ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2022-01-21T23:14:44Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6187DS RECORD functions for API2022-01-21T23:14:44Zfrancois parreaux-eyDS RECORD functions for APIHello,
Following below discussion (link) I propose to add DS RECORD functions for API
https://www.howtoforge.com/community/threads/dnssec-cascade-inside-ispconfig.86988/#post-423182
code added in 'interface/lib/classes/remote.d/dns.i...Hello,
Following below discussion (link) I propose to add DS RECORD functions for API
https://www.howtoforge.com/community/threads/dnssec-cascade-inside-ispconfig.86988/#post-423182
code added in 'interface/lib/classes/remote.d/dns.inc.php'
// ----------------------------------------------------------------------------------------------------------------
//* Get record details
public function dns_ds_get($session_id, $primary_id) {
return $this->dns_rr_get($session_id, $primary_id, 'DS');
}
//* Add a record
public function dns_ds_add($session_id, $client_id, $params, $update_serial=false) {
return $this->dns_rr_add($session_id, $client_id, $params, $update_serial, 'DS');
}
//* Update a record
public function dns_ds_update($session_id, $client_id, $primary_id, $params, $update_serial=false) {
return $this->dns_rr_update($session_id, $client_id, $primary_id, $params, $update_serial, 'DS');
}
//* Delete a record
public function dns_ds_delete($session_id, $primary_id, $update_serial=false) {
return $this->dns_rr_delete($session_id, $primary_id, $update_serial, 'DS');
}
As a reminder, in case you want to have a cascade of zones using DNSSEC, you need to :
1. let's create child.dom.tld
1.a Create zone with 'dnssec_wanted=y'
2. in parent zone ie dom.tld
2.a. Create DS_record pointing to child zone (this is the aim of the functions I am adding)
2.b. Create 2 NS_records pointing to child zone
3. update parent zone dom.tld to have zone signing updated
4. don't forget to create secondary Zones on your secondary bind server
Many thanks for your trust
francoisPE3.2.8francois parreaux-eyfrancois parreaux-eyhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6174DNS doesn't accept single character domain2021-08-17T22:53:30ZDominikDNS doesn't accept single character domainWith several new TLDs it is possible to use a single character Domain. Even with some of the old well-known domains including .de in meanwhile it is possible to have a domain with only one character like "a.de". One of my customer owns s...With several new TLDs it is possible to use a single character Domain. Even with some of the old well-known domains including .de in meanwhile it is possible to have a domain with only one character like "a.de". One of my customer owns such a domain with one of the new generic domains (in this case: .cymru). My solution was really simple:
I changed the corresponding regex in /usr/local/ispconfig/interface/web/dns/form/dns_soa.tform.php and dns_slave.tform.php and then it worked.
Unfortunatelly it is not allowed to have a single character domain in all TLDs - so there are TLDs out there that still allow only two-character domains and even some that allow only three-character domains. So what is the right solution now? Including an intelligence that knows the minimal length for all TLDs? Or just my simple solution and allow one character in every case?3.2.6ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6167rspamd: enable arc signing2021-08-31T09:16:05ZJesse Norellrspamd: enable arc signingRFE: enable ARC signing in rspamd. With the current rspamd options/implementation I would only enable signing for incoming mail (not authenticated or local), selecting the domain from the recipient addr - these are all default settings ...RFE: enable ARC signing in rspamd. With the current rspamd options/implementation I would only enable signing for incoming mail (not authenticated or local), selecting the domain from the recipient addr - these are all default settings in modules.d/arc.conf - and simply point the selector map and key path map to the same as used for dkim signing.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6160Update readme.md2021-04-26T07:38:22ZThomUpdate readme.md3.2.5ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6156Remove dnssec-lookaside auto; from named.conf.options.master2022-02-26T17:28:57ZThomRemove dnssec-lookaside auto; from named.conf.options.masterRemove obsolete setting `dnssec-lookaside auto;` from the named config and put a note in the release notes to update BIND.Remove obsolete setting `dnssec-lookaside auto;` from the named config and put a note in the release notes to update BIND.3.2.5ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6155Change OS update function from aptitude to apt2021-05-26T22:07:30ZTill BrehmChange OS update function from aptitude to aptThe OS update function currently uses aptitude to install the updates. We should change that to apt command.The OS update function currently uses aptitude to install the updates. We should change that to apt command.3.2.5ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6130Remove APS Installer limit from limit-Template2021-05-26T22:07:30ZJaldeep LadolaRemove APS Installer limit from limit-TemplateThere is non use APS Installer Limit from limit-Template.There is non use APS Installer Limit from limit-Template.3.2.5ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6120Run wget and tar quietly on update2021-03-31T19:47:38ZThomRun wget and tar quietly on updateDon't show the output of wget and tar of the ISPConfig release when running the update script
```
--2021-03-23 15:33:41-- https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
Resolving www.ispconfig.org (www.ispconfig.org)... ...Don't show the output of wget and tar of the ISPConfig release when running the update script
```
--2021-03-23 15:33:41-- https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
Resolving www.ispconfig.org (www.ispconfig.org)... 2606:4700:20::681a:bf6, 2606:4700:20::ac43:4b70, 2606:4700:20::681a:af6, ...
