{lc("postmaster\@$mydomain")} = 1;
-# $spam_lovers{lc('postmaster@example.com')} = 1;
-# $spam_lovers{lc('abuse@example.com')} = 1;
-# @spam_lovers_acl = qw( !.example.com );
-# $spam_lovers_re = new_RE( qr'^user@example\.com$'i );
-
-
-# don't run spam check for these RECIPIENT domains:
-#   @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com );
-# or the other way around (bypass check for all BUT these):
-#   @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . );
-# a practical application: don't check outgoing mail for spam:
-#   @bypass_spam_checks_acl = ( "!.$mydomain", "." );
-# (a downside of which is that such mail will not count as ham in SA bayes db)
-
-
-# Where to find SQL server(s) and database to support SQL lookups?
-# A list of triples: (dsn,user,passw).   (dsn = data source name)
-# More than one entry may be specified for multiple (backup) SQL servers.
-# See 'man DBI', 'man DBD::mysql', 'man DBD::Pg', ... for details.
-# When chroot-ed, accessing SQL server over inet socket may be more convenient.
-#
-# @lookup_sql_dsn =
-#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
-#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'] );
-#
-
-@lookup_sql_dsn = ( ['DBI:mysql:database=mailserver;host=127.0.0.1;port=3306', 'root', '']);
-
-
-# ('mail' in the example is the database name, choose what you like)
-# With PostgreSQL the dsn (first element of the triple) may look like:
-#      'DBI:Pg:host=host1;dbname=mail'
-
-# The SQL select clause to fetch per-recipient policy settings.
-# The %k will be replaced by a comma-separated list of query addresses
-# (e.g. full address, domain only, catchall).  Use ORDER, if there
-# is a chance that multiple records will match - the first match wins.
-# If field names are not unique (e.g. 'id'), the later field overwrites the
-# earlier in a hash returned by lookup, which is why we use '*,users.id'.
- 
-$sql_select_policy = 'SELECT *,users.id FROM users,policy'.
-  ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
-  ' ORDER BY users.priority DESC';
-
-# The SQL select clause to check sender in per-recipient whitelist/blacklist
-# The first SELECT argument '?' will be users.id from recipient SQL lookup,
-# the %k will be sender addresses (e.g. full address, domain only, catchall).
-$sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
-    ' WHERE (wblist.rid=?) AND (wblist.sid=mailaddr.id)'.
-    '   AND (mailaddr.email IN (%k))'.
-    ' ORDER BY mailaddr.priority DESC';
-
-# $sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting
-
-
-# If you decide to pass viruses (or spam) to certain recipients using the
-# above lookup tables or using $final_virus_destiny=D_PASS, you can set
-# the variable $addr_extension_virus ($addr_extension_spam) to some
-# string, and the recipient address will have this string appended
-# as an address extension to the local-part of the address. This extension
-# can be used by final local delivery agent to place such mail in different
-# folders. Leave these two variables undefined or empty strings to prevent
-# appending address extensions. Setting has no effect on recipient which will
-# not be receiving viruses/spam. Recipients who do not match lookup tables
-# local_domains* are not affected.
-#
-# LDAs usually default to stripping away address extension if no special
-# handling is specified, so having this option enabled normally does no harm,
-# provided the $recipients_delimiter matches the setting on the final
-# MTA's LDA.
-
-# $addr_extension_virus  = 'virus';	# (default is undef, same as empty)
-# $addr_extension_spam   = 'spam';	# (default is undef, same as empty)
-# $addr_extension_banned = 'banned';	# (default is undef, same as empty)
-
-
-# Delimiter between local part of the recipient address and address extension
-# (which can optionally be added, see variables $addr_extension_virus and
-# $addr_extension_spam). E.g. recipient address <user@example.com> gets changed
-# to <user+virus@example.com>.
-#
-# Delimiter should match equivalent (final) MTA delimiter setting.
-# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
-# Setting it to an empty string or to undef disables this feature
-# regardless of $addr_extension_virus and $addr_extension_spam settings.
-
-$recipient_delimiter = '+';		# (default is '+')
-
-# true: replace extension;  false: append extension
-$replace_existing_extension = 1;	# (default is false)
-
-# Affects matching of localpart of e-mail addresses (left of '@')
-# in lookups: true = case sensitive, false = case insensitive
-$localpart_is_case_sensitive = 0;	# (default is false)
-
-
-# ENVELOPE SENDER WHITELISTING / BLACKLISTING  - GLOBAL (RECIPIENT-INDEPENDENT)
-# (affects spam checking only, has no effect on virus and other checks)
-
-# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
-# senders even if the message would be recognized as spam. Effectively, for
-# the specified senders, message recipients temporarily become 'spam_lovers'.
-# To avoid surprises, whitelisted sender also suppresses inserting/editing
-# the tag2-level header fields (X-Spam-*, Subject), appending spam address
-# extension, and quarantining.
-
-# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
-# Effectively, for messages from blacklisted senders, spam level
-# is artificially pushed high, and the normal spam processing applies,
-# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
-# reactions to spam, including possible rejection. If the message nevertheless
-# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
-# in the 'X-Spam-Status' header field, but the reported spam value and
-# set of tests in this report header field (if available from SpamAssassin,
-# which may have not been called) is not adjusted.
-#
-# A sender may be both white- and blacklisted at the same time, settings
-# are independent. For example, being both white- and blacklisted, message
-# is delivered to recipients, but is not tagged as spam (X-Spam-Flag: No;
-# X-Spam-Status: No, ...), but the reported spam level (if computed) may
-# still indicate high spam score.
-#
-# If ALL recipients of the message either white- or blacklist the sender,
-# spam scanning (calling the SpamAssassin) is bypassed, saving on time.
-#
-# The following variables (lookup tables) are available, with the semantics
-# and syntax as specified in README.lookups:
-#
-# %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
-# %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re
-
-# SOME EXAMPLES:
-#
-#ACL:
-# @whitelist_sender_acl = qw( .example.com );
-#
-# @whitelist_sender_acl = ( ".$mydomain" );  # $mydomain and its subdomains
-# NOTE: This is not a reliable way of turning off spam checks for
-#       locally-originating mail, as sender address can easily be faked.
-#       To reliably avoid spam-scanning outgoing mail,
-#       use @bypass_spam_checks_acl .
-
-#RE:
-# $whitelist_sender_re = new_RE(
-#   qr'^postmaster@.*\bexample\.com$'i,
-#   qr'owner-[^@]*@'i,  qr'-request@'i,
-#   qr'\.example\.com$'i );
-#
-$blacklist_sender_re = new_RE(
-    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
-    qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
-    qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
-    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
-    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
-    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
-);
-
-#HASH lookup variant:
-# NOTE: Perl operator qw splits its argument string by whitespace
-# and produces a list. This means that addresses can not contain
-# whitespace, and there is no provision for comments within the string.
