ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2022-01-14T11:57:44Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6218mail transport + @domain relay recipient = open relay2022-01-14T11:57:44ZJesse Norellmail transport + @domain relay recipient = open relayWhen adding a mail transport for an external domain you must add the domain in relay recipients, which creates an open relay.
https://www.howtoforge.com/community/threads/use-smarthost-for-some-domains.78820/
Related #2658When adding a mail transport for an external domain you must add the domain in relay recipients, which creates an open relay.
https://www.howtoforge.com/community/threads/use-smarthost-for-some-domains.78820/
Related #26583.2.8Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6216Installation fails to generate LE certificate - running forced update nightly...2021-08-19T13:30:02ZChrisInstallation fails to generate LE certificate - running forced update nightly succeeds.## Summary
ISPConfig 3.2.5 using acme.sh fails to create a certificate during installation of a server.
## Steps to reproduce
1. Ensure all DNS is correct and resolving.
2. Install a server with ISPConfig 3.2.5 using the Ubuntu 20.04 an...## Summary
ISPConfig 3.2.5 using acme.sh fails to create a certificate during installation of a server.
## Steps to reproduce
1. Ensure all DNS is correct and resolving.
2. Install a server with ISPConfig 3.2.5 using the Ubuntu 20.04 and Debian multi server guide.
3. Installation succeeds without warnings.
4. Visit the server (panel|web): Note the security alert for a self signed certificate.
## Correct behaviour
Create the correct Let's Encrypt certificate during installation.
## Current workaround
Force update ispconfig and use the nightly build to generate the certificate.
## Environment
Debian 10/Ubuntu 20.04
ISPConfig version: (3.2.5 stable)
Apache2
Acme.sh
## Proposed temporary workaround
Installer to run forced update to nightly build.
## References
https://www.howtoforge.com/community/threads/debian-10-multiserver-setup.86639/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6214Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.2021-08-31T09:13:56ZJesse NorellFailed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.Reported Centos 8 stream error during installation:
Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.
https://www.howtoforge.com/community/threads/ispconfig-3-2-install-ends-with-clamd-amavisd-service-error...Reported Centos 8 stream error during installation:
Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.
https://www.howtoforge.com/community/threads/ispconfig-3-2-install-ends-with-clamd-amavisd-service-error.87463/3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6212duplicate forwards allowed2021-09-08T08:50:23ZJesse Norellduplicate forwards allowedDuplicate mail forwards are allowed to be created (same mail_forwarding.source).Duplicate mail forwards are allowed to be created (same mail_forwarding.source).3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6209chroot jail not created for chroot php-fpm mode website2021-08-31T09:14:30ZJesse Norellchroot jail not created for chroot php-fpm mode websiteIn apache (debian 10) with chroot fpm as the default, a website has been created without php enabled, then the client enables php, it is not creating the chroot jail, so php fails.In apache (debian 10) with chroot fpm as the default, a website has been created without php enabled, then the client enables php, it is not creating the chroot jail, so php fails.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6208cron_delete php warning2021-08-31T09:14:30ZJesse Norellcron_delete php warningOn a single server system, I created a test site, a single test cronjob, then deleted them - got the following warning in the output:
```
03.08.2021-17:05 - DEBUG - Calling function 'delete' from plugin 'cron_plugin' raised by event 'cro...On a single server system, I created a test site, a single test cronjob, then deleted them - got the following warning in the output:
```
03.08.2021-17:05 - DEBUG - Calling function 'delete' from plugin 'cron_plugin' raised by event 'cron_delete'.
PHP Warning: unserialize() expects parameter 1 to be string, array given in /usr/local/ispconfig/server/plugins-available/cron_plugin.inc.php on line 187
03.08.2021-17:05 - WARNING - Parent domain not found
```3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6201always keep spamfilter_users entry2021-08-31T09:14:30ZJesse Norellalways keep spamfilter_users entryCurrently when a mail_user is set to inherit the spamfilter policy from their domain, a spamfilter_user entry for that user is deleted. However, in amavisd-new, the wblist (spamfilter_wblist) lookups tie to the users (spamfilter_users) ...Currently when a mail_user is set to inherit the spamfilter policy from their domain, a spamfilter_user entry for that user is deleted. However, in amavisd-new, the wblist (spamfilter_wblist) lookups tie to the users (spamfilter_users) via an id, so if there is no spamfilter_users entry for a user/domain, that users/domain cannot have any spamfilter whitelist/blacklist addrs.
So we need to always keep the spamfilter_users entry for all mail_users, and track "inherit domain spamfilter policy" in a different manner; perhaps by setting spamfilter_users.policy_id to 0. Amavis' $sql_select_policy will need adjusted accordingly, and all places that handle spamfilter_users should be reviewed and modified if needed.