Connecting to www.ispconfig.org (www.ispconfig.org)|2606:4700:20::681a:bf6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4024765 (3.8M) [application/octet-stream]
Saving to: ‘ISPConfig-3.tar.gz’
ISPConfig-3.tar.gz 100%[=================>] 3.84M --.-KB/s in 0.07s
2021-03-23 15:33:41 (55.8 MB/s) - ‘ISPConfig-3.tar.gz’ saved [4024765/4024765]
ispconfig3_install/.phplint.yml
ispconfig3_install/server/
etc
```3.2.4ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6117Highlight offline services in table2021-03-25T21:17:35ZHelmoHighlight offline services in tableA bit of color could help here to directly see which services are marked as offline.
![Selection_309](/uploads/1d71c69dc50a03b76e17a1ab0fb81a3a/Selection_309.png)
![Selection_308](/uploads/d748617a573d141a9626770722a7137e/Selection_308...A bit of color could help here to directly see which services are marked as offline.
![Selection_309](/uploads/1d71c69dc50a03b76e17a1ab0fb81a3a/Selection_309.png)
![Selection_308](/uploads/d748617a573d141a9626770722a7137e/Selection_308.png)3.2.4HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6113Add option to not directly remove deleted mailboxes2022-08-17T12:49:40ZHelmoAdd option to not directly remove deleted mailboxesWhen a mail account is deleted via the interface it's directly removed from the filesystem.
While we have a very nice undo action in the datalog history that does not bring back the data.
A regular backup will probably have a gap betwe...When a mail account is deleted via the interface it's directly removed from the filesystem.
While we have a very nice undo action in the datalog history that does not bring back the data.
A regular backup will probably have a gap between when it finished and when the mailbox is deleted. In which changed can occur which we are not able to recover.
And in some cases it might be a compliance issue to purge mailboxes.
I suggest we add an option to delay the deletion.
One way could be to rename the mail folder to e.g. `exmaple.com/mailuser-20210318222513`. Renaming will not hold-up the task queue with large mailboxes.
A cronjob could then process these further. There are multiple ways to do that and I expect opinions to vary on that.
- remove after x time
- compress into a tar
- sent to an archive location
- leave it and have your own cleanup task
- leave it for manual cleanup
As a bonus we could (under certain conditions) move it back when an undo action is performed.
I've started with code to rename mail_user and mail_domain directories. See the linked MR.
Thoughts?3.2.9https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6094Ignore postfix_custom and dovecot_custom config files in conf-custom check2021-03-10T12:52:09ZThomIgnore postfix_custom and dovecot_custom config files in conf-custom checkIgnore postfix_custom and dovecot_custom config files when checking if there are custom config.
Maybe add a separate warning "You are using custom config for Postfix and Dovecot. Make sure your template does not interfere with breaking ...Ignore postfix_custom and dovecot_custom config files when checking if there are custom config.