-# You can use the normal Perl list syntax if you have special requirements,
-# e.g. map {...} ('one user@bla', '.second.com'), or use read_hash to read
-# addresses from a file.
-#
-
-# a hash lookup table can be read from a file,
-# one address per line, comments and empty lines are permitted:
-#
-# read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender');
-
-# ... or set directly:
-map { $whitelist_sender{lc($_)}=1 } (qw(
-  nobody@cert.org
-  owner-alert@iss.net
-  slashdot@slashdot.org
-  bugtraq@securityfocus.com
-  NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
-  security-alerts@linuxsecurity.com
-  amavis-user-admin@lists.sourceforge.net
-  razor-users-admin@lists.sourceforge.net
-  notification-return@lists.sophos.com
-  mailman-announce-admin@python.org
-  zope-announce-admin@zope.org
-  owner-postfix-users@postfix.org
-  owner-postfix-announce@postfix.org
-  owner-sendmail-announce@lists.sendmail.org
-  sendmail-announce-request@lists.sendmail.org
-  ca+envelope@sendmail.org
-  owner-technews@postel.ACM.ORG
-  lvs-users-admin@LinuxVirtualServer.org
-  ietf-123-owner@loki.ietf.org
-  cvs-commits-list-admin@gnome.org
-  rt-users-admin@lists.fsck.com
-  owner-announce@mnogosearch.org
-  owner-hackers@ntp.org
-  owner-bugs@ntp.org
-  clp-request@comp.nus.edu.sg
-  surveys-errors@lists.nua.ie
-  emailNews@genomeweb.com
-  owner-textbreakingnews@CNNIMAIL12.CNN.COM
-  yahoo-dev-null@yahoo-inc.com
-));
-
-
-# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
-
-# The same semantics as for global white/blacklisting applies, but this
-# time each recipient (or its domain, or subdomain, ...) can be given
-# an individual lookup table for matching senders. The per-recipient lookups
-# override the global lookups, which serve as a fallback default.
-
-# Specify a two-level lookup table: the key for the outer table is recipient,
-# and the result should be an inner lookup table (hash or ACL or RE),
-# where the key used will be the sender.
-#
-#$per_recip_blacklist_sender_lookup_tables = {
-# 'user1@my.example.com'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
-# 'user2@my.example.com'=>[qw( spammer@d1.example,org .d2.example,org )],
-#};
-#$per_recip_whitelist_sender_lookup_tables = {
-# 'user@my.example.com' => [qw( friend@example.org .other.example.org )],
-# '.my1.example.com'    => [qw( !foe.other.example,org .other.example,org )],
-# '.my2.example.com'    => read_hash('/var/amavis/my2-wl.dat'),
-# 'abuse@' => { 'postmaster@'=>1,
-#               'cert-advisory-owner@cert.org'=>1, 'owner-alert@iss.net'=>1 },
-#};
-
-
-#
-# Section VI - Resource limits
-#
-
-# Sanity limit to the number of allowed recipients per SMTP transaction
-# $smtpd_recipient_limit = 1000;  # (default is 1000)
-
-
-# Resource limits to protect unpackers, decompressors and virus scanners
-# against mail bombs (e.g. 42.zip)
-
-# Maximum recursion level for extraction/decoding (0 or undef disables limit)
-$MAXLEVELS = 14;		# (default is undef, no limit)
-
-# Maximum number of extracted files (0 or undef disables the limit)
-$MAXFILES = 1500;		# (default is undef, no limit)
-
-# For the cumulative total of all decoded mail parts we set max storage size
-# to defend against mail bombs. Even though parts may be deleted (replaced
-# by decoded text) during decoding, the size they occupied is _not_ returned
-# to the quota pool.
-#
-# Parameters to storage quota formula for unpacking/decoding/decompressing
-#   Formula:
-#     quota = max($MIN_EXPANSION_QUOTA,
-#                 $mail_size*$MIN_EXPANSION_FACTOR,
-#                 min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
-#   In plain words (later condition overrules previous ones):
-#     allow MAX_EXPANSION_FACTOR times initial mail size,
-#     but not more than MAX_EXPANSION_QUOTA,
-#     but not less than MIN_EXPANSION_FACTOR times initial mail size,
-#     but never less than MIN_EXPANSION_QUOTA
-#
-$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
-$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
-$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (must be specified)
-$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (must be specified)
-
-
-#
-# Section VII - External programs, virus scanners
-#
-
-# Specify a path string, which is a colon-separated string of directories
-# (no trailing slashes!) to be assigned to the environment variable PATH
-# and to serve for locating external programs below.
-
-# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
-#       relative to the chroot directory specified;
-
-$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
-
-# Specify one string or a search list of strings (first match wins).
-# The string (or: each string in a list) may be an absolute path,
-# or just a program name, to be located via $path;
-# Empty string or undef (=default) disables the use of that external program.
-# Optionally command arguments may be specified - only the first substring
-# up to the whitespace is used for file searching.
-
-$file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability
-
-$gzip   = 'gzip';
-$bzip2  = 'bzip2';
-$lzop   = 'lzop';
-$uncompress = ['uncompress', 'gzip -d', 'zcat'];
-$unfreeze   = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
-$arc        = ['nomarch', 'arc'];
-$unarj      = ['arj', 'unarj'];  # both can extract, arj is recommended
-$unrar      = ['rar', 'unrar'];  # both can extract, same options
-$zoo    = 'zoo';
-$lha    = 'lha';
-$cpio   = 'cpio';   # comment out if cpio does not support GNU options
-
-
-# SpamAssassin settings
-
-# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
-# of the option local_tests_only. See Mail::SpamAssassin man page.
-# If set to 1, SA tests are restricted to local tests only, i.e. no tests
-# that require internet access will be performed.
-#
-$sa_local_tests_only = 1;   # (default: false)
-#$sa_auto_whitelist = 1;    # turn on AWL (default: false)
-
-# Timout for SpamAssassin. This is only used if spamassassin does NOT
-# override it (which it often does if sa_local_tests_only is not true)
-$sa_timeout = 30;           # timeout in seconds for a call to SpamAssassin
-                            # (default is 30 seconds, undef disables it)
-
-# AWL (auto whitelisting), requires spamassassin 2.44 or better
-# $sa_auto_whitelist = 1;   # defaults to undef
-
-$sa_mail_body_size_limit = 150*1024;  # don't waste time on SA is mail is larger
-			    # (less than 1% of spam is > 64k)
-			    # default: undef, no limitations
-
-# default values, can be overridden by more specific lookups, e.g. SQL
-$sa_tag_level_deflt  = 4.0; # add spam info headers if at, or above that level
-$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
-$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
-                           # at or above that level: bounce/reject/drop,
-                           # quarantine, and adding mail address extension
-
-$sa_dsn_cutoff_level = 10;  # spam level beyond which a DSN is not sent,
-                            # effectively turning D_BOUNCE into D_DISCARD;
-                            # undef disables this feature and is a default;
-
-#
-# The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
-# may also be hashrefs to hash lookup tables, to make static per-recipient
-# settings possible without having to resort to SQL or LDAP lookups.
