ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2021-02-27T07:08:32Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5834Create secondary zones automatically2021-02-27T07:08:32ZThomCreate secondary zones automaticallyFrom discussion on #4179
Add possibility to add secondary zones automatically through the DNS wizard.\
You should be able to add those zones to the wizard template, along with their settings (NS IP, xfer).\
There are several ways to go...From discussion on #4179
Add possibility to add secondary zones automatically through the DNS wizard.\
You should be able to add those zones to the wizard template, along with their settings (NS IP, xfer).\
There are several ways to go, we have to keep in mind that in the future we probably want to use traditional mirroring again by saving the keys to the database and replicating that to the ISPConfig mirrors. Read discussion(s) on #4179 about possible ways to implement this.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5837Automatically enable SSL in client limits when LE is checked2020-10-20T18:26:49ZThomAutomatically enable SSL in client limits when LE is checkedJust like in the web domain edit form. Also uncheck LE when SSL gets unchecked.
See https://www.howtoforge.com/community/threads/rewrite-http-to-https-disables-lets-encrypt.85376/Just like in the web domain edit form. Also uncheck LE when SSL gets unchecked.
See https://www.howtoforge.com/community/threads/rewrite-http-to-https-disables-lets-encrypt.85376/3.2.1ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5840List items (dbs/sites etc) when they are in use on a server that is about to ...2020-10-21T10:14:50ZMichaelList items (dbs/sites etc) when they are in use on a server that is about to be removed from client templateExample:
![image](/uploads/0b7fa1c4d4207c3e43afbad825fdd3b7/image.png)
I had to debug that to figure out which DB or site was causing the problem.
It would be useful if this information would be displayed immediately.Example:
![image](/uploads/0b7fa1c4d4207c3e43afbad825fdd3b7/image.png)
I had to debug that to figure out which DB or site was causing the problem.
It would be useful if this information would be displayed immediately.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5841Limit access to mail tabs via customer template2021-09-07T21:05:00ZMichaelLimit access to mail tabs via customer templateCurrent behaviour is that the access to the mail tabs (filters, autoresponder, backup etc) are controlled by a system-wide configuration option. It would be convenient to manage those via the customer template.Current behaviour is that the access to the mail tabs (filters, autoresponder, backup etc) are controlled by a system-wide configuration option. It would be convenient to manage those via the customer template.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5844Incorrect language management2020-10-23T12:25:08Zcubellsvicent@vcubells.netIncorrect language managementI speak catalan language, and iso 639-1 code for catalan language is **ca**
As you can see in this capture:
![ispconfig_languages_issue](/uploads/37dad9acc67e9bf0477c0203385e026d/ispconfig_languages_issue.png)
I can't create language...I speak catalan language, and iso 639-1 code for catalan language is **ca**
As you can see in this capture:
![ispconfig_languages_issue](/uploads/37dad9acc67e9bf0477c0203385e026d/ispconfig_languages_issue.png)
I can't create language templates for catalan language because **ca** code is taken by Canada country.
Ispconfig is managing languages incorrectly, among other things, because we are confusing country codes and language codes.
Ispconfig must handle better language codes as another free software applications do.
Reference: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes#CAPlanned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5846cannot configure DMARC without DKIM2020-10-22T12:56:59Zleecannot configure DMARC without DKIMas the title says, the control panel will not let me create a DMARC record when DKIM isn't already configured.
i'm setting the receiver policy as none, valid email addresses for aggregate data and forensic data reporting, selecting only ...as the title says, the control panel will not let me create a DMARC record when DKIM isn't already configured.
i'm setting the receiver policy as none, valid email addresses for aggregate data and forensic data reporting, selecting only 'generate report if spf failed' for forensic reporting options, and DKIM and SPF identifier alignments are both set to relaxed.
but whenever i try to save these DMARC settings, the only response i get from ispconfig is 'no active DKIM record'.
i should be able to create a dmarc record even without a dkim record and just have it use SPF.
even those at dmarc.org say it should be possible: https://dmarc.org/2017/03/can-i-use-dmarc-if-i-have-only-deployed-spf/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5847have updater warn for existing conf-custom templates2021-01-08T18:45:24ZJesse Norellhave updater warn for existing conf-custom templatesEnhance the updater to check for and warn of existing conf-custom templates, and offer to rename them during update.Enhance the updater to check for and warn of existing conf-custom templates, and offer to rename them during update.3.2.1Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5849Emailfilters target should allow more characters - at least a slash2020-10-23T17:58:20ZDominikEmailfilters target should allow more characters - at least a slashAfter switching from ISPConfig 3 to 3.2 most of my Mailfilters don't work any more.
