ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2023-08-01T21:17:13Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5448Mail settings tabs are not working when accessed directly from the dashboard2023-08-01T21:17:13ZJonathan ElderMail settings tabs are not working when accessed directly from the dashboard## short description
Users cannot access autoresponder and other tabs settings when viewing email settings directly from the dashboard. Clicking on the tab results in a 404 error in the console. Tabs still works if you go to "Email Mail...## short description
Users cannot access autoresponder and other tabs settings when viewing email settings directly from the dashboard. Clicking on the tab results in a 404 error in the console. Tabs still works if you go to "Email Mailbox" section first, instead of selecting the email account directly from the dashboard. This only affects users, not the admin.
## correct behaviour
User should be able to see the tabs for other settings.
## environment
- Server OS: centos
- Server OS version: CentOS 7.7.1908
- ISPConfig version: 3.1.15p2
## log entries
### Console log
```
POST https://domain.com/dashboard/mail_user_edit.php 404 (Not Found)
```
## inspector details
### "Autoresponder" link code when viewed from dashboard
```
<a href="#" onclick="return ISPConfig.changeTab('autoresponder','dashboard/mail_user_edit.php')">Autoresponder</a>
```
### "Autoresponder" link code when viewed from "Email Mailbox" section
```
<a href="#" onclick="return ISPConfig.changeTab('autoresponder','mail/mail_user_edit.php')">Autoresponder</a>
```3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5588CAA for Sectigo2023-04-29T19:13:26ZPacoCAA for SectigoHello,
Comodo rebranded their company, change his name and now called Sectigo.
In DNS zone menu, when you try to add CAA for Sectigo - issuer was missing.
https://sectigo.com/comodo
When I check - issuers contained in dbispconfig da...Hello,
Comodo rebranded their company, change his name and now called Sectigo.
In DNS zone menu, when you try to add CAA for Sectigo - issuer was missing.
https://sectigo.com/comodo
When I check - issuers contained in dbispconfig database -> dns_ssl_ca table.
I do not want to manually insert a row in this table, as I am not sure if this would break the dbispconfig database in a possible future update for ISPConfig.
It is possible Sectigo to be added in next releases of ISPConfig?
3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5533spamfilter users form don't allow amavis catchall pattern2022-08-17T14:19:03ZCarlosspamfilter users form don't allow amavis catchall pattern## What is happening and what is wrong with that?
In the web interface, in spamfilter users form, if in the email pattern i write the amavis catchall "@." pattern (see [https://docs.iredmail.org/amavisd.sql.db.html#lookup_sql_dsn](https:...## What is happening and what is wrong with that?
In the web interface, in spamfilter users form, if in the email pattern i write the amavis catchall "@." pattern (see [https://docs.iredmail.org/amavisd.sql.db.html#lookup_sql_dsn](https://docs.iredmail.org/amavisd.sql.db.html#lookup_sql_dsn)) it is modified on save and replaced by "@"
## What should happen instead?
It should allow to store the catchall pattern
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.1.15p2
## proposed fix
I think we can check if $domain is the amavis pattern "@." to the second line of the method "_idn_encode_decode" on the file "interface/lib/classes/functions.inc.php"
like this
```
private function _idn_encode_decode($domain, $encode = true) {
if($domain == '') return '';
if($domain == '@.') return $domain; //amavis catchall pattern
if(preg_match('/^[0-9\.]+$/', $domain)) return $domain; // may be an ip address - anyway does not need to bee encoded
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5548Changing password rspamd does not change through server config2022-03-01T13:28:35ZDannyChanging password rspamd does not change through server config## short description
trying to change the access password of rspamd GUI through the ISPConfig admin interface. Enabling debug and checking the debuglog after running server.sh gives back no error. Looking at the worker-controller.inc it ...## short description
trying to change the access password of rspamd GUI through the ISPConfig admin interface. Enabling debug and checking the debuglog after running server.sh gives back no error. Looking at the worker-controller.inc it indeed did not change.