-
-# a quick reference:
-#   tag_level  controls adding the X-Spam-Status and X-Spam-Level headers,
-#   tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
-#   kill_level controls 'evasive actions' (reject, quarantine, extensions);
-# it only makes sense to maintain the relationship:
-# tag_level <= tag2_level <= kill_level < $sa_dsn_cutoff_level
-
-# string to prepend to Subject header field when message exceeds tag2 level
-$sa_spam_subject_tag = '***SPAM*** ';	# (defaults to undef, disabled)
-			     # (only seen when spam is not to be rejected
-			     # and recipient is in local_domains*)
-
-#$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
-# Example: modify Subject for all local recipients except user@example.com
-#$sa_spam_modifies_subj = [qw( !user@example.com . )];
-
-# stop anti-virus scanning when the first scanner detects a virus?
-$first_infected_stops_scan = 1;  # default is false, all scanners are called
-
-# @av_scanners is a list of n-tuples, where fields semantics is:
-#  1. av scanner plain name, to be used in log and reports;
-#  2. scanner program name; this string will be submitted to subroutine
-#     find_external_programs(), which will try to find the full program
-#     path name; if program is not found, this scanner is disabled.
-#     Besides a simple string (full program path name or just the basename
-#     to be looked for in PATH), this may be an array ref of alternative
-#     program names or full paths - the first match in the list will be used;
-#     As a special case for more complex scanners, this field may be
-#     a subroutine reference, and the whole n-tuple is passed to it as args.
-#  3. command arguments to be given to the scanner program;
-#     a substring {} will be replaced by the directory name to be scanned,
-#     i.e. "$tempdir/parts", a "*" will be replaced by file names of parts;
-#  4. an array ref of av scanner exit status values, or a regexp (to be
-#     matched against scanner output), indicating NO VIRUSES found;
-#  5. an array ref of av scanner exit status values, or a regexp (to be
-#     matched against scanner output), indicating VIRUSES WERE FOUND;
-#     Note: the virus match prevails over a 'not found' match, so it is safe
-#     even if the no. 4. matches for viruses too;
-#  6. a regexp (to be matched against scanner output), returning a list
-#     of virus names found.
-#  7. and 8.: (optional) subroutines to be executed before and after scanner
-#     (e.g. to set environment or current directory);
-#     see examples for these at KasperskyLab AVP and Sophos sweep.
-
-# NOTES:
-#
-# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
-#   whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
-#   (which can be handy if all you want to do is spam scanning);
-#
-# - the order matters: although _all_ available entries from the list are
-#   always tried regardless of their verdict, scanners are run in the order
-#   specified: the report from the first one detecting a virus will be used
-#   (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
-#
-# - it doesn't hurt to keep an unused command line scanner entry in the list
-#   if the program can not be found; the path search is only performed once
-#   during the program startup;
-#
-#   COROLLARY: to disable a scanner that _does_ exist on your system,
-#   comment out its entry or use undef or '' as its program name/path
-#   (second parameter). An example where this is almost a must: disable
-#   Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
-#   (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
-#   program happens to have a name matching one of the entries ('sweep'
-#   again comes to mind);
-#
-# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
-#   for interfacing (where the second parameter starts with \&).
-#   Keeping such entry and not having a corresponding virus scanner daemon
-#   causes an unnecessary connection attempt (which eventually times out,
-#   but it wastes precious time). For this reason the daemonized entries
-#   are commented in the distribution - just remove the '#' where needed.
-#
-# CERT list of av resources: http://www.cert.org/other_sources/viruses.html
-
-@av_scanners = (
-
-# ### http://www.vanja.com/tools/sophie/
-# ['Sophie',
-#   \&ask_daemon, ["{}/\n", '/var/run/sophie'],
-#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
-#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
-
-# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
-# ['Sophos SAVI', \&sophos_savi ],
-
-### http://www.clamav.net/
-['Clam Antivirus-clamd',
-  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
-  qr/\bOK$/, qr/\bFOUND$/,
-  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
-# NOTE: run clamd under the same user as amavisd;  match the socket
-# name (LocalSocket) in clamav.conf to the socket name in this entry
-# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
-
-# ### http://www.openantivirus.org/
-# ['OpenAntiVirus ScannerDaemon (OAV)',
-#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
-#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
-
-# ### http://www.vanja.com/tools/trophie/
-# ['Trophie',
-#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
-#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
-#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
-
-# ### http://www.grisoft.com/
-# ['AVG Anti-Virus',
-#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
-#   qr/^200/, qr/^403/, qr/^403 .*?: (.+)/ ],
-
-# ### http://www.f-prot.com/
-# ['FRISK F-Prot Daemon',
-#   \&ask_daemon,
-#   ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n",
-#     ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
-#      '127.0.0.1:10203','127.0.0.1:10204'] ],
-#   qr/(?i)<summary[^>]*>clean<\/summary>/,
-#   qr/(?i)<summary[^>]*>infected<\/summary>/,
-#   qr/(?i)<name>(.+)<\/name>/ ],
-
-  ['KasperskyLab AVP - aveclient',
-    ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
-     '/opt/kav/bin/aveclient','aveclient'],
-    '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/\b(INFECTED|SUSPICION)\b/,
-    qr/(?:INFECTED|SUSPICION) (.+)/,
-  ],
-
-  ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
-    '-* -P -B -Y -O- {}', [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
-    qr/infected: (.+)/,
-    sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
-    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
-  ],
-
-  ### The kavdaemon and AVPDaemonClient have been removed from Kasperky
-  ### products and replaced by aveserver and aveclient
-  ['KasperskyLab AVPDaemonClient',
-    [ '/opt/AVP/kavdaemon',       'kavdaemon',
-      '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
-      '/opt/AVP/AvpTeamDream',    'AvpTeamDream',
-      '/opt/AVP/avpdc', 'avpdc' ],
-    "-f=$TEMPBASE {}", [0,8,16,24], [2,3,4,5,6, 18,19,20,21,22],
-    qr/infected: ([^\r\n]+)/ ],
-    # change the startup-script in /etc/init.d/kavd to:
-    #   DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
-    #   (or perhaps:   DPARMS="-I0 -Y -* /var/amavis" )
-    # adjusting /var/amavis above to match your $TEMPBASE.
-    # The '-f=/var/amavis' is needed if not running it as root, so it
-    # can find, read, and write its pid file, etc., see 'man kavdaemon'.
-    # defUnix.prf: there must be an entry "*/var/amavis" (or whatever
-    #   directory $TEMPBASE specifies) in the 'Names=' section.
