ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2021-02-14T08:31:34Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6059Added directive to `custom_php_ini` to add fpm pool directives2021-02-14T08:31:34ZKreso PendicAdded directive to `custom_php_ini` to add fpm pool directivesHi, I needed to add directives for php fpm 'OPTIONS' tab -> inside existing php.ini settings textarea:
process.priority
pm.status_path
etc..
and that are fpm pool directives but the issue is that plugin `nginx_plugin.inc.ph...Hi, I needed to add directives for php fpm 'OPTIONS' tab -> inside existing php.ini settings textarea:
process.priority
pm.status_path
etc..
and that are fpm pool directives but the issue is that plugin `nginx_plugin.inc.php` file wrappes it in `php_admin_value[]` so I ended up with solution to prefix line with 'POOL' keyword and escaped ithttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6063problem with mail_user_add api call when missing mohedir and maildir attributes2021-03-04T19:23:17ZJiri Slezkaproblem with mail_user_add api call when missing mohedir and maildir attributes## short description
I am trying add mail user through mail_user_add api call but it behaves strange when I omit some attributes (homedir, maildir).
Mail user dir is created on disk in right place (/var/vmail/example.cz/test) but homedi...## short description
I am trying add mail user through mail_user_add api call but it behaves strange when I omit some attributes (homedir, maildir).
Mail user dir is created on disk in right place (/var/vmail/example.cz/test) but homedir and maildir in db is empty. Also when quota is specified other than 0 (for example 1024MB), every mail is rejected with "Quota exceeded (mailbox for user is full)". .quotausage file is created in right place and it contains
```
priv/quota/messages
6494
priv/quota/storage
1073743931
```
## correct behaviour
homedir and maildir should be generated on ISPConfig side (if missing)
## environment
Server OS: CentOS
Server OS version: CentOS7
ISPConfig version: (3.2.2)
## log entries
maillog
```
Feb 18 09:06:02 server dovecot: lda(test@example.cz): Error: User test@example.cz doesn't have home dir set, disabling duplicate database
Feb 18 09:06:02 server dovecot: lda(test@example.cz): msgid=<20210218080602.616B0249A54@smtp.example.cz>: save failed to INBOX: Quota exceeded (mailbox for user is full)
Feb 18 09:06:02 server dovecot: lda(test@example.cz): msgid=<20210218080602.616B0249A54@smtp.example.cz>: rejected: Quota exceeded (mailbox for user is full)
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6066Enable TLSv1.3 for the panel and apps vhost (nginx)2021-03-07T13:21:47ZThomEnable TLSv1.3 for the panel and apps vhost (nginx)Enable TLSv1.3 if supportedEnable TLSv1.3 if supportedhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6067Add option to disable backup on mirror systems2021-02-22T08:39:24ZTill BrehmAdd option to disable backup on mirror systemsAdd option to disable backup on mirror systems to avoid that web, mail and database backups get written multiple times.Add option to disable backup on mirror systems to avoid that web, mail and database backups get written multiple times.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6073Aliases created by the "Website auto alias" setting are not added to the Lets...2021-03-03T16:43:53ZJudah - MWAliases created by the "Website auto alias" setting are not added to the Lets Encrypt certificate request## Short description
If a value is defined in System > Server Config > Web > Website Auto Alias, it is automatically added as an alias to the site vhost. However it is not added to the LE certificate request.
## Correct behaviour
The a...## Short description
If a value is defined in System > Server Config > Web > Website Auto Alias, it is automatically added as an alias to the site vhost. However it is not added to the LE certificate request.
## Correct behaviour
The auto alias should be part of the certificate request.
(I know some people use auto alias for internal aliases, that would still be fine as the LE check would catch the non-routable alias and discard it.)
## An example
We have `mail.[website_domain]` configured as our auto alias:
![image](/uploads/75f4a0d35fdedf07204a38da6d8c1d28/image.png)
This correctly appears in all _new_ nginx vhosts like so:
```
server_name example.com www.example.com mail.example.com;
```
However it does not get added to the certificate request. Viewing the request in `acme.log` shows it is not included and viewing the certificate afterwards shows this:
```bash
$ openssl x509 -in /var/www/example.com/ssl/example.com-le.crt -text -noout | grep DNS
DNS: example.com, DNS: www.example.com
```
## Environment
Server OS: CentOS 8
ISPConfig version: 3.2.2
Webserver: NGINX
## Proposed fix
Looks like the certificate generation logic is in [server/plugins-available/nginx_plugin.inc.php:1385](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/nginx_plugin.inc.php#L1385)
```php
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && $conf['mirror_server_id'] == 0 && ( // ssl and let's encrypt is active and no mirror server
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| $this->update_letsencrypt == true
)) {
$success = $app->letsencrypt->request_certificates($data, 'nginx');
if($success) {
/* we don't need to store it.
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
} else {
$data['new']['ssl_letsencrypt'] = 'n';
if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n';
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ? AND `server_id` = ?", $data['new']['ssl'], 'n', $data['new']['domain'], $conf['server_id']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
}
}
```
The problem appears to be it simply takes the information straight out of `$data` but the part that deals with the auto alias hasn't been called yet as [it's all the way down on line 1651](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/nginx_plugin.inc.php#L1651):
```php
// get autoalias
$auto_alias = $web_config['website_autoalias'];
if($auto_alias != '') {
// get the client username
$client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);
$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
unset($client);
unset($aa_search);
unset($aa_replace);
$server_alias[] .= $auto_alias.' ';
}
```
There's not an obvious way to add it to that file, as it just passes the `$data` array off to the letsencrypt library. However we could add it in the LE lib, [maybe after line 365?](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/letsencrypt.inc.php#L365) We'd basically just have to add the above "get auto alias" stuff in there. The only problem with that I can see is if the Apache plugin works differently and is already adding the auto alias, in which case we don't want to duplicate it.
Can anyone confirm if the Apache plugin does that? If not would this method be acceptable?
Thankshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6074Postfix 3.4: TLS SNI Mapping2021-04-27T15:09:13ZColin OgilviePostfix 3.4: TLS SNI Mapping## short description
Postfix 3.4 supports a new feature which enables TLS SNI Mapping to enable each domain to have it's own SSL certificate.
## correct behaviour
It would be good if ISPConfig could support this by default.
## environm...## short description
Postfix 3.4 supports a new feature which enables TLS SNI Mapping to enable each domain to have it's own SSL certificate.
## correct behaviour
It would be good if ISPConfig could support this by default.
## environment
Server OS: Ubuntu
Server OS version: 20.04
ISPConfig version: 3.2.2
## proposed fix
* Allow various options to enable the use of certificates in the domain and include that in the generation of the certificate through LetsEncrypt. This could either be 'mail.domain' or even just domain by default.
* Maintain, or write, the ability to set the `tls_server_sni_maps` variable in Postfix (from SQL if possible)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6082rspamd white/blacklist using multimap module2022-07-27T01:05:03ZJesse Norellrspamd white/blacklist using multimap moduleNeed to rework the rspamd implementation of white/blacklists to use the multimap module rather than setting want_spam=yes - see notes/comments in https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1411Need to rework the rspamd implementation of white/blacklists to use the multimap module rather than setting want_spam=yes - see notes/comments in https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1411Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6092Add Nagios check for ISPconfig2022-05-24T12:28:13ZHelmoAdd Nagios check for ISPconfigThe monitor page in ISPconfig has a nice overview of the system status, but I would like to be alerted when something changes.
In my setup I have Icinga for that, which is Nagios compatible.
I created a Nagios compatible script to expor...The monitor page in ISPconfig has a nice overview of the system status, but I would like to be alerted when something changes.
In my setup I have Icinga for that, which is Nagios compatible.
I created a Nagios compatible script to export data from the monitor page.
It outputs a single line like: `WARNING: (ok: 12, info: system_update, warning: sys_log)`
Usage:
In an NRPE compatible config file:
`command[check_ispconfig]=/usr/bin/sudo /usr/local/ispconfig/server/check_ispconfig.php`
/etc/sudoers.d/ispconfig:
```
Cmnd_Alias CHECK_ISPCONFIG = /usr/local/ispconfig/server/check_ispconfig.php
nagios ALL = NOPASSWD : CHECK_ISPCONFIG
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6093Monitor MX records2022-12-27T22:35:12ZHelmoMonitor MX recordsWhen a domain moves to an external mail provider it's important to de-activate or remove the mail domain from ispconfig.
When forgotten this can lead to mails not being delivered.
I've written a perl script to check this in the past and...When a domain moves to an external mail provider it's important to de-activate or remove the mail domain from ispconfig.
When forgotten this can lead to mails not being delivered.
I've written a perl script to check this in the past and now ported that to ispconfig.
It resolves the server name and checks that the MX record for a mail_domain matches one of those IP's. Extra IP's can be added via `$mail_config['additional_smtp_ips']`
On one of my systems I use an extra IP for incomming smtp, so there I had to override the server hostname. There I've put in a `$mail_config['hostname'] = '...'; line in onRunJob() for now. I don't think we have a field for that and it's probably not worth creating it for just me. But I'm open to suggestions.
TODO
- [x] String updates?
- [x] Maybe some layout?
- [x] UI for $mail_config['additional_smtp_ips'] and `$mail_config['additional_smtp_hostnames']`?
- [x] Maybe remove the $app->log warning lines as it might a bit redundant
- [x] translation files
Anyway, feedback welcome.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6095change of jailkit default/site section addition/override and location2021-03-11T10:08:01Zleechange of jailkit default/site section addition/override and locationit's not particularly clear when looking at the jailkit settings on a website options page if any settings configured there are in addition to the default server jailkit settings, or completely override them, so only sections in the site...it's not particularly clear when looking at the jailkit settings on a website options page if any settings configured there are in addition to the default server jailkit settings, or completely override them, so only sections in the site settings get applied.
it's current location also means that admin intervention is required whenever a client wants a particular application added to their site's jailkit, either to add the section to their sites jailkit settings (or to remove it at a later date), or to add the application to the servers jailkit settings so everyone gets the additional application whether they want it or not.
it may be a better option to move the site's jailkit settings to the ssh account creation/settings page, and have additional sections made available for selection by the client user, just like apache or php directives are.
discussion on howtoforge forum: https://www.howtoforge.com/community/threads/quick-question-about-website-jailkit-options.86557/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6101Discussion: Simplify the UI for end users2022-06-18T14:34:09ZThomDiscussion: Simplify the UI for end usersI just went through the UI to see which things could be confusing for novice clients, and which could be a reason for ISPs not to use ISPConfig. Some things could be hidden for all clients, some only when a specific setting is set in the...I just went through the UI to see which things could be confusing for novice clients, and which could be a reason for ISPs not to use ISPConfig. Some things could be hidden for all clients, some only when a specific setting is set in the main config or client limits.