## correct behaviour
Changing the access password of the GUI
## environment
Server OS: Ubuntu
Server OS version: 18.04.4 LTS (Bionic Beaver)
ISPConfig version: 3.1.15p3
## log entries
```
28.02.2020-12:02 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
28.02.2020-12:02 - DEBUG - Found 2 changes, starting update process.
28.02.2020-12:02 - DEBUG - Replicated from master: **QUERY
28.02.2020-12:02 - DEBUG - Calling function 'server_ip' from plugin 'apache2_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
28.02.2020-12:02 - DEBUG - Writing the conf file: /etc/apache2/sites-available/ispconfig.conf
28.02.2020-12:02 - DEBUG - Calling function 'update' from plugin 'apps_vhost_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
28.02.2020-12:02 - DEBUG - Calling function 'update' from plugin 'network_settings_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - Network configuration disabled in server settings.
28.02.2020-12:02 - DEBUG - Calling function 'update' from plugin 'postfix_server_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - safe_exec cmd: which 'dovecot' 2> /dev/null - return code: 0
28.02.2020-12:02 - DEBUG - Processed datalog_id 5757
28.02.2020-12:02 - DEBUG - Replicated from master: **QUERY
28.02.2020-12:02 - DEBUG - Calling function 'server_ip' from plugin 'apache2_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
28.02.2020-12:02 - DEBUG - Writing the conf file: /etc/apache2/sites-available/ispconfig.conf
28.02.2020-12:02 - DEBUG - Calling function 'update' from plugin 'apps_vhost_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
28.02.2020-12:02 - DEBUG - Calling function 'update' from plugin 'network_settings_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - Network configuration disabled in server settings.
28.02.2020-12:02 - DEBUG - Calling function 'update' from plugin 'postfix_server_plugin' raised by event 'server_update'.
28.02.2020-12:02 - DEBUG - safe_exec cmd: which 'dovecot' 2> /dev/null - return code: 0
28.02.2020-12:02 - DEBUG - Processed datalog_id 5758
28.02.2020-12:02 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
28.02.2020-12:02 - DEBUG - Restarting httpd: systemctl restart apache2.service
28.02.2020-12:02 - DEBUG - Calling function 'restartPostfix' from module 'mail_module'.
28.02.2020-12:02 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4792rfe: lmtp for amavis and dovecot2021-11-29T11:48:58ZJesse Norellrfe: lmtp for amavis and dovecotrfe: use lmtp to send mail to amavis and final delivery to dovecot. This gives both services the ability to reply with a dsn for each recipient (improves delivery), and is a little more efficient (not much different for amavis, but dove...rfe: use lmtp to send mail to amavis and final delivery to dovecot. This gives both services the ability to reply with a dsn for each recipient (improves delivery), and is a little more efficient (not much different for amavis, but dovecot saves a fork/exec for every message).
## Changes required
Required config changes are quite simple, in current (eg. 3.1.6) config for postfix + dovecot to send to amavis via lmtp you simply need these in main.cf:
``lmtp_data_done_timeout = 1200
lmtp_send_xforward_command = yes
``
Then change the `amavis` transport name to `lmtp` in the 'tag_as_*.re' files:
``sed -i s/amavis/lmtp/g /etc/postfix/tag_as_*.re
``
The dovecot config is in /etc/dovecot/dovecot.conf:
``protocols = imap pop3 lmtp <---- line #2
lmtp_rcpt_check_quota = yes <---- new
``
And in main.cf change `virtual_transport = lmtp:unix:private/dovecot-lmtp`.
