ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2018-01-28T13:40:52Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/193Feedback of the client's editing rights2018-01-28T13:40:52ZskeldofFeedback of the client's editing rightsMake it more obvious what a client has the rights to edit and delete.
i.e. admin creates a web domain. It appears to be the same as any other of the client's domains. Client attempts to edit it and the changes silently don't get appl...Make it more obvious what a client has the rights to edit and delete.
i.e. admin creates a web domain. It appears to be the same as any other of the client's domains. Client attempts to edit it and the changes silently don't get applied. However when attempting to delete they get a permissions error.3.3Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/2130mysql database security with multiple servers2018-01-28T13:40:52ZAntalmysql database security with multiple serversThe security for the multiple server scenario should be reviewed/discussed. When adding a new server to ISPConfig it gets full access to the main ISPConfig database including all other databases. If the new server is compromised the whol...The security for the multiple server scenario should be reviewed/discussed. When adding a new server to ISPConfig it gets full access to the main ISPConfig database including all other databases. If the new server is compromised the whole ISPConfig configuration is in danger including all other servers.
In our setup we've got one more secure main server with the ISPConfig interface/database and websites build by us. On the second server we have websites that are maintained by clients, FTP access and phpMyadmin access. Somewhat less secure then the main.
My idea is that all other servers should talk to ISPConfig via an API that only offers the needed information. If I don't have e-mail setup on the other server it should be able to retrieve encrypted passwords and other e-mail configuration. Another solution would be to let the main server push settings to the client servers, but this results in more traffic and possible errors I guess.
What do you think? Maybe there is another way to get the setup more secure?3.3Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5053Global quota usage per user for all services.2018-05-28T09:32:02ZLuis GuzmanGlobal quota usage per user for all services.Since trying to set global limits per user might bring security issues, could we take another approach by summing each field (mail, web, ftp, db) on one table. So it's easier to keep track of each user space usage.
This would be a prett...Since trying to set global limits per user might bring security issues, could we take another approach by summing each field (mail, web, ftp, db) on one table. So it's easier to keep track of each user space usage.
This would be a pretty much useful feature, hopefully we can see it on master at some point.
Cheers!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5086Show name of deleted item in delete confirmation dialog2018-07-20T17:41:57ZTill BrehmShow name of deleted item in delete confirmation dialogShow name of deleted item in delete confirmation dialogShow name of deleted item in delete confirmation dialogPlanned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5151Add hostname check in ispconfig installer to avoid amavis problems2018-10-11T11:51:10ZTill BrehmAdd hostname check in ispconfig installer to avoid amavis problemsMany users are not configuring their hostname correctly which later causes amavis to fail. The installer should show an error when:
hostname = hostname -f plus the result contains no dot.
hostname means the result from hostname command...Many users are not configuring their hostname correctly which later causes amavis to fail. The installer should show an error when:
hostname = hostname -f plus the result contains no dot.
hostname means the result from hostname command here.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5172Feature Request: Create only new certificate request2018-11-01T18:41:00ZRaffael LuthigerFeature Request: Create only new certificate requestI have a domain where we already have a certificate (and private key). Now I would like to create a new request without changing the key and without changing the certificate and bundle.
For this I would like to have a new "SSL action" w...I have a domain where we already have a certificate (and private key). Now I would like to create a new request without changing the key and without changing the certificate and bundle.
For this I would like to have a new "SSL action" with the name "Create certificate request" which will then only generate a new request.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/1983Change confrmation2018-12-15T18:11:29ZMichaelChange confrmationChange the confirmation question when deleting an entry from
"Do you really want to delete this record?" to
"Do you really want to delete the record <NAME_OF_RECORD>"?
Then it is possible to check again if the right record is se...Change the confirmation question when deleting an entry from
"Do you really want to delete this record?" to
"Do you really want to delete the record <NAME_OF_RECORD>"?
Then it is possible to check again if the right record is selected for deletion.
42mPlanned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5256function to create special subdirectories2019-02-26T18:29:10ZKnut Krügerfunction to create special subdirectoriesThere a different console tools to create websites (and maybe other for other purposes ) which are requesting write access to (hidden) directories at webfolder level ( /var/www/clients/clientX/webXYZ/ )
It would be helpful to have the ...There a different console tools to create websites (and maybe other for other purposes ) which are requesting write access to (hidden) directories at webfolder level ( /var/www/clients/clientX/webXYZ/ )
It would be helpful to have the possibility to create (also hidden) subdirectories at the webfolder level.