A cleanup run in the installer for abandoned wblist entries might also be good (fire a spamfilter_wblist_delete for each).3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6200rename mail_user should update spamfilter_users2021-08-31T09:14:29ZJesse Norellrename mail_user should update spamfilter_usersWhen changing the email address of a mail_user, the spamfilter_users entry for the old email remains, and a new spamfilter_users entry for the new email is created - that abandons all spamfilter_wblist entries formerly added for this mai...When changing the email address of a mail_user, the spamfilter_users entry for the old email remains, and a new spamfilter_users entry for the new email is created - that abandons all spamfilter_wblist entries formerly added for this mail_user, as they are still linked to the old spamfilter_users entry.
We should also fire spamfilter_users_update and spamfilter_wblist_update events, so configuration files (eg. rspamd) are rewritten.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6199deleting spamfilter_users should delete linked spamfilter_wblist2021-08-13T07:57:35ZJesse Norelldeleting spamfilter_users should delete linked spamfilter_wblistWhen a spamfilter_users entry is removed, it should remove any spamfilter_wblist entries linked to it (where spamfilter_users.id == spamfilter_wblist.rid). This does not happen when the spamfilter_users entry id deleted directly, nor wh...When a spamfilter_users entry is removed, it should remove any spamfilter_wblist entries linked to it (where spamfilter_users.id == spamfilter_wblist.rid). This does not happen when the spamfilter_users entry id deleted directly, nor when a mail_user is removed (removing a mail_user does cascade a delete of the corresponding spamfilter_users entry, but not spamfilter_wblist entries tied to those). Note the corresponding spamfilter_wblist_delete events should also be called.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6190Mail Quota doesn't update on backup deletion2021-08-31T09:14:29ZMarkus PetzschMail Quota doesn't update on backup deletion## Summary
When enabling backup for my mailboxes the used space get's added to the mailboxes quota usage. --> which is not configurable unlike for webfile backups :(
When I delete the backups, the quota usage is not updating, even after...## Summary
When enabling backup for my mailboxes the used space get's added to the mailboxes quota usage. --> which is not configurable unlike for webfile backups :(
When I delete the backups, the quota usage is not updating, even after 24h the mail quota is still used by non existant backups.
One special case I'd like to point out: I'm using mdbox in my Dovecot configuration.
## Steps to reproduce
1. enable mdbox format
2. create a mailbox
3. store some content in that mailbox
4. create a mailbox backup (i.e. daily)
5. see the quota usage increase by the backup
6. delete the backup and disable automatic backup creation
7. quota used won't be reduced even after 24h
## Correct behaviour
After deleting the backups or at least after 24h I would expect the used quota to come down again.
## Environment
Debian 10
ISPConfig version: 3.2.53.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6183CSR request not created or saved in ISPConfig 3.2.52021-08-31T09:14:29ZAlex JohnsonCSR request not created or saved in ISPConfig 3.2.5## Summary
CSR request missing in dashboard when creating SSL on ISPConfig 3.2.5 on both CentOS 7.X and Debian 10.X
ISPConfig Log File
Tue 15 Jun 2021 10:25:01 PM PDT Generating a RSA private key
Tue 15 Jun 2021 10:25:01 PM PDT ..++++
T...## Summary
CSR request missing in dashboard when creating SSL on ISPConfig 3.2.5 on both CentOS 7.X and Debian 10.X
ISPConfig Log File
Tue 15 Jun 2021 10:25:01 PM PDT Generating a RSA private key
Tue 15 Jun 2021 10:25:01 PM PDT ..++++
Tue 15 Jun 2021 10:25:01 PM PDT .........++++
Tue 15 Jun 2021 10:25:01 PM PDT writing new private key to '/var/www/clients/client0/web1/ssl/testing.site.com.key'
Tue 15 Jun 2021 10:25:01 PM PDT -----
Tue 15 Jun 2021 10:25:01 PM PDT PHP Warning: file_get_contents(/var/www/clients/client0/web1/ssl/testing.site.com.csr): failed to open stream: No such file or directory in /usr/local/ispconfig/server/lib/classes/system.inc.php on line 884
## Steps to reproduce
1. Create SSL from ISPConfig dashboard in 3.2.4
2. SSL Certificate Request is available in dashboard after processed
3. Upgrade ISPConfig (reconfiguring all services)
4. Delete SSL from ISPConfig dashboard in 3.2.5
5. Create SSL from ISPConfig dashboard in 3.2.5
6. SSL Certificate Request is missing in dashboard after processed
7. Log produces output from above
## Correct behaviour
CSR should be available in the dashboard.