-    # cd /opt/AVP/DaemonClients; configure; cd Sample; make
-    # cp AvpDaemonClient /opt/AVP/
-    # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
-
-  ### http://www.hbedv.com/ or http://www.centralcommand.com/
-  ['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
-    ['antivir','vexira'],
-    '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
-    qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
-         (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
-    # NOTE: if you only have a demo version, remove -z and add 214, as in:
-    #  '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
-
-  ### http://www.commandsoftware.com/
-  ['Command AntiVirus for Linux', 'csav',
-    '-all -archive -packed {}', [50], [51,52,53],
-    qr/Infection: (.+)/ ],
-
-  ### http://www.symantec.com/
-  ['Symantec CarrierScan via Symantec CommandLineScanner',
-    'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
-    qr/^Files Infected:\s+0$/, qr/^Infected\b/,
-    qr/^(?:Info|Virus Name):\s+(.+)/ ],
-
-  ### http://www.symantec.com/
-  ['Symantec AntiVirus Scan Engine',
-    'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
-    [0], qr/^Infected\b/,
-    qr/^(?:Info|Virus Name):\s+(.+)/ ],
-    # NOTE: check options and patterns to see which entry better applies
-
-  ### http://www.sald.com/, http://drweb.imshop.de/
-  ['drweb - DrWeb Antivirus',
-    ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
-    '-path={} -al -go -ot -cn -upn -ok-',
-    [0,32], [1,33], qr' infected (?:with|by)(?: virus)? (.*)$'],
-
-# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
-# ['DrWebD', \&ask_daemon,   # DrWebD 4.31 or later
-#   [pack('N',1).  # DRWEBD_SCAN_CMD
-#    pack('N',0x00280001).   # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
-#    pack('N',     # path length
-#      length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/part-xxxxx")).
-#    '{}/*'.       # path
-#    pack('N',0).  # content size
-#    pack('N',0),
-#    '/var/drweb/run/drwebd.sock',
-#  # '/var/amavis/var/run/drwebd.sock',   # suitable for chroot
-#  # '/usr/local/drweb/run/drwebd.sock',  # FreeBSD drweb ports default
-#  # '127.0.0.1:3000',                    # or over an inet socket
-#   ],
-#   qr/\A\x00(\x10|\x11)\x00\x00/s,              # IS_CLEAN, EVAL_KEY
-#   qr/\A\x00(\x00|\x01)\x00(\x20|\x40|\x80)/s,  # KNOWN_V, UNKNOWN_V, V._MODIF
-#   qr/\A.{12}(?:infected with )?([^\x00]+)\x00/s,
-# ],
-# # NOTE: If you are using amavis-milter, change length to:
-# # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/part-xxxxx").
-
-  ### http://www.f-secure.com/products/anti-virus/
-  ['F-Secure Antivirus', 'fsav',
-   '--dumb --mime --archive {}', [0], [3,8],
-   qr/(?:infection|Infected|Suspected): (.+)/ ],
-
-  ['CAI InoculateIT', 'inocucmd',
-    '-sec -nex {}', [0], [100],
-    qr/was infected by virus (.+)/ ],
-
-  ['MkS_Vir for Linux (beta)', ['mks32','mks'],
-    '-s {}/*', [0], [1,2],    # any use for options: -a -c  ?
-    qr/--[ \t]*(.+)/ ], 
-
-  ### http://www.nod32.com/
-  ['ESET Software NOD32', 'nod32',
-    '-all -subdir+ {}', [0], [1,2],
-    qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
-
-  ### http://www.nod32.com/
-  ['ESET Software NOD32 - Client/Server Version', 'nod32cli',
-    '-a -r -d recurse --heur standard {}', [0], [10,11],
-    qr/^\S+\s+infected:\s+(.+)/ ],
-
-  ### http://www.norman.com/products_nvc.shtml
-  ['Norman Virus Control v5 / Linux', 'nvcc',
-    '-c -l:0 -s -u {}', [0], [1],
-    qr/(?i).* virus in .* -> \'(.+)\'/ ],
-
-  ### http://www.pandasoftware.com/
-  ['Panda Antivirus for Linux', ['pavcl'],
-    '-aut -aex -heu -cmp -nbr -nor -nso -eng {}',
-    qr/Number of files infected[ .]*: 0(?!\d)/,
-    qr/Number of files infected[ .]*: 0*[1-9]/,
-    qr/Found virus :\s*(\S+)/ ],
-
-# GeCAD AV technology is acquired by Microsoft; RAV has been discontinued.
-# Check your RAV license terms before fiddling with the following two lines!
-# ['GeCAD RAV AntiVirus 8', 'ravav',
-#   '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ],
-# # NOTE: the command line switches changed with scan engine 8.5 !
-# # (btw, assigning stdin to /dev/null causes RAV to fail)
-
-  ### http://www.nai.com/
-  ['NAI McAfee AntiVirus (uvscan)', 'uvscan',
-    '--secure -rv --mime --summary --noboot - {}', [0], [13],
-    qr/(?x) Found (?:
-        \ the\ (.+)\ (?:virus|trojan)  |
-        \ (?:virus|trojan)\ or\ variant\ ([^ ]+)  |
-        :\ (.+)\ NOT\ a\ virus)/,
-  # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
-  # sub {delete $ENV{LD_PRELOAD}},
-  ],
-  # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
-  # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
-  # and then clear it when finished to avoid confusing anything else.
-  # NOTE2: to treat encrypted files as viruses replace the [13] with:
-  #  qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
-
-  ### http://www.virusbuster.hu/en/
-  ['VirusBuster', ['vbuster', 'vbengcl'],
-    # VirusBuster Ltd. does not support the daemon version for the workstation 
-    # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
-    # binaries, some parameters AND return codes (from 3 to 1) changed.
-    "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
-    qr/: '(.*)' - Virus/ ],
-
-# ### http://www.virusbuster.hu/en/
-# ['VirusBuster (Client + Daemon)', 'vbengd',
-#   # HINT: for an infected file it returns always 3,
-#   # although the man-page tells a different story
-#   '-f -log scandir {}', [0], [3],
-#   qr/Virus found = (.*);/ ],
-
-  ### http://www.cyber.com/
-  ['CyberSoft VFind', 'vfind',
-    '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/,
-  # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
-  ],
-
-  ### http://www.ikarus-software.com/
-  ['Ikarus AntiVirus for Linux', 'ikarus',
-    '{}', [0], [40], qr/Signature (.+) found/ ],
-
-  ### http://www.bitdefender.com/
-  ['BitDefender', 'bdc',
-    '--all --arc --mail {}', qr/^Infected files *:0(?!\d)/,
-    qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
-    qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
-);
-
-# If no virus scanners from the @av_scanners list produce 'clean' nor
-# 'infected' status (e.g. they all fail to run or the list is empty),
-# then _all_ scanners from the @av_scanners_backup list are tried.
