ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2022-12-27T22:35:12Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6093Monitor MX records2022-12-27T22:35:12ZHelmoMonitor MX recordsWhen a domain moves to an external mail provider it's important to de-activate or remove the mail domain from ispconfig.
When forgotten this can lead to mails not being delivered.
I've written a perl script to check this in the past and...When a domain moves to an external mail provider it's important to de-activate or remove the mail domain from ispconfig.
When forgotten this can lead to mails not being delivered.
I've written a perl script to check this in the past and now ported that to ispconfig.
It resolves the server name and checks that the MX record for a mail_domain matches one of those IP's. Extra IP's can be added via `$mail_config['additional_smtp_ips']`
On one of my systems I use an extra IP for incomming smtp, so there I had to override the server hostname. There I've put in a `$mail_config['hostname'] = '...'; line in onRunJob() for now. I don't think we have a field for that and it's probably not worth creating it for just me. But I'm open to suggestions.
TODO
- [x] String updates?
- [x] Maybe some layout?
- [x] UI for $mail_config['additional_smtp_ips'] and `$mail_config['additional_smtp_hostnames']`?
- [x] Maybe remove the $app->log warning lines as it might a bit redundant
- [x] translation files
Anyway, feedback welcome.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6073Aliases created by the "Website auto alias" setting are not added to the Lets...2021-03-03T16:43:53ZJudah - MWAliases created by the "Website auto alias" setting are not added to the Lets Encrypt certificate request## Short description
If a value is defined in System > Server Config > Web > Website Auto Alias, it is automatically added as an alias to the site vhost. However it is not added to the LE certificate request.
## Correct behaviour
The a...## Short description
If a value is defined in System > Server Config > Web > Website Auto Alias, it is automatically added as an alias to the site vhost. However it is not added to the LE certificate request.
## Correct behaviour
The auto alias should be part of the certificate request.
(I know some people use auto alias for internal aliases, that would still be fine as the LE check would catch the non-routable alias and discard it.)
## An example
We have `mail.[website_domain]` configured as our auto alias:
![image](/uploads/75f4a0d35fdedf07204a38da6d8c1d28/image.png)
This correctly appears in all _new_ nginx vhosts like so:
```
server_name example.com www.example.com mail.example.com;
```
However it does not get added to the certificate request. Viewing the request in `acme.log` shows it is not included and viewing the certificate afterwards shows this:
```bash
$ openssl x509 -in /var/www/example.com/ssl/example.com-le.crt -text -noout | grep DNS
DNS: example.com, DNS: www.example.com
```
## Environment
Server OS: CentOS 8
ISPConfig version: 3.2.2
Webserver: NGINX
## Proposed fix
Looks like the certificate generation logic is in [server/plugins-available/nginx_plugin.inc.php:1385](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/nginx_plugin.inc.php#L1385)
```php
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && $conf['mirror_server_id'] == 0 && ( // ssl and let's encrypt is active and no mirror server
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| $this->update_letsencrypt == true
)) {
$success = $app->letsencrypt->request_certificates($data, 'nginx');
if($success) {
/* we don't need to store it.
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
} else {
$data['new']['ssl_letsencrypt'] = 'n';
if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n';
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ? AND `server_id` = ?", $data['new']['ssl'], 'n', $data['new']['domain'], $conf['server_id']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
}
}
```
The problem appears to be it simply takes the information straight out of `$data` but the part that deals with the auto alias hasn't been called yet as [it's all the way down on line 1651](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/nginx_plugin.inc.php#L1651):
```php
// get autoalias
$auto_alias = $web_config['website_autoalias'];
if($auto_alias != '') {
// get the client username
$client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);
$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
unset($client);
unset($aa_search);
unset($aa_replace);
$server_alias[] .= $auto_alias.' ';
}
```
There's not an obvious way to add it to that file, as it just passes the `$data` array off to the letsencrypt library. However we could add it in the LE lib, [maybe after line 365?](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/letsencrypt.inc.php#L365) We'd basically just have to add the above "get auto alias" stuff in there. The only problem with that I can see is if the Apache plugin works differently and is already adding the auto alias, in which case we don't want to duplicate it.
