ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2021-09-08T08:50:23Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6229Duplicate forwards must be allowed, revert for #62122021-09-08T08:50:23ZMarius BurkardDuplicate forwards must be allowed, revert for #6212Revert #6212Revert #62123.2.6Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6212duplicate forwards allowed2021-09-08T08:50:23ZJesse Norellduplicate forwards allowedDuplicate mail forwards are allowed to be created (same mail_forwarding.source).Duplicate mail forwards are allowed to be created (same mail_forwarding.source).3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6221installer doesn't account for dangling symlinks of letsencrypt hook files2021-08-31T10:15:14ZJesse Norellinstaller doesn't account for dangling symlinks of letsencrypt hook filesSee https://www.howtoforge.com/community/threads/smpt-server-offline.87405/page-2#post-426265See https://www.howtoforge.com/community/threads/smpt-server-offline.87405/page-2#post-4262653.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6220New SSL certificate code not migrated to nginx plugin2021-08-31T09:15:18ZMarius BurkardNew SSL certificate code not migrated to nginx pluginThe changed ssl code is only inside the apache2 plugin and has to be migrated to nginx, too.The changed ssl code is only inside the apache2 plugin and has to be migrated to nginx, too.3.2.6Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6209chroot jail not created for chroot php-fpm mode website2021-08-31T09:14:30ZJesse Norellchroot jail not created for chroot php-fpm mode websiteIn apache (debian 10) with chroot fpm as the default, a website has been created without php enabled, then the client enables php, it is not creating the chroot jail, so php fails.In apache (debian 10) with chroot fpm as the default, a website has been created without php enabled, then the client enables php, it is not creating the chroot jail, so php fails.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6208cron_delete php warning2021-08-31T09:14:30ZJesse Norellcron_delete php warningOn a single server system, I created a test site, a single test cronjob, then deleted them - got the following warning in the output:
```
03.08.2021-17:05 - DEBUG - Calling function 'delete' from plugin 'cron_plugin' raised by event 'cro...On a single server system, I created a test site, a single test cronjob, then deleted them - got the following warning in the output:
```
03.08.2021-17:05 - DEBUG - Calling function 'delete' from plugin 'cron_plugin' raised by event 'cron_delete'.
PHP Warning: unserialize() expects parameter 1 to be string, array given in /usr/local/ispconfig/server/plugins-available/cron_plugin.inc.php on line 187
03.08.2021-17:05 - WARNING - Parent domain not found
```3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6201always keep spamfilter_users entry2021-08-31T09:14:30ZJesse Norellalways keep spamfilter_users entryCurrently when a mail_user is set to inherit the spamfilter policy from their domain, a spamfilter_user entry for that user is deleted. However, in amavisd-new, the wblist (spamfilter_wblist) lookups tie to the users (spamfilter_users) ...Currently when a mail_user is set to inherit the spamfilter policy from their domain, a spamfilter_user entry for that user is deleted. However, in amavisd-new, the wblist (spamfilter_wblist) lookups tie to the users (spamfilter_users) via an id, so if there is no spamfilter_users entry for a user/domain, that users/domain cannot have any spamfilter whitelist/blacklist addrs.
So we need to always keep the spamfilter_users entry for all mail_users, and track "inherit domain spamfilter policy" in a different manner; perhaps by setting spamfilter_users.policy_id to 0. Amavis' $sql_select_policy will need adjusted accordingly, and all places that handle spamfilter_users should be reviewed and modified if needed.
A cleanup run in the installer for abandoned wblist entries might also be good (fire a spamfilter_wblist_delete for each).3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6200rename mail_user should update spamfilter_users2021-08-31T09:14:29ZJesse Norellrename mail_user should update spamfilter_usersWhen changing the email address of a mail_user, the spamfilter_users entry for the old email remains, and a new spamfilter_users entry for the new email is created - that abandons all spamfilter_wblist entries formerly added for this mai...When changing the email address of a mail_user, the spamfilter_users entry for the old email remains, and a new spamfilter_users entry for the new email is created - that abandons all spamfilter_wblist entries formerly added for this mail_user, as they are still linked to the old spamfilter_users entry.