-# When there are both daemonized and command-line scanners available,
-# it is customary to place slower command-line scanners in the
-# @av_scanners_backup list. The default choice is somewhat arbitrary,
-# move entries from one list to another as desired.
-
-@av_scanners_backup = (
-
-  ### http://www.clamav.net/
-  ['Clam Antivirus - clamscan', 'clamscan',
-    "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], [1],
-    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
-
-  ### http://www.f-prot.com/
-  ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
-    '-dumb -archive -packed {}', [0,8], [3,6],
-    qr/Infection: (.+)/ ],
-
-  ### http://www.trendmicro.com/
-  ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
-    '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
-
-  ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
-    '-i1 -xp {}', [0,10,15], [5,20,21,25],
-    qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
-    sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
-    sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
-  ],
-
-# Commented out because the name 'sweep' clashes with the Debian package of
-# the same name. Make sure the correct sweep is found in the path when enabling
-#
-# ### http://www.sophos.com/
-# ['Sophos Anti Virus (sweep)', 'sweep',
-#   '-nb -f -all -rec -ss -sc -archive -cab -tnef --no-reset-atime {}',
-#   [0,2], qr/Virus .*? found/,
-#   qr/^>>> Virus(?: fragment)? '?(.*?)'? found/,
-# ],
-# # other options to consider: -mime -oe -idedir=/usr/local/sav
-
-# always succeeds (uncomment to consider mail clean if all other scanners fail)
-# ['always-clean', sub {0}],
-
-);
-
-
-#
-# Section VIII - Debugging
-#
-
-# The most useful debugging tool is to run amavisd-new non-detached
-# from a terminal window:
-# amavisd debug
-
-# Some more refined approaches:
-
-# If sender matches ACL, turn log level fully up, just for this one message,
-# and preserve temporary directory
-#@debug_sender_acl = ( "test-sender\@$mydomain" );
-#@debug_sender_acl = qw( debug@example.com );
-
-# May be useful along with @debug_sender_acl:
-# Prevent all decoded originals being deleted (replaced by decoded part)
-#$keep_decoded_original_re = new_RE( qr/.*/ );
-
-# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
-#$sa_debug = 1;            # defaults to false
-
-#-------------
-1;  # insure a defined return

config/courier/authdaemonrc

-##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
-#
-# Copyright 2000-2001 Double Precision, Inc.  See COPYING for
-# distribution information.
-#
-# authdaemonrc created from authdaemonrc.dist by sysconftool
-#
-# Do not alter lines that begin with ##, they are used when upgrading
-# this configuration.
-#
-# This file configures authdaemond, the resident authentication daemon.
-#
-# Comments in this file are ignored.  Although this file is intended to
-# be sourced as a shell script, authdaemond parses it manually, so
-# the acceptable syntax is a bit limited.  Multiline variable contents,
-# with the \ continuation character, are not allowed.  Everything must
-# fit on one line.  Do not use any additional whitespace for indentation,
-# or anything else.
-
-##NAME: authmodulelist:0
-#
-# The authentication modules that are linked into authdaemond.  The
-# default list is installed.  You may selectively disable modules simply
-# by removing them from the following list.  The available modules you
-# can use are: authcustom authcram authuserdb authldap authpgsql authmysql authpam
-
-authmodulelist="authmysql"
-
-##NAME: authmodulelistorig:1
-#
-# This setting is used by Courier's webadmin module, and should be left
-# alone
-
-authmodulelistorig="authcustom authcram authuserdb authldap authpgsql authmysql authpam"
-
-##NAME: daemons:0
-#
-# The number of daemon processes that are started.  authdaemon is typically
-# installed where authentication modules are relatively expensive: such
-# as authldap, or authmysql, so it's better to have a number of them running.
-# PLEASE NOTE:  Some platforms may experience a problem if there's more than
-# one daemon.  Specifically, SystemV derived platforms that use TLI with
-# socket emulation.  I'm suspicious of TLI's ability to handle multiple
-# processes accepting connections on the same filesystem domain socket.
-#
-# You may need to increase daemons if as your system load increases.  Symptoms
-# include sporadic authentication failures.  If you start getting
-# authentication failures, increase daemons.  However, the default of 5
-# SHOULD be sufficient.  Bumping up daemon count is only a short-term
-# solution.  The permanent solution is to add more resources: RAM, faster
-# disks, faster CPUs...
-
-daemons=5
-
-##NAME: version:0
-#
-# When you have multiple versions of authdaemond.* installed, authdaemond
-# just picks the first one it finds.  Set "version" to override that.
-# For example:  version=authdaemond.plain
-
-version=""
-
-##NAME: authdaemonvar:0
-#
-# authdaemonvar is here, but is not used directly by authdaemond.  It's
-# used by various configuration and build scripts, so don't touch it!
-
-authdaemonvar=/var/run/courier/authdaemon

config/courier/authmysqlrc

-##VERSION: $Id: authmysqlrc,v 1.17 2004/04/20 01:38:17 mrsam Exp $
-#
-# Copyright 2000-2004 Double Precision, Inc.  See COPYING for
-# distribution information.
-#
-# Do not alter lines that begin with ##, they are used when upgrading
-# this configuration.
-#
-# authmysqlrc created from authmysqlrc.dist by sysconftool
-#
-# DO NOT INSTALL THIS FILE with world read permissions.  This file
-# might contain the MySQL admin password!
-#
-# Each line in this file must follow the following format:
-#
-# field[spaces|tabs]value
-#
-# That is, the name of the field, followed by spaces or tabs, followed by
-# field value.  Trailing spaces are prohibited.
-
-
-##NAME: LOCATION:0
-#
-# The server name, userid, and password used to log in.
-
-MYSQL_SERVER		localhost
-MYSQL_USERNAME	 	root
-MYSQL_PASSWORD
-
-##NAME: MYSQL_SOCKET:0
-#
-# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
-# filesystem pipe used for the connection
-#
-# MYSQL_SOCKET		/var/run/mysqld/mysqld.sock
-
-##NAME: MYSQL_PORT:0
-#
-# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
-# connect to.
-
-MYSQL_PORT		0
-
-##NAME: MYSQL_OPT:0
-#
-# Leave MYSQL_OPT as 0, unless you know what you're doing.
-
-MYSQL_OPT		0
-
-##NAME: MYSQL_DATABASE:0
-#
-# The name of the MySQL database we will open:
-
-MYSQL_DATABASE		mailserver
-
-##NAME: MYSQL_USER_TABLE:0
-#
-# The name of the table containing your user data.  See README.authmysqlrc
-# for the required fields in this table.
