ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-08-08T13:27:18Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4655Add more details to the Let's Encrypt warning e-mail2020-08-08T13:27:18ZAntalAdd more details to the Let's Encrypt warning e-mailThe current e-mail only states WARNING - Let's Encrypt SSL Cert for: domain.tld could not be issued.
Please add more detailed information why the certificate could not be issued as we can find in the cron.log.The current e-mail only states WARNING - Let's Encrypt SSL Cert for: domain.tld could not be issued.
Please add more detailed information why the certificate could not be issued as we can find in the cron.log.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4653Add support for HHVM with apache mod_proxy_fcgi2017-11-10T15:26:38ZTill BrehmAdd support for HHVM with apache mod_proxy_fcgiAdd support for HHVM with apache mod_proxy_fcgi for distributions like Ubuntu 17.04 that do not ship with mod_fastcgi module anymore.Add support for HHVM with apache mod_proxy_fcgi for distributions like Ubuntu 17.04 that do not ship with mod_fastcgi module anymore.3.1.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4649implement dovecot quota-status policy daemon2020-10-06T13:23:42ZJesse Norellimplement dovecot quota-status policy daemonDovecot v2.x includes the `quota-status` policy daemon which should be used to check user quota in smtp, rather than generating bounces later.
Implementation is straightforward. There should be a test for dovecot v2 and not run this ...Dovecot v2.x includes the `quota-status` policy daemon which should be used to check user quota in smtp, rather than generating bounces later.
Implementation is straightforward. There should be a test for dovecot v2 and not run this for v1. The policy daemon will need a tcp port, maybe 10060. Enable quota-status in dovecot config (currently all config in /etc/dovecot/dovecot.conf):
```
service quota-status {
executable = quota-status -p postfix
inet_listener {
address = 127.0.0.1
port = 10060
}
client_limit = 1
}
plugin {
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
# add 'quota' to global mail_plugins
mail_plugins = $mail_plugins quota
```
Then need to check that policy daemon both in `smtpd_recipient_restrictions` and `smtpd_end_of_data_restrictions`, so `main.cf` looks similar to:
```
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, {reject_rbl_client various rbls ...}, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service inet:127.0.0.1:10060
# dovecot quota check on 10060
#
# note: also checked in smtpd_recipient_restrictions,
# because sometimes you know the message size then (which saves bandwidth if rejecting),
# sometimes you don't until after end of DATA. also the smtpd_recipient_restrictions
# one is skipped for mynetworks, this catches those, too.
#
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060
```
Then just clear `smtpd_end_of_data_restrictions` in `master.cf` everywhere `smtpd_recipient_restrictions` is overridden (port 10025 and 10027):
```
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
127.0.0.1:10027 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o milter_default_action=accept
-o milter_macro_daemon_name=ORIGINATING
-o disable_dns_lookups=yes
```
And lastly, add a `disablequota-status` the to `mail_user` table, as all defined dovecot services must have since iterate_query uses `disable%L%s` (see https://git.ispconfig.org/ispconfig/ispconfig3/issues/3548):
```
alter table mail_user add `disablequota-status` enum('n','y') default 'n';
```3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4645Request: Renaming APS Installer2020-04-03T10:58:16ZSteffen NielsenRequest: Renaming APS InstallerSuggestion: Wouldn't it be more handy to rename the APS Installer to something like One-click-installer? My experience is that none of our clients are familiar with APS but instead are used to the one-click-installer term.Suggestion: Wouldn't it be more handy to rename the APS Installer to something like One-click-installer? My experience is that none of our clients are familiar with APS but instead are used to the one-click-installer term.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4637ispconfig 3.1.2: Mysql errors trying to add a server to a multiserver setup2020-05-25T12:27:22ZJustinispconfig 3.1.2: Mysql errors trying to add a server to a multiserver setupGetting mysql errors on first server trying to be added to a multiserver setup.
On the master mysql server, remote rights where granted;
grant all on *.* to 'root'@'%' identified by 'xxx' with GRANT OPTION;
Also tested manual i...Getting mysql errors on first server trying to be added to a multiserver setup.
On the master mysql server, remote rights where granted;
grant all on *.* to 'root'@'%' identified by 'xxx' with GRANT OPTION;
Also tested manual if my remote root has a lack of rights:
mysql -h 10.4.1.234 -u root -p
MariaDB [mysql]> create database bla;
Query OK, 1 row affected (0.00 sec)
MariaDB [mysql]> grant all on bla.* to 'bla'@'%' identified by 'bla';
Query OK, 0 rows affected (0.01 sec)
Does not seem the case.
>>>
# php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: CentOS 7.3
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]: expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [xxx]:
MySQL server hostname [localhost]:
MySQL server port [3306]:
MySQL root username [root]:
MySQL root password []: xxx
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are 'ispconfig' as username and a random password.