Can anyone confirm if the Apache plugin does that? If not would this method be acceptable?
Thankshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6066Enable TLSv1.3 for the panel and apps vhost (nginx)2021-03-07T13:21:47ZThomEnable TLSv1.3 for the panel and apps vhost (nginx)Enable TLSv1.3 if supportedEnable TLSv1.3 if supportedhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6063problem with mail_user_add api call when missing mohedir and maildir attributes2021-03-04T19:23:17ZJiri Slezkaproblem with mail_user_add api call when missing mohedir and maildir attributes## short description
I am trying add mail user through mail_user_add api call but it behaves strange when I omit some attributes (homedir, maildir).
Mail user dir is created on disk in right place (/var/vmail/example.cz/test) but homedi...## short description
I am trying add mail user through mail_user_add api call but it behaves strange when I omit some attributes (homedir, maildir).
Mail user dir is created on disk in right place (/var/vmail/example.cz/test) but homedir and maildir in db is empty. Also when quota is specified other than 0 (for example 1024MB), every mail is rejected with "Quota exceeded (mailbox for user is full)". .quotausage file is created in right place and it contains
```
priv/quota/messages
6494
priv/quota/storage
1073743931
```
## correct behaviour
homedir and maildir should be generated on ISPConfig side (if missing)
## environment
Server OS: CentOS
Server OS version: CentOS7
ISPConfig version: (3.2.2)
## log entries
maillog
```
Feb 18 09:06:02 server dovecot: lda(test@example.cz): Error: User test@example.cz doesn't have home dir set, disabling duplicate database
Feb 18 09:06:02 server dovecot: lda(test@example.cz): msgid=<20210218080602.616B0249A54@smtp.example.cz>: save failed to INBOX: Quota exceeded (mailbox for user is full)
Feb 18 09:06:02 server dovecot: lda(test@example.cz): msgid=<20210218080602.616B0249A54@smtp.example.cz>: rejected: Quota exceeded (mailbox for user is full)
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6059Added directive to `custom_php_ini` to add fpm pool directives2021-02-14T08:31:34ZKreso PendicAdded directive to `custom_php_ini` to add fpm pool directivesHi, I needed to add directives for php fpm 'OPTIONS' tab -> inside existing php.ini settings textarea:
process.priority
pm.status_path
etc..
and that are fpm pool directives but the issue is that plugin `nginx_plugin.inc.ph...Hi, I needed to add directives for php fpm 'OPTIONS' tab -> inside existing php.ini settings textarea:
process.priority
pm.status_path
etc..
and that are fpm pool directives but the issue is that plugin `nginx_plugin.inc.php` file wrappes it in `php_admin_value[]` so I ended up with solution to prefix line with 'POOL' keyword and escaped ithttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6055Disable client (/admin) protection by default2021-02-11T19:28:58ZThomDisable client (/admin) protection by defaultAny opinions wether this should be enabled by default or not?Any opinions wether this should be enabled by default or not?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6043jailkit: xauth error at login2021-02-13T20:40:00ZJesse Norelljailkit: xauth error at loginWhen logging in to a chroot shell user, xauth prints a message showing the non-chroot path (and possibly would not find the correct .Xauthority file?). Mostly harmless, but perhaps an env var (HOME?) could be set earlier before xauth ru...When logging in to a chroot shell user, xauth prints a message showing the non-chroot path (and possibly would not find the correct .Xauthority file?). Mostly harmless, but perhaps an env var (HOME?) could be set earlier before xauth runs, and at least get the correct chrooted path?