## Sites
* Website vs subdomain -> some clients will add a subdomain "different.example.com" for a completely different site than the main web, maybe we could rephrase this, or add some explanation to the tab what adding a subdomain does?
* Read-only database user -> Maybe we can add a global option to enable/disable this, or put it within client limits?
* Order of Databases and database users -> Maybe we should put database users first, as this is the first thing you have to create, or allow the creation of a DB user when creating the DB itself?
## Email
* I think it would be good to switch the order of email mailbox and domain, or at least set mailbox as default tab, as this tab is the most used.
* It would be good to add global settings and/or client limits for the following buttons on the mailbox form:
* Copy during delivery
* Spampolicy (inherited from domain by default) (we might hide this on the domain form aswell and let the admin set a default policy)
* Enable receiving
* Disable sending
* Disable (local) delivering
* Enable greylisting
* Disable IMAP
* Disable POP3
## DNS
* #5490
* Almost all the zone settings could be hidden:
* NS
* Email
* Refresh
* Retry
* Expire
* Minimum (negative cache ttl)
* TTL
* Allow zone transfers to these IPs (comma separated list) (as client limit)
* Also Notify (as client limit)
* Serial
This issue is to discuss this - it's not necessarily a feature request.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6110Improve dns records list2021-03-16T10:19:21ZHelmoImprove dns records listThe type, aux and ttl columns take too much space in the DNS records listing.
The patch below is more of a quick fix until a more comprehensive solution like #5490 gets done.
It reduces the width of these columns ... Which should pro...The type, aux and ttl columns take too much space in the DNS records listing.
The patch below is more of a quick fix until a more comprehensive solution like #5490 gets done.
It reduces the width of these columns ... Which should probably be done via CSS, that's why this is not a MR. Someone else is probably better at finding the proper selector and place for it.
```patch
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index 4d0f3b2b2..a7b94fc96 100755
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -58,11 +58,11 @@
<thead class="dark form-group-sm">
<tr>
<th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>
- <th data-column="type"><tmpl_var name="type_txt"></th>
+ <th data-column="type" style="width: 12%;"><tmpl_var name="type_txt"></th>
<th data-column="name"><tmpl_var name="name_txt"></th>
<th data-column="data"><tmpl_var name="data_txt"></th>
- <th data-column="aux"><tmpl_var name="aux_txt"></th>
- <th data-column="ttl"><tmpl_var name="ttl_txt"></th>
+ <th data-column="aux" style="width: 8%;"><tmpl_var name="aux_txt"></th>
+ <th data-column="ttl" style="width: 8%;"><tmpl_var name="ttl_txt"></th>
<th class="small-col text-right">{tmpl_var name='search_limit'}</th>
</tr>
<tr>
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6112use placeholders for the firewall2021-03-21T09:00:44ZFlorian Schaaluse placeholders for the firewallhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6116PHPMyAdmin not working when chrooted PHP-FPM is enabled2021-04-17T14:15:11ZThomPHPMyAdmin not working when chrooted PHP-FPM is enabledIt will give a error "File not found", but other files from the PMA folder can be opened.
https://www.howtoforge.com/community/threads/how-is-pma-supposed-to-be-setup-on-a-slave.86629/page-2#post-420195It will give a error "File not found", but other files from the PMA folder can be opened.
https://www.howtoforge.com/community/threads/how-is-pma-supposed-to-be-setup-on-a-slave.86629/page-2#post-420195https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6122add smtp error detection/logging to ispcmail class2021-03-23T21:54:28ZJesse Norelladd smtp error detection/logging to ispcmail classWhen smtp errors happen inside the ispcmail class, they are never recorded or reported to anyone, making it harder to troubleshoot mail problems, we should log these and possibly provide a means to report to the caller (when calling send...When smtp errors happen inside the ispcmail class, they are never recorded or reported to anyone, making it harder to troubleshoot mail problems, we should log these and possibly provide a means to report to the caller (when calling send()).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6129spam scanning: default to add header2021-03-26T20:05:15ZJesse Norellspam scanning: default to add headerCurrently spamfilter policies default to changing the subject, which breaks DKIM signatures, we should change the default behavior to adding a header. (Would affect mail that is scanned by ISPConfig then forwarded to another server/acco...Currently spamfilter policies default to changing the subject, which breaks DKIM signatures, we should change the default behavior to adding a header. (Would affect mail that is scanned by ISPConfig then forwarded to another server/account.)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6131rspamd: allow mismatch hdrfrom/username2021-03-29T15:41:45ZJesse Norellrspamd: allow mismatch hdrfrom/usernameI propose we set `allow_hdrfrom_mismatch = true;` and `allow_username_mismatch = true;' in `/etc/rspamd/local.d/dkim_signing.conf` if reject_sender_login_mismatch is in use.
https://www.howtoforge.com/community/threads/rspamd-not-signi...I propose we set `allow_hdrfrom_mismatch = true;` and `allow_username_mismatch = true;' in `/etc/rspamd/local.d/dkim_signing.conf` if reject_sender_login_mismatch is in use.
https://www.howtoforge.com/community/threads/rspamd-not-signing-email-alias-with-dkim.86690/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6143postfix: custom reject message2022-03-04T23:44:23ZJesse Norellpostfix: custom reject messageAdd a field for custom reject message to postfix blacklist entries.Add a field for custom reject message to postfix blacklist entries.Planned featuresJesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6150rspamd greylisting2022-06-17T12:51:14ZJesse Norellrspamd greylistingNot sure if this is a bug or feature request, but currently when using rspamd, the greylisting setting of the users' spamfilter policy is not respected, if the "Enable greylisting" checkbox is disabled, then greylisting within rspamd is ...Not sure if this is a bug or feature request, but currently when using rspamd, the greylisting setting of the users' spamfilter policy is not respected, if the "Enable greylisting" checkbox is disabled, then greylisting within rspamd is explicitly disabled as well; if "Enable greylisting" is enabled, things are setup correctly in rspamd settings, but also postgrey is set to always greylist, which is not what I want. I want to use rpsamd's greylisting at the policy specified threshold, and not greylist everything via postgrey.
I can see a use case/expectations case for the current behavior as well, ie. "Enable greylisting" is not checked, you might expect it to be disabled in rspamd even if the selected policy specifies it should be used.
2 solutions come to mind, I'd probably favor #2 unless #1 is pretty unanimously agreed to be the correct behavior:
1) Change the wording of "Enable greylisting" to something more like "Always greylist" ("Force enable greylisting" ?), and have the checkbox only control the use of postgrey (so rspamd's policy settings (greylist level) are always used).
2) Add a server config setting to allow the admin to choose whether the "Enable greylisting" button should override the spamfilter policy or not.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6151Make default DNS template selectable in user limits2021-04-17T20:07:02ZDannyMake default DNS template selectable in user limitsMake default DNS template to be a choice in user/reseller limits or even make it selectable which templates they will see. This will make sure clients/resellers uses the correct template. Now i have clients that uses my default which is ...Make default DNS template to be a choice in user/reseller limits or even make it selectable which templates they will see. This will make sure clients/resellers uses the correct template. Now i have clients that uses my default which is not ment for them to use.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6152Config for protected folders in Apache should be done in vhost file2021-04-17T20:07:26ZJohannesConfig for protected folders in Apache should be done in vhost fileCurrently a .htaccess file is used to realize folder protection which is not recommended (https://httpd.apache.org/docs/2.4/howto/htaccess.html#when). This should be done directly in the vhost file with an additional `<directory>` direct...Currently a .htaccess file is used to realize folder protection which is not recommended (https://httpd.apache.org/docs/2.4/howto/htaccess.html#when). This should be done directly in the vhost file with an additional `<directory>` directive. The .htpasswd file could go for example to `/var/www/.../private` and not be accessible via web even if the user makes a strange config (or stay where it is).
(Background is that I had a user who set the option "Apache AllowOverride=none" for performance reasons without realizing that this disables the password protection)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6153Make firewall config more userfriendly2021-04-17T20:06:46ZJohannesMake firewall config more userfriendlyCurrently there is just one line each to open ports for UDP and TCP, respectively. Each port has to be added in a comma-separated list. I would like to have something like a sorted table of ports where I can choose tcp/upd and add a comm...Currently there is just one line each to open ports for UDP and TCP, respectively. Each port has to be added in a comma-separated list. I would like to have something like a sorted table of ports where I can choose tcp/upd and add a comment.
For example:
| Port | TCP | UDP | Comment |
| ------ | ------ | ------ | ------ |
| 22 | x | | SSH |
| 8080 | x | | IspConfig Interface |
| 9987 | | x | Teamspeak3 |
| 30033 | x | x | Teamspeak3 |
| 54321 | x | | Custom Python server for User xyz|
...https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6154Extra single quote when creating wildcart certs in SSL tab2023-09-16T14:46:24ZHj Ahmad Rasyid Hj IsmailExtra single quote when creating wildcart certs in SSL tab## Summary
Wildcard subdomain created certs has single quotes in uts filename instead of not having it.
## Steps to reproduce
1. Go to Sites tab
1. Click on any website e.g. domain.tld
1. Select its SSL tab
1. Select \*.domain.tld
1. ...## Summary
Wildcard subdomain created certs has single quotes in uts filename instead of not having it.
## Steps to reproduce
1. Go to Sites tab
1. Click on any website e.g. domain.tld
1. Select its SSL tab
1. Select \*.domain.tld
1. Create SSL
1. Certs created in ssl folder but with single quote in its file name e.g. '\*.domain.tld.ext'
## Correct behaviour
The files' name should just be \*.domain.tld.ext (without any quotes) instead of '\*.domain.tld.ext' (with single quotes)
## Environment
Server OS + version: Ubuntu 20.04 ISPConfig version: 3.2.4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6159Add support for CentOS Stream to OS detection code2022-09-06T09:13:54ZTill BrehmAdd support for CentOS Stream to OS detection code
https://www.howtoforge.com/community/threads/centos8-amavis-and-clamd-scan-not-point-to-same-sock-file.86819/#post-421711
https://www.howtoforge.com/community/threads/centos8-amavis-and-clamd-scan-not-point-to-same-sock-file.86819/#post-421711https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6164Make IPv6 address inselectable when * is set for IPv4 address for vhost.2021-05-12T12:55:06ZThomMake IPv6 address inselectable when * is set for IPv4 address for vhost.<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
When creating a new site and selecting "*" for IPv4 address, you can still select a IPv6 address. This option should be blurred out (and set to none), and maybe we should show a text like "Vhost is listening on all server addresses" to the IPv6 field.