We should also fire spamfilter_users_update and spamfilter_wblist_update events, so configuration files (eg. rspamd) are rewritten.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6190Mail Quota doesn't update on backup deletion2021-08-31T09:14:29ZMarkus PetzschMail Quota doesn't update on backup deletion## Summary
When enabling backup for my mailboxes the used space get's added to the mailboxes quota usage. --> which is not configurable unlike for webfile backups :(
When I delete the backups, the quota usage is not updating, even after...## Summary
When enabling backup for my mailboxes the used space get's added to the mailboxes quota usage. --> which is not configurable unlike for webfile backups :(
When I delete the backups, the quota usage is not updating, even after 24h the mail quota is still used by non existant backups.
One special case I'd like to point out: I'm using mdbox in my Dovecot configuration.
## Steps to reproduce
1. enable mdbox format
2. create a mailbox
3. store some content in that mailbox
4. create a mailbox backup (i.e. daily)
5. see the quota usage increase by the backup
6. delete the backup and disable automatic backup creation
7. quota used won't be reduced even after 24h
## Correct behaviour
After deleting the backups or at least after 24h I would expect the used quota to come down again.
## Environment
Debian 10
ISPConfig version: 3.2.53.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6183CSR request not created or saved in ISPConfig 3.2.52021-08-31T09:14:29ZAlex JohnsonCSR request not created or saved in ISPConfig 3.2.5## Summary
CSR request missing in dashboard when creating SSL on ISPConfig 3.2.5 on both CentOS 7.X and Debian 10.X
ISPConfig Log File
Tue 15 Jun 2021 10:25:01 PM PDT Generating a RSA private key
Tue 15 Jun 2021 10:25:01 PM PDT ..++++
T...## Summary
CSR request missing in dashboard when creating SSL on ISPConfig 3.2.5 on both CentOS 7.X and Debian 10.X
ISPConfig Log File
Tue 15 Jun 2021 10:25:01 PM PDT Generating a RSA private key
Tue 15 Jun 2021 10:25:01 PM PDT ..++++
Tue 15 Jun 2021 10:25:01 PM PDT .........++++
Tue 15 Jun 2021 10:25:01 PM PDT writing new private key to '/var/www/clients/client0/web1/ssl/testing.site.com.key'
Tue 15 Jun 2021 10:25:01 PM PDT -----
Tue 15 Jun 2021 10:25:01 PM PDT PHP Warning: file_get_contents(/var/www/clients/client0/web1/ssl/testing.site.com.csr): failed to open stream: No such file or directory in /usr/local/ispconfig/server/lib/classes/system.inc.php on line 884
## Steps to reproduce
1. Create SSL from ISPConfig dashboard in 3.2.4
2. SSL Certificate Request is available in dashboard after processed
3. Upgrade ISPConfig (reconfiguring all services)
4. Delete SSL from ISPConfig dashboard in 3.2.5
5. Create SSL from ISPConfig dashboard in 3.2.5
6. SSL Certificate Request is missing in dashboard after processed
7. Log produces output from above
## Correct behaviour
CSR should be available in the dashboard.
## Environment
Server #1:
CentOS Linux 7 (Core)
Kernel: Linux 3.10.0-1160.31.1.el7.x86_64
Server #2:
Debian GNU/Linux 10 (Buster)
Kernel: Linux 4.19.0-16-amd64
ISConfig Versions:
ISPConfig 3.2.5 & ISPConfig 3.2.43.2.6Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6180IPv6 wildcard config missing in redirect server section2021-08-31T09:14:29ZTill BrehmIPv6 wildcard config missing in redirect server sectionhttps://www.howtoforge.com/community/threads/ipv6-block-missing-from-subdomains.87112/#post-423603https://www.howtoforge.com/community/threads/ipv6-block-missing-from-subdomains.87112/#post-4236033.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6121acme.sh fails when self-signed certificates already exist for ISPConfig web i...2021-08-31T09:14:28ZDragan Savicacme.sh fails when self-signed certificates already exist for ISPConfig web interface## short description
Creating LE cert with acme.sh when running `ispconfig_update.sh` or `ispconfig_update.sh --force` fails with `Verify error.....Timeout during connect (likely firewall problem)` error message.