```
$ ssh client_user1f@ispc.hoster.tld
kentec_asdf@ispc.hoster.tld's password:
Linux srv-cp 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
/usr/bin/xauth: file /var/www/clients/client1/web2/./home/client_user1/.Xauthority does not exist
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6026resync should setup dkim record2021-01-22T07:06:56ZJesse Norellresync should setup dkim recordRelated to #6025, it would be nice if the Resync tool could correct missing DKIM records. The propogation of DKIM record from mail_domain to dns_rr is currently a feature of the user interface, and neither resyncing dns nor resyncing ma...Related to #6025, it would be nice if the Resync tool could correct missing DKIM records. The propogation of DKIM record from mail_domain to dns_rr is currently a feature of the user interface, and neither resyncing dns nor resyncing mail domains will ensure that the DKIM record is setup in dns, you must edit each email domain in the ui (a pain with admin protection, where you must switch to the client, then edit, then switch back....).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6013SSL ISPConfig Installer / Updater Code May Be Repetitive2021-02-18T15:12:16ZHj Ahmad Rasyid Hj IsmailSSL ISPConfig Installer / Updater Code May Be RepetitiveI have been revisiting ISPConfig installer_base.lib.php as well as install.php and update.php files and I think the code with regards to SSL may be repetitive and most of them, if not all, may be avoided if the SSL request for the server...I have been revisiting ISPConfig installer_base.lib.php as well as install.php and update.php files and I think the code with regards to SSL may be repetitive and most of them, if not all, may be avoided if the SSL request for the server and its services can be made before configure_postfix (include creation of smtpd.cert and smtpd.key) and configure_dovecot (include creation of dhparam file dh.pem).
Reading on dovecot, I think it is not necessary to use ssl-parameters.dat and convert it as dhparam file (dh.pem) even if it is meant for v2.2 as using it was only a mere suggestion to ease creating creating the same but using openssl to issue it should also work as well and pure-ftpd is using one that can be symlinked.
Since symlinks can be made to all of them whether by using self-signed or LE SSL certs or others, if it is possible to rearrange the priority in those files especially install.php and update.php, we may avoid such a repetition and may be make the install / update process a little bit faster?
A thought to be discussed further before any decision could be made.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6006Add config file changes to UI2021-01-09T14:37:56ZTony GAdd config file changes to UIThis is another feature enhancement suggestion that might be easier than others. I'm hoping it can just be added to the pile of such suggestions for consideration.
The feature for adding Apache Directives can be used as a model for /etc...This is another feature enhancement suggestion that might be easier than others. I'm hoping it can just be added to the pile of such suggestions for consideration.
The feature for adding Apache Directives can be used as a model for /etc/postfix/main.cf and /etc/dovecot/dovecot.conf. In System Config>Mail provide a textarea for Additional Postfix Settings, and another for Additional Dovecot Settings. On Save the resulting config files will have a distinctive #! comment to separate these sections from existing settings. Example:
```
#! Set by ISPConfig Template: ...
smtp_helo_timeout = 15s
smtp_mail_timeout = 15s
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
#! ISPConfig Overrides
smtp_mail_timeout = 30s
smtpd_tls_loglevel = 1
smtp_tls_security_level = dane
```
On Save, scan for `^#! ISPConfig Overrides$`, remove anything below it, and insert the new content.
For consistency that pattern can be used for Postfix and Dovecot, but for Dovecot it can be made more elegant: In the tpl config, add the single line `!include conf.d/93-ispconfig.conf` and then create that file. Just replace that file with the UI textarea. At some point if Postfix supports an `include` directive then the same mechanism can be used.
Rather than using postconf for update, for this mechanism just reload Postfix whenever the related textarea changes. An admin using multi-line settings and comments is more free to write the config as they please, for better or worse.
ISPConfig itself could use this same mechanism, where defaults set by install/update are in the config file under comment `#! Set by ISPConfig Template`, updates made through the UI or API are echoed under that with comment `#! Set in ISPConfig` and then under that the manual overrides can follow. This would allow the admin to easily see only fields that are defined with ISPConfig, rather than using postconf or doveconf statements which return all possible settings.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6005New feature to create a new tpl and tpl-custom folder?2021-01-20T18:16:14ZHj Ahmad Rasyid Hj IsmailNew feature to create a new tpl and tpl-custom folder?https://www.howtoforge.com/community/threads/new-feature-to-create-a-new-tpl-and-tpl-custom-folder.86053/
This is a mere suggestion which I think could be useful to all users.