## Environment
Server #1:
CentOS Linux 7 (Core)
Kernel: Linux 3.10.0-1160.31.1.el7.x86_64
Server #2:
Debian GNU/Linux 10 (Buster)
Kernel: Linux 4.19.0-16-amd64
ISConfig Versions:
ISPConfig 3.2.5 & ISPConfig 3.2.43.2.6Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6181Additional PHP version socket placed in default directory2021-09-08T09:47:39ZTommaso PerondiAdditional PHP version socket placed in default directory## Summary
So, sites which have a PHP version different from the default one gets the socket created in the default PHP socket folder regardless of which version you select. This is due to a SELECT in `apache2_plugin.inc.php`:
```
$cu...## Summary
So, sites which have a PHP version different from the default one gets the socket created in the default PHP socket folder regardless of which version you select. This is due to a SELECT in `apache2_plugin.inc.php`:
```
$custom_php_fpm_socket_dir = $tmp_php['custom_php_fpm_socket_dir'];
```
this gets the directory from this query:
```
$tmp_php = $app->db->queryOneRecord('SELECT * FROM server_php WHERE server_php_id = ?', $data['new']['server_php_id']);
```
however if you take a look at the SQL file for the database creation:
```
CREATE TABLE `server_php` (
`server_php_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
`sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
`sys_perm_user` varchar(5) DEFAULT NULL,
`sys_perm_group` varchar(5) DEFAULT NULL,
`sys_perm_other` varchar(5) DEFAULT NULL,
`server_id` int(11) unsigned NOT NULL DEFAULT '0',
`client_id` int(11) unsigned NOT NULL DEFAULT '0',
`name` varchar(255) DEFAULT NULL,
`php_fastcgi_binary` varchar(255) DEFAULT NULL,
`php_fastcgi_ini_dir` varchar(255) DEFAULT NULL,
`php_fpm_init_script` varchar(255) DEFAULT NULL,
`php_fpm_ini_dir` varchar(255) DEFAULT NULL,
`php_fpm_pool_dir` varchar(255) DEFAULT NULL,
`php_fpm_socket_dir` varchar(255) DEFAULT NULL,
`active` enum('n','y') NOT NULL DEFAULT 'y',
PRIMARY KEY (`server_php_id`)
) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
```
You can see there is no `custom_php_fpm_socket_dir`, so:
```
if (!$default_php_fpm && !empty($custom_php_fpm_socket_dir)) {
$socket_dir = $custom_php_fpm_socket_dir;
} else {
$socket_dir = $web_config['php_fpm_socket_dir'];
}
```
It defaults to the directory specified in the default PHP version settings.
## Environment
Server OS + version: Centos8 \
ISPConfig version: 3.2.4
Software version of the related software:
```
Server version: Apache/2.4.37 (centos)
```
## Proposed fix
The proposed fix is easy:
```
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 19f650d4b..f5437493c 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1658,7 +1658,7 @@ class apache2_plugin {
$custom_php_fpm_ini_dir = $tmp_php['php_fpm_ini_dir'];
$custom_php_fpm_init_script = $tmp_php['php_fpm_init_script'];
$custom_php_fpm_pool_dir = $tmp_php['php_fpm_pool_dir'];
- $custom_php_fpm_socket_dir = $tmp_php['custom_php_fpm_socket_dir'];
+ $custom_php_fpm_socket_dir = $tmp_php['php_fpm_socket_dir'];
if(substr($custom_php_fpm_ini_dir, -1) != '/') $custom_php_fpm_ini_dir .= '/';
}
}
@@ -1670,7 +1670,7 @@ class apache2_plugin {
$custom_php_fpm_ini_dir = $tmp_php['php_fpm_ini_dir'];
$custom_php_fpm_init_script = $tmp_php['php_fpm_init_script'];
$custom_php_fpm_pool_dir = $tmp_php['php_fpm_pool_dir'];
- $custom_php_fpm_socket_dir = $tmp_php['custom_php_fpm_socket_dir'];
+ $custom_php_fpm_socket_dir = $tmp_php['php_fpm_socket_dir'];
if(substr($custom_php_fpm_ini_dir, -1) != '/') $custom_php_fpm_ini_dir .= '/';
}
}
```
I'll also create a merge request if necessary.
Thanks,
Tommaso.
EDIT: Added Merge request: !14903.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6180IPv6 wildcard config missing in redirect server section2021-08-31T09:14:29ZTill BrehmIPv6 wildcard config missing in redirect server sectionhttps://www.howtoforge.com/community/threads/ipv6-block-missing-from-subdomains.87112/#post-423603https://www.howtoforge.com/community/threads/ipv6-block-missing-from-subdomains.87112/#post-4236033.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6177php cache collisions for chroot mode php-fpm2021-09-09T22:59:24ZJesse Norellphp cache collisions for chroot mode php-fpmNeed to set validate_root option on for php-fpm using chroot (or always? does it hurt performance or anything?)