Maybe add a separate warning "You are using custom config for Postfix and Dovecot. Make sure your template does not interfere with breaking changes (usually noted in the release notes"3.2.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6088Hide relay options per mail domain by default2021-04-08T19:15:29ZThomHide relay options per mail domain by defaultHide the settings for a relay host by default - it clutters the UI and most users won't use it.
enable them through main config / server config / client limitsHide the settings for a relay host by default - it clutters the UI and most users won't use it.
enable them through main config / server config / client limits3.2.3ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6065Enable http/2 for the panel (nginx)2021-02-27T11:09:48ZThomEnable http/2 for the panel (nginx)3.2.3ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6061Certbot: Improve predictability of output certificate (use --cert-name instea...2021-03-10T12:51:41ZJanThielCertbot: Improve predictability of output certificate (use --cert-name instead of --expand)## short description
Currently it is mere "luck" which domain will be the "primary" domain for certbot. This will lead to situations, where the LE config file in /renewal/ as well as the certs in /archive/ and /live/ are named "c.tld(.co...## short description
Currently it is mere "luck" which domain will be the "primary" domain for certbot. This will lead to situations, where the LE config file in /renewal/ as well as the certs in /archive/ and /live/ are named "c.tld(.conf|.pem)" when requesting a certificate for a site with the domain "a.tld" containing sub- or alias domains for "b.tld", "b.a.tld" or "c.tld".
We have numerous cases where the same single vhost gets config files and cert files named with one of the additional domains. In addition to that the publicly displayed primary domain of the cert is one of the additional ones. This happens on newly requesting certs, renewing them and just updating them when e.g. adding or removing alias domains.
For instance today we cleaned up 8 stale LE configs and certs for the one primary vhost / site. Those were named "a.tld-0001", "a.tld-0002", "b.tld", "c.tld", "x.a.tld", and so on ...
After deleting **all** of them and creating a brand new LE cert + configs the config and cert file is off again. Instead of the expected "a.tld.conf" and "/live/a.tld/..." + "/archive/a.tld/..." it's all based on the **last** additional domain from the certonly cmd.
## correct behaviour
The primary domain should be the domain of the vhost site. All subdomains, aliases and such should only be added as additional domains. The config as well as the cert files should be named with the primary domain. Also deleting alias or subdomains should update the existing certificate config and file instead of creating new ones.
From the Docs:
```
Consider using --cert-name instead of --expand, as it gives more control over which certificate is modified and it lets you remove domains as well as adding them.
```
## environment
Server OS: centos
Server OS version: centos7
ISPConfig version: 3.2.2
Certbot: 1.11.0
## proposed fix
There are two issues in the current code I stumbled upon refactoring the LE code to allow Mirror Server SSL to work:
1. The cerbot call lacks the `--cert-name` option. Thus certbot tries to guess internally which domain to use as primary domain. This can easily be solved supplying the `--cert-name` option with the primary domain.
2. The current code adds the **last** supplied domain name as the host for the mail address. Haven't checked out whether this has any impact on the certbot guessing, but still I do not think, that this is intended
```
/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@test2.domain.tld --cert-name=test2.domain.tld --webroot-map '{"test.domain.tld":"/usr/local/ispconfig/interface/acme","test2.domain.tld":"/usr/local/ispconfig/interface/acme","test3.domain.tld":"/usr/local/ispconfig/interface/acme"}'
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for test.domain.tld and 2 more domains
Performing the following challenges:
http-01 challenge for test2.domain.tld
http-01 challenge for test3.domain.tld
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/test2.domain.tld/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/test2.domain.tld/privkey.pem
```
## references
https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/letsencrypt.inc.php#L1653.2.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6056system->cp users possible data loss warning unclear2021-03-09T15:48:13Zleesystem->cp users possible data loss warning unclear
it seems that some users still find the warning message on the cp users page a little confusing and are unsure about what they can and can't do there. https://www.howtoforge.com/community/threads/safe-usage-of-user-management-cp-users.8...