What do you all think if ISPConfig 3.2 /tpl/ folder in inst...https://www.howtoforge.com/community/threads/new-feature-to-create-a-new-tpl-and-tpl-custom-folder.86053/
This is a mere suggestion which I think could be useful to all users.
What do you all think if ISPConfig 3.2 /tpl/ folder in installation package is also copied to the ISPConfig directory?
What I had early in my mind is /usr/local/ispconfig/server/conf/tpl/ or /usr/local/ispconfig/server/conf-tpl/. I don't know which one is preferred but I think it is best to copy latest tpl folder to ISPConfig folder for users' customization needs, if any.
I think this is quite easy to implement via ISPConfig installer so if there is any need to customize any of its files, one can copy and move it to /conf-custom/install/ folder, almost like the /conf/ folder itself.
Or may be introduce /usr/local/ispconfig/server/tpl/ and /usr/local/ispconfig/server/tpl-custom/ ?
Your comments, suggestions and feedback are most welcomed.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6003tpl debian_postfix.conf.master includes hard-coded /etc/postfix2021-01-08T14:31:18ZTony Gtpl debian_postfix.conf.master includes hard-coded /etc/postfixThe {config_dir} placeholder is used in the debian_postfix.conf.master file, replaced with /etc/postfix in main.cf. There are a couple instances of the literal text `/etc/postfix` in the settings. I have no idea if this would affect any ...The {config_dir} placeholder is used in the debian_postfix.conf.master file, replaced with /etc/postfix in main.cf. There are a couple instances of the literal text `/etc/postfix` in the settings. I have no idea if this would affect any sites. But the file was made configurable for a reason, so I'm noting that this would be an error for a site that relies on a non-default config_dir.
If approved, this can be assigned to me.Tony GTony Ghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6002Sort fields in debian_postfix.conf.master2021-01-07T11:02:32ZTony GSort fields in debian_postfix.conf.masterThis is a suggestion/request to sort the fields in the postfix main.cf config template - and only those where sorting makes sense.
Example where sorting might not make sense:
- Someone might prefer that the smtp_*_restrictions are sort...This is a suggestion/request to sort the fields in the postfix main.cf config template - and only those where sorting makes sense.
Example where sorting might not make sense:
- Someone might prefer that the smtp_*_restrictions are sorted in order of their application, which is not alphabetical.
In the case of proxy_read_maps, which is an aggregate of other fields, it's still OK to sort this field starting with 'p' before it's included fields, like those starting with 's', because the order of the fields in the file does not matter.
Reasoning:
- It's much easier to find a setting when it's in sorted order.
- As a practical example, it's taken me a long time to work out the delta/diff between the most recent update (3.2.2) and my own settings. If settings are sorted it's much easier to diff tpl, conf-custom, and the main.cf files.
- Related - I have many fields in main.cf that are not in the default template. It's much easier to see if there are related changes in the template if both the tpl and the conf-custom versions are in the same order.
If approved, I'll post a MR with a suggested sorting. This will only include the default tpl fields.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5959Remove TLSv1 and TLSv1.1 from Postfix2020-12-09T11:07:50ZThomRemove TLSv1 and TLSv1.1 from PostfixTLSv1 and TLSv1.1 are deprecated and we should remove support for it, not now, as discussed in #5770, but it has to happen sometime.
I have run some tests on the biggest webmail providers, dutch mail providers, dutch ISPs, and french I...TLSv1 and TLSv1.1 are deprecated and we should remove support for it, not now, as discussed in #5770, but it has to happen sometime.
I have run some tests on the biggest webmail providers, dutch mail providers, dutch ISPs, and french ISPs, and I only found 2 providers (out of 64) who don't support TLSv1.2: Orange (french ISP) and Excite.com. Orange only supports SSLv3 and TLSv1, Excite only supports TLSv1 and TLSv1.1. None of the tested mailservers have TLSv1 and TLSv1.1 disabled yet.