Reason is the directory separator of dovecot. The default setting is a dot (.), but there are several reasons, why on new servers a slash shall be used ...After switching from ISPConfig 3 to 3.2 most of my Mailfilters don't work any more.
Reason is the directory separator of dovecot. The default setting is a dot (.), but there are several reasons, why on new servers a slash shall be used and I did this already several years ago for all new dovcot setups (details can be found in Peer Heinleins dovecot book). Now after Upgrade ISPConfig to 3.2 (didn't ever use 3.1!!), I cannot use this combination of Emailfilters and separator / any more...
Since this wasn't a problem in earlier versions I even see this as a bug - because it wasn't ever deinied to use other separators, was it? but the new regex in Email-Filter Function only allows "a-z, 0-9, -, ., _, and {space}" - so with my dovecot setting
```
namespace inbox {
separator = /
inbox = yes
}
```
there is no possibility any more to move incoming mails to subdirectories in my case...
Additionally it isn't possible without getting trouble to change the separator on a running system with hundredts of existing mailboxes... that shouldn't be done!!
If this regex limitation must really be, then I could imagine to create a configuration value "dovecot directory separator" in the mail-server-settings that could be referenced here in the regex?!
Even possible would be: emailfilters always use . but when the sieve file is created, all . are changed to the directory-separator settings...
nevertheless I'd prefer to use the real separator already in emailfilter3.2.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5850Move Allowed SSH authentication from Main Config -> Misc to Main Config -> Sites2020-10-23T17:56:54ZThomMove Allowed SSH authentication from Main Config -> Misc to Main Config -> SitesMove this option to the sites tab.Move this option to the sites tab.3.2.1ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5851updater not ask for master root password unless needed2024-03-28T23:05:40ZJesse Norellupdater not ask for master root password unless neededWhen updating a slave server, the updater always prompts for the master's mysql root credentials, even when not needed.
We should first query the master using dbmaster connection info for the current server.dbversion - if there is an sq...When updating a slave server, the updater always prompts for the master's mysql root credentials, even when not needed.
We should first query the master using dbmaster connection info for the current server.dbversion - if there is an sql update available, the credentials will be needed. If there is not an sql update, the credentials should only be asked for if answering yes to `Reconfigure Permissions in master database?`.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5852SSH permissions for a client-level user to all client websites2020-10-24T23:18:24ZTony GSSH permissions for a client-level user to all client websitesEnhancement request: Please allow specific clients to create sites with permission g+w so that multiple sites can be administered by a client-level administrator.
It is not uncommon for a single client entity to have many sites, and it...Enhancement request: Please allow specific clients to create sites with permission g+w so that multiple sites can be administered by a client-level administrator.
It is not uncommon for a single client entity to have many sites, and it doesn't make sense to have to create individual webXX FTP users to administer each site where permissions are 74x.
It would need to be the responsibility of the client to properly set permissions across their sites. If they prefer not to do this, they can still always go back to site-level FTP users.
**OR**
Is the solution to this to create a reseller account for any entity that administers multiple sites? As an individual not yet selling sites, I need to administer all of my own sites. I can easily create a reseller account for myself and recreate the client/site hierarchy. Right now I either need to SFTP in as root, or I need to use a separate staging folder outside of the /var/www hierarchy, and shell in before/after file exchanges to move files around and change perms. I'd rather login with a generic 'ftp' user which is in group client0 and others that get created.
Thankshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5858Add option to re-enable APS in the UI2020-10-26T10:30:19ZThomAdd option to re-enable APS in the UI3.2.1ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5859Dark mode for the default theme2023-09-16T10:48:24ZThomDark mode for the default themeI would like to create dark theme rules for the current css, which are used when the prefered color scheme is dark. I can create and maintain this.I would like to create dark theme rules for the current css, which are used when the prefered color scheme is dark. I can create and maintain this.ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5860Show DNS config errors on records tab2020-11-02T13:17:03ZThomShow DNS config errors on records tabErrors should be shown on the records tab as this is now the main tab that opens, and users should see errors immediately.
(These errors only show up when there is a error in the zone file and changes to it were reverted. This doesn't h...Errors should be shown on the records tab as this is now the main tab that opens, and users should see errors immediately.
(These errors only show up when there is a error in the zone file and changes to it were reverted. This doesn't happen very often because ISPConfig has several checks in place to prevent adding a broken record, but if it happens, users should know this asap)3.2.1ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5869Add language entries for br and cz2020-11-19T20:05:16ZMarius BurkardAdd language entries for br and czAdd language entries for br and czAdd language entries for br and cz3.2.1Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5871installer should check for correct system php version2020-10-26T21:38:55ZJesse Norellinstaller should check for correct system php versionThe installer currently has some checks for php versions, but this could/should be combined with OS detection and print an error (or offer to reconfigure?) when the default php cli version is not what is expected/needed for the OS version.The installer currently has some checks for php versions, but this could/should be combined with OS detection and print an error (or offer to reconfigure?) when the default php cli version is not what is expected/needed for the OS version.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5879Make :days configurable for autoresponder2020-10-27T17:57:28ZThomMake :days configurable for autoresponderI think it would be a good idea to add the variable :days to the autoresponder tab, so the user can limit how many times the same sender receives a autoreply (it is currently set to 1, so this is not a must have)
See https://wiki.doveco...I think it would be a good idea to add the variable :days to the autoresponder tab, so the user can limit how many times the same sender receives a autoreply (it is currently set to 1, so this is not a must have)
See https://wiki.dovecot.org/Pigeonhole/Sieve/Examples#Vacation_auto-reply aswell :)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5880Put the customer code as a mandatory field2020-10-30T15:05:45ZMarceloPut the customer code as a mandatory fieldPut the customer code as a mandatory field.
When the option to automatically generate the field is disabled and the person does not enter a code, the client is created without a code and the sites associated with this client do not work.Put the customer code as a mandatory field.
When the option to automatically generate the field is disabled and the person does not enter a code, the client is created without a code and the sites associated with this client do not work.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5885New install finishes with [ERROR] Cron not found2020-12-04T17:19:27ZJon ReeseNew install finishes with [ERROR] Cron not found## short description
Seeing this more often with OSes migrating to systemd and journal; especially when trying to setup multi-server sets on VMs and Linux Containers.
ISPConfig crontab fails to install which requires the sysadmin to tak...## short description
Seeing this more often with OSes migrating to systemd and journal; especially when trying to setup multi-server sets on VMs and Linux Containers.
ISPConfig crontab fails to install which requires the sysadmin to take various actions to repair the installation. Also, upon a successful finish the line "Installing ISPConfig crontab" prints twice.
## correct behaviour
ISPConfig depends upon "crontab" to be present, therefore the install should detect its absence earlier and stop the installation prior to making changes; and alert the sysadmin that **crontab** is needed before installation.
Success should either be announced or ignored as redundant.
- ISPConfig requires some sort of **cron**
- many **minimal** systems exclude any type of cron management
- **installer_base.lib.php** checks for **cron** OR **anacron**
- technically **install_crontab()** depends upon **crontab**
- the name for **cron** differs by system; **crontab** is consistent
## environment
- Server OS: varies
- Server OS version: varies
- ISPConfig version: 3.2.0
## proposed fixes
Note: I will gladly put this in the form of a Merge Request (I'm just new here)
1. Change **installer_base.lib.php** to check for **crontab**
(currently line 195)
```
if(is_installed('crontab')) $conf['cron']['installed'] = true;
```
2. add logic similar to the following in **install.php** just after **$inst->find_installed_apps()**
(currently line 174) [updated more friendly output]
```
//* crontab required by ISPConfig
if(!$conf['cron']['installed']) {
die("crontab not found; please install a compatible cron daemon before ISPConfig\n\n");
}
```
3. Change the ISPConfig install logic to be simply:
(currently line 608)
```
//* Configure ISPConfig
swriteln('Installing ISPConfig crontab');
$inst->install_crontab();
```
## references
- https://www.howtoforge.com/community/threads/debian-10-2.83554/
- https://www.howtoforge.com/community/threads/issue-with-debian-10-multiserver.84896/3.2.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5887Remote API fails on Insert with null sys_userid when Client ID is invalid2021-01-08T14:28:38ZTony GRemote API fails on Insert with null sys_userid when Client ID is invalidMy original report with a different title was inaccurate. I've revised this (1-Nov) after reviewing the detail. See "[EDIT]".