## References
https://www.howtoforge.com/community/threads/2-ipv6-addresses-which-one.86944/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6169Generalised 3rd party service integration (to support Cloudflare DNS)2022-10-02T09:23:50ZJudah - MWGeneralised 3rd party service integration (to support Cloudflare DNS)Details
=======
Hi all, we would like to integrate Cloudflare (DNS specifically) with ISPConfig so that ISPC can be the master source of truth for DNS (and still continue to run named) but can keep separate CF DNS accounts in sync with ...Details
=======
Hi all, we would like to integrate Cloudflare (DNS specifically) with ISPConfig so that ISPC can be the master source of truth for DNS (and still continue to run named) but can keep separate CF DNS accounts in sync with DNS changes. At the moment we have to make DNS changes twice, once in ISPC and then replicated to CF which is slow and error prone.
In doing some research for this oft-requested feature we found this open feature request: #4846 and [this HowToForge thread.](https://www.howtoforge.com/community/threads/dns-cloudflare-sync.84504/)
At the bottom of that HowToForge thread, @jnorell suggests generalising the system so it is provider agnostic and can then work with multiple DNS providers, which makes a lot of sense to me. It could even be generalised further so that it isn't just limited to linking DNS with external systems but also potentially websites with CDNs, etc.
So I guess I'd like to know: does that sound like something that fits nicely into ISPC? If I started on it would it be something you'd accept as a contribution? Do you have any guidance on the design/implementation? Are there any other ongoing efforts to do something similar I could take part in?
Finally, what would be preferable:
1. A Cloudflare specific integration.
2. A DNS specific integration (but 3rd party API agnostic, like Jesse suggested.)
3. A completely general 3rd party framework (not limited to DNS.)
How it could work
=================
Server
------
- Server plugin for 3rd parties which imports 3rd party specific libraries.
- Server library for Cloudflare imported as above which registers the right event listeners.
- New DB table `third_party_connection` used by the plugin to store generic 3rd party connections.
Interface
---------
- New tab in Settings > Server config > called "3rd party connections" where the administrator can provide Cloudflare Reseller credentials, they are stored in the generic `third_party_connection` database as type `cloudflare_reseller`.
- New limits in limit template to enable 3rd party access for clients.
- New tab on DNS zone "External DNS" with dropdown menu to select a 3rd party integration, then option to supply email/API key and even a "New account" button if reseller credentials are installed on server. (Creds also stored in `third_party_connection` table.
- New tab on DNS record "External DNS", allowing setting specific settings such as Cloudflare proxy status. (Where would that info be stored? Tricky. Extend the DNS record table to include a new column `third_party_data` (to keep it general)? Or a new table `third_party_data` to store all extra data?)
I'd appreciate your feedback on the approach before I start to see if I'm barking up the wrong tree, and also to see if anyone would like to help.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6170Always log a warning/error when LE + SSL is disabled because of a failure2021-05-20T19:16:21ZThomAlways log a warning/error when LE + SSL is disabled because of a failureCurrently, a warning is logged if the Let's Encrypt check is enabled (default behaviour) and it couldn't create the cert. But when there is a setting roll back, it is not logged. See the discussion on #5042Currently, a warning is logged if the Let's Encrypt check is enabled (default behaviour) and it couldn't create the cert. But when there is a setting roll back, it is not logged. See the discussion on #5042https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6171rspamd config errors (harmless) during install2021-06-20T18:53:47ZJesse Norellrspamd config errors (harmless) during installI have a server running amavis, which I'm updating prior to converting to rspamd, however rspamd is installed - during ispconfig update some (harmless) errors showed configuring rspamd, probably due to my current install/config state, bu...I have a server running amavis, which I'm updating prior to converting to rspamd, however rspamd is installed - during ispconfig update some (harmless) errors showed configuring rspamd, probably due to my current install/config state, but can easily be hidden or avoided:
```
Configuring Postfix
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Rspamd
chgrp: cannot access '/etc/rspamd/local.d/worker-controller.inc': No such file or directory
chmod: cannot access '/etc/rspamd/local.d/worker-controller.inc': No such file or directory
Configuring Getmail
...
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6184rspamd: don't use secure_ip2021-06-21T15:47:39ZJesse Norellrspamd: don't use secure_ipWe currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail ...We currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail services (eg. single-server), as addresses in secure_ip do not require a password. We should drop the use of secure_ip, and preferably switch to using unix sockets to talk to all rspamd daemons.
Also provide examples of how to configure reverse proxies to connect and authenticate (eg. add a Password header and use unix rather than tcp socket).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6188Add field for FPM-Chroot Docroot2021-06-21T13:49:21ZPatrick OmlandAdd field for FPM-Chroot DocrootIf Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Poo...If Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Pool config
See this Thread (German)
https://forum.howtoforge.de/threads/docroot-unter-chroot-fpm.12662/#post-62035https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6206Interface setting > mail > max backup copies2021-07-30T13:17:26ZFrançois GrizzlyDevInterface setting > mail > max backup copiesRegarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the ma...Regarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the maximum backup copies (for **email** only), so clients' options would be globally limited when accessing the "Backup" tab.
Before going any further, my guess is to add an [interface setting](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md#interface-settings).
And obviously enforce the limit in the `mail_user.backup_copies` SQL column when this setting is changed. This could be done using some feature such as the setting input "custom" validator, for example: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/admin/form/system_config.tform.php#L224
For this last point especially, I am not sure this is the way to go, comments are welcome!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6211Selected PHP Version in Jail2021-08-18T13:29:54ZGhost UserSelected PHP Version in JailTaken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switch...Taken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switching the PHP version remove the old PHP version from the jail? To me it looks like that would be hard to implement, considering ISPConfig doesn't remove redundant things (aka sections or applications I removed from System > Server Config > Jailkit that were previously there) from jails after re-syncing shell users.
If this is the specific reason it wasn't implemented yet, I think an easier approach would be including all PHP versions in the jail, and just modify the php (no version number) binaries to be symlinked to the right version like `sudo update-alternatives --config php` does (this command only works outside of the jail).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6222Make reproducible release tarballs2023-12-03T21:07:13ZDaniel JagszentMake reproducible release tarballsI check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e4...I check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e416b8242d5` to `b18e992f9ac81acb30e9536f6cff4e6deebf631fc3ec126b897314c4a03891b9`.
That made me suspicious (could have easily been a hack that replaced the original release with a malicious one) – but the two tarballs extract to the very same directory tree (I had the earlier version laying around to check).
Looks like the tarball was re-created recently (maybe to test !1496?). The tar and gzip file format include metadata (like the current PID or the current time) that make two tar+gzip archives of the same directory tree binary different even if they extract to the same directory tree.
Please consider to either
* never ever overwrite a published release (e.g. skip uploading if there is a file with the same name) or
* make the tarballs [reproducible](https://reproducible-builds.org/docs/archives/).
Also, "offical" SHA 256 sums in the release blog post would be wonderful :smile:Daniel JagszentDaniel Jagszenthttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6225Possible Alternative to disable LE check for natted servers.2021-09-03T08:00:13ZChrisPossible Alternative to disable LE check for natted servers.As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external se...As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external service verify the host/domain is indeed accessible.
How I see this in practice:
Ispconfig > system > server config > ssl > NAT Router (checkbox) (as oppose to disable LE check)
When performing the check, if the NAT box is checked, Call out to verification server.
[It could be a service hosted by ISPConfig but could just as easily be any of the "is this site up" services that has a free user api. (with a quick google, I see that: check-host.net for example has an array of check types that could be used for this.)
Get the result and proceed with cert creation or report back an issue.
In summary:
I believe this approach would be more effective than just disabling the check because it will mean misconfigured hostnames/domains, missing dns or websites, wrong server used for a site, firewall woes and the rest of the usual suspects will not result in a failed cert request to LE.
One or two fails may not be an issue but we know there is a rate limit so whatever we can do to keep the failures from occurring in the first place would be a bonus.
Essentially this will allow ISPConfig to still pre-empt failures and would only affect those that have the NAT configuration set in server configs. For everybody else you can just perform the normal check.
An option in the installer that allows for enabling the option from the outset would be preferable although that would just be a small bonus addition to the overall feature.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6235Feature Request LSWS LiteSpeed2022-11-22T20:08:23ZTrimilurFeature Request LSWS LiteSpeedDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
RegardsDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6250chrooted: localhost not reachable & php mail2021-12-02T22:23:28ZNinoschrooted: localhost not reachable & php mail## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I thi...## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I think.
## Steps to reproduce
1. Enable chroot-option for website
2. Run example php sendmail script on website
3. Check mail logs
## Correct behaviour
php mail() should also work in chrooted.
## Environment
Server Debian 11 latest
ISPConfig version: 3.2.7p1
## Proposed fix
Open /etc/php/VERSION/fpm/php.ini & change:
```
SMTP = localhost
```
to:
```
SMTP = 127.0.0.1
```
After that I have no more clue (fix for first step) :Dhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6260Special backup method: "Manifest creator" or "Delegated backup"2021-12-03T18:16:24ZClaude DuvergierSpecial backup method: "Manifest creator" or "Delegated backup"_Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear w..._Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear with me to understand how this proposal could help "third party" integration._
When I started using ISPConfig I needed a way to backup my websites (both files and databases) using my own existing scripts but because ISPConfig has built-in various full (id. A to Z) methods for backuping the data it manages there was no way to integrate with other tools/scripts (and I understant why: it was not needed).
Put it simply the situation is:
* ISPConfig knows (using the users' settings/preferences):
* where are the data and how to access them
* how often it must be backuped (backups frequency)
* how long (backups retention)
* My backup scripts knows what to do with files and SQL tables (read, compress, de-duplicate, encrypt, send to remote storage, etc.)
From that, my idea is to make ISPConfig "tell" other systems (an existing well-known tool, a self made script, ...) what the user wants to backup, and hence delegate the backup.
So I suggest the creation of a backup method for both websites files and databases that does not backup, compress nor encrypt anything, it would just create a manifest of what to backup.
For the files of a website, the manifest file would provide:
* Website name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* The full/absolute path of the base directory to backup
* The list of paths to exclude (cf. the "Excluded Directories" setting) as full/absolute paths.
For the database, the manifest file would provide:
* Database name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* Credentials to connect to the database server (as the backup/read-only user)
The manifest files would be recreated by ISPConfig when backup settings (frequency, retention, paths, databases, credentials, exclusions, etc.) are changed.
Then ISPConfig work is done and it's up to the other system/script to do the job, the way it detects changes to manifest files is not ISPConfig's business.
Some blur zones (non-exhaustive list):
* Backup triggers: I choose to write the backup frequency in the manifest so the backup tool/script can be aware of this frequency and run accordingly (eg. re-schedule itself or run everyday but detect when was the last execution and skip if not needed yet). But I think ISPConfig could trigger the backup, by executing a well-known command (eg. `/usr/bin/ispconfig/delegate-backup.sh /path/to/one/manifest-file`).