-
-MYSQL_USER_TABLE	mail_box
-
-##NAME: MYSQL_CRYPT_PWFIELD:0
-#
-# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined.  Both
-# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
-# passwords go into MYSQL_CLEAR_PWFIELD.  Cleartext passwords allow
-# CRAM-MD5 authentication to be implemented.
-
-MYSQL_CRYPT_PWFIELD	cryptpwd
-
-##NAME: MYSQL_CLEAR_PWFIELD:0
-#
-#
-# MYSQL_CLEAR_PWFIELD	clear
-
-##NAME: MYSQL_DEFAULT_DOMAIN:0
-#
-# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
-# we will look up 'user@DEFAULT_DOMAIN' instead.
-#
-#
-# DEFAULT_DOMAIN		example.com
-
-##NAME: MYSQL_UID_FIELD:0
-#
-# Other fields in the mysql table:
-#
-# MYSQL_UID_FIELD - contains the numerical userid of the account
-#
-MYSQL_UID_FIELD		8
-
-##NAME: MYSQL_GID_FIELD:0
-#
-# Numerical groupid of the account
-
-MYSQL_GID_FIELD		8
-
-##NAME: MYSQL_LOGIN_FIELD:0
-#
-# The login id, default is id.  Basically the query is:
-#
-#  SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
-#
-
-MYSQL_LOGIN_FIELD	login
-
-##NAME: MYSQL_HOME_FIELD:0
-#
-
-MYSQL_HOME_FIELD	maildir
-
-##NAME: MYSQL_NAME_FIELD:0
-#
-# The user's name (optional)
-
-#MYSQL_NAME_FIELD	name
-
-##NAME: MYSQL_MAILDIR_FIELD:0
-#
-# This is an optional field, and can be used to specify an arbitrary
-# location of the maildir for the account, which normally defaults to
-# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
-#
-# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
-# out.
-#
-# MYSQL_MAILDIR_FIELD	maildir
-
-##NAME: MYSQL_DEFAULTDELIVERY:0
-#
-# Courier mail server only: optional field specifies custom mail delivery
-# instructions for this account (if defined) -- essentially overrides
-# DEFAULTDELIVERY from ${sysconfdir}/courierd
-#
-# MYSQL_DEFAULTDELIVERY defaultdelivery
-
-##NAME: MYSQL_QUOTA_FIELD:0
-#
-# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
-# specify a maildir quota.  See README.maildirquota for more information 
-#
-# MYSQL_QUOTA_FIELD	quota
-
-##NAME: MYSQL_AUXOPTIONS:0
-#
-# Auxiliary options.  The MYSQL_AUXOPTIONS field should be a char field that
-# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
-# pairs.  These names are additional attributes that define various per-account
-# "options", as given in INSTALL's description of the "Account OPTIONS"
-# setting.
-#
-# MYSQL_AUXOPTIONS_FIELD	auxoptions
-#
-# You might want to try something like this, if you'd like to use a bunch
-# of individual fields, instead of a single text blob:
-#
-# MYSQL_AUXOPTIONS_FIELD	CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
-#
-# This will let you define fields called "disableimap", etc, with the end result
-# being something that the OPTIONS parser understands.
-
-
-##NAME: MYSQL_WHERE_CLAUSE:0
-#
-# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
-# fixed string that is appended to the WHERE clause of our query
-#
-# MYSQL_WHERE_CLAUSE	server='mailhost.example.com'
-
-##NAME: MYSQL_SELECT_CLAUSE:0
-#
-# (EXPERIMENTAL)
-# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
-# which is structuraly different from proposed. The fixed string will
-# be used to do a SELECT operation on database, which should return fields
-# in order specified bellow:
-#
-# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
-#
-# The username field should include the domain (see example below).
-#
-# Enabling this option causes ignorance of any other field-related
-# options, excluding default domain.
-#
-# There are two variables, which you can use. Substitution will be made
-# for them, so you can put entered username (local part) and domain name
-# in the right place of your query. These variables are:
-#	 	$(local_part), $(domain), $(service)
-#
-# If a $(domain) is empty (not given by the remote user) the default domain
-# name is used in its place.
-#
-# $(service) will expand out to the service being authenticated: imap, imaps,
-# pop3 or pop3s.  Courier mail server only: service will also expand out to
-# "courier", when searching for local mail account's location.  In this case,
-# if the "maildir" field is not empty it will be used in place of
-# DEFAULTDELIVERY.  Courier mail server will also use esmtp when doing
-# authenticated ESMTP.
-#
-# This example is a little bit modified adaptation of vmail-sql
-# database scheme:
-#
-# MYSQL_SELECT_CLAUSE	SELECT CONCAT(popbox.local_part, '@', popbox.domain_name),			\
-#			CONCAT('{MD5}', popbox.password_hash),		\
-#			popbox.clearpw,					\
-#			domain.uid,					\
-#			domain.gid,					\
-#			CONCAT(domain.path, '/', popbox.mbox_name),	\
-#			'',						\
-#			domain.quota,					\
-#			'',						\
-#			CONCAT("disableimap=",disableimap,",disablepop3=",    \
-#                              disablepop3,",disablewebmail=",disablewebmail, \
-#                              ",sharedgroup=",sharedgroup)             \
-#			FROM popbox, domain				\
-#			WHERE popbox.local_part = '$(local_part)'	\
-#			AND popbox.domain_name = '$(domain)'		\
-#			AND popbox.domain_name = domain.domain_name
-
-
-##NAME: MYSQL_ENUMERATE_CLAUSE:0
-#
-# {EXPERIMENTAL}
-# Optional custom SQL query used to enumerate accounts for authenumerate,
-# in order to compile a list of accounts for shared folders.  The query
-# should return the following fields: name, uid, gid, homedir, maildir
-#
-# Example:
-# MYSQL_ENUMERATE_CLAUSE	SELECT CONCAT(popbox.local_part, '@', popbox.domain_name),			\
-#			domain.uid,					\
-#			domain.gid,					\
-#			CONCAT(domain.path, '/', popbox.mbox_name),	\
-#			''						\
-#			FROM popbox, domain				\
-#			WHERE popbox.local_part = '$(local_part)'	\
-#			AND popbox.domain_name = '$(domain)'		\
-#			AND popbox.domain_name = domain.domain_name
-
-
-
-##NAME: MYSQL_CHPASS_CLAUSE:0
-#
-# (EXPERIMENTAL)
-# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
-# which is structuraly different from proposed. The fixed string will
-# be used to do an UPDATE operation on database. In other words, it is
-# used, when changing password.
-#
-# There are four variables, which you can use. Substitution will be made
-# for them, so you can put entered username (local part) and domain name
-# in the right place of your query. There variables are:
-# 	$(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
-#
-# If a $(domain) is empty (not given by the remote user) the default domain
-# name is used in its place.