it seems that some users still find the warning message on the cp users page a little confusing and are unsure about what they can and can't do there. https://www.howtoforge.com/community/threads/safe-usage-of-user-management-cp-users.86362
so to make the message a bit clearer, maybe that warning should be modified to read:
WARNING: Do not edit or modify any client settings here. Use the Client- and Reseller settings in the Client module instead. Modifying or changing client users or groups here may cause data loss!
and to let them know what they can do there, maybe add another sentence along the lines of:
use this page only to create a new admin user, or to modify an existing admin users settings.3.2.3ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6049Update the contributing doc2023-04-25T16:11:27ZThomUpdate the contributing doc3.2.3ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6046BREXIT - Update country list2021-03-09T15:52:21ZTill BrehmBREXIT - Update country listUpdate country list to reflect that the UK is no longer a member of the European Union.Update country list to reflect that the UK is no longer a member of the European Union.3.2.3Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6037Rspamd configured to learn bayes ham and spam by user2021-02-01T17:08:02ZMarius BurkardRspamd configured to learn bayes ham and spam by userISPConfig configures rspamd to bayes learn ham and spam by user. This is not good for most of the use-cases (just for some very big mail servers that need per-user bayes scores).ISPConfig configures rspamd to bayes learn ham and spam by user. This is not good for most of the use-cases (just for some very big mail servers that need per-user bayes scores).3.2.3Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6035After a password reset you land on the same reset form2021-01-29T10:37:38ZHelmoAfter a password reset you land on the same reset formWhen you click the confirmation link during the password reset process you end up on the same form to reset the password again.
That's confusing and it seems more logical to go to the login form.
I'm preparing a merge request for this ...When you click the confirmation link during the password reset process you end up on the same form to reset the password again.
That's confusing and it seems more logical to go to the login form.
I'm preparing a merge request for this to make it look like:
![Selection_283](/uploads/7f88eca8846fbbac425e4c4e107aaf1a/Selection_283.png)3.2.3HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6032API event support2022-01-18T11:43:10ZCédricAPI event supportHello Guys,
Original post : https://www.howtoforge.com/community/threads/working-with-plugin-control-panel-vs-api.86218/
It's appear the API have some event support missing.
![image](/uploads/56395a33728b5d28334ad4eb1a4b44a5/image.png)...Hello Guys,
Original post : https://www.howtoforge.com/community/threads/working-with-plugin-control-panel-vs-api.86218/
It's appear the API have some event support missing.
![image](/uploads/56395a33728b5d28334ad4eb1a4b44a5/image.png)
How to try it:
1. Add error login to your ispconfig vhost (/etc/apache2/sites-enabled/000-ispconfig.vhost)
- add / edit the line : ErrorLog /var/log/ispconfig/httpd/YourVHOST.DOMAIN.TLS/error.log
2. Plugin demonstration :
```php
<?php
class exemple_plugin {
var $plugin_name = 'exemple_plugin';
var $class_name = 'exemple_plugin';
function onLoad() {
global $app;
$app->plugin->registerEvent('mail:mail_user:on_before_insert', 'exemple_plugin', 'fonction_edit');
$app->plugin->registerEvent('mail:mail_user:on_before_update', 'exemple_plugin', 'fonction_edit');
$app->plugin->registerEvent('mail:mail_user:on_before_delete', 'exemple_plugin', 'fonction_del');
}
function fonction_edit($event_name, $page_form){
error_log('You should see this line in the log when you add / edit an email');
}
function fonction_del($event_name, $page_form){
error_log('You should see this line in the log when you remove an email');
}
}
```
3. IMPORTANT : Relog into your ISPConfig control panel
4. Time to try
1. Go to Ispconfig;
- Email > Email Mailbox > Select an existing mailbox > Change something > Save
- When you do that you should see this inside your logfile ![image](/uploads/d64e220d0b9665ce5535c9a3f998cf36/image.png)
2. When you make the same change by the API, nothing is wrote inside the logfile.
- That mean the plugin isn't call by the API.
Also the support of multi event would be great (before/after)
Regards,3.2.8