* The fact the manifest file will contains the credentials and could be read by other. So I was thinking ISPConfig could write the credentials only when backup must be run and let the backup tool/script delete it.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6261MySQL Backup - Add option to allow single-transaction mode for huge InnoDB da...2021-12-10T10:29:07ZJanThielMySQL Backup - Add option to allow single-transaction mode for huge InnoDB databases## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
...## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/backup.inc.php#L1216
For sites only having InnoDB tables MySQL recommends to run mysqldump with `--quick` AND `--single-transaction` for huge databases.
As this flag can lead to inconsistent states when MyISAM used, I would suggest to add this as an option.
## Steps to reproduce
1. Enable the DB backup on a huge DB
2. Check the sites at the time of the DB dump, they will be unresponsive due to the locked database as long as `mysqldump` run
## Correct behaviour
The DB dump should not effect the websites uptime
## Proposed fix
1. Add a "Huge Database?" Checkbox to the backup options in the website config
2. If enabled use this command / add `--single-transaction` to the `mysqldump` call
```
$command = "mysqldump -h ? -u ? -p? -c --add-drop-table --create-options --quick --single-transaction --max_allowed_packet=512M " . $mysqldump_routines . " --result-file=? ?";
```
## References
https://serversforhackers.com/c/mysqldump-with-modern-mysql
https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html#option_mysqldump_single-transactionhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6262support HTTP/3 QUIC in ISPConfig for nginx2023-08-15T09:15:22ZBartłomiej Bujaksupport HTTP/3 QUIC in ISPConfig for nginxHTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.HTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6279Add the record name on item deletion confirmation popup2022-05-28T23:11:16ZSergioAdd the record name on item deletion confirmation popupHi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup t...Hi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup that reports the name of the record we are going to delete, just to be sure that we have clicked the right button in the table, something like:
"Do you really want to delete the website www.ispconfig.org?" or
"Do you really want to delete the server server.ispconfig.org?"
Thanks :smile:
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6280Make Cron Jobs list template accurate2022-01-27T10:16:30ZDimiMake Cron Jobs list template accurateHi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI ...Hi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI friendly done in ISPconfig.
When there are hundreds of CRON jobs - there is no way you can find what you need and check what is where. Huge gabs(paddings) between timings, very small spaces for command and site name, and whats worst - the text of command and sitename is CROPPED! , which makes the list absolutely unreadable and in fact unusable :disappointed:
I suggest -
1. Make filter bar INDEPENDANT of display area - thus you wont need giving that much space for one symbol time/day/week stars/numbers.
2. Squeeze the display area , and make at least 30-40% of space dedicated for the command to be shown fully
3. DO not crop command/website names- better use multiline
I'm sure theres clever people who can suggest how it can be done even better, but this is really one of the functionality which is a "disfunctionality" for now :)
![cron](/uploads/f52a00fb75218a74647aaf14bf0da549/cron.jpg)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6285Addon Store for snippet & Nginx Templates2022-03-15T13:23:48ZAlexAddon Store for snippet & Nginx TemplatesIts a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would ...Its a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would then be a dual system of addons tested by the project & a possibility for a community repro on Git for example.
This should only be a thought impulsehttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6292Goaccess retention issue2022-07-31T21:04:05ZLorenzo ValoriGoaccess retention issueHi, i noticed a problem with the goaccess configuration, in a nutshell it does not respect the "Logfiles retention time" parameter.
Let me explain better, i have a web area with the "Logfiles retention time" set to 10 days and in fact t...Hi, i noticed a problem with the goaccess configuration, in a nutshell it does not respect the "Logfiles retention time" parameter.
Let me explain better, i have a web area with the "Logfiles retention time" set to 10 days and in fact the apache logs are correctly rotated, but in the log folder there is the goaccess_db folder which, in my case, has reached occupy 1.6 GB.
I believe thath this issue causes lose control of the space occupied by the statistics even if the log files are rotated.
The "--keep-last" parameter could be implemented in the goaccess configuration to solve the question, what do you think about?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6308dns_zone_get_by_user: server_id should be optional2022-03-23T15:31:27ZJesse Norelldns_zone_get_by_user: server_id should be optionalMake the server_id optional in [dns_zone_get_by_user](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L766).
Currently the acme proxy can only update a single DNS server as it mus...Make the server_id optional in [dns_zone_get_by_user](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L766).
Currently the acme proxy can only update a single DNS server as it must supply the server_id, so it can't be used fully in a multi-server install with multiple DNS servers.Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6324Cleanup vhost.conf.master2023-08-08T07:22:15ZThomCleanup vhost.conf.masterThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etcThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etc3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6340disable plaintext email logins2022-05-02T16:13:37ZJesse Norelldisable plaintext email loginsAdd a server setting to disable plaintext email logins, which will help with email account compromises.Add a server setting to disable plaintext email logins, which will help with email account compromises.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6341disable AUTH on port 252022-05-02T17:55:25ZJesse Norelldisable AUTH on port 25Add a server setting to disable AUTH on port 25. This of course requires clients to be using proper mail submission ports, but blocks a lot of junk authentication attempts where it can be used.Add a server setting to disable AUTH on port 25. This of course requires clients to be using proper mail submission ports, but blocks a lot of junk authentication attempts where it can be used.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6349Lost root ssh access, here's how2022-06-17T18:08:06ZSergioLost root ssh access, here's howHi, today I lost the root ssh access to the ISPConfig installation, running on Ubuntu 20.04. When I first installed ISPConfig I removed the prefix for FTP users and Shell users. Today I wanted to test a few customizations on shell users,...Hi, today I lost the root ssh access to the ISPConfig installation, running on Ubuntu 20.04. When I first installed ISPConfig I removed the prefix for FTP users and Shell users. Today I wanted to test a few customizations on shell users, so I created a new user with the same username of the only user on sudoers (it's my name afterall :P), then I deleted it and boom. That action deleted the sudoer user, so I lost the root access to my machine. Nothing really serious, I recovered it, then it was a virtual machine running on my home computer, but I think it shouldn't have happened. In this way a ISPConfig user with create users privileges, could compromise the access to the machine. Maybe there could be a check if the user already exists before creating a new one.
Thanks :smile:https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6355rspamd: trusted ARC signers2022-06-27T16:18:59ZJesse Norellrspamd: trusted ARC signersFeature Request: Add to the UI a way to specify trusted ARC signers (rspamd whitelisted_signers_map setting). Ideally we could allow individual domain owners to specify what signers are trusted when mailing their domain, but it may hav...Feature Request: Add to the UI a way to specify trusted ARC signers (rspamd whitelisted_signers_map setting). Ideally we could allow individual domain owners to specify what signers are trusted when mailing their domain, but it may have to be a server/system wide setting, I've not dug into the details).
This will help improve mail authentication for mail forwarded to an ISPConfig system, if the forwarder breaks DMARC (spf usually breaks, DKIM breaks if headers/body/sender is changed) but ARC signed the message that they received, rspamd can ignore the DMARC failure and consider the message authenticated. This feature allows the server/domain admin to specify what ARC forwarders should be trusted.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6363rfe: rspamd: add mxroute lists2022-07-15T19:31:14ZJesse Norellrfe: rspamd: add mxroute listsConsider adding https://github.com/mxroute/rspamd_rules/tree/master/lists to rspamd configuration.Consider adding https://github.com/mxroute/rspamd_rules/tree/master/lists to rspamd configuration.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6375Multiserver setup: custom files autoload (e.g. a custom standard_index.html)2022-08-08T19:37:40ZSergioMultiserver setup: custom files autoload (e.g. a custom standard_index.html)Hi, in a Multiserver setup, during installation of a new server, would be useful to have the chance to autoload custom files from the master server, as can be the standard_index.html or a custom service config file, as nginx_vhost.conf.m...Hi, in a Multiserver setup, during installation of a new server, would be useful to have the chance to autoload custom files from the master server, as can be the standard_index.html or a custom service config file, as nginx_vhost.conf.master.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6382Improve supported sieve extensions enabled by default using require2022-10-18T08:10:23ZJudah - MWImprove supported sieve extensions enabled by default using requireThese are the dovecot pigeonhole sieve extensions included in dovecot by default that we don't currently support in custom sieve filters, and the version of pigeonhole which first included them. [This list is from the Dovecot wiki.](htt...These are the dovecot pigeonhole sieve extensions included in dovecot by default that we don't currently support in custom sieve filters, and the version of pigeonhole which first included them. [This list is from the Dovecot wiki.](https://doc.dovecot.org/configuration_manual/sieve/pigeonhole_sieve_interpreter/#supported-features)
| Extension | Supported since |
|---|---|
| body | always |
| duplicate | v0.4.3+ |
| enotify | v0.1.3+ |
| environment | v0.4.0+ |
| foreverypart | v0.4.14+ |
| ihave | v0.2.4+ |
| include | v0.4.0+ |
| index | v0.4.7+ |
| mime | v0.4.14+ |
| extracttext | v0.4.14+ |
| variables | always |
We should definitely be including `body` and `variables` as they are enabled by default and supported in every version of dovecot pigeonhole. Body in particular is vital for many custom filters. For simplicity's sake I'm submitting a merge request for these 2 extensions straight away so it can hopefully become part of %"3.2.9". Having sane defaults is especially important because the list of required extensions can't be updated later in the filter due to a limitation of sieve/pigeonhole: `require commands can only be placed at top level at the beginning of the file` (See #5124)
As for the others, currently the most recent extension we use is `date` with a release version of v0.1.12 from 2010. The most recent pigeonhole version needed to support all these extensions would be v0.4.14 which is from April 2016, over 6 years ago. Could we safely assume that all installations would have at least that version? Perhaps for these more specific extensions we should make no default inclusion and simply carry on letting admins enable them by installing a modified config into `conf-custom`? Some of these extensions also have security considerations such as `include` which allows including other sieve files.
What do you think @jnorell?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6387DMARC update just like SPF2023-07-04T21:14:53ZhkendusersDMARC update just like SPF<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
When I update SPF record by clicking the record (not SPF button), it shows "DNS SPF" editing page.
However if I update DMARC record by clicking the record (not DMARC button), it shows "DNS TXT" editing page but not showing "DNS DMARC" editing page, and it even shows error "DMARC is not allowed. Use the DMARC button" if save it.
Is it OK that DMARC editing just like SPF? Means clicking the record then show "DNS DMARC" editing page directly, it will prevent user's confusion.'