-# $(newpass) contains plain password
-# $(newpass_crypt) contains its crypted form
-#
-# MYSQL_CHPASS_CLAUSE	UPDATE	popbox					\
-#			SET	clearpw='$(newpass)',			\
-#				password_hash='$(newpass_crypt)'	\
-#			WHERE	local_part='$(local_part)'		\
-#			AND	domain_name='$(domain)'
-#

config/exim4/readme.txt

-
-Exim is not officially supported by ISPConfig. If you want to
-try to use it anyway, take a look atbthis thread:
-
-http://www.howtoforge.com/forums/showthread.php?t=52117
-

docs/INSTALL.txt

+
+The installation instructions for ISPConfig can be found here:
+
+https://www.ispconfig.org/page/en/documentation.html
+
+

docs/INSTALL_CENTOS_5.2.txt

-
-
-WARNING: Support for CentOS is experimental only. For production systems better use Debian or Ubuntu.
-
-
-Installation
------------
-
-It is recommended to use a clean (fresh) CentOS 5.2 install. Then follow the steps below to setup your server with ISPConfig 3:
-
-Installation of some basic requirements:
-
-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
-yum update
-yum groupinstall 'Development Tools'
-yum groupinstall 'Development Libraries'
-
-You should disable selinux now, as some programs will not start when selinux is enabled:
-
-system-config-securitylevel-tui
-
-then reboot the server.
-
-
-1) Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin with the following command line (on one line!):
-
-yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel postfix
-
-rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
-
-cd /tmp
-wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
-rpm -i rpmforge-release-0.3.6-1.el5.rf.i386.rpm
-yum update
-
-yum install getmail
-
-useradd -m -s /bin/bash compileuser
-passwd compileuser
-
-visudo
-
-## Allow root to run any commands anywhere
-root    ALL=(ALL)       ALL
-compileuser   ALL=(ALL)       ALL
-
-
-su compileuser
-
-mkdir $HOME/rpm
-mkdir $HOME/rpm/SOURCES
-mkdir $HOME/rpm/SPECS
-mkdir $HOME/rpm/BUILD
-mkdir $HOME/rpm/SRPMS
-mkdir $HOME/rpm/RPMS
-mkdir $HOME/rpm/RPMS/i386
-mkdir $HOME/rpm/RPMS/x86_64
-
-echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
-
-
-wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.61.0.tar.bz2
-wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
-wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2
-
-sudo rpmbuild -ta courier-authlib-0.61.0.tar.bz2
-
-sudo rpm -ivh /home/compileuser/rpm/RPMS/i386/courier-authlib-0.61.0-1.i386.rpm
-sudo rpm -ivh /home/compileuser/rpm/RPMS/i386/courier-authlib-mysql-0.61.0-1.i386.rpm
-sudo rpm -ivh /home/compileuser/rpm/RPMS/i386/courier-authlib-devel-0.61.0-1.i386.rpm
-
-rpmbuild -ta courier-imap-4.4.1.tar.bz2
-
-sudo rpm -ivh /home/compileuser/rpm/RPMS/i386/courier-imap-4.4.1-1.i386.rpm
-
-sudo rpmbuild -ta maildrop-2.0.4.tar.bz2
-
-sudo rpm -ivh /home/compileuser/rpm/RPMS/i386/maildrop-2.0.4-1.i386.rpm
-
-exit
-
-chkconfig --levels 235 mysqld on
-/etc/init.d/mysqld start
-
-chkconfig --levels 235 httpd on
-/etc/init.d/httpd start
-
-chkconfig --levels 235 courier-authlib on
-/etc/init.d/courier-authlib start
-
-chkconfig --levels 235 sendmail off
-chkconfig --levels 235 postfix on
-chkconfig --levels 235 saslauthd on
-/etc/init.d/sendmail stop
-/etc/init.d/postfix start
-/etc/init.d/saslauthd start
-
-chkconfig --levels 235 courier-imap on
-/etc/init.d/courier-authlib restart
-/etc/init.d/courier-imap restart
-
-
-Set the mysql database password:
-
-mysqladmin -u root password yourrootsqlpassword
-mysqladmin -h ispconfig.local -u root password yourrootsqlpassword
-
-
-2) Install Amavisd-new, Spamassassin and Clamav (1 line!):
-
-yum install amavisd-new spamassassin clamav clamd clamav-data clamav-server clamav-update unzip bzip2 unrar
-
-chkconfig --levels 235 amavisd on
-chkconfig --levels 235 clamd on
-/usr/bin/freshclam
-/etc/init.d/amavisd start
-/etc/init.d/clamd start
-
-If you use the amavisd from rpmforge and not the one from centos, you will have to do these additional steps:
-
-add the following line in /etc/sysconfig/amavisd:
-
-CONFIG_FILE="/etc/amavisd/amavisd.conf
-
-run:
-
-mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
-chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
-yum install perl-DBD-mysql
-
-
-3) Install apache, PHP5 and phpmyadmin (1 line!):
-
-yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-magickwand php-magpierss php-mapserver php-mbstring php-mcrypt php-mhash php-mssql php-shout php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel phpmyadmin
-
-
-4) Install pure-ftpd and quota
-
-cd /tmp
-wget http://centos.karan.org/el5/extras/testing/i386/RPMS/pure-ftpd-1.0.21-15.el5.kb.i386.rpm
-rpm -i pure-ftpd-1.0.21-15.el5.kb.i386.rpm
-
-yum install quota
-
-chkconfig --levels 235 pure-ftpd on
-/etc/init.d/pure-ftpd start
-
-5) Install mydns
-
-wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
-rpm -ivh mydns-mysql-1.1.0-1.i386.rpm
-
-chkconfig --levels 235 mydns on
-
-6) Install vlogger and webalizer
-
-yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
-
-cd /tmp
-wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
-tar xvfz vlogger-1.3.tar.gz
-mv vlogger-1.3/vlogger /usr/sbin/
-rm -rf vlogger*
-
-Edit the file /etc/sudoers
-
-vi /etc/sudoers
-
-and change the line:
-
-Defaults    requiretty
-
-to:
-
-# Defaults    requiretty
-
-7) Install ISPConfig 3
-
-Disable the firewall:
-
-system-config-securitylevel-tui
-
-There are two possile scenarios, but not both:
-7.1) Install the latest released version 
-7.2) Install directly from SVN
-
-7.1) Installation of beta 3 from tar.gz
-
-  cd /tmp
-  wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.9-rc2.tar.gz
-  tar xvfz ISPConfig-3.0.0.9-rc2.tar.gz
-  cd ispconfig3_install/install/
-
-7.2) Installation from SVN
-
-  yum install subversion
-  cd /tmp
-  svn export svn://svn.ispconfig.org/ispconfig3/trunk/
-  cd trunk/install
-
-
-7.1+7.2) Now proceed with the ISPConfig installation.
