ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2019-05-08T06:03:34Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5300Domain settings validation when adding new email domain2019-05-08T06:03:34ZGreg LadownyDomain settings validation when adding new email domainWhen adding new mail domain can ISPConfig perform some check if the domain is configured correctly, eg checking MX record for it and do not allow or warn if it's not set up correctly.
Some kind of validation of domain ownership would be...When adding new mail domain can ISPConfig perform some check if the domain is configured correctly, eg checking MX record for it and do not allow or warn if it's not set up correctly.
Some kind of validation of domain ownership would be usefull, eg.
- MX record pointing to specific server
- TXT record containing specific value
Server admin could decide whether to allow adding domains without these, warn or require DNS set up beforehand. I understand that sometimes people need to set up domain and mailboxes before switching the MX, but TXT record verification could be an option in this case.
Additionally it would be useful if there was a dashboard showing all mail domains configuration correctness for
MX record - saying eg. "your MX record is not not figured correctly, you will not be able to receive any email for domain here
SPF - if exists, has correct syntax and lists the IP of the server
DKiM public key - if exists for chosen selector, has correct syntax and contains the right public key
DMARC policy record -
Rationale
- People make typos or forget they have to configure DNS.
- Sometimes user adds a domain that belongs to someone else and as a result all email to that domain is treated as local by the server and therefore emails to it cannot be delivered from the server
- Grow knowledge about email authentication to reduce spam volumes and phishinghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5295Access Control List-support for dovecot2019-04-23T07:20:46ZMartinAccess Control List-support for dovecotIt would be nice, if ACLs for dovecot are supported out-of-the-box in ISPConfig.It would be nice, if ACLs for dovecot are supported out-of-the-box in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5283Globalsearch depends on dashboard permission, but visible either way.2020-03-01T21:52:06ZHelmoGlobalsearch depends on dashboard permission, but visible either way.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5256function to create special subdirectories2019-02-26T18:29:10ZKnut Krügerfunction to create special subdirectoriesThere a different console tools to create websites (and maybe other for other purposes ) which are requesting write access to (hidden) directories at webfolder level ( /var/www/clients/clientX/webXYZ/ )
It would be helpful to have the ...There a different console tools to create websites (and maybe other for other purposes ) which are requesting write access to (hidden) directories at webfolder level ( /var/www/clients/clientX/webXYZ/ )
It would be helpful to have the possibility to create (also hidden) subdirectories at the webfolder level.
Example: to use composer with Drupal and sudo -su webxyz composer ... (composer without root user = security issue) you need /var/www/clients/clientX/webXYZ/.composer and subdirectories
The workaround just now is, to create a subdomain (VHOST) with Web folder .composerhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5245ErrorDocument + HTTP error can cause: Request exceeded the limit of 10 intern...2020-03-01T21:51:22ZdoekiaErrorDocument + HTTP error can cause: Request exceeded the limit of 10 internal redirects## short description
Error: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
When using er...## short description
Error: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
When using error document and redirect/deny with fail 4xx / 5xx
## example
The error document is activated for the vhost
In .htaccess:
```
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^([0-9]{1,3})\.
RewriteCond %{DOCUMENT_ROOT}/block/%1/%{REMOTE_ADDR}.txt -f
RewriteRule . - [F,L]
```
## correct behaviour
Should return the error document
## environment
Server OS: any
Server OS version: any
ISPConfig version: all version (3.1.13)
## proposed fix
When the error document is activated, it should exists a rewrite rule that lead to error document prior any processing.
```
Alias /error/ "/var/www/domain.tld/web/error/"
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 502 /error/502.html
ErrorDocument 503 /error/503.html
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/error/ - [L]
</IfModule>
```
==> server/conf/vhost.conf.master (line 55)
```
<tmpl_if name='errordocs'>
Alias /error/ "<tmpl_var name='web_document_root_www'>/error/"
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 502 /error/502.html
ErrorDocument 503 /error/503.html
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/error/ - [L]
</IfModule>
</tmpl_if>
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5244DKIM issue on internally-generated bounce messages2020-03-23T22:05:41ZZironda SrlDKIM issue on internally-generated bounce messagesHi, we have noticed a issue on DKIM internally-generated bounce messages.
If a our user have a overquota mailbox the bounce message is not DKIM signed although this is configurated.
For example : user over quota example@example.com, buo...Hi, we have noticed a issue on DKIM internally-generated bounce messages.
If a our user have a overquota mailbox the bounce message is not DKIM signed although this is configurated.