## Environment
Server OS + version: CentOS Stream release 8
ISPConfig version: 3.2.8p1
## Proposed fix
Open /usr/local/ispconfig/interface/web/dns/dns_txt_edit.php
> if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
> header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
> exit;
> }
Update to
> if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
> header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
> exit;
> } else if ("v=DMARC1"== mb_substr($this->dataRecord["data"], 0, 8)) {
> header(sprintf("Location: dns_dmarc_edit.php?id=%d", $this->dataRecord["id"]));
> exit;
> }https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6388support multiple logos for resellers2023-09-16T10:48:24ZMattia Rizzolosupport multiple logos for resellersIn my company, we have a bunch of resellers that also allows some of their customers access to the panel.
For those, we have been asked to place their own logos in the login page and at the top of the panel. At this time, we have a loc...In my company, we have a bunch of resellers that also allows some of their customers access to the panel.
For those, we have been asked to place their own logos in the login page and at the top of the panel. At this time, we have a local patch like this:
```diff
--- index.php.bak 2022-09-27 11:23:24.014454894 +0200
+++ index.php 2022-09-27 11:25:56.915375461 +0200
@@ -103,6 +103,10 @@
$base64_logo_txt = $logo['default_logo'];
}
$tmp_base64 = explode(',', $base64_logo_txt, 2);
+if (strpos($_SERVER['HTTP_HOST'], 'example.com')){
+ $im = file_get_contents('themes/default/assets/images/logo_customer_example.png');
+ $base64_logo_txt = 'data:image/png;base64,'.base64_encode($im);
+}
$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
--- login/index.php.bak 2022-09-27 11:26:38.029796023 +0200
+++ login/index.php 2022-09-27 11:28:19.584394637 +0200
@@ -485,6 +485,10 @@
$base64_logo_txt = $logo['default_logo'];
}
$tmp_base64 = explode(',', $base64_logo_txt, 2);
+if (strpos($_SERVER['HTTP_HOST'], 'example.com')){
+ $im = file_get_contents('../themes/default/assets/images/logo_customer_example.png');
+ $base64_logo_txt = 'data:image/png;base64,'.base64_encode($im);
+}
$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
```
Which is quite not nice for me :smile:
I wonder if it would be possible to upload the reseller logo to their profile, and then somehow associate a domain to them so that it would pick a different logo depending on known domain names used to access the website?
Thank you for considering!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6402Feature Request: BorgBackup also for email2022-11-12T16:44:47ZJacco van KollFeature Request: BorgBackup also for emailFirst, I want to say **THANK YOU** for implementing BorgBackup for websites! It works fast, amazing, and saves tons of space! It's great!
Now my humble request: Can BorgBackup also be implemented for mailboxes? This would have a huge im...First, I want to say **THANK YOU** for implementing BorgBackup for websites! It works fast, amazing, and saves tons of space! It's great!
Now my humble request: Can BorgBackup also be implemented for mailboxes? This would have a huge impact on saving storage too!
Thank you in advance!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6410Add website php version as alias to the .bashrc file of the web user2023-12-08T11:47:42ZTill BrehmAdd website php version as alias to the .bashrc file of the web userSee: https://forum.howtoforge.com/threads/installed-ispconfig-3.89709/#post-440465See: https://forum.howtoforge.com/threads/installed-ispconfig-3.89709/#post-440465https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6425Include ModSecurity and OWASP ModSecurity Core Rule Set (CRS)2022-12-14T18:30:24ZRaffael LuthigerInclude ModSecurity and OWASP ModSecurity Core Rule Set (CRS)Many websites / CMS systems get attacked on a daily basis. There is an open source project which is providing ModSecurity rules to mitigate many common attacks. It would be great if ModSecurity and the OWASP ModSecurity Core Rule Set (CR...Many websites / CMS systems get attacked on a daily basis. There is an open source project which is providing ModSecurity rules to mitigate many common attacks. It would be great if ModSecurity and the OWASP ModSecurity Core Rule Set (CRS) is included in ISPconfig in the sense that those rules can be enabled or disabled on a per website basis. ModSecurity is available for nginx and apache.
More information about the project:
https://owasp.org/www-project-modsecurity-core-rule-set/ or here
https://coreruleset.org/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6426Create API or function to import DNSSEC keys2022-12-14T18:32:00ZTill BrehmCreate API or function to import DNSSEC keysCreate API or function to import DNSSEC keys using remote API and maybe also in the GUI.Create API or function to import DNSSEC keys using remote API and maybe also in the GUI.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6427Dovecot & postfix - add allow_nets setting2022-12-15T11:32:37ZKrzysztof BaranowskiDovecot & postfix - add allow_nets settingFuture request.
Dovecot has security setting called allow_nets that allow only login to mailbox from listed ip.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
This setting control not only login to imap, pop3 ...Future request.
Dovecot has security setting called allow_nets that allow only login to mailbox from listed ip.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
This setting control not only login to imap, pop3 byt also smtp.
Setting can be done for selected emails.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6429Statistics (FTP, traffic ect) displays NAN when no records in DB2023-01-29T20:49:52ZKrzysztof BaranowskiStatistics (FTP, traffic ect) displays NAN when no records in DBWhen account is new or don't have any stats there are NAN everywere.
Sites -> ftp stats, traffic stats, backup stats
Email -> mailbox stats, backup stats, traffic stats
![Screenshot_2022-12-16_at_11-37-04_ISPConfig](/uploads/03158c0ae...When account is new or don't have any stats there are NAN everywere.
Sites -> ftp stats, traffic stats, backup stats
Email -> mailbox stats, backup stats, traffic stats
![Screenshot_2022-12-16_at_11-37-04_ISPConfig](/uploads/03158c0aee0a0ff6d9d9411d5f4863d8/Screenshot_2022-12-16_at_11-37-04_ISPConfig.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6439DNSSEC CDS support for automatic key handling2023-04-13T08:04:44ZKoSDNSSEC CDS support for automatic key handlingInstead of having to manually copy the DNSSEC keys to the registrar from ISPconfig, only the "dnssec-policy default;" of BIND needs to be enabled for automatic key handling, see here:
see here https://forum.howtoforge.com/threads/dnssec-...Instead of having to manually copy the DNSSEC keys to the registrar from ISPconfig, only the "dnssec-policy default;" of BIND needs to be enabled for automatic key handling, see here:
see here https://forum.howtoforge.com/threads/dnssec-cds-records.89962/
Changes needed in ISPconfig:
- Add a mutual exclusive checkbox to "Sign zone (DNSSEC)" à la "Enable DNSSEC default policy"
- Fix the apparmor file permission issues
- Write the "dnssec-policy default;" in the config file
- Make sure this feature is only available for newer BIND version (>= 9.17)
Thanks!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6457Support getmail imap idle option2023-01-27T08:42:10ZKoSSupport getmail imap idle optionIt would be great if the getmail imap idle function would be supported so that IMAP mailboxes do not need to be polled every 5 minutes but mails will arrive immediately.
As this would need to run a system service for every getmail rcco...It would be great if the getmail imap idle function would be supported so that IMAP mailboxes do not need to be polled every 5 minutes but mails will arrive immediately.
As this would need to run a system service for every getmail rcconfig that needs imap idle, it would be a bigger change in how ISPconfig handles the getmail configuration.
See https://pyropus.ca./software/getmail/configuration.html#running-commandline-options and https://work-work.work/blog/2018/12/15/getmail-systemd-imap-idle.htmlhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6461Removing jailkit user does not clear jailkit files from web directory2023-02-09T19:13:26ZJensRemoving jailkit user does not clear jailkit files from web directory## Summary
See $Subject
## Steps to reproduce
1. Setup basic ISPconfig 3.2.9 on Ubunto 22.04 using ispc-autoinstaller
2. Create shell user with jailkit
3. Remove this shell user again, wait for ISPconfig cronjob
## Correct behaviour
Th...## Summary
See $Subject
## Steps to reproduce
1. Setup basic ISPconfig 3.2.9 on Ubunto 22.04 using ispc-autoinstaller
2. Create shell user with jailkit
3. Remove this shell user again, wait for ISPconfig cronjob
## Correct behaviour
The web directory should not have any jailkit specific files (hardlinks to /usr, /etc/, etc files) any more.
## Environment
Server OS + version: Ubuntu 22.04 server
ISPConfig version: 3.2.9
## Proposed fix
If jailkit does not provide this functionality (remove jailkit specific hardlinks), we can recreate this by finding all files owned by root with link_count > 1 and removing them, and then removing all non-default empty folders (i.e. exclude everything with +i attribute). Something like this:
```
find $WEBDIR -type f -links +1 | xargs rm
find $WEBDIR -type d | tac | xargs rmdir # rmdir fails on non-empty folders, and tac reverses order
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6464Add (and use) template files for shell users: .profile, .bashrc, README, etc2023-02-10T07:03:55ZJensAdd (and use) template files for shell users: .profile, .bashrc, README, etcFor shell users, a global ".profile" template would be very useful, since Jailkit users cannot see the global /etc/profile. This can be used to welcome users, create aliases and custom shell functions (for example `setup_composer` or `se...For shell users, a global ".profile" template would be very useful, since Jailkit users cannot see the global /etc/profile. This can be used to welcome users, create aliases and custom shell functions (for example `setup_composer` or `setup_rbenv`) and point to existing documentation.
Having ISPconfig use a `/usr/local/ispconfig/server/conf-custom/shell/dot-profile` file (for example) template when creating a shell user would solve this.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6478Show dependant email addresses.2023-03-15T14:22:01ZTomShow dependant email addresses.Hi,
At the website level you can now see the alias domain information. This inspired me to also add that to the mail domain page.
This way you can quickly see which email address are in use for a particular domain. Which helps hunting...Hi,
At the website level you can now see the alias domain information. This inspired me to also add that to the mail domain page.
This way you can quickly see which email address are in use for a particular domain. Which helps hunting down what addresses are there when the customer requires to delete the domain and to see the addresses so I don't have to go through 4 different sections to find them all. For example if you need to know if info@ is a box, alias, forward or caught by a catchall.
Patch and screenshot attached.
![Safari_KovoKs_B.V.__ISPConfig_21.33.02_2x](/uploads/37767f757149316b8df8d78f00f0d70b/Safari_KovoKs_B.V.__ISPConfig_21.33.02_2x.png)
[patch.ispconfig.showdependantemailaddresses.diff](/uploads/8b93ba9e43f8827c4d9fb522a0c5ec15/patch.ispconfig.showdependantemailaddresses.diff)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6479Nginx as a reverse proxy2023-08-08T07:22:08ZAdamNginx as a reverse proxyI created a plugin that allows you to use nginx as a reverse proxy.