Example: to use composer with Drupal and sudo -su webxyz composer ... (composer without root user = security issue) you need /var/www/clients/clientX/webXYZ/.composer and subdirectories
The workaround just now is, to create a subdomain (VHOST) with Web folder .composerhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5295Access Control List-support for dovecot2019-04-23T07:20:46ZMartinAccess Control List-support for dovecotIt would be nice, if ACLs for dovecot are supported out-of-the-box in ISPConfig.It would be nice, if ACLs for dovecot are supported out-of-the-box in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5301Description field for email aliases2019-05-08T06:01:29ZGreg LadownyDescription field for email aliasesOptional description field in "Email aliases" "Email Forward" and "Email Mailbox", so that a comment can be added describing the purpose of this alias/forward/mailbox eg. "this was created for subscribing to Whatever.com support , can be...Optional description field in "Email aliases" "Email Forward" and "Email Mailbox", so that a comment can be added describing the purpose of this alias/forward/mailbox eg. "this was created for subscribing to Whatever.com support , can be removed after ..." or "Temporary email account for testing ...., speak to .... to see if it's still needed"
VARCHAR(100) should be sufficient
Rationale
I'm adding a lot of custom aliases or accounts. When subscribing to unknown service I never give my normal email address, as they often keep spamming for years after I stop using them and very often sell their address databases. Before I started using ISPConfig I was adding comments into aliases file directly, with ISPConfig it's not possible as number of aliases grows they become difficult to manage.
Greghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5300Domain settings validation when adding new email domain2019-05-08T06:03:34ZGreg LadownyDomain settings validation when adding new email domainWhen adding new mail domain can ISPConfig perform some check if the domain is configured correctly, eg checking MX record for it and do not allow or warn if it's not set up correctly.
Some kind of validation of domain ownership would be...When adding new mail domain can ISPConfig perform some check if the domain is configured correctly, eg checking MX record for it and do not allow or warn if it's not set up correctly.
Some kind of validation of domain ownership would be usefull, eg.
- MX record pointing to specific server
- TXT record containing specific value
Server admin could decide whether to allow adding domains without these, warn or require DNS set up beforehand. I understand that sometimes people need to set up domain and mailboxes before switching the MX, but TXT record verification could be an option in this case.
Additionally it would be useful if there was a dashboard showing all mail domains configuration correctness for
MX record - saying eg. "your MX record is not not figured correctly, you will not be able to receive any email for domain here
SPF - if exists, has correct syntax and lists the IP of the server
DKiM public key - if exists for chosen selector, has correct syntax and contains the right public key
DMARC policy record -
Rationale
- People make typos or forget they have to configure DNS.
- Sometimes user adds a domain that belongs to someone else and as a result all email to that domain is treated as local by the server and therefore emails to it cannot be delivered from the server
- Grow knowledge about email authentication to reduce spam volumes and phishinghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5304mimic logrotate dateext2019-05-13T16:09:17ZKoSmimic logrotate dateextAs ISPconfig is not using logrotate for the rotation of the logfiles in /var/log/ispconfig/http and uses the 1,2,3 naming schema, it is not possible to change that easily to a 'dateext' naming style. the benefit of dateext is that the fi...As ISPconfig is not using logrotate for the rotation of the logfiles in /var/log/ispconfig/http and uses the 1,2,3 naming schema, it is not possible to change that easily to a 'dateext' naming style. the benefit of dateext is that the files keep a consistent name and are not messing up the backups -> e.g. every day the data in mylog.1.gz "changes" because it gets replaced by the next new log file. With the dateext option mylog.20190512.gz always stays the way it is and will just get purged when it is old enough (or after X rotations).
It would be nice if ISPconfig would "mimic" the dateext functionality (or even use logrotate).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5306Mail Backup Recovery to other Account2019-05-16T16:50:53ZAlexMail Backup Recovery to other AccountFeature Request Mail Recovery
Currently, the way for recovering an email mailbox is unsightly since the user can only recover to the current mailbox. A better solution who the user needs to create a recovery mailbox or Ispconfig 3 does...Feature Request Mail Recovery
Currently, the way for recovering an email mailbox is unsightly since the user can only recover to the current mailbox. A better solution who the user needs to create a recovery mailbox or Ispconfig 3 does this even during a recovery. Then the user would have the option to restore mailbox in Life Mail or in a mailbox recovery-Mailname@Domain.tld Mailboxhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5308Allow to disable monitor crons2019-05-21T15:32:49ZGuillaume SubironAllow to disable monitor cronsI think we should be able to disable monitor crons. All of them at once, or one by one.
We are managing an ISPConfig server with 5 wordpress multisites hosting around 600 websites each. What it means is that we have 5 databases with aro...I think we should be able to disable monitor crons. All of them at once, or one by one.
We are managing an ISPConfig server with 5 wordpress multisites hosting around 600 websites each. What it means is that we have 5 databases with around 20000 tables each. It is working quite well, but it is quite unmanageable for the `monitor_database_size` cron, which calls some long queries.