Try to use mail_user_add and it fails with
Error : Incorrect integer value: '' for column `dbispconfig`.`...My original report with a different title was inaccurate. I've revised this (1-Nov) after reviewing the detail. See "[EDIT]".
Try to use mail_user_add and it fails with
Error : Incorrect integer value: '' for column `dbispconfig`.`mail_user`.`sys_userid` at row 1 INSERT INTO `mail_user`
Yes, the value in the constructed query is null. But that's not the value that was provided. The source params array includes these values:
```json
[sys_userid] => 1
[sys_groupid] => 2
```
**[EDIT]**: Based on what I think I know now and the info below, I think the settings for sys_userid and sys_groupid are appropriately ignored and should not be included in a remote call. The relevant field is the client ID.
This issue is not specific to mail users but I believe it is unique to new records and Insert queries. In the [_getSQL function](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/tform_base.inc.php#L1320) of tform_base.inc.php it gets down to these lines at 1428:
```php
if($action == "INSERT") {
if($this->formDef['auth'] == 'yes') {
// Set user and group
$sql_insert_key .= "`sys_userid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?
"'".$this->formDef["auth_preset"]["userid"]."', ":
"'".$_SESSION["s"]["user"]["userid"]."', ";
$sql_insert_key .= "`sys_groupid`, ";
$sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?
"'".$this->formDef["auth_preset"]["groupid"]."', ":
"'".$_SESSION["s"]["user"]["default_group"]."', ";
```
In this scenario there is no auth_preset userid, so the value comes from $_SESSION. But the user ID has not been loaded into $_SESSION ... that results in null values on the INSERT, which get rejected by the constraints on the mail_user table.
At that point, the value of $_SESSION is as follows:
```json
Array
(
[client_login] => 0
[client_sys_userid] => 0
[s] => Array
(
[user] => Array
(
[typ] => admin
[username] =>
[userid] =>
[default_group] =>
[groups] =>
[client_id] => 2
)
)
)
```
**[EDIT]** Removed original notes. Note above that the client_id is 2. This was an invalid ID as in this environment there is only one client, myself, with client_id 1. The problem comes from [remoting_lib.inc.php](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remoting_lib.inc.php#L129), where an invalid client ID results in an empty sys_userid. That's where that empty field comes from.
**I believe the solution to this issue is that when there is an invalid client ID, "Invalid Client ID" is the message that should be communicated back up to the client caller, not the "downstream" issue that there is an invalid sys_user.sys_userid.**
Note to myself for documentation: If the client ID is 0, then the default admin user ID "1" is assigned to "userid". This means only the ISPC administrator can see/update this email user. When the client ID is a non-zero valid ID, the "userid" is the CP ID that allows a specific CP user for the client to maintain that user. Email addresses for clients should always use the client ID, though there will not be any error or notification if 0 is used. Using zero could result in "where is my mail user?". This concept should be documented, where the client owns an email address that they cannot see/change.
Another related note: The UID+GID values should not be set in parameters to empty string. The code checks for the "set" state of these parameters, and will not replace an empty string. I believe the same is true for sys_userid and sys_groupid. In summary, I think some changes might be made to set all values to empty string if they are unset, and then process the values. Or the doc can be updated to describe exactly how this works.
**The bottom line on this stuff : I came into this understanding that there is little to no data validation on API calls. Now I'm seeing exactly how that works. I'm proposing changes that help to keep client code from falling into problems, but I'd agree to the suggestion that all of this would be solved in doc updates and not in code. You guys call it.**