Issue happens only if s...## short description
Creating LE cert with acme.sh when running `ispconfig_update.sh` or `ispconfig_update.sh --force` fails with `Verify error.....Timeout during connect (likely firewall problem)` error message.
Issue happens only if server already has self-signed certs created for ISPConfig web interface. During acme.sh domain verification stage, apache fails to start because it can't load SSL cert files.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.3
```
apachectl -v
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
```
## proposed fix
Workaround that worked for me was to replace the following `rename` functions with `copy` in `installer_base.lib.php` (from `ISPConfig-3.2.3.tar.gz`), but maybe it's not a valid solution.
```
...
$issued_successfully = false;
// Backup existing ispserver ssl files
if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) {
--- rename($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
+++ copy($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
}
if(file_exists($ssl_key_file) || is_link($ssl_key_file)) {
--- rename($ssl_key_file, $ssl_key_file . '-temporary.bak');
+++ copy($ssl_key_file, $ssl_key_file . '-temporary.bak');
}
if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) {
--- rename($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
+++ copy($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
}
// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
if (is_executable($acme)) {
...
```
Second workaround that worked was to delete all files from `/usr/local/ispconfig/interface/ssl/`, comment out all SSL lines in `apps.vhost`, `ispconfig.conf` and `ispconfig.vhost`, and after that run `ispconfig_update.sh --force` again.
## references
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6015#note_91609
## log entries
Apache logs during `acme.sh` domain verification stage.
```
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost:
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: Action 'stop' failed.
```3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6214Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.2021-08-31T09:13:56ZJesse NorellFailed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.Reported Centos 8 stream error during installation:
Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.
https://www.howtoforge.com/community/threads/ispconfig-3-2-install-ends-with-clamd-amavisd-service-error...Reported Centos 8 stream error during installation:
Failed to restart clamd.amavisd.service: Unit clamd.amavisd.service not found.
https://www.howtoforge.com/community/threads/ispconfig-3-2-install-ends-with-clamd-amavisd-service-error.87463/3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5772Recently created mail boxes might fail to receive due to verify cache2021-08-31T09:10:34ZMarius BurkardRecently created mail boxes might fail to receive due to verify cache~~In !279 there was a setting added `address_verify_sender_ttl = 15686s`.~~
~~This has an unwanted side-effect. If you send mail to an not-existing (even local) address, the error is stored in cache for about 4.5 hours.~~
~~Even when ...~~In !279 there was a setting added `address_verify_sender_ttl = 15686s`.~~
~~This has an unwanted side-effect. If you send mail to an not-existing (even local) address, the error is stored in cache for about 4.5 hours.~~
~~Even when you in the meantime create a matching alias/forward/mailbox all mails will be rejected due to the verify cache being read.~~
~~This should be reverted to the postfix default (0s - disabled).~~
See https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5772#note_82507 for details.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6216Installation fails to generate LE certificate - running forced update nightly...2021-08-19T13:30:02ZChrisInstallation fails to generate LE certificate - running forced update nightly succeeds.## Summary
ISPConfig 3.2.5 using acme.sh fails to create a certificate during installation of a server.
## Steps to reproduce
1. Ensure all DNS is correct and resolving.
2. Install a server with ISPConfig 3.2.5 using the Ubuntu 20.04 an...## Summary
ISPConfig 3.2.5 using acme.sh fails to create a certificate during installation of a server.
## Steps to reproduce
1. Ensure all DNS is correct and resolving.
2. Install a server with ISPConfig 3.2.5 using the Ubuntu 20.04 and Debian multi server guide.
3. Installation succeeds without warnings.
4. Visit the server (panel|web): Note the security alert for a self signed certificate.
## Correct behaviour
Create the correct Let's Encrypt certificate during installation.