You can then remove the `dovecot` and `amavis` transports in master.cf.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5379Rspamd has inconsistent greylisting setting2021-04-16T15:24:58ZMarius BurkardRspamd has inconsistent greylisting settingWhen using rspamd the greylisting is set via spamfilter policies. Instead it should use the same setting that are used by amavis (mail user, mail fwd/alias, mail catchall).When using rspamd the greylisting is set via spamfilter policies. Instead it should use the same setting that are used by amavis (mail user, mail fwd/alias, mail catchall).3.1.15Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5578security issue when creating ssh users2021-02-02T20:57:39ZKiss Károlysecurity issue when creating ssh users## short description
When creating ssh users with jailkit, it takes a while to create the jail. The user is first created, the shell is disabled
and the password locked. However these actions are done sequentially using separate commands...## short description
When creating ssh users with jailkit, it takes a while to create the jail. The user is first created, the shell is disabled
and the password locked. However these actions are done sequentially using separate commands. This leaves a very short time
for attackers to access the server's OS with a valid user and password. It is very hard to exploit but during a security audit our system has been accessed this way, so it is possible.
## correct behaviour
The newly created ssh user should be created with disabled login until the jail is created and login should be enabled after the shell is set to jk_chrootsh.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.1dev
## proposed fix
add --disable-login to the adduser command and enable
## log entries
```
Apr 1 17:27:02 ispcwebtest02 useradd[14214]: new user: name=c6crash, UID=10033, GID=10033, home=/var/www/clients/client15/web33, shell=/bin/bash
Apr 1 17:27:02 ispcwebtest02 usermod[14229]: change user 'c6crash' shell from '/bin/bash' to '/bin/false'
Apr 1 17:27:02 ispcwebtest02 usermod[14229]: lock user 'c6crash' password
Apr 1 17:27:56 ispcwebtest02 usermod[21527]: change user 'c6crash' home from '/var/www/clients/client15/web33' to '/var/www/clients/client15/web33/./home/c6crash'
Apr 1 17:27:56 ispcwebtest02 usermod[21534]: change user 'c6crash' shell from '/bin/false' to '/usr/sbin/jk_chrootsh'
Apr 1 17:27:56 ispcwebtest02 usermod[21539]: change user 'web33' home from '/var/www/clients/client15/web33' to '/var/www/clients/client15/web33/./home/web33'
Apr 1 17:27:56 ispcwebtest02 usermod[21557]: unlock user 'c6crash' password
```3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5088Disable TLSv1.0 and 1.1 by default2020-11-09T04:54:19ZArne HudeDisable TLSv1.0 and 1.1 by defaultJust add !TLSv1 into the standard configations for a new server. Nowadays there are only a few services left who use this....
This gives you a better ranking in most certifiers for a good crypography
`/// /etc/dovecot/dovecot.conf
//....Just add !TLSv1 into the standard configations for a new server. Nowadays there are only a few services left who use this....
This gives you a better ranking in most certifiers for a good crypography
`/// /etc/dovecot/dovecot.conf
//...
ssl_protocols = !SSLv3 !TLSv1
//...
`3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4592DMARC disabled after editing2020-10-14T12:26:20Z Jan KraljičDMARC disabled after editing![ISPConfig_3.1.2_-_2017-03-20_12.52.11](/uploads/879e9eae4bf7e6429f9f325c36273524/ISPConfig_3.1.2_-_2017-03-20_12.52.11.png)
When editing DMARC record in DNS by Active is written "CHECKED" and there is not in a checkbox. (see attached ...![ISPConfig_3.1.2_-_2017-03-20_12.52.11](/uploads/879e9eae4bf7e6429f9f325c36273524/ISPConfig_3.1.2_-_2017-03-20_12.52.11.png)
When editing DMARC record in DNS by Active is written "CHECKED" and there is not in a checkbox. (see attached screen). After saving the value DMARC record is de-activated. So there is need to go into DMARC record once again and click on un-checked checkbox.
Version: 3.1.2
Note:
I don't know if it relevant but there was "ISPConfig – DKIM-Patch" installed before upgrading to 3.1.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5058Backport apache proxy_fcgi config from master branch2020-09-25T19:35:43ZTill BrehmBackport apache proxy_fcgi config from master branchhttps://www.howtoforge.com/community/threads/issue-with-non-existent-php-files.77589/https://www.howtoforge.com/community/threads/issue-with-non-existent-php-files.77589/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5418Database user creation not working on MySQL 82020-09-19T11:33:24ZViktorDatabase user creation not working on MySQL 8Dear all,
I would like to ask for your support if you have a solution but haven't postid it yes (I could not find any solution on Google) to how to fix database user creation function where db server is MySQL 8.