For example : user over quota example@example.com, buone message from support@hostingtek.it (on this domain DKIM is correctly configurated), the bounce message is not DKIM signed. We attach sample emails
We have a standard multiserver ispconfig setup
[example.eml](/uploads/cfb8a2293bdb94a198164877507421fa/example.eml)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5232Sieve filter when "ends with" is not user friendly2019-06-21T08:11:38ZSteffen NielsenSieve filter when "ends with" is not user friendlyWhen you choose to create a mailfilter under the mailbox within ISPconfig with the settings "From" and "Ends with". The user will most likely fill in for example ".com" which gives the following if in sieve:
`if header :regex ["from"...When you choose to create a mailfilter under the mailbox within ISPconfig with the settings "From" and "Ends with". The user will most likely fill in for example ".com" which gives the following if in sieve:
`if header :regex ["from"] [".*\.com$"]`
This will unfornately not trigger on emails from .com-addresses because sieve sees them as ".com>". The following if would trigger instead.
`if header :regex ["from"] [".*\.com\>$"]`
If this can be confirmed by others. Is it possible to make ISPconfig automatically appending ">" when users are choosing filters with "Ends with"? Most likely "Begins with" must be adjusted too.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5226Add option to remove Let's Encrypt certs when site gets deleted.2023-10-27T14:51:22ZTill BrehmAdd option to remove Let's Encrypt certs when site gets deleted.https://www.howtoforge.com/community/threads/removing-site-does-not-remove-it-from-certbot.81143/https://www.howtoforge.com/community/threads/removing-site-does-not-remove-it-from-certbot.81143/3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5224InnoDB support2020-03-01T21:47:45ZjosiahInnoDB supportwill ispconfig 3.2 mysql tables support InnoDB? that would be great for galera cluster, i already using it but get a error when updating ispconfig at the moment.will ispconfig 3.2 mysql tables support InnoDB? that would be great for galera cluster, i already using it but get a error when updating ispconfig at the moment.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5193Add Chroot checkbox in cronjob settings2019-07-04T13:33:03ZTill BrehmAdd Chroot checkbox in cronjob settingsCurrently, the chroot type is set in client settings and the chroot type is applied when the cronjob is created. There is no option to turn off chrooting for an existing cronjob yet.Currently, the chroot type is set in client settings and the chroot type is applied when the cronjob is created. There is no option to turn off chrooting for an existing cronjob yet.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5172Feature Request: Create only new certificate request2018-11-01T18:41:00ZRaffael LuthigerFeature Request: Create only new certificate requestI have a domain where we already have a certificate (and private key). Now I would like to create a new request without changing the key and without changing the certificate and bundle.
For this I would like to have a new "SSL action" w...I have a domain where we already have a certificate (and private key). Now I would like to create a new request without changing the key and without changing the certificate and bundle.
For this I would like to have a new "SSL action" with the name "Create certificate request" which will then only generate a new request.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5171software raid status not showing2020-09-25T22:23:37ZIgnacio Garciasoftware raid status not showing## short description
Server has linux sofware traid aka mdraid with 2 volumes but ispconfig shows "No controller found. Make sure appropriate AMCC/3ware device driver(s) are loaded"
## correct behaviour
It should detect software raid en...## short description
Server has linux sofware traid aka mdraid with 2 volumes but ispconfig shows "No controller found. Make sure appropriate AMCC/3ware device driver(s) are loaded"
## correct behaviour
It should detect software raid environment
## environment
Server OS: debian
Server OS version: 9.5
ISPConfig version: 3.1.13
```
root@s0:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] [multipath] [faulty]
md2 : active raid1 sdb2[1] sda2[0]
51198912 blocks [2/2] [UU]
md3 : active raid1 sdb3[1] sda3[0]
1885533120 blocks [2/2] [UU]
bitmap: 1/15 pages [4KB], 65536KB chunk
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5170SRV record default weight (and port?)2020-03-01T21:19:23ZJesse NorellSRV record default weight (and port?)If a SRV dns record is created without a weight set it should default to 0, or print an error, rather than creating an invalid record. Similarly with the port number it should at least print an error, or default to 0 so the dns record i...If a SRV dns record is created without a weight set it should default to 0, or print an error, rather than creating an invalid record. Similarly with the port number it should at least print an error, or default to 0 so the dns record isn't invalid.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5151Add hostname check in ispconfig installer to avoid amavis problems2018-10-11T11:51:10ZTill BrehmAdd hostname check in ispconfig installer to avoid amavis problemsMany users are not configuring their hostname correctly which later causes amavis to fail. The installer should show an error when:
hostname = hostname -f plus the result contains no dot.
hostname means the result from hostname command...Many users are not configuring their hostname correctly which later causes amavis to fail. The installer should show an error when:
hostname = hostname -f plus the result contains no dot.
hostname means the result from hostname command here.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5145remote api for clients2023-08-07T11:14:28ZJesse Norellremote api for clientsThe remote api should be able to support clients, so they can manage their own dns zone (via acme.sh IPSConfig plugin), email accounts, etc.
As for the implementation, perhaps allow specifying a client for each Remote User (optional), a...The remote api should be able to support clients, so they can manage their own dns zone (via acme.sh IPSConfig plugin), email accounts, etc.
