ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2021-09-09T22:59:24Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6177php cache collisions for chroot mode php-fpm2021-09-09T22:59:24ZJesse Norellphp cache collisions for chroot mode php-fpmNeed to set validate_root option on for php-fpm using chroot (or always? does it hurt performance or anything?)
See https://www.howtoforge.com/community/threads/apache-serving-wrong-vhost.85620/page-2#post-416357
and https://www.howtof...Need to set validate_root option on for php-fpm using chroot (or always? does it hurt performance or anything?)
See https://www.howtoforge.com/community/threads/apache-serving-wrong-vhost.85620/page-2#post-416357
and https://www.howtoforge.com/community/threads/serving-wrong-website-sporadically.86962/#post-4224913.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6174DNS doesn't accept single character domain2021-08-17T22:53:30ZDominikDNS doesn't accept single character domainWith several new TLDs it is possible to use a single character Domain. Even with some of the old well-known domains including .de in meanwhile it is possible to have a domain with only one character like "a.de". One of my customer owns s...With several new TLDs it is possible to use a single character Domain. Even with some of the old well-known domains including .de in meanwhile it is possible to have a domain with only one character like "a.de". One of my customer owns such a domain with one of the new generic domains (in this case: .cymru). My solution was really simple:
I changed the corresponding regex in /usr/local/ispconfig/interface/web/dns/form/dns_soa.tform.php and dns_slave.tform.php and then it worked.
Unfortunatelly it is not allowed to have a single character domain in all TLDs - so there are TLDs out there that still allow only two-character domains and even some that allow only three-character domains. So what is the right solution now? Including an intelligence that knows the minimal length for all TLDs? Or just my simple solution and allow one character in every case?3.2.6ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6167rspamd: enable arc signing2021-08-31T09:16:05ZJesse Norellrspamd: enable arc signingRFE: enable ARC signing in rspamd. With the current rspamd options/implementation I would only enable signing for incoming mail (not authenticated or local), selecting the domain from the recipient addr - these are all default settings ...RFE: enable ARC signing in rspamd. With the current rspamd options/implementation I would only enable signing for incoming mail (not authenticated or local), selecting the domain from the recipient addr - these are all default settings in modules.d/arc.conf - and simply point the selector map and key path map to the same as used for dkim signing.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6145Disabling spamfilter for domain does not disable it for inherited mailboxes (...2021-08-17T22:58:36ZThomDisabling spamfilter for domain does not disable it for inherited mailboxes (rspamd)<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
When setting "- not enabled -" as spamfilter policy for a domain, all mailboxes with "- inherit domain setting" will keep their current configuration. So the spamfilter for them is still enabled.
The config files for those mailboxes are not updated when the policy is updated, because according to the database there would be no file for them.
## Steps to reproduce
1. Create a domain with a spamfilter enabled.
2. Create a mailbox for this domain that inherits the spamfilter setting
3. Disable the spamfilter for the domain
## Correct behaviour
<!-- What should happen instead? -->
The config file should be removed or set to allow everything?
## Environment
Server OS + version: Debian 10 \
ISPConfig version: 3.2.4
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
Rspamd daemon version 2.73.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6121acme.sh fails when self-signed certificates already exist for ISPConfig web i...2021-08-31T09:14:28ZDragan Savicacme.sh fails when self-signed certificates already exist for ISPConfig web interface## short description
Creating LE cert with acme.sh when running `ispconfig_update.sh` or `ispconfig_update.sh --force` fails with `Verify error.....Timeout during connect (likely firewall problem)` error message.
Issue happens only if s...## short description
Creating LE cert with acme.sh when running `ispconfig_update.sh` or `ispconfig_update.sh --force` fails with `Verify error.....Timeout during connect (likely firewall problem)` error message.
Issue happens only if server already has self-signed certs created for ISPConfig web interface. During acme.sh domain verification stage, apache fails to start because it can't load SSL cert files.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.3
```
apachectl -v
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
```
## proposed fix
Workaround that worked for me was to replace the following `rename` functions with `copy` in `installer_base.lib.php` (from `ISPConfig-3.2.3.tar.gz`), but maybe it's not a valid solution.
```
...
$issued_successfully = false;
// Backup existing ispserver ssl files
if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) {
--- rename($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
+++ copy($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
}
if(file_exists($ssl_key_file) || is_link($ssl_key_file)) {
--- rename($ssl_key_file, $ssl_key_file . '-temporary.bak');
+++ copy($ssl_key_file, $ssl_key_file . '-temporary.bak');
}
if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) {
--- rename($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
+++ copy($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
}
// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
if (is_executable($acme)) {
...
```
Second workaround that worked was to delete all files from `/usr/local/ispconfig/interface/ssl/`, comment out all SSL lines in `apps.vhost`, `ispconfig.conf` and `ispconfig.vhost`, and after that run `ispconfig_update.sh --force` again.
## references
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6015#note_91609
## log entries
Apache logs during `acme.sh` domain verification stage.
```
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost:
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: Action 'stop' failed.
```3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5732Limit email backup tab through client limits2021-09-07T08:21:17ZThomLimit email backup tab through client limitsAdd option to enable/disable the email backup tab through the backup templates, either with a checkbox or a limit and when set to 0, hide it.
Based on discussion at !451Add option to enable/disable the email backup tab through the backup templates, either with a checkbox or a limit and when set to 0, hide it.
Based on discussion at !4513.2.6ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5484Rspamd config files get not removed on renaming a domain2021-08-17T22:58:45ZTill BrehmRspamd config files get not removed on renaming a domainhttps://www.howtoforge.com/community/threads/when-change-email-domainname-rspamd-filters-is-not-deleted.83482/https://www.howtoforge.com/community/threads/when-change-email-domainname-rspamd-filters-is-not-deleted.83482/3.2.6Jesse NorellJesse Norell