There is an SQL syntax ...Dear all,
I would like to ask for your support if you have a solution but haven't postid it yes (I could not find any solution on Google) to how to fix database user creation function where db server is MySQL 8.
There is an SQL syntax error on creation due to PASSWORD() function has been removed (ALSO DECRAPTED ON MYSQL 5.7 !!!) and the logic of user creation is also changed: we have to use CREATE USER function first then on a second command GRANT permissions for our newly created user.
I have checked mysql_clientdb_plugin.inc.php but I have to admit I could not get what's the idea behind.
I'm running my MySQL 8 server with mysql_native_password support due for better compatibility.
I tried to get rid of PASSWORD() function by double SHA1 the password with a PHP function:
```
function sqlPassword($input) {
$pass = strtoupper(
sha1(
sha1($input, true)
)
);
$pass = '*' . $pass;
return $pass;
}
```
Plus also extend the SQL command of a new user but without success:
```
if(!$link->query("CREATE USER ".$link->escape_string($database_user)."'@'$db_host'"." IDENTIFIED WITH mysql_native_password BY '".$link->escape_string($database_password_native)."';");
if(!$link->query("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
```
Any help would be appreciated!
Thank you!3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5344Incomplete chroot configuration if user "is currently logged in"2020-09-18T19:48:18ZZakIncomplete chroot configuration if user "is currently logged in"## short description
On creation of a chrooted cronjob, the jail is initialized if needed and the homedir of the affected user gets reconfigured via *usermod --home=/var/www/clients/clientXXX/webXXX/./home/webXXX webXXX*. The command how...## short description
On creation of a chrooted cronjob, the jail is initialized if needed and the homedir of the affected user gets reconfigured via *usermod --home=/var/www/clients/clientXXX/webXXX/./home/webXXX webXXX*. The command however will fail, if the user is logged in or a process is running under the user which is always the case if using php-fpm.
Due to the misconfigured user the chrooted cronjob can't be executed and the following will be logged in ''/var/log/auth.log'':
`jk_chrootsh[30473]: abort, homedir '/var/www/clients/clientXXX/webXXX' for user webXXX (XXX) does not contain the jail separator <jail>/./<home>`
## environment
Server OS: (probably all)
Server OS version: (probably all)
ISPConfig version: (3.14)
## proposed fix
- Since neither the files relevant for the chroot are removed, nor the users homedir is reconfigured upon deletion of all chrooted cronjobs the user should be initially created with the "jailed" homedir which would render a later reconfiguration unnecessary.
- Alternatively ''/etc/passwd'' could be altered directly without invoking the ''usermod'' command.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5463Allow short form for wildcard DNS records2020-09-15T13:06:22ZTomAllow short form for wildcard DNS records## short description
I would like to add a TXT record with name '*' and a value of 'some nice text' to the kovoks.nl domain.
This is rejected as 'invalid name'.
## correct behaviour
This is allowed according to the RFC.
## Workaround
...## short description
I would like to add a TXT record with name '*' and a value of 'some nice text' to the kovoks.nl domain.
This is rejected as 'invalid name'.
## correct behaviour
This is allowed according to the RFC.