Question is mostly when - are we waiting for a big provider to start the movement? Do we just wait a little more and do it at the end of 2021?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5958jailkit update of /sys and /proc2021-01-08T14:27:35ZJesse Norelljailkit update of /sys and /procHaving /sys mounted inside the jail causes a lot of errors during jailkit cleanup:
https://www.howtoforge.com/community/threads/ispconfig3-2-1-var-log-ispconfig-cron-log-is-flooded-with-messages-14g.85824/
Also related, /proc is not in...Having /sys mounted inside the jail causes a lot of errors during jailkit cleanup:
https://www.howtoforge.com/community/threads/ispconfig3-2-1-var-log-ispconfig-cron-log-is-flooded-with-messages-14g.85824/
Also related, /proc is not included in jailkit directories. Possibly just remove /sys from those, or handle both /sys and /proc (and any others?) special (process for cleanup if regular directories, but ignore if they are mount points?).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5955Add GoAccess real-time support to ISPConfig2020-12-24T14:09:01ZMichaelAdd GoAccess real-time support to ISPConfigBased on the discussion https://www.howtoforge.com/community/threads/real-time-support-for-goaccess.85807Based on the discussion https://www.howtoforge.com/community/threads/real-time-support-for-goaccess.85807https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5952Server php adding custom fpm_socket_dir2023-12-08T11:27:23ZJozef SrokaServer php adding custom fpm_socket_dirIt's can be good to add adding custom fpm_socket_dir for server php.
I also created a merge request !1343 . This merge request solve problem with php-fpm in CentOs and Fedora. During restarting php-fpm services is removed /run/php-fpm fo...It's can be good to add adding custom fpm_socket_dir for server php.
I also created a merge request !1343 . This merge request solve problem with php-fpm in CentOs and Fedora. During restarting php-fpm services is removed /run/php-fpm folder with others sockets.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5951Add journalctl support for logs2020-12-05T14:39:23ZJozef SrokaAdd journalctl support for logsIt's can be good to add journalctl support for log_messages (CentOS, Fedora). I also created a merge request !1342It's can be good to add journalctl support for log_messages (CentOS, Fedora). I also created a merge request !1342https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5925FAQ layout size2020-11-22T05:43:39ZSteliosFAQ layout sizeIf you browse under **Help - FAQ - Manage questions** after you add one the title has a tiny width and it looks really bad.
It doesn't look nice via mobile too. It needs just to adjust a little bit the relevant css.
See output from a scr...If you browse under **Help - FAQ - Manage questions** after you add one the title has a tiny width and it looks really bad.
It doesn't look nice via mobile too. It needs just to adjust a little bit the relevant css.
See output from a screenshot that I attached.
Installed version 3.2
![SPConfig_-_2020-11-21_20.37.19](/uploads/bab9f17d994362787d59d39b74e00cb0/SPConfig_-_2020-11-21_20.37.19.png)
Also, I'm not sure if it is intended to be like this but the body handles plain text only. It will be great to take automatically HTML characters for example when you hit enter to take a paragraph etc.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5923Suggestion: Generate DMARC authorization2021-01-08T14:24:07ZTony GSuggestion: Generate DMARC authorizationWhen a DMARC DNS record is created in a zone, and the MX domain is hosted locally, create a DMARC record in the mail server domain.
Example: Hostname = foo.tld, MX mailserver hostmame = mail.bar.com
When we create this in zone foo.tld...When a DMARC DNS record is created in a zone, and the MX domain is hosted locally, create a DMARC record in the mail server domain.
Example: Hostname = foo.tld, MX mailserver hostmame = mail.bar.com
When we create this in zone foo.tld:
_dmarc.foo.tld. TXT
v=DMARC1; p=reject;
rua=mailto:postmaster@bar.com;
ruf=mailto:postmaster@bar.com;
fo=0:1:d:s
Generate this in zone bar.com:
foo.tld._report._dmarc.bar.com. TXT v=DMARC1;
It must be verified that bar.com is a locally defined zone, and that the mailto value (postmaster@bar.com) is an active address.