Merge request for this plugin: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1703
All you need to do is:
1. Change apache port to 6080 for http and 6...I created a plugin that allows you to use nginx as a reverse proxy.
Merge request for this plugin: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1703
All you need to do is:
1. Change apache port to 6080 for http and 6443 for https.
2. Install Nginx web server
3. Activate the Nginx Reverse Proxy plugin.
`ln -s /usr/local/ispconfig/server/plugins-available/nginx_reverseproxy_plugin.inc.php /usr/local/ispconfig/server/plugins-enabled/nginx_reverseproxy_plugin.inc.php`3.2.12AdamAdamhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6482Enable sender and login mismatch submission reject by default2023-03-27T17:55:01ZThomEnable sender and login mismatch submission reject by defaultEnable sender and login mismatch submission reject by default. Also, maybe move it to only the submission setting in master.cf instead.Enable sender and login mismatch submission reject by default. Also, maybe move it to only the submission setting in master.cf instead.ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/64872FA using OTP codes2023-05-03T13:21:34ZVermium Sifell2FA using OTP codesI think it's important to implement 2FA support via time-limited codes as an alternative to the email 2FA. Since it feels more secure to use an Authenticator app such as Google Authenticator, Authy or Bitwarden.I think it's important to implement 2FA support via time-limited codes as an alternative to the email 2FA. Since it feels more secure to use an Authenticator app such as Google Authenticator, Authy or Bitwarden.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6501website PHP version select should also apply for CLI2024-03-14T07:11:07Zlaulauwebsite PHP version select should also apply for CLI## Summary
choosen PHP version is correcly applied for website, but not for CLI things (cron, SSH)
## Steps to reproduce
1. create a website
2. select a PHP version different from system default
3. login via SSH
4. php --version
## Cor...## Summary
choosen PHP version is correcly applied for website, but not for CLI things (cron, SSH)
## Steps to reproduce
1. create a website
2. select a PHP version different from system default
3. login via SSH
4. php --version
## Correct behaviour
should use same PHP version as the website we are using
## Environment
Server OS + version: 18.04
ISPConfig version: 3.2.7p1
## Proposed fix
set an alias, or a symlink for the shell users related to the website ?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6511External Domain validation (same than office365 do)2023-12-26T20:28:21ZHannesExternal Domain validation (same than office365 do)Allow user do verify external domains with TXT entry (If client limit is enabled) so he don't need to ask support.
Maybe this functionality is better in an customer center and add the Domain over the api.
In my case i have it in the isp...Allow user do verify external domains with TXT entry (If client limit is enabled) so he don't need to ask support.
Maybe this functionality is better in an customer center and add the Domain over the api.
In my case i have it in the ispconfig itself.
Maybe it is usefull for other too.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6526web restore writes into web folder and don't replaces it2023-06-12T05:45:13ZHannesweb restore writes into web folder and don't replaces itVersion 3.2.10<br>
I don't know if that's the intention or a bug that the restore write into the web folder and don't replaces it.<br>
(with borg but think it happens with tar.gz and others too).<br>
A restore don't delete the old cont...Version 3.2.10<br>
I don't know if that's the intention or a bug that the restore write into the web folder and don't replaces it.<br>
(with borg but think it happens with tar.gz and others too).<br>
A restore don't delete the old content of web folder first<br>
It copies the files into the directories - replaces the files but don't delete other files there.<br>
That's lead into multiple problems (over quota/files chaos) if the backup is older/other CMS/contains hacked files/..<br>
borg uses
<pre>
safe_exec cmd: cd '/var/www/clients/client1/web2' && borg extract --nobsdflags '/var/backup/web2/borg_web::web2_2023-06-11_13-18'
</pre>
and tar.gz uses
<pre>
tar xf xxx.tar.gz --directory /var/www/domain.xxx
</pre>
both write into folder i think and there is no rm -R web folder first <br><br>
I don't checked how rar, zip, 7z, bzp2... handles thishttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6529Multiserver Database IPv6 autocomplete and suggested IPs2023-06-16T04:20:26ZPhilipp HieberMultiserver Database IPv6 autocomplete and suggested IPs## Summary
If a multiserver setup is used with external database servers with IPv6, the IPv6 address of the web server will not autocomplete for external access. \
IPv6 addresses configured in serverconfigs. \
IPv6 addresses in hosts fil...## Summary
If a multiserver setup is used with external database servers with IPv6, the IPv6 address of the web server will not autocomplete for external access. \
IPv6 addresses configured in serverconfigs. \
IPv6 addresses in hosts file on master server are configured.
Only IPv4 addresses shown in the suggested IPs list.
## Steps to reproduce
1. Create customer
2. Create webspace (Server 1)
3. Create database user
4. Create database (Server 2)
5. show database config (Only IPv4 address of server 1 added to external access)
## Correct behaviour
also IPv6 address of Server 1 should be added to external access \
even IPv6 addresses should be shown in the suggested IPs list.
## Environment
Server OS + version: Debian 11 \
ISPConfig version: 3.2.10
Software version of the related software: Apache/2.4.56 (Debian)
```
Server version: Apache/2.4.56 (Debian)
Server built: 2023-04-02T03:06:01
```
## Screenshots
![Screenshot_2023-06-15_103341](/uploads/852473560748c38c9fe78424467a30e5/Screenshot_2023-06-15_103341.png)
![Screenshot_2023-06-15_103821](/uploads/dce561173b8826326559c824407dec7d/Screenshot_2023-06-15_103821.png)
![Screenshot_2023-06-15_104013](/uploads/8f1c765b892a52ac4ac4093b5a03590e/Screenshot_2023-06-15_104013.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6531Handle wildcard aliases2023-09-16T14:49:44ZBaptiste RichardHandle wildcard aliases# What is a wildcard alias ?
A wildcard alias is an alias containing an asterisk `*` as a placeholder for "anything unspecified". For example, if I have an alias `gitlab*@example.org` pointing to `john@example.org`, any incoming email m...# What is a wildcard alias ?
A wildcard alias is an alias containing an asterisk `*` as a placeholder for "anything unspecified". For example, if I have an alias `gitlab*@example.org` pointing to `john@example.org`, any incoming email matching this pattern will be redirected to john, such as `gitlabispconfig@example.org` or `gitlab-support@example.org`
Obiviously, wildcard aliases should not intercept direct aliases nor inbox emails, and catchall should still capture anything that does not match any (wildcard or not) alias.
Apart from this, wildcard aliases allows to give a unique email to each service you suscribe to in order to either filter incoming mail easily based on the `From:` address, or, when you start receiving spam, know who the hell sold your address (and denylist this specific address)
# How is it different from + aliasing ?
Using `+` as a separator has some issues :
- Some systems (website or otherwise) still don't recognize the `+` character as valid in an email, so bye bye filtering.
- Some systems (I encountered at least 1 so far) allow the `+` in the submission process but removes it entirely. So bye bye filtering (again)
Wildcard aliases can use only "regular" characters. In fact, there is no way to know if a given adress is an alias or not, wether this alias is wildcarding or not.
# What should be done in ISPconfig to make this available ?
From the webUI we can submit wildcard aliases (aliases having an asterisk * in part of the name) but they don't work as intended (not at all actually).
Having them to work is only a matter of editing the `/etc/postfix/mysql-virtual_forwardings.cf` file to lookup for wildcard characters.
I've already done the development require and will push a MR with this.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6537Initialize SPF record with the zone name.2023-09-16T14:49:23ZHelmoInitialize SPF record with the zone name.The first field of the spf record form currently defaults to empty.
It's technically ok to leave it blank as '@' '' and '<zonename>.' are effectively the same.
However in our [default dns template](https://git.ispconfig.org/ispconfig/is...The first field of the spf record form currently defaults to empty.
It's technically ok to leave it blank as '@' '' and '<zonename>.' are effectively the same.
However in our [default dns template](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql#L2467) example we suggest to put the zonename for all dns_rr's in the Name column.
Lets also apply that to spf.
![image](/uploads/771cf0ff0fc55808a8e18c28283adc5b/image.png)
And lets extend the check for existing records to detect this variation.HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6538Enable DKIM when generating a Private-key2023-09-16T14:49:32ZHelmoEnable DKIM when generating a Private-keyWhen I click on 'Generate DKIM Private-key' I would expect the 'enable DKIM' checkbox to be also checked.
![image](/uploads/ea53e0d4a68d1532811b3ab25d793275/image.png)When I click on 'Generate DKIM Private-key' I would expect the 'enable DKIM' checkbox to be also checked.
![image](/uploads/ea53e0d4a68d1532811b3ab25d793275/image.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6539For DKIM records, show visualize that the DNS zone is managed.2023-12-03T22:32:15ZHelmoFor DKIM records, show visualize that the DNS zone is managed.We have the very nice feature that when we generate a DKIM private key it also updates the DNS when the dns zone is managed on the same ispconfig cluster.
Can we visualize this? Since it varies between servers it would be nice to be rem...We have the very nice feature that when we generate a DKIM private key it also updates the DNS when the dns zone is managed on the same ispconfig cluster.
Can we visualize this? Since it varies between servers it would be nice to be reminded ;)
What about:
![image](/uploads/77816c81d3192893acbf2f39672459b8/image.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6541Mailman 32024-03-15T15:29:18ZTill BrehmMailman 3While we currently do not plan to implement Mailman 3 support in ISPConfig, I'll open this issue here as a place to gather information for possible future implementation.While we currently do not plan to implement Mailman 3 support in ISPConfig, I'll open this issue here as a place to gather information for possible future implementation.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6548Overview of which sites use a PHP version2024-03-18T20:23:38ZHelmoOverview of which sites use a PHP versionThe usage counter in server_php_list.php from server_php_list.php !991 helps to see how many sistes use the version but not which sites. And I did not find an easy way to look this up.
Adding an extra column to the sites list was my fir...The usage counter in server_php_list.php from server_php_list.php !991 helps to see how many sistes use the version but not which sites. And I did not find an easy way to look this up.
Adding an extra column to the sites list was my first though as that would allow filtering on php version. But I see two objections, first not all sites have the setting(either using mod php or no php at all), and second it would compete for space in an already filled table.
I suggest adding a simple list on the Additional PHP Versions edit form. Additional styling is very welcome ;)
![image](/uploads/7bb2df46c731a2cd1f6afb78f7ab3b62/image.png)HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6552Show quota usage for mail user on edit form2023-08-05T21:34:03ZHelmoShow quota usage for mail user on edit formIt would be nice to show the current disk usage while editing a mail user. What about adding it under the quota form item like this?
With a quota:
![image](/uploads/78e06a2df4a30ec4800abe8e9ecf39a1/image.png)
When no quota is set:
![i...It would be nice to show the current disk usage while editing a mail user. What about adding it under the quota form item like this?
With a quota:
![image](/uploads/78e06a2df4a30ec4800abe8e9ecf39a1/image.png)
When no quota is set:
![image](/uploads/49dfa3facb4f6dee8821e509c8c8bb75/image.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6553Show aliases in mail user edit form2023-08-05T22:10:47ZHelmoShow aliases in mail user edit formWouldn't it be nice to see which aliases a mail user had when editing the user...
What about:
![image](/uploads/cbb000c00ad7845493f60ae4faa49303/image.png)
When a user has many aliases it would wrap over multiple lines. Still readable.Wouldn't it be nice to see which aliases a mail user had when editing the user...
What about:
![image](/uploads/cbb000c00ad7845493f60ae4faa49303/image.png)
When a user has many aliases it would wrap over multiple lines. Still readable.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6557Add support to quic/http3 in ngnix2023-08-15T21:25:17ZBruno MeirellesAdd support to quic/http3 in ngnixHi friends,
if possible, add quic/http 3 support to ngnix.
I don't think any other panel supports quic/http3, ispconfig will be a pioneer.Hi friends,
if possible, add quic/http 3 support to ngnix.
I don't think any other panel supports quic/http3, ispconfig will be a pioneer.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6563enhancement in certificates2023-08-30T16:35:08ZBruno Meirellesenhancement in certificatesHi,
certbot and acme.sh now sign using elliptic curve by default.
If possible, sign the certificates using this new modern signature, as the handshake is more faster.
https://community.letsencrypt.org/t/ecdsa-certificates-by-default-a...Hi,
certbot and acme.sh now sign using elliptic curve by default.
If possible, sign the certificates using this new modern signature, as the handshake is more faster.
https://community.letsencrypt.org/t/ecdsa-certificates-by-default-and-other-upcoming-changes-in-certbot-2-0/177013
https://github.com/acmesh-official/acme.sh#:~:text=ec%2D256%20(prime256v1%2C%20%22,is%20the%20default%20key%20type)
Thank youhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6571Bind9 security improvement2023-09-16T14:51:19ZBruno MeirellesBind9 security improvementIf possible, add these 3 lines to the named.conf.options template:
allow-recursion { 127.0.0.1; ::1; fe80::/10; };
allow-query-cache { 127.0.0.1; ::1; fe80::/10; };
rate-limit { responses-per-second 15; window 5; };
The first and secon...If possible, add these 3 lines to the named.conf.options template:
allow-recursion { 127.0.0.1; ::1; fe80::/10; };
allow-query-cache { 127.0.0.1; ::1; fe80::/10; };
rate-limit { responses-per-second 15; window 5; };
The first and second lines limits recursive queries to the server itself. Without this line, anyone can use dns to browse the internet if they configure the ip on the device.
The third line, Serves as a mitigation tool for the problem of DNS amplification attacks (https://kb.isc.org/docs/aa-00994)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6578[feature request] Set custom theme via main config2023-09-16T13:06:48ZNathaniel Mitchell[feature request] Set custom theme via main configAs discussed in https://forum.howtoforge.com/threads/themes-for-ispconfig.91148/#post-449554, it would be good to set a system wide theme that applies to the login page as well. This option would use the database to reference the theme, ...As discussed in https://forum.howtoforge.com/threads/themes-for-ispconfig.91148/#post-449554, it would be good to set a system wide theme that applies to the login page as well. This option would use the database to reference the theme, so allowing for upgrades to occur without needing to modify local php files for each upgrade or trying to remember to modify the right one.
Possible staged deployment
Stage 1
* Configure ISPConfig's base DB to store the site theme
* Set default to be the standard ISPConfig theme
* Allow configuration change from SYSTEM --\> INTERFACE --\> MAIN CONFIG
* If the setting is missing (e.g. upgrade) create the required objects in the DB and default to the ISPconfig theme
* Fix the current CSS and JS scripts to be either independant of Bootstrap / jQuery / etc. OR upgrade them to a more current version
* This item is related to me writing a new theme and using the latest versions of Bootstrap & jQuery.
Stage 2
* Allow for per-user / per-reseller theme settings (e.g. Light mode VS Dark mode)
Stage 3
* Write some documentation on how to build a theme from scratchhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6582autoresponder email in html format2023-12-22T14:43:57ZRiccardo Leonardiautoresponder email in html formatI've developed a small update to allow user to choose autoremove mail format between text-only (current) and htm, using same tinymce editor already used in mail compose.
I think this feature could be useful to some people (I saw some thr...I've developed a small update to allow user to choose autoremove mail format between text-only (current) and htm, using same tinymce editor already used in mail compose.
I think this feature could be useful to some people (I saw some threads talking about it, some suggestions but no complete solution).
The update add a new selector called "HTML into Settings->Account->Autoreply page.
When the HTML selector is enabled, into textarea containing body of autoresponder is shown the tinymce html editor (the same used in compose mail process), and once the "Save" button is pressed the html is written to .ispconfig.sieve with proper mime header to format in html the mail sent by autoresponder.
When the HTML selector is disabled, the behavior is the "old one": the content of text area is handled as text only and the mail is sent by autoresponder without any mime header.
The HTML selector state is saved into database (user's mail properties).
The update has been implemented on 3.2.11 version.
The files modified to implement the update are:
/usr/local/ispconfig/server/plugins-available/maildeliver_plugin.inc.php
/usr/local/ispconfig/interface/web/mailuser/templates/mail_user_autoresponder_edit.htm
/usr/local/ispconfig/interface/web/mail/form/mail_user.tform.php
/usr/local/ispconfig/server/conf/sieve_filter.master_save /usr/local/ispconfig/server/conf/sieve_filter.master
database dbispconfig, table mail_user, add field autoresponder_html
/usr/share/roundcube/plugins/ispconfig3_autoreply/ispconfig3_autoreply.php (roundcube plugin)
If the update will be accepted there will be no more need for me to re-apply it at every ispconfig version upgrade and in fresh installations of ISPConfig.3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6583DKIM/SPF/DMARC on Subdomain2023-10-02T11:15:45ZHannesDKIM/SPF/DMARC on Subdomain## Summary
It is not possible to add a DKIM/DMARC for an subdomain in den DNS config.
## Steps to reproduce
1. try to create a DKIM or DMARC for any subdomain like app.testdom.xx
Not every time the the DKIM / DMARC for Domain and...## Summary
It is not possible to add a DKIM/DMARC for an subdomain in den DNS config.
## Steps to reproduce
1. try to create a DKIM or DMARC for any subdomain like app.testdom.xx
Not every time the the DKIM / DMARC for Domain and subdomain are the same. It should be possible to add diffrent DKIM / DMARC for subdomain too.
2. Example the company with domain.xx get a software on app.domain.xx and this software solution has its own mail handling with own dkim system
## Environment
Ubu 22.04 + ISP 3.2.11
```plaintext
```
## Proposed fix
optional, of course.\
if you want to post code snippets, please use
```plaintext
maybe simple remove the checks in interface/web/dns/form/dns_txt.tform.php (my temp solution) and let create the user his custom records.
'data' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'validators' => array (
0 => array (
'type' => 'NOTEMPTY',
'errmsg'=> 'data_error_empty'
),
/* 1 => array (
'type' => 'REGEX',
'regex' => "/^((?!v=DKIM).)*$/s",
'errmsg'=> 'invalid_type_dkim'
),
2 => array (
'type' => 'REGEX',
'regex' => "/^((?!v=DMARC1; ).)*$/s",
'errmsg'=> 'invalid_type_dmarc'),
3 => array (
'type' => 'REGEX',
'regex' => "/^((?!v=spf).)*$/s",
'errmsg'=> 'invalid_type_spf'
),
*/
),
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6587Rspamd config overrides for rbl_group.conf & surbl_group.conf2023-12-02T10:25:28ZZakRspamd config overrides for rbl_group.conf & surbl_group.confIn ISPConfig up to 3.2.11 two overrides for rspamd are generated. Namely rbl_group.conf & surbl_group.conf.
These files render the stock "scores" and local configuration useless, since it activly overwrites the whole config from scores.d...In ISPConfig up to 3.2.11 two overrides for rspamd are generated. Namely rbl_group.conf & surbl_group.conf.
These files render the stock "scores" and local configuration useless, since it activly overwrites the whole config from scores.d/rbl_group.conf & scores.d/surbl_group.conf - and even more problematic it ignores the config under local.d. \
I consider this a bug, since it interferes with stock and a possibly present custom configuration as well. \
\
I do see, that a couple of symbols where scored down, a lot of symbols where removed and only three where added (RBL_SPAMHAUS_XBL_ANY, RAMBLER_URIBL & RAMBLER_EMAILBL).
\
I can only guess that this is a remnant from the introduction of rspamd support. \
\
Please remove the generation of the overrides. It's the admins job to get the scores right and customize the spam protection.3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6594Feature Request: Option to automatically renew DKIM (for improved plausible d...2023-10-21T18:45:21ZAbacop UGFeature Request: Option to automatically renew DKIM (for improved plausible deniability)after reading an article of the magazine c't (https://www.heise.de/select/ct/2023/24/2325412023268630029 or https://www.heise.de/ratgeber/Kaputt-und-unersetzbar-So-steht-es-um-das-dezentrale-System-E-Mail-9328711.html) I realized that it...after reading an article of the magazine c't (https://www.heise.de/select/ct/2023/24/2325412023268630029 or https://www.heise.de/ratgeber/Kaputt-und-unersetzbar-So-steht-es-um-das-dezentrale-System-E-Mail-9328711.html) I realized that it would be great if ISPConfig would have an option to automatically renew the DKIM-keys after publishing the the old private keys (for example by loading them into a specific directory or by forwarding them them to a script that does the rest.
Since the linked articles are behind a paywall here a quote (german) of the relevant parts that let to this feature request:
> Nicht meine Mail!
>
> Manche Neuerung, die an SMTP angebaut wurde, bringt ungeahnte Nebenwirkungen mit. Eine solche ist eine eher unbekannte Eigenschaft von DKIM, der „Domain Keys Identified Mail“.
>
> [...]
>
> Um das Problem zu erfassen, das diese serverseitige Signatur auslöst, muss man eine Ecke weiterdenken: Der Nutzer hat in diesem Verfahren keinerlei Kontrolle, ob eine Nachricht mit DKIM signiert wird. Sobald er die Mail über den
> Server abschicken lässt, enthält sie einen kryptografischen Beweis, dass sie von einem Server verschickt wurde, den er nutzt. Gerät die Mail später mal an die Öffentlichkeit, ist es für ihn verdammt schwer, glaubhaft abzustreiten, dass er sie geschrieben hat. „Plausible deniability“ nennen Sicherheitsforscher diese wünschenswerte Eigenschaft eines Systems. Denn sobald Mails DKIM-Header enthalten, ist es für Angreifer verdammt attraktiv, Mailpostfächer zu erbeuten und zu veröffentlichen – zum Beispiel von Politikern und Prominenten. Zu verifizieren, dass die Inhalte wirklich von einem Mailserver verschickt wurden und keine plumpen Fälschungen sind, ist dank DKIM leicht. Für solche Fälle hat das Investigativ-Team von Associated Press sogar ein Open-Source-Werkzeug gebaut (siehe ct.de/ybrc). 2020 traf es Hunter Biden, den Sohn des US-Präsidenten Joe Biden, der zusehen musste, wie Experten anhand von DKIM bestätigten, dass geleakte Mails authentisch, weil signiert, sind.