## Workaround
Use '*.kovoks.nl.' as name. This is accepted.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5147Check if ISPConfig fully supports latest MySQL 8 releases2020-09-08T07:44:53ZTill BrehmCheck if ISPConfig fully supports latest MySQL 8 releasesCheck if ISPConfig fully supports latest MySQL 8 releases.
https://www.howtoforge.com/community/threads/config-for-mysql-8-and-ispconfig3.80202Check if ISPConfig fully supports latest MySQL 8 releases.
https://www.howtoforge.com/community/threads/config-for-mysql-8-and-ispconfig3.80202https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5584Delete SSL directory references for vhost subdomains2020-08-30T16:50:46ZKoSDelete SSL directory references for vhost subdomainsWhen a vhost subdomain gets deleted, any associated files, like the Lets Encrypt/certbot symlinks in the SSL subdir, shall be removed. In addition the associated certbot configurations should be removed too, see #5583When a vhost subdomain gets deleted, any associated files, like the Lets Encrypt/certbot symlinks in the SSL subdir, shall be removed. In addition the associated certbot configurations should be removed too, see #5583https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5468allow axfr range instead of only ipaddress2020-08-30T16:18:47Zcommentatorallow axfr range instead of only ipaddresswould be nice if we can add an axfr range instead of only ipaddresses.
See also https://www.howtoforge.com/community/threads/axfr-range.82959/#post-395710would be nice if we can add an axfr range instead of only ipaddresses.
See also https://www.howtoforge.com/community/threads/axfr-range.82959/#post-395710https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5614Fix home initialization for Jailkit (incl. Fix)2020-08-26T16:19:06ZTill BrehmFix home initialization for Jailkit (incl. Fix)The previous dir (without `./home/$user`) causes usermod to crash when some FPM processes are already launched for the UID (in `server/scripts/create_jailkit_user.sh`), so jk_jailuser is not able to detect the home inside the jail, inser...The previous dir (without `./home/$user`) causes usermod to crash when some FPM processes are already launched for the UID (in `server/scripts/create_jailkit_user.sh`), so jk_jailuser is not able to detect the home inside the jail, inserting an empty one in the passwd file, and causing an error when the user want to connect via SSH for example.
https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/7953.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5513Rsapmd user configuration always add header and rewrite subject regardless of...2020-08-12T13:34:55ZFiftyzRsapmd user configuration always add header and rewrite subject regardless of SPAM tag method configured## wrong behaviour
Rsapmd user configuration generated always include `add header` and `rewrite subject` regardless of SPAM tag method configured in ISPConfig spamfilter policy.
## correct behaviour
Rsapmd user configuration generated s...## wrong behaviour
Rsapmd user configuration generated always include `add header` and `rewrite subject` regardless of SPAM tag method configured in ISPConfig spamfilter policy.
## correct behaviour
Rsapmd user configuration generated should include "add header" or/and "rewrite subject" based on SPAM tag method configured in ISPConfig spamfilter policy.
## problem
The problem is causated by the code in `rspamd_plugin::user_settings_update()` from `/server/plugins-available/rspamd_plugin.inc.php`:
```
class rspamd_plugin {
# (...)
function user_settings_update($event_name, $data) {
# (...)
$tpl->setVar('rspamd_spam_tag_method', floatval($policy['rspamd_spam_tag_method']));
# (...)
}
}
```
## proposed fix
`rspamd_spam_tag_method` is a string not a float, so it should be set like this:
```
class rspamd_plugin {
# (...)
function user_settings_update($event_name, $data) {
# (...)
$tpl->setVar('rspamd_spam_tag_method', $policy['rspamd_spam_tag_method']);
# (...)
}
}
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5521Allow IPv6 Addresses for xfer and notify in DNS Module2020-08-10T17:59:28ZPatrick OmlandAllow IPv6 Addresses for xfer and notify in DNS ModuleIn the DNS module for Allow-Transfer, Notify etc. both IPv6 and IPv4 addresses should be allowed.In the DNS module for Allow-Transfer, Notify etc. both IPv6 and IPv4 addresses should be allowed.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4492Bug. Are not converted names IDN-domains on the home page.2020-07-31T12:19:16ZAlexanderBug. Are not converted names IDN-domains on the home page.Are not converted names IDN-domains on the home page
![IDN_domains](/uploads/260ebba183db9202778ea3e1818f0cb0/IDN_domains.PNG)Are not converted names IDN-domains on the home page
![IDN_domains](/uploads/260ebba183db9202778ea3e1818f0cb0/IDN_domains.PNG)3.2