ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-12-04T17:19:27Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5885New install finishes with [ERROR] Cron not found2020-12-04T17:19:27ZJon ReeseNew install finishes with [ERROR] Cron not found## short description
Seeing this more often with OSes migrating to systemd and journal; especially when trying to setup multi-server sets on VMs and Linux Containers.
ISPConfig crontab fails to install which requires the sysadmin to tak...## short description
Seeing this more often with OSes migrating to systemd and journal; especially when trying to setup multi-server sets on VMs and Linux Containers.
ISPConfig crontab fails to install which requires the sysadmin to take various actions to repair the installation. Also, upon a successful finish the line "Installing ISPConfig crontab" prints twice.
## correct behaviour
ISPConfig depends upon "crontab" to be present, therefore the install should detect its absence earlier and stop the installation prior to making changes; and alert the sysadmin that **crontab** is needed before installation.
Success should either be announced or ignored as redundant.
- ISPConfig requires some sort of **cron**
- many **minimal** systems exclude any type of cron management
- **installer_base.lib.php** checks for **cron** OR **anacron**
- technically **install_crontab()** depends upon **crontab**
- the name for **cron** differs by system; **crontab** is consistent
## environment
- Server OS: varies
- Server OS version: varies
- ISPConfig version: 3.2.0
## proposed fixes
Note: I will gladly put this in the form of a Merge Request (I'm just new here)
1. Change **installer_base.lib.php** to check for **crontab**
(currently line 195)
```
if(is_installed('crontab')) $conf['cron']['installed'] = true;
```
2. add logic similar to the following in **install.php** just after **$inst->find_installed_apps()**
(currently line 174) [updated more friendly output]
```
//* crontab required by ISPConfig
if(!$conf['cron']['installed']) {
die("crontab not found; please install a compatible cron daemon before ISPConfig\n\n");
}
```
3. Change the ISPConfig install logic to be simply:
(currently line 608)
```
//* Configure ISPConfig
swriteln('Installing ISPConfig crontab');
$inst->install_crontab();
```
## references
- https://www.howtoforge.com/community/threads/debian-10-2.83554/
- https://www.howtoforge.com/community/threads/issue-with-debian-10-multiserver.84896/3.2.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5889Place reject_rbl_client after permit_sasl_authenticated in postfix config2021-12-21T12:16:10ZHelmoPlace reject_rbl_client after permit_sasl_authenticated in postfix configAfter updating a mailserver to 3.2 I noticed that some users were being `blocked using zen.spamhaus.org;` on their authenticated smtp connection.
It looks like the whole subnet of that access provider is on the spamhause list.
I've now...After updating a mailserver to 3.2 I noticed that some users were being `blocked using zen.spamhaus.org;` on their authenticated smtp connection.
It looks like the whole subnet of that access provider is on the spamhause list.
I've now changed it manually in the main.cf, to place permit_sasl_authenticated before the rbl check.
The patch below probably does that for future updates. If you agree I can make a MR that also changes it in the non-debian variants.
```patch
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index b75232e6e..dcd5f592d 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -28,7 +28,7 @@ proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
smtpd_sender_restrictions = {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks{rbl_list}, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
```3.2.8https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5892Purge Let's Encrypt certbot files2023-10-21T09:29:30ZBrianPurge Let's Encrypt certbot filesHello,
certbot is generating a lot of files in /etc/letsencrypt/{csr,keys} which are not purging. It causes after a while tons of unused files are stored on the disk, or even backed up. Those files are useless. There should be a functio...Hello,
certbot is generating a lot of files in /etc/letsencrypt/{csr,keys} which are not purging. It causes after a while tons of unused files are stored on the disk, or even backed up. Those files are useless. There should be a function in ISPConfig that would delete those old files. [1][2]
Also, in the /etc/letsencrypt/archive, /etc/letsencrypt/archive and /etc/letsencrypt/renewal are stored certificates / configuration files for domains which was eventually deleted from ispconfig. Also, those files / directories should be deleted even immediately when the website is deleted or with few days delay by ISPConfig.