If you use a different password, use only numbers and chars for the password.
ISPConfig mysql database username [ispconfig]:
ISPConfig mysql database password [xxx]:
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: y
MySQL master server hostname []: 10.4.1.234
MySQL master server port []: 3306
MySQL master server root username [root]:
MySQL master server root password []: xxx
MySQL master server database name [dbispconfig]:
Adding ISPConfig server record to database.
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, INSERT ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE(`status`, `error`) ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE(`status`) ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE(`updated`) ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE (`ssl`, `ssl_letsencrypt`, `ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE (`action_state`, `response`) ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, INSERT , DELETE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE, DELETE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, DELETE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, INSERT, DELETE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, INSERT, DELETE ON ?? TO ?@?
Error:
WARNING: Unable to set rights of user in master database: dbispconfig
Query: GRANT SELECT, UPDATE(`dnssec_initialized`, `dnssec_info`, `dnssec_last_signed`) ON ?? TO ?@?
Error:
Configure Mail (y,n) [y]:
>>>https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4626Can't add DKIM entry using TXT field2018-12-12T17:37:43ZPaweł G.Can't add DKIM entry using TXT fieldChange introduced in commit 378d8326bfb5b5713caf74c370dd14fd547f9c21 causes that you can't add DKIM record to your DNS zone using TXT type.
`DKIM is not allowed. Use the DKIM button`
But I can't use DKIM button when I don't have mai...Change introduced in commit 378d8326bfb5b5713caf74c370dd14fd547f9c21 causes that you can't add DKIM record to your DNS zone using TXT type.
`DKIM is not allowed. Use the DKIM button`
But I can't use DKIM button when I don't have mail support in ispconfig (mail is hosted in some other place).
There should be done one of two things:
1. allow adding DKIM record with TXT type - simply remove in file `interface/web/dns/form/dns_txt.tform.php ` validator number 1 (lines 113-117) for field "data"
2. allow insert DKIM entries in DKIM button. Right now you can here only fetch data from mail section.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4625Database Username characters 16 ispconfig2020-04-03T10:54:21ZJarosławDatabase Username characters 16 ispconfigHi,
Since in new Mysql Username characters are more than 16 we need to increase amount of write characters limit in ISPConfig.
To do this go to : /usr/local/ispconfig/interface/web/sites/
edit: database_user_edit.php
and change value...Hi,
Since in new Mysql Username characters are more than 16 we need to increase amount of write characters limit in ISPConfig.
To do this go to : /usr/local/ispconfig/interface/web/sites/
edit: database_user_edit.php
and change value to 32 exl.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4623Make the webserver's rentention time for log files configurable2017-11-10T15:26:41ZTill BrehmMake the webserver's rentention time for log files configurableImplemented in https://git.ispconfig.org/ispconfig/ispconfig3/merge_requests/576Implemented in https://git.ispconfig.org/ispconfig/ispconfig3/merge_requests/5763.1.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4622Possibility to disable password/key for shell user2020-05-27T13:39:52ZNinosPossibility to disable password/key for shell userHey there,
for security reasons on some servers the openssh-setting `PasswordAuthentication` is set to `no`. After using this setting it's not possible anymore to login with a password. Only keys are still allowed.
ATM on "Shell user"-op...Hey there,
for security reasons on some servers the openssh-setting `PasswordAuthentication` is set to `no`. After using this setting it's not possible anymore to login with a password. Only keys are still allowed.
ATM on "Shell user"-option customers have both opinions. Defining a password or a key.
Problem:
May customers want to use a pasword instead of key but login is not possible. They cannot see the reason why the login is not possible, because login data are correct.
Solution:
Add possibility for admin enabling/disabling password/key field
OR
Check the openssh-setting `PasswordAuthentication`. If set to `no`, just remove the password field.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4614LetsEncrypt default domain2020-05-25T12:09:30ZJason HillLetsEncrypt default domainWhen attempting to use LetsEncrypt on a domain with an aliasdomain letsencrypt attempts to create a certificate for the alias (which then fails).
When multiple alias domains are used these are selected alphabetically.
Certificates sh...When attempting to use LetsEncrypt on a domain with an aliasdomain letsencrypt attempts to create a certificate for the alias (which then fails).
When multiple alias domains are used these are selected alphabetically.
Certificates should be issued to the default domain, or, provide a way of selecting which domain should be secured via LetsEncrypt as per SSL tab.
Many Thankshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4613Add official support for PowerDNS and purge MyDNS2020-06-14T21:08:14ZAndré D.Add official support for PowerDNS and purge MyDNSPowerDNS can be configured via direct database manipulation or via an API: https://doc.powerdns.com/md/httpapi/README/
Reason behind this Request: MyDNS had it's last update in 2006, MyDNS-ng in 2010. They are quite outdated.