## Current workaround
Force update ispconfig and use the nightly build to generate the certificate.
## Environment
Debian 10/Ubuntu 20.04
ISPConfig version: (3.2.5 stable)
Apache2
Acme.sh
## Proposed temporary workaround
Installer to run forced update to nightly build.
## References
https://www.howtoforge.com/community/threads/debian-10-multiserver-setup.86639/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5484Rspamd config files get not removed on renaming a domain2021-08-17T22:58:45ZTill BrehmRspamd config files get not removed on renaming a domainhttps://www.howtoforge.com/community/threads/when-change-email-domainname-rspamd-filters-is-not-deleted.83482/https://www.howtoforge.com/community/threads/when-change-email-domainname-rspamd-filters-is-not-deleted.83482/3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6145Disabling spamfilter for domain does not disable it for inherited mailboxes (...2021-08-17T22:58:36ZThomDisabling spamfilter for domain does not disable it for inherited mailboxes (rspamd)<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
When setting "- not enabled -" as spamfilter policy for a domain, all mailboxes with "- inherit domain setting" will keep their current configuration. So the spamfilter for them is still enabled.
The config files for those mailboxes are not updated when the policy is updated, because according to the database there would be no file for them.
## Steps to reproduce
1. Create a domain with a spamfilter enabled.
2. Create a mailbox for this domain that inherits the spamfilter setting
3. Disable the spamfilter for the domain
## Correct behaviour
<!-- What should happen instead? -->
The config file should be removed or set to allow everything?
## Environment
Server OS + version: Debian 10 \
ISPConfig version: 3.2.4
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
Rspamd daemon version 2.73.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6108One letter domains in DNS filtered out by regex2021-08-17T22:53:31ZSascha BörnerOne letter domains in DNS filtered out by regexCan't use one letter domains (yes, they exist!) in the DNS module with ISPConfig 3.2.3 due to regex wanting at least 2 chars. Patch attached.
[ispconfig-dns-patch.txt](/uploads/40109bcf208c1cba83171f32ddf16a24/ispconfig-dns-patch.txt)Can't use one letter domains (yes, they exist!) in the DNS module with ISPConfig 3.2.3 due to regex wanting at least 2 chars. Patch attached.
[ispconfig-dns-patch.txt](/uploads/40109bcf208c1cba83171f32ddf16a24/ispconfig-dns-patch.txt)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6144Nginx subdomain does not work2021-08-13T18:59:25ZThomNginx subdomain does not work<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
When creating a subdomain on a nginx host, you get this error when visiting it: `direct access directory forbidden`
## Steps to reproduce
1. Create a subdomain on a nginx host
2. Visit the newly created subdomain
## Correct behaviour
<!-- What should happen instead? -->
The site should show up.
## Environment
ISPConfig version: 3.2.4
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
## Proposed fix
Change $1 to $2 in the nginx vhost template (See https://git.ispconfig.org/ispconfig/ispconfig3/-/commit/acfb1ace2b5ab9cd0e614e01651380d66bc68837#3082c2490148291aa258a409f8d866a767068e48 )
## References
https://www.howtoforge.com/community/threads/subdomain-doesnt-work-anymore.86746/3.2.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6199deleting spamfilter_users should delete linked spamfilter_wblist2021-08-13T07:57:35ZJesse Norelldeleting spamfilter_users should delete linked spamfilter_wblistWhen a spamfilter_users entry is removed, it should remove any spamfilter_wblist entries linked to it (where spamfilter_users.id == spamfilter_wblist.rid). This does not happen when the spamfilter_users entry id deleted directly, nor wh...When a spamfilter_users entry is removed, it should remove any spamfilter_wblist entries linked to it (where spamfilter_users.id == spamfilter_wblist.rid). This does not happen when the spamfilter_users entry id deleted directly, nor when a mail_user is removed (removing a mail_user does cascade a delete of the corresponding spamfilter_users entry, but not spamfilter_wblist entries tied to those). Note the corresponding spamfilter_wblist_delete events should also be called.