As for the implementation, perhaps allow specifying a client for each Remote User (optional), and do permission checks/query where clauses/etc. as needed.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5143sites without https give someone else's content.2020-09-01T19:33:17ZViktorsites without https give someone else's content.If at least one site creates https keys, then all other sites that do not have https begin to give https content to the site where the keys are registered.
HTTP connection is different from HTTPS since HTTP referer is sent after connecti...If at least one site creates https keys, then all other sites that do not have https begin to give https content to the site where the keys are registered.
HTTP connection is different from HTTPS since HTTP referer is sent after connection.
Wherein
HTTP referer is not readable, but by taking the nearest keys, it is the nearest! Those that will be closer alphabetically!
## correct behaviour
Create at least 1 sites with https
environment in any versions of ispconfig!
## proposed fix
`ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/1.conf`
Partial solution of the problem, put the first 1.conf file, since it goes first and when there are no keys, it comes across first, you understand this crooked solution.
The right decision is to create https keys for each site by default, and if the parela is disabled, https then document root "/var/www/html/ssl"
if SSL is enabled, then change document roots to real.
There is no other way!
In any case, the site will be accessible via https!
Or refuse to listen *: 443 obsalyutno in all files, and do dynamic or ports or IP but this is even less preferred option.
![v](/uploads/a724a6d36ca60268550391c81c59235c/v.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5136E-mail login with alias domain change2020-08-14T14:11:40ZLucas SchatzE-mail login with alias domain changeMay I suggest a option to allow mail users to authenticate using a domain alias too?
So this way, if you have original domain "domain1.com", and a e-mail alias "domain2.com", the users can optionally send e-mails from "domain2.com"
Cha...May I suggest a option to allow mail users to authenticate using a domain alias too?
So this way, if you have original domain "domain1.com", and a e-mail alias "domain2.com", the users can optionally send e-mails from "domain2.com"
Changes suggested in /etc/dovecot-sql.conf:
(it's necessary to add a option in ISPConfig configuration to enable or not!)
```
user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = CONCAT ( SUBSTRING_INDEX('%u', '@', 1), (select mail_forwarding.destination FROM mail_forwarding where source = CONCAT ('@', SUBSTRING_INDEX('%u', '@', -1))))) AND `disable%Ls` = 'n' AND server_id = '1'
password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = CONCAT ( SUBSTRING_INDEX('%u', '@', 1), (select mail_forwarding.destination FROM mail_forwarding where source = CONCAT ('@', SUBSTRING_INDEX('%u', '@', -1))))) AND `disable%Ls` = 'n' AND server_id = '1'
```
Thanks!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5132Implement Migration mode in DNSSEC plugin2020-07-23T14:12:41ZTill BrehmImplement Migration mode in DNSSEC pluginImplement Migration mode in DNSSEC plugin to avoid that new DNSSEC keys get generated during server migrations.Implement Migration mode in DNSSEC plugin to avoid that new DNSSEC keys get generated during server migrations.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5126Remove HHVM PHP-Mode2020-10-06T11:19:44ZTill BrehmRemove HHVM PHP-ModeThe HHVM developers announced to drop PHP support in HHVM. ISPConfig currently offers HHVM as PHP runtime option, this does not make much sense anymore when HHVM stops supporting PHP code, so we should remove the HHVM PHP mode option in ...The HHVM developers announced to drop PHP support in HHVM. ISPConfig currently offers HHVM as PHP runtime option, this does not make much sense anymore when HHVM stops supporting PHP code, so we should remove the HHVM PHP mode option in ISPConfig.
HHVM as PHP mode option was introduced in ISPConfig at a time where HHVM was able to process PHP mode much faster than php 5.x. With PHP 7.x, PHP speed from Zend PHP engine got much faster, so there is no real need for an HHVM PHP moe anymore.
HHVM Team announcement.
https://hhvm.com/blog/2018/09/12/end-of-php-support-future-of-hack.html3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5124sieve filter files content order / sieve filter management issue2022-08-30T14:17:24ZG.sieve filter files content order / sieve filter management issue### Issue:
adding new mail filters through remote user (or presumably directly in ispconfig cp, however we didn't test the latter yet) puts the new filter at the top of the users' sieve script.
Same happens regarding activating the auto...### Issue:
adding new mail filters through remote user (or presumably directly in ispconfig cp, however we didn't test the latter yet) puts the new filter at the top of the users' sieve script.
Same happens regarding activating the automatic "move spam to junk folder" filter.
Unfortunately sieve requires all *require* statements at the top of the file.
When using a custom filter with a *require* statement (in our case it's ***require "envelope";*** ), current behaviour leads to the sieve compiler failing, hence disabling all filters.
### Solution proposal:
Add new filter snippets behind the custom filter content or at the end of the sieve file instead, keeping the custom filter content at the top right behind the default require statement.
Alternate solution proposal:
Make initial require statement editable
That way one could add more complicated custom rules and keep the user able to add standard filters without breaking mail filtering.