Also, i...PowerDNS can be configured via direct database manipulation or via an API: https://doc.powerdns.com/md/httpapi/README/
Reason behind this Request: MyDNS had it's last update in 2006, MyDNS-ng in 2010. They are quite outdated.
Also, it seems that its easier to handle a DNS Servercluster with PowerDNS, also regarding DNSSEChttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4612Add search routine for LE SSL certs2017-11-10T15:26:41ZTill BrehmAdd search routine for LE SSL certsLE sometimes renames the SSL cert files or stores them with a number suffix. We will have to write a routine that troes to find the best matching (latest) ssl cert for a given website. Related to #4589LE sometimes renames the SSL cert files or stores them with a number suffix. We will have to write a routine that troes to find the best matching (latest) ssl cert for a given website. Related to #45893.1.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4607add possibilty to add several IPv4/IPv6 addresses at once2020-10-24T18:22:47ZAndré D.add possibilty to add several IPv4/IPv6 addresses at onceIt should be possible to add ranges to servers instead of only single IP Adresses. Special for IPv6.It should be possible to add ranges to servers instead of only single IP Adresses. Special for IPv6.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4605Add support for ZFS quota2020-12-26T10:06:03ZTill BrehmAdd support for ZFS quotahttp://docs.oracle.com/cd/E19253-01/819-5461/gitfx/index.htmlhttp://docs.oracle.com/cd/E19253-01/819-5461/gitfx/index.htmlhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4600Identified spammails still get forwarded (blacklist, content filter)2020-08-18T17:48:14ZFrederikIdentified spammails still get forwarded (blacklist, content filter)## Description
When adding/editing a mailbox, I can choose to forward the incoming mails to another email address (Send copy to).
We're using the Postfix content filter (Postfix Header and Body Checks) to identify spam and reject tho...## Description
When adding/editing a mailbox, I can choose to forward the incoming mails to another email address (Send copy to).
We're using the Postfix content filter (Postfix Header and Body Checks) to identify spam and reject those emails before
they are put into a mailbox. This works pretty good. Unfortunately it has no affect forwarded emails.
## Proposal
- Don't forward incoming emails if they have already been recognized as spam due to entries in "Postfix blacklist" or "Content filter".
- Give the opportunity for each mailbox to enable or disable "global blocking" for these filters.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4596Snippet Export & Import2020-05-25T12:09:18ZAlexSnippet Export & ImportOption for Export & Import Direktive Snippet of PHP and Apache or ngnix . Than when People have more than one Server can simple import the snippet from a file to a other server.Option for Export & Import Direktive Snippet of PHP and Apache or ngnix . Than when People have more than one Server can simple import the snippet from a file to a other server.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4594Add Letsencrypt log to be viewable in ISPConfig Monitor module2020-09-15T15:43:10ZTill BrehmAdd Letsencrypt log to be viewable in ISPConfig Monitor moduleAdd Letsencrypt log to be viewable in ISPConfig Monitor moduleAdd Letsencrypt log to be viewable in ISPConfig Monitor module3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4588New redirection type: reverse proxy2020-09-25T22:07:19ZNinosNew redirection type: reverse proxyHey there,
I recommend adding a new redirection type "reverse proxy". So customers can define reverse proxy for apache/nginx in a simple way. E.g. you could reverse the ispcp-control panel via :80:443 instead of accessing it via :8080. S...Hey there,
I recommend adding a new redirection type "reverse proxy". So customers can define reverse proxy for apache/nginx in a simple way. E.g. you could reverse the ispcp-control panel via :80:443 instead of accessing it via :8080. Same for an own gitlab instance...
May relevant ticket: #2829https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4583Pre LE certificat domains check error message2020-02-26T17:07:11ZMartinPre LE certificat domains check error messageDomain check before certificate request should give a message to the admin/user, if one of the domains is not pointing at the server?Domain check before certificate request should give a message to the admin/user, if one of the domains is not pointing at the server?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4580Audit Trail2020-08-20T17:16:50ZoNdsenAudit TrailExample:`Date;User;Server;Module;Action
JAN 01 2017 00:00:00;Admin;NS01;DNS;Deleted CNAME Record www.domain.tld
JAN 01 2017 00:00:00;Admin;NS01;DNS;Added A-Record www.domain.tld
JAN 01 2017 00:00:00;Admin;WEB01;Sites;Added Database c0aps...Example:`Date;User;Server;Module;Action
JAN 01 2017 00:00:00;Admin;NS01;DNS;Deleted CNAME Record www.domain.tld
JAN 01 2017 00:00:00;Admin;NS01;DNS;Added A-Record www.domain.tld
JAN 01 2017 00:00:00;Admin;WEB01;Sites;Added Database c0aps1
JAN 01 2017 00:00:00;Admin;WEB01;Sites;Modified Database c0aps1`
This is a **very important** feature when there are more than one Administrator available.