ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2023-09-16T14:49:23Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6537Initialize SPF record with the zone name.2023-09-16T14:49:23ZHelmoInitialize SPF record with the zone name.The first field of the spf record form currently defaults to empty.
It's technically ok to leave it blank as '@' '' and '<zonename>.' are effectively the same.
However in our [default dns template](https://git.ispconfig.org/ispconfig/is...The first field of the spf record form currently defaults to empty.
It's technically ok to leave it blank as '@' '' and '<zonename>.' are effectively the same.
However in our [default dns template](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/install/sql/ispconfig3.sql#L2467) example we suggest to put the zonename for all dns_rr's in the Name column.
Lets also apply that to spf.
![image](/uploads/771cf0ff0fc55808a8e18c28283adc5b/image.png)
And lets extend the check for existing records to detect this variation.HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6531Handle wildcard aliases2023-09-16T14:49:44ZBaptiste RichardHandle wildcard aliases# What is a wildcard alias ?
A wildcard alias is an alias containing an asterisk `*` as a placeholder for "anything unspecified". For example, if I have an alias `gitlab*@example.org` pointing to `john@example.org`, any incoming email m...# What is a wildcard alias ?
A wildcard alias is an alias containing an asterisk `*` as a placeholder for "anything unspecified". For example, if I have an alias `gitlab*@example.org` pointing to `john@example.org`, any incoming email matching this pattern will be redirected to john, such as `gitlabispconfig@example.org` or `gitlab-support@example.org`
Obiviously, wildcard aliases should not intercept direct aliases nor inbox emails, and catchall should still capture anything that does not match any (wildcard or not) alias.
Apart from this, wildcard aliases allows to give a unique email to each service you suscribe to in order to either filter incoming mail easily based on the `From:` address, or, when you start receiving spam, know who the hell sold your address (and denylist this specific address)
# How is it different from + aliasing ?
Using `+` as a separator has some issues :
- Some systems (website or otherwise) still don't recognize the `+` character as valid in an email, so bye bye filtering.
- Some systems (I encountered at least 1 so far) allow the `+` in the submission process but removes it entirely. So bye bye filtering (again)
Wildcard aliases can use only "regular" characters. In fact, there is no way to know if a given adress is an alias or not, wether this alias is wildcarding or not.
# What should be done in ISPconfig to make this available ?
From the webUI we can submit wildcard aliases (aliases having an asterisk * in part of the name) but they don't work as intended (not at all actually).
Having them to work is only a matter of editing the `/etc/postfix/mysql-virtual_forwardings.cf` file to lookup for wildcard characters.
I've already done the development require and will push a MR with this.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6529Multiserver Database IPv6 autocomplete and suggested IPs2023-06-16T04:20:26ZPhilipp HieberMultiserver Database IPv6 autocomplete and suggested IPs## Summary
If a multiserver setup is used with external database servers with IPv6, the IPv6 address of the web server will not autocomplete for external access. \
IPv6 addresses configured in serverconfigs. \
IPv6 addresses in hosts fil...## Summary
If a multiserver setup is used with external database servers with IPv6, the IPv6 address of the web server will not autocomplete for external access. \
IPv6 addresses configured in serverconfigs. \
IPv6 addresses in hosts file on master server are configured.
Only IPv4 addresses shown in the suggested IPs list.
## Steps to reproduce
1. Create customer
2. Create webspace (Server 1)
3. Create database user
4. Create database (Server 2)
5. show database config (Only IPv4 address of server 1 added to external access)
## Correct behaviour
also IPv6 address of Server 1 should be added to external access \
even IPv6 addresses should be shown in the suggested IPs list.