See https://www.howtoforge.com/community/threads/apache-serving-wrong-vhost.85620/page-2#post-416357
and https://www.howtof...Need to set validate_root option on for php-fpm using chroot (or always? does it hurt performance or anything?)
See https://www.howtoforge.com/community/threads/apache-serving-wrong-vhost.85620/page-2#post-416357
and https://www.howtoforge.com/community/threads/serving-wrong-website-sporadically.86962/#post-4224913.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6176Don't use password-protected keys for self-signed certificates2021-06-22T18:47:37ZMarius BurkardDon't use password-protected keys for self-signed certificatesWhen issuing self-signed certs, they are temporarily created with password-encrypted keys. This sometimes leads to problems where the encrypted key is used and such breaks the website.When issuing self-signed certs, they are temporarily created with password-encrypted keys. This sometimes leads to problems where the encrypted key is used and such breaks the website.3.2.5Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6175git-develop in ispconfig_update.sh not working2021-06-04T19:05:31ZTorsten Widmanngit-develop in ispconfig_update.sh not workingLooks like the option git-develop don't donwload anything:
````
host any live websites!
Note: On Multiserver systems, enable maintenance mode and update your master server first. Then update all slave servers, and disable maintenance mo...Looks like the option git-develop don't donwload anything:
````
host any live websites!
Note: On Multiserver systems, enable maintenance mode and update your master server first. Then update all slave servers, and disable maintenance mode when all servers are updated.
Select update method (stable,nightly,git-develop) [stable]: git-develop
Downloading ISPConfig update.
Unpacking ISPConfig update.
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
/usr/local/ispconfig/server/scripts/update_runner.sh: Zeile 60: cd: install/: Datei oder Verzeichnis nicht gefunden
Could not open input file: update.php
````3.2.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6173Cleanup symlinks before running acme.sh2022-09-30T19:08:46ZTill BrehmCleanup symlinks before running acme.shacme.sh copies the ssl cert to the ssl cert folder of the website or to the ispconfig folder instead of symlinking it. When a setup is switched from certbot to acme.sh, then acme.sh will write its certs trough the existing certbot symlin...acme.sh copies the ssl cert to the ssl cert folder of the website or to the ispconfig folder instead of symlinking it. When a setup is switched from certbot to acme.sh, then acme.sh will write its certs trough the existing certbot symlinks to /etc/letsencrypt/ instead of writing the file to the ssl folder of the website or the global ssl folder. To avoid that, the symlinks in the ssl folders should be removed before executing acme.sh.3.2.9https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6172Reverse search order for certbot and letsencrypt binary2021-06-03T13:24:59ZTill BrehmReverse search order for certbot and letsencrypt binaryReverse search order for certbot and letsencrypt binary to avoid issues with older certbor installations that get upgraded to certbot via snap.Reverse search order for certbot and letsencrypt binary to avoid issues with older certbor installations that get upgraded to certbot via snap.3.2.5Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6158some rspamd templates not using conf-custom versions2021-04-25T15:27:47ZJesse Norellsome rspamd templates not using conf-custom versionsSome rspamd templates are only read from the install/tpl/ or server/conf/ and not server/conf-custom/install/.
A quick search shows these to be:
```
rspamd_worker-controller.inc.master
rspamd_dkim_signing.conf.master
rspamd_options.inc...Some rspamd templates are only read from the install/tpl/ or server/conf/ and not server/conf-custom/install/.
A quick search shows these to be:
```
rspamd_worker-controller.inc.master
rspamd_dkim_signing.conf.master
rspamd_options.inc.master
rspamd_redis.conf.master
rspamd_classifier-bayes.conf.master
```3.2.5Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6147AWstats links2021-05-25T07:45:03ZTill BrehmAWstats linksIssue report received by email:
Hello ISPConfig team,
under Debian 9 Stretch with Awstats 7.6+dfsg-1+deb9u2 from the Debian Repo I get under ISPConfig 3.2.3 and 3.2.4 (possibly also earlier versions, but I don't have them anymore) the ...Issue report received by email:
Hello ISPConfig team,
under Debian 9 Stretch with Awstats 7.6+dfsg-1+deb9u2 from the Debian Repo I get under ISPConfig 3.2.3 and 3.2.4 (possibly also earlier versions, but I don't have them anymore) the following problem when calling the statistics via the URL https://DOMAIN/stats/ :
- Loading the URL https://DOMAIN/stats/ (i.e. the awsindex.html) works fine.
- Jumping to an older month, e.g. "2021-03" works fine.
- Jumping from a >> previous month << to the current month, i.e. to "2021-04", produces a 404.
Can you also reproduce the problem if necessary and then add it to the bug tracking system.
Thank you in advance
Greetings
Bernd3.2.5ThomThom