I dont know if acme.sh also do this - I do now have experience with acme.sh. <strike>If acme.sh is clear about described, is there way to easy migration from certbot to acme.sh?</strike>
[1] https://community.letsencrypt.org/t/remove-all-generated-csr-to-free-disk-space/78237
[2] https://github.com/certbot/certbot/issues/4635https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5897Change default index file name to default-index.html2021-02-02T09:55:53ZThomChange default index file name to default-index.htmlIf we rename the default .html file that goes in every web and set `DirectoryIndex index.htm index.html index.php default-index.html`, clients don't even have to overwrite/rename the file to their own web. Currently, if a client installs...If we rename the default .html file that goes in every web and set `DirectoryIndex index.htm index.html index.php default-index.html`, clients don't even have to overwrite/rename the file to their own web. Currently, if a client installs something like wordpress, they will still see the default index because that comes before index.php3.2.3ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5905Jailkit chroot app sections shall allow more then 128 characters2021-03-04T15:50:33ZDominikJailkit chroot app sections shall allow more then 128 charactersThe jailkit chroot app sections (Server-Config -> Jailkit) is currently limited to 128 characters (if there are added more, there is a message "Invalid jaikit chroot sections." - thats even not the best error message for that! I needed t...The jailkit chroot app sections (Server-Config -> Jailkit) is currently limited to 128 characters (if there are added more, there is a message "Invalid jaikit chroot sections." - thats even not the best error message for that! I needed to have a look into sources to find out why...)
I don't see a valid reason to reduce this section since already the default-value fills in 71 characters. If you now want to add all PHP-Versions - php7_0, php7_1, php7_2, php7_3, php7_4, php5_6 and maybe some others then the string gets larger than 128 characters...
I'd suggest to increase this heavily since there are many other section-names that can be used and you even can add own.
For sure - we could also say: hey, create your own section, that includes all you need and only add this - but then we would even not need this text-field...
Whats a good value - 512? 256 would also be ok, but since it is saved in a text-database-field there is no need to save characters...
and additionally I'd suggest to use an own error-message for the length - otherwise people don't know whats the problem...?!3.2.2Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5907E-Mails sent by ISPConfig itself and envelope from address2020-11-16T13:53:53ZBrianE-Mails sent by ISPConfig itself and envelope from addressSince ISPConfig is not using a modified sendmail_path with custom -f parameter which defines envelope from address, emails are being sent with envelope address "ispconfig@serverhostname". For example, billing emails (billing module), quo...Since ISPConfig is not using a modified sendmail_path with custom -f parameter which defines envelope from address, emails are being sent with envelope address "ispconfig@serverhostname". For example, billing emails (billing module), quota warning notifications, etc. Even when "From" address is configured in the billing module or even in Main ISPConfig configuration. Yes, header From is set up correctly, but envelope from is not configured by From header.