```
# Time: 190520 12:00:18
# Query_time: 16.847866 Lock_time: 0.000098 Rows_sent: 1 Rows_examined: 15982
SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='db644287598';
# Time: 190520 12:00:30
# Query_time: 12.230618 Lock_time: 0.000131 Rows_sent: 1 Rows_examined: 11232
SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='db644287599';
# Time: 190520 12:00:45
# Query_time: 15.151571 Lock_time: 0.000167 Rows_sent: 1 Rows_examined: 14633
SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='db644287600';
# Time: 190520 12:01:05
# Query_time: 19.879997 Lock_time: 0.000296 Rows_sent: 1 Rows_examined: 19716
SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='db644287601';
```
You can see above that the request can take 10 to 20 seconds per database. Every 5 minutes…
In worst case, when we have some load, the cron takes more than 5 minutes, crons piles up and it gets worse and worse.
For now, my fix will be to remove `cron.d/100-monitor_database_size.inc.php`, but I think it would be nice to allow this from the ISPConfig webui. And I didn't check but I believe other crons can have significant impacts as well, for a functionnality that is not used by anybody. We have never used the monitor panel.
Thanks.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3804disable modification of /etc/fstab2019-05-22T15:08:23ZRobert Vergedisable modification of /etc/fstabProvide option to disable modification of /etc/fstabProvide option to disable modification of /etc/fstabhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5232Sieve filter when "ends with" is not user friendly2019-06-21T08:11:38ZSteffen NielsenSieve filter when "ends with" is not user friendlyWhen you choose to create a mailfilter under the mailbox within ISPconfig with the settings "From" and "Ends with". The user will most likely fill in for example ".com" which gives the following if in sieve:
`if header :regex ["from"...When you choose to create a mailfilter under the mailbox within ISPconfig with the settings "From" and "Ends with". The user will most likely fill in for example ".com" which gives the following if in sieve:
`if header :regex ["from"] [".*\.com$"]`
This will unfornately not trigger on emails from .com-addresses because sieve sees them as ".com>". The following if would trigger instead.
`if header :regex ["from"] [".*\.com\>$"]`
If this can be confirmed by others. Is it possible to make ISPconfig automatically appending ">" when users are choosing filters with "Ends with"? Most likely "Begins with" must be adjusted too.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5328email for mailboxquota to mailbox2019-06-27T17:49:13ZSteffan Noordemail for mailboxquota to mailboxPlease extend the email mailbox quota emails.
Now the options are:
Admin
User.
But when a reseller has a mailbox (and dont setyup clients)
he is getting a email, but the mailbox in question is not getting a email.
Extending lib/classes...Please extend the email mailbox quota emails.
Now the options are:
Admin
User.
But when a reseller has a mailbox (and dont setyup clients)
he is getting a email, but the mailbox in question is not getting a email.
Extending lib/classes/cron.d/300-quota_notify.inc.php
//* Send email to mailbox
if($web_config['overtraffic_notify_mbox'] == 'y') {
$recipients[] = $rec['email'];
}
should work i think (but needs a update of the interface)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5193Add Chroot checkbox in cronjob settings2019-07-04T13:33:03ZTill BrehmAdd Chroot checkbox in cronjob settingsCurrently, the chroot type is set in client settings and the chroot type is applied when the cronjob is created. There is no option to turn off chrooting for an existing cronjob yet.Currently, the chroot type is set in client settings and the chroot type is applied when the cronjob is created. There is no option to turn off chrooting for an existing cronjob yet.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5338Feature request: Don't add to Let's Encrypt certificate checkbox on website c...2019-07-13T08:54:50ZRudolf W BykerFeature request: Don't add to Let's Encrypt certificate checkbox on website config pagesIt is currently possible to exclude alias domains from the certificate by ticking this check box on the "Aliasdomain for website" page:
![Don't add to Let's Encrypt certificate checkbox](/uploads/32b08dae5eae2af63ac35428ff3d479a/image.p...It is currently possible to exclude alias domains from the certificate by ticking this check box on the "Aliasdomain for website" page:
![Don't add to Let's Encrypt certificate checkbox](/uploads/32b08dae5eae2af63ac35428ff3d479a/image.png)
*Can we please have that on the "Website" config page, too?*
Our use case:
* A few different versions of a website exist in ISPConfig, under domain names like `alpha.appname`, `beta.appname` and `gamma.appname`.
* An aliasdomain contains the real domain name which users see, e.g. `theappwewrote.com`
* Only the aliasdomain is available via DNS. This allows us to very quickly switch which version of the website is "live".
When enabling HTTPS, it tries to add `alpha.appname` and friends to the certificate, which we don't want. We only want `theappwewrote.com` in the certificate.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5360Secondary accounts for clients2019-08-02T14:21:41ZPatrick ZajdaSecondary accounts for clientsSometimes a client could want to give access to her/his account to another person, for example if this person is the webmaster, someone who would manage e-mail addresses.
Actually, this client should give the login and pass to this perso...Sometimes a client could want to give access to her/his account to another person, for example if this person is the webmaster, someone who would manage e-mail addresses.
Actually, this client should give the login and pass to this person.
Would it be possible to be able to create secondary or sub-account for clients and give them some pricize permissions on the client subscription?