## Environment
Server OS + version: Debian 11 \
ISPConfig version: 3.2.10
Software version of the related software: Apache/2.4.56 (Debian)
```
Server version: Apache/2.4.56 (Debian)
Server built: 2023-04-02T03:06:01
```
## Screenshots
![Screenshot_2023-06-15_103341](/uploads/852473560748c38c9fe78424467a30e5/Screenshot_2023-06-15_103341.png)
![Screenshot_2023-06-15_103821](/uploads/dce561173b8826326559c824407dec7d/Screenshot_2023-06-15_103821.png)
![Screenshot_2023-06-15_104013](/uploads/8f1c765b892a52ac4ac4093b5a03590e/Screenshot_2023-06-15_104013.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6526web restore writes into web folder and don't replaces it2023-06-12T05:45:13ZHannesweb restore writes into web folder and don't replaces itVersion 3.2.10<br>
I don't know if that's the intention or a bug that the restore write into the web folder and don't replaces it.<br>
(with borg but think it happens with tar.gz and others too).<br>
A restore don't delete the old cont...Version 3.2.10<br>
I don't know if that's the intention or a bug that the restore write into the web folder and don't replaces it.<br>
(with borg but think it happens with tar.gz and others too).<br>
A restore don't delete the old content of web folder first<br>
It copies the files into the directories - replaces the files but don't delete other files there.<br>
That's lead into multiple problems (over quota/files chaos) if the backup is older/other CMS/contains hacked files/..<br>
borg uses
<pre>
safe_exec cmd: cd '/var/www/clients/client1/web2' && borg extract --nobsdflags '/var/backup/web2/borg_web::web2_2023-06-11_13-18'
</pre>
and tar.gz uses
<pre>
tar xf xxx.tar.gz --directory /var/www/domain.xxx
</pre>
both write into folder i think and there is no rm -R web folder first <br><br>
I don't checked how rar, zip, 7z, bzp2... handles thishttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6511External Domain validation (same than office365 do)2023-12-26T20:28:21ZHannesExternal Domain validation (same than office365 do)Allow user do verify external domains with TXT entry (If client limit is enabled) so he don't need to ask support.
Maybe this functionality is better in an customer center and add the Domain over the api.
In my case i have it in the isp...Allow user do verify external domains with TXT entry (If client limit is enabled) so he don't need to ask support.
Maybe this functionality is better in an customer center and add the Domain over the api.
In my case i have it in the ispconfig itself.
Maybe it is usefull for other too.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6501website PHP version select should also apply for CLI2024-03-14T07:11:07Zlaulauwebsite PHP version select should also apply for CLI## Summary
choosen PHP version is correcly applied for website, but not for CLI things (cron, SSH)
## Steps to reproduce
1. create a website
2. select a PHP version different from system default
3. login via SSH
4. php --version
## Cor...## Summary
choosen PHP version is correcly applied for website, but not for CLI things (cron, SSH)
## Steps to reproduce
1. create a website
2. select a PHP version different from system default
3. login via SSH
4. php --version
## Correct behaviour
should use same PHP version as the website we are using
## Environment
Server OS + version: 18.04
ISPConfig version: 3.2.7p1
## Proposed fix
set an alias, or a symlink for the shell users related to the website ?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/64872FA using OTP codes2023-05-03T13:21:34ZVermium Sifell2FA using OTP codesI think it's important to implement 2FA support via time-limited codes as an alternative to the email 2FA. Since it feels more secure to use an Authenticator app such as Google Authenticator, Authy or Bitwarden.I think it's important to implement 2FA support via time-limited codes as an alternative to the email 2FA. Since it feels more secure to use an Authenticator app such as Google Authenticator, Authy or Bitwarden.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6482Enable sender and login mismatch submission reject by default2023-03-27T17:55:01ZThomEnable sender and login mismatch submission reject by defaultEnable sender and login mismatch submission reject by default. Also, maybe move it to only the submission setting in master.cf instead.Enable sender and login mismatch submission reject by default. Also, maybe move it to only the submission setting in master.cf instead.ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6479Nginx as a reverse proxy2023-08-08T07:22:08ZAdamNginx as a reverse proxyI created a plugin that allows you to use nginx as a reverse proxy.
Merge request for this plugin: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1703
All you need to do is:
1. Change apache port to 6080 for http and 6...I created a plugin that allows you to use nginx as a reverse proxy.
Merge request for this plugin: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1703
All you need to do is:
1. Change apache port to 6080 for http and 6443 for https.
2. Install Nginx web server
3. Activate the Nginx Reverse Proxy plugin.
`ln -s /usr/local/ispconfig/server/plugins-available/nginx_reverseproxy_plugin.inc.php /usr/local/ispconfig/server/plugins-enabled/nginx_reverseproxy_plugin.inc.php`3.2.12AdamAdamhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6478Show dependant email addresses.2023-03-15T14:22:01ZTomShow dependant email addresses.Hi,
At the website level you can now see the alias domain information. This inspired me to also add that to the mail domain page.
This way you can quickly see which email address are in use for a particular domain. Which helps hunting...Hi,
At the website level you can now see the alias domain information. This inspired me to also add that to the mail domain page.
This way you can quickly see which email address are in use for a particular domain. Which helps hunting down what addresses are there when the customer requires to delete the domain and to see the addresses so I don't have to go through 4 different sections to find them all. For example if you need to know if info@ is a box, alias, forward or caught by a catchall.