The reason why I am opening this issue is that due to lack of proper envelope from address the stuff cannot properly deal with undelivered emails - eg. billing email or even quota notification emails. Sure, the solution may be configure redirect from "ispconfig@serverhostname" to another address (not to mention about the ugliness of the address) or put into fastcgi wrapper sendmail_path as well as for any other website with a parameter -f but there will be an only static address. I would prefer to much variable approach which will accept "From" address configured in ispconfig interface (either for billing or system-wide in main config). We are using custom sendmail wrapper when envelope from is configured by From address but from some reason, it malform emails sent from ispconfig (due to multipart sections). I did not investigate it (maybe it is a problem with our wrapper but on all servers and different websites it works properly). Until then (its ours thing) I did a quick change in the ispcmail class with added extra param into mail() function where I changed:
```
$result = mail($to, $enc_subject, $this->body, implode($this->_crlf, $headers));
```
to
```
$result = mail($to, $enc_subject, $this->body, implode($this->_crlf, $headers), "-f $this->_mail_sender");
```
So, if you guys consider this as useful for ispconfig and the right approach, this can be used in the ispconfig release.3.2.1Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5908"From" in welcome email template2020-12-09T10:21:04ZJesse Norell"From" in welcome email templateAll the server/conf/mail/* templates use `From: {admin_mail}` except the welcome_email_* templates, which have `From: ISPConfig <postmaster@localhost.localdomain>` - those should use the {admin_mail} placeholder, too.All the server/conf/mail/* templates use `From: {admin_mail}` except the welcome_email_* templates, which have `From: ISPConfig <postmaster@localhost.localdomain>` - those should use the {admin_mail} placeholder, too.3.2.2Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5909Purge trash and junk on mdboxes in Dovecot2020-12-23T09:08:37ZPiotr J.Purge trash and junk on mdboxes in DovecotLooking at !1015 we have purge trash and junk only for maildirs:
`/server/lib/classes/cron.d/500-clean_mailboxes.inc.php`
I would like to suggest adding also purge for mdbox'es.
This topic has been touches in this discussion: https://www...Looking at !1015 we have purge trash and junk only for maildirs:
`/server/lib/classes/cron.d/500-clean_mailboxes.inc.php`
I would like to suggest adding also purge for mdbox'es.
This topic has been touches in this discussion: https://www.howtoforge.com/community/threads/email-cleanup.80522/
`doveadm expunge -u user@domain ... some_criteria`
Also it would be nice to have the frame setting for purges also inherited: global, per domain, and per user (that last one exists).3.2.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5918Support IMAP prefix2023-04-28T10:54:30ZHelmoSupport IMAP prefixIn one mailserver I have for legacy reasons an IMAP prefix set in dovecot. In was migrated from courier.
The prefix I have is 'INBOX.'
While looking into the [500-clean_mailboxes.inc.php](https://git.ispconfig.org/ispconfig/ispconfig3/...In one mailserver I have for legacy reasons an IMAP prefix set in dovecot. In was migrated from courier.
The prefix I have is 'INBOX.'
While looking into the [500-clean_mailboxes.inc.php](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/cron.d/500-clean_mailboxes.inc.php#L56) code I noticed that it tries to empty folders with and without a prefix.
But not for all, I'm assuming that's just an oversight.
But since I'm already patching the /sieve_filter.master template to include a prefix I though it might be a good idea to have this as an option.
I'm preparing a branch for this.
Let me know what you think..https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5922Disable HTTP NameVirtualHost for IP addresses by default2020-11-18T10:54:29ZThomDisable HTTP NameVirtualHost for IP addresses by defaultBased on https://www.howtoforge.com/community/threads/apache-serving-wrong-vhost.85620/page-2#post-412501Based on https://www.howtoforge.com/community/threads/apache-serving-wrong-vhost.85620/page-2#post-4125013.2.1ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5928Remove deprecated bind settings from template config2022-03-09T12:45:17ZThomRemove deprecated bind settings from template config`dnssec-enable` and `dnssec-lookaside` are obsolete and have no effect since BIND 9.15.
Also, I think `dnssec-validation yes;` should be changed to `dnssec-validation auto;` (see `dnssec-validation` under https://bind9.readthedocs.io/en...`dnssec-enable` and `dnssec-lookaside` are obsolete and have no effect since BIND 9.15.