-
-Now start the installation process by executing:
-
-php -q install.php
-
-The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
-
-http://192.168.0.100:8080/
-
-the default login is:
-
-user: admin
-password: admin
-
-In case you get a permission denied error from apache, please restart the apache webserver process.
-
-Optional:
-
-Install a webbased Email Client
-
-yum install squirrelmail
-
-
-----------------------------------------------------------------------------------------------------------
-
-Hints:
-
-debian 4.0 under openvz:
-
-VPSID=101
-for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
-do
-  vzctl set $VPSID --capability ${CAP}:on --save
-done
-
-----------------------------------------------------------------------------------------------------------
-
-Installing Jailkit:
-
-cd /tmp
-wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
-tar xvfz jailkit-2.5.tar.gz
-cd jailkit-2.5
-./configure
-make
-make install
-rm -rf jailkit-2.5*

docs/INSTALL_CENTOS_5.4_dovecot_bind.txt

-
-
-Installation
------------
-
-It is recommended to use a clean (fresh) CentOS 5.4 install. Then follow the steps below to setup your server with ISPConfig 3:
-
-Installation of some basic requirements:
-
-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
-
-enable the contrib and centosplus repositories.
-
-vi /etc/yum.repos.d/CentOS-Base.repo
-
-1. Edit the file /etc/yum.repos.d/CentOS-Base.repo and edit the lines below.
-
-[base]
-exclude=postfix
-
-[update]
-exclude=postfix
-
-[centosplus]
-enabled=1
-includepkgs=postfix
-
-[contrib]
-enabled=1
-
-rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
-
-cd /tmp
-wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
-rpm -i rpmforge-release-0.5.1-1.el5.rf.i386.rpm
-yum update
-
-You should disable selinux now, as some programs will not start when selinux is enabled:
-
-system-config-securitylevel-tui
-
-then reboot the server.
-
-Then remove the postfix without mysql support
-
-yum remove postfix
-
-1) Install Postfix fron centosplus with mysql support, Dovecot, MySQL, phpMyAdmin with the following command line (on one line!):
-
-yum install ntp httpd mysql-server php php-mysql php-mbstring phpMyAdmin postfix getmail
-
-For 32Bit systems:
-
-rpm -i http://dl.atrpms.net/all/dovecot-1.2.11-3_108.el5.i386.rpm
-rpm -i http://dl.atrpms.net/all/dovecot-sieve-0.1.15-4.el5.i386.rpm
-
-For 64Bit Systems:
-
-rpm -ivh http://dl.atrpms.net/all/dovecot-1.2.11-3_108.el5.x86_64.rpm
-rpm -ivh http://dl.atrpms.net/all/dovecot-sieve-0.1.15-4.el5.x86_64.rpm
-
-
-chkconfig --levels 235 mysqld on
-/etc/init.d/mysqld start
-
-chkconfig --levels 235 httpd on
-/etc/init.d/httpd start
-
-chkconfig --levels 235 dovecot on
-/etc/init.d/dovecot start
-
-chkconfig --levels 235 sendmail off
-chkconfig --levels 235 postfix on
-/etc/init.d/sendmail stop
-/etc/init.d/postfix start
-
-
-Set the mysql database password:
-
-/usr/bin/mysql_secure_installation
-
-
-2) Install Amavisd-new, Spamassassin and Clamav (1 line!):
-
-yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar
-
-sa-update
-chkconfig --levels 235 amavisd on
-chkconfig --levels 235 clamd on
-/usr/bin/freshclam
-/etc/init.d/amavisd start
-/etc/init.d/clamd start
-
-If you use the amavisd from rpmforge (as we do in this guide) and not the one from centos, you will have to do these additional steps:
-
-add the following line in /etc/sysconfig/amavisd:
-
-CONFIG_FILE="/etc/amavisd/amavisd.conf
-
-run:
-
-mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
-chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
-ln -s /var/run/clamav/clamd.sock /var/spool/amavisd/clamd.sock
-yum install perl-DBD-mysql
-
-
-3) Install apache, PHP5 and phpmyadmin (1 line!):
-
-yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator  php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel phpmyadmin
-
-
-4) Install pure-ftpd and quota
-
-yum install pure-ftpd quota
-
-chkconfig --levels 235 pure-ftpd on
-/etc/init.d/pure-ftpd start
-
-5) Install bind dns server
-
-yum install bind-chroot
-
-chmod 755 /var/named/
-chmod 775 /var/named/chroot/
-chmod 775 /var/named/chroot/var/
-chmod 775 /var/named/chroot/var/named/
-chmod 775 /var/named/chroot/var/run/
-chmod 777 /var/named/chroot/var/run/named/
-cd /var/named/chroot/var/named/
-ln -s ../../ chroot
-cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
-cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
-touch /var/named/chroot/etc/named.conf
-touch /var/named/chroot/etc/named.conf.local
-
-vi /var/named/chroot/etc/named.conf
-
---------------------------------------------------------------------------------------------------
-//
-// named.conf
-//
-// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
-// server as a caching only nameserver (as a localhost DNS resolver only).
-//
-// See /usr/share/doc/bind*/sample/ for example named configuration files.
-//
-
-options {
-        listen-on port 53 { 127.0.0.1; };
-        listen-on-v6 port 53 { ::1; };
-        directory       "/var/named/chroot/var/named";
-        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
-        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
-        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
-        allow-query     { localhost; };
-        recursion yes;
-};
-
-logging {
-        channel default_debug {
-                file "data/named.run";
-                severity dynamic;
-        };
-};
-
-zone "." IN {
-        type hint;
-        file "named.root";
-};
-
-include "/var/named/chroot/etc/named.conf.local";
---------------------------------------------------------------------------------------------------
-
-chkconfig --levels 235 named on
-/etc/init.d/named start
-
-6) Install vlogger dependencies and webalizer
-
-yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
-
-Installing Jailkit:
-
-yum install gcc
-cd /tmp
-wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
-tar xvfz jailkit-2.11.tar.gz
-cd jailkit-2.11
-./configure
-make
-make install
-rm -rf jailkit-2.11*
-
-Edit the file /etc/sudoers
-
-vi /etc/sudoers
-
-and change the line:
-
-Defaults    requiretty
-
-to:
-
-# Defaults    requiretty
-
-
-7) Install ISPConfig 3
-
-
-cd /tmp
-wget http://www.ispconfig.org/downloads/ISPConfig-3.0.2.tar.gz
-tar xvfz ISPConfig-3.0.2.tar.gz
-cd ispconfig3_install/install/
-
-Now start the installation process by executing:
-
-php -q install.php
-
-The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
-
-http://192.168.0.100:8080/
-
-the default login is:
-
-user: admin
-password: admin
-
-In case you get a permission denied error from apache, please restart the apache webserver process.
-
-Optional:
-
-Install a webbased Email Client
-
-yum install squirrelmail
-
-
-