Patch and screenshot attached.
![Safari_KovoKs_B.V.__ISPConfig_21.33.02_2x](/uploads/37767f757149316b8df8d78f00f0d70b/Safari_KovoKs_B.V.__ISPConfig_21.33.02_2x.png)
[patch.ispconfig.showdependantemailaddresses.diff](/uploads/8b93ba9e43f8827c4d9fb522a0c5ec15/patch.ispconfig.showdependantemailaddresses.diff)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6464Add (and use) template files for shell users: .profile, .bashrc, README, etc2023-02-10T07:03:55ZJensAdd (and use) template files for shell users: .profile, .bashrc, README, etcFor shell users, a global ".profile" template would be very useful, since Jailkit users cannot see the global /etc/profile. This can be used to welcome users, create aliases and custom shell functions (for example `setup_composer` or `se...For shell users, a global ".profile" template would be very useful, since Jailkit users cannot see the global /etc/profile. This can be used to welcome users, create aliases and custom shell functions (for example `setup_composer` or `setup_rbenv`) and point to existing documentation.
Having ISPconfig use a `/usr/local/ispconfig/server/conf-custom/shell/dot-profile` file (for example) template when creating a shell user would solve this.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6461Removing jailkit user does not clear jailkit files from web directory2023-02-09T19:13:26ZJensRemoving jailkit user does not clear jailkit files from web directory## Summary
See $Subject
## Steps to reproduce
1. Setup basic ISPconfig 3.2.9 on Ubunto 22.04 using ispc-autoinstaller
2. Create shell user with jailkit
3. Remove this shell user again, wait for ISPconfig cronjob
## Correct behaviour
Th...## Summary
See $Subject
## Steps to reproduce
1. Setup basic ISPconfig 3.2.9 on Ubunto 22.04 using ispc-autoinstaller
2. Create shell user with jailkit
3. Remove this shell user again, wait for ISPconfig cronjob
## Correct behaviour
The web directory should not have any jailkit specific files (hardlinks to /usr, /etc/, etc files) any more.
## Environment
Server OS + version: Ubuntu 22.04 server
ISPConfig version: 3.2.9
## Proposed fix
If jailkit does not provide this functionality (remove jailkit specific hardlinks), we can recreate this by finding all files owned by root with link_count > 1 and removing them, and then removing all non-default empty folders (i.e. exclude everything with +i attribute). Something like this:
```
find $WEBDIR -type f -links +1 | xargs rm
find $WEBDIR -type d | tac | xargs rmdir # rmdir fails on non-empty folders, and tac reverses order
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6457Support getmail imap idle option2023-01-27T08:42:10ZKoSSupport getmail imap idle optionIt would be great if the getmail imap idle function would be supported so that IMAP mailboxes do not need to be polled every 5 minutes but mails will arrive immediately.
As this would need to run a system service for every getmail rcco...It would be great if the getmail imap idle function would be supported so that IMAP mailboxes do not need to be polled every 5 minutes but mails will arrive immediately.
As this would need to run a system service for every getmail rcconfig that needs imap idle, it would be a bigger change in how ISPconfig handles the getmail configuration.
See https://pyropus.ca./software/getmail/configuration.html#running-commandline-options and https://work-work.work/blog/2018/12/15/getmail-systemd-imap-idle.htmlhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6439DNSSEC CDS support for automatic key handling2023-04-13T08:04:44ZKoSDNSSEC CDS support for automatic key handlingInstead of having to manually copy the DNSSEC keys to the registrar from ISPconfig, only the "dnssec-policy default;" of BIND needs to be enabled for automatic key handling, see here:
see here https://forum.howtoforge.com/threads/dnssec-...Instead of having to manually copy the DNSSEC keys to the registrar from ISPconfig, only the "dnssec-policy default;" of BIND needs to be enabled for automatic key handling, see here:
see here https://forum.howtoforge.com/threads/dnssec-cds-records.89962/
Changes needed in ISPconfig:
- Add a mutual exclusive checkbox to "Sign zone (DNSSEC)" à la "Enable DNSSEC default policy"
- Fix the apparmor file permission issues
- Write the "dnssec-policy default;" in the config file
- Make sure this feature is only available for newer BIND version (>= 9.17)
Thanks!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6429Statistics (FTP, traffic ect) displays NAN when no records in DB2023-01-29T20:49:52ZKrzysztof BaranowskiStatistics (FTP, traffic ect) displays NAN when no records in DBWhen account is new or don't have any stats there are NAN everywere.
Sites -> ftp stats, traffic stats, backup stats
Email