>
> Wie man dieses Problem umgeht?
> Dafür müssten die Betreiber von Mailservern das Problem zunächst mal als Problem anerkennen. Was gegen fehlende Deniability hilft, wäre eine simple Automatik: Wenn die alle paar Monate das Schlüsselpaar automatisch austauscht, einen neuen öffentlichen Schlüssel im DNS hinterlegt und kurz darauf den alten privaten Schlüssel für alle Welt veröffentlicht, ist es vorbei mit dem späteren Echtheitsbeweis. Die Nachricht hätte dann jeder fälschen und signieren können. Die Funktion von DKIM gefährdet das nachträgliche Veröffentlichen indes nicht, weil der Schlüssel nur im Moment des Versands geheim sein muss.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6598Please add option to disable Traffic Quota2023-11-02T14:55:50ZCollin MachinePlease add option to disable Traffic QuotaIt would be great to have an option in the Server Config under the Web tab to disable the Traffic Quota and related fields, so that all sites can just be "unlimited" - and avoid confusing clients with an unnecessary field containing a ne...It would be great to have an option in the Server Config under the Web tab to disable the Traffic Quota and related fields, so that all sites can just be "unlimited" - and avoid confusing clients with an unnecessary field containing a negative number (as most non-tech-savy individuals would not know this means unlimited). This could probably be placed above the Traffic Quota notification settings. When disabled/unlimited, the notification fields could be hidden/disabled.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6600Support for SVCB and HTTPS DNS types (for HTTP/3)2023-11-04T08:31:40ZTill BrehmSupport for SVCB and HTTPS DNS types (for HTTP/3)Bind9 and PowerDNS are supporting SVCB and HTTPS types in the last years.
- Bind9 -> from 9.16.21 (minimum: Ubuntu Jammy)
- PowerDNS -> from 4.4.x (minimum: Ubuntu Jammy)
Nginx is supporting HTTP/3 in the last mainline versions (will be ...Bind9 and PowerDNS are supporting SVCB and HTTPS types in the last years.
- Bind9 -> from 9.16.21 (minimum: Ubuntu Jammy)
- PowerDNS -> from 4.4.x (minimum: Ubuntu Jammy)
Nginx is supporting HTTP/3 in the last mainline versions (will be default in stable in weeks or months).
https://forum.howtoforge.com/threads/support-for-svcb-and-https-dns-types-for-http-3.91390/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6601Unify, validate and/or robustly parse autoinstall.ini syntax2023-11-09T08:05:27ZJohan EhnbergUnify, validate and/or robustly parse autoinstall.ini syntax## Summary
Currently the syntax of autoinstall.ini varies especially for yes/no statements. This can be seen in the example file: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/docs/autoinstall_samples/autoinstall.ini.sam...## Summary
Currently the syntax of autoinstall.ini varies especially for yes/no statements. This can be seen in the example file: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/docs/autoinstall_samples/autoinstall.ini.sample?ref_type=heads. Currently the value is also not validated.
Looking at the code, it is also likely that syntax mistake failures vary; I stumbled on one mistake that caused a silent hang.
## Example failing case:
```
echo "reconfigure_permissions_in_master_database=n" >> autoinstall.ini
php -q update.php --autoinstall=autoinstall.ini
<hangs forever with php process at 100% CPU>
```
The fix was obviously to instead declare `reconfigure_permissions_in_master_database=no` (note last character) but it took quite long to figure that out.
## Suggested approaches
Any combination of:
- Unify syntax
- Add validator function
- Pre-parse using the common [Yy]* and [Nn]* approachhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6602Add a post-update hook script2023-11-09T09:40:17ZTill BrehmAdd a post-update hook scriptAdd a script that runs after an ISPConfig update to make customizations easier.Add a script that runs after an ISPConfig update to make customizations easier.3.2.12Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6604Enhance ssh keys textarea with Javascript2024-03-27T14:27:09ZHelmoEnhance ssh keys textarea with JavascriptWith multiple (or long) ssh public keys the textarea to enter them for SSH/SFTP account is not ideal.
What about a Javascript enhancement?
![image.png](/uploads/3810a8d251c01cfa6d740a19686f3d59/image.png)
![image.png](/uploads/e0571a5...With multiple (or long) ssh public keys the textarea to enter them for SSH/SFTP account is not ideal.
What about a Javascript enhancement?
![image.png](/uploads/3810a8d251c01cfa6d740a19686f3d59/image.png)
![image.png](/uploads/e0571a587a15e081bad5852b39130c83/image.png)
Patches to improve e.g. the styling are very welcome ;)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6608Set account in certbot if multiple accounts are present2023-11-18T12:44:55ZTill BrehmSet account in certbot if multiple accounts are presenthttps://forum.howtoforge.com/threads/playing-with-debian-12-some-issues.91311/page-3https://forum.howtoforge.com/threads/playing-with-debian-12-some-issues.91311/page-33.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6609Make website http and https port configurable for Apache servers2023-11-19T17:48:23ZTill BrehmMake website http and https port configurable for Apache serversThe website ports are already configurable for Nginx on the options tab. This request is to port this feature to the Apache plugin too.The website ports are already configurable for Nginx on the options tab. This request is to port this feature to the Apache plugin too.3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6615Add New Prefix Type CUSTOMERNO2023-12-03T16:44:36ZChristopher KaschigAdd New Prefix Type CUSTOMERNO\[This is a feature request but even with following the link 'http://bugtracker.ispconfig.org/index.php?do=newtask&project=3&task_type=2' I am not able to get a non-issue ticke inserted here - sorry\]
I know / assume I could remove the ...\[This is a feature request but even with following the link 'http://bugtracker.ispconfig.org/index.php?do=newtask&project=3&task_type=2' I am not able to get a non-issue ticke inserted here - sorry\]
I know / assume I could remove the prefixes in whole by modifying the FTP user prefix (eg) in the Main Config. But I am a fan of automatisms, as they reduce faulty input.
For this I would like to suggest - in addition to existing 'CLIENTNAME', 'CLIENTID', 'DOMAINID' - a new prefix key 'CUSTOMERNO', which replaces the keyword \[CUSTOMERNO\] by the customer number of the current selected (or user assigned) client.
Following changes work for me, but I would really prefer if this could be adjusted to fit into ISPConfig development best practices:
\[modifiying **/interface/lib/classes/tools_sites.inc.php**\]
\[line 37\]
old:
```plaintext
$keywordlist=array('CLIENTNAME', 'CLIENTID', 'DOMAINID');
```
new:
```plaintext
$keywordlist=array('CLIENTNAME', 'CLIENTID', 'DOMAINID', 'CUSTOMERNO');
```
\[line 40 foreach added case\]
```plaintext
case 'CUSTOMERNO':
$name=str_replace('['.$keyword.']', $this->getCustomerNo($dataRecord), $name);
break;
```
\[new\]
```plaintext
function getCustomerNo($dataRecord) {
global $app, $conf;
$clientId=$this->getClientID($dataRecord);
if ($clientId == '[CLIENTID]') {
return '[CUSTOMERNO]';
} elseif ($clientId == '') {
return 'default';
}
$tmp = $app->db->queryOneRecord("SELECT customer_no FROM client WHERE client_id = ?", $clientId);
$customerNo = $tmp['customer_no'];
if ($customerNo == '') $customerNo = 'default';
$customerNo = $this->convertCustomerNo($customerNo);
return $customerNo;
}
```
\[new - duplicated from function convertClientName for further flexibility, not necessarily needed to be a separate function\]
```plaintext
function convertCustomerNo($customerNo){
$allowed = 'abcdefghijklmnopqrstuvwxyz0123456789_';
$res = '';
$customerNo = strtolower(trim($customerNo));
for ($i=0; $i < strlen($customerNo); $i++){
if ($customerNo[$i] == ' ') continue;
if (strpos($allowed, $customerNo[$i]) !== false){
$res .= $customerNo[$i];
}
else {
$res .= '_';
}
}
return $res;
}
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6616Question for creating SSL cert when updating2023-12-03T21:37:14ZThomQuestion for creating SSL cert when updating* Set default to no when updating (always)
* Fix format: `Do you want to create SSL certs for your server? (yes,no) [no]:` instead of `Do you want to create SSL certs for your server? (y,n) [y]:`* Set default to no when updating (always)
* Fix format: `Do you want to create SSL certs for your server? (yes,no) [no]:` instead of `Do you want to create SSL certs for your server? (y,n) [y]:`3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6617Show DKIM status when editing mail_domain2024-03-26T09:51:12ZHelmoShow DKIM status when editing mail_domainSimilar to #6539 I would like to show the user what the DKIM dns status is. E.g. if the dns record is resolving OK.
This should also help to detect copy/paste errors when using external DNS.
The OK state:
![image](/uploads/4554cceb7f7f...Similar to #6539 I would like to show the user what the DKIM dns status is. E.g. if the dns record is resolving OK.
This should also help to detect copy/paste errors when using external DNS.
The OK state:
![image](/uploads/4554cceb7f7f5c02aa2da8360fc9db0f/image.png)
For a not added to DNS state:
![image](/uploads/adebce3ce00ab90f362f5109eb80a095/image.png)
For a failure scenario:
![image](/uploads/442b3b21d636873ca3541c9ceae19c4e/image.png)
This icon might be a bit too subtle? Thoughts?HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6620Restart memcached after a backup restore2023-12-10T16:24:09ZSergioRestart memcached after a backup restoreHi,
Working on WordPress (but I assume it's happening on other applications) happens that when I restore from a backup, some options remain in the state before the restore. This happens because the old data is still in memcached (if enab...Hi,
Working on WordPress (but I assume it's happening on other applications) happens that when I restore from a backup, some options remain in the state before the restore. This happens because the old data is still in memcached (if enabled). So I believe that after restoring a backup ISPConfig should automatically restart memcached so that the queries left in memory are deleted. If possible, it would also good to have some sort of feedback when the restore is complete.
Thank you for all your great work.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6622Change in system requirements for ISPConfig 3.2.122023-12-13T19:54:28ZTill BrehmChange in system requirements for ISPConfig 3.2.12The following system requirements will change with the release of ISPConfig 3.2.12:
- The min. PHP version will change from PHP 5.4 to PHP 7.0.
- The PHP OpenSSL Module is required.The following system requirements will change with the release of ISPConfig 3.2.12:
- The min. PHP version will change from PHP 5.4 to PHP 7.0.
- The PHP OpenSSL Module is required.3.2.12