Also, I think `dnssec-validation yes;` should be changed to `dnssec-validation auto;` (see `dnssec-validation` under https://bind9.readthedocs.io/en/v9_16_8/reference.html#boolean-options), or am I missing something?3.2.8ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5934Update default dns wizard template2020-12-10T12:59:25ZThomUpdate default dns wizard templateAdd more examples and add dnssec_wanted=nAdd more examples and add dnssec_wanted=n3.2.2ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5943Allow @ for cname target hostname2020-12-10T13:50:00ZThomAllow @ for cname target hostnameConvert @ to example.com.Convert @ to example.com.3.2.2ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5948add redirect to https for ispconfig interface by 000-ispconfig.vhost in apache22022-03-09T12:45:27Zcharlesadd redirect to https for ispconfig interface by 000-ispconfig.vhost in apache2Hello every body
It's can be good to add this :\
For Apache2 in install/tpl/apache_ispconfig.vhost.master\
`ErrorDocument 400 "<script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Change http to htt...Hello every body
It's can be good to add this :\
For Apache2 in install/tpl/apache_ispconfig.vhost.master\
`ErrorDocument 400 "<script>document.location.href='https://'+location.hostname+':'+location.port';</script><h1>Change http to http<b>s</b> into the url</h1>"`
For ngnix in install/tpl/nginx_ispconfig.vhost.master it's already redirected (I think)\
`# redirect to https if accessed with http`\
`{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;`
Have good day :)3.2.8ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5950Add Fedora 32 and 33 detection2020-12-09T10:23:46ZJozef SrokaAdd Fedora 32 and 33 detectionIt's can be good to add Fedora 32 and 33 detection. I also created a merge request !1338It's can be good to add Fedora 32 and 33 detection. I also created a merge request !13383.2.2Jozef SrokaJozef Srokahttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5954Center quota % usage2020-12-28T13:53:15ZThomCenter quota % usage![image](/uploads/16a91fc94c42fc1c91bd28f5f307e840/image.png)
I propose to center the value because it looks weird when the usage is low.
cc @pdreissen![image](/uploads/16a91fc94c42fc1c91bd28f5f307e840/image.png)
I propose to center the value because it looks weird when the usage is low.
cc @pdreissen3.2.2Pascal DreissenPascal Dreissenhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5956Remove log/ folder exclude from backup routine2020-12-10T10:26:44ZMichaelRemove log/ folder exclude from backup routineAs the title states, currently the backup routine excludes the log folder.
Imho the log folder should be included in the backup since, beside the vhost log files, there is in this folder also the webalizer and goaccess.conf located as ...As the title states, currently the backup routine excludes the log folder.
Imho the log folder should be included in the backup since, beside the vhost log files, there is in this folder also the webalizer and goaccess.conf located as well as the GoAccess database files saved.3.2.2Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5965Do OS-Update - Red Hat family2020-12-18T21:16:37ZJozef SrokaDo OS-Update - Red Hat familyIt's can be good to add update os command fro "Red Hat family". I also created a merge request !1356It's can be good to add update os command fro "Red Hat family". I also created a merge request !13563.2.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5967sender_login_maps should read email.cc2020-12-18T21:15:25ZJesse Norellsender_login_maps should read email.ccWhen a mailbox forwards to other mailboxes via the cc ("send copy to") field, those destination accounts should be able to send mail as the original account, just like an alias/forward.
Use cases for not just using an alias/forward are ...When a mailbox forwards to other mailboxes via the cc ("send copy to") field, those destination accounts should be able to send mail as the original account, just like an alias/forward.
Use cases for not just using an alias/forward are when you want an autoresponder or filters for the mailbox.
It can use the 'disabledeliver' field to more or less emulate current behavior; if disabledeliver='y' (no local delivery, it's acting like an alias/forward), this new behavior will happen; if disabledeliver='n' (local delivery does happen), it's acting more like a standard mailbox and retains current/legacy behavior.3.2.2Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5980Docker Integration2020-12-24T10:19:12ZJozef SrokaDocker IntegrationHi,
I would like to do experimental docker integration. Just a few basic features
* Container - run, stop, kill, status ..
* Image - pull, remove
* Network list
* Volumes list
something like as openvz
Would be interest from ispconfig ...Hi,
I would like to do experimental docker integration. Just a few basic features
* Container - run, stop, kill, status ..
* Image - pull, remove
* Network list
* Volumes list
something like as openvz
Would be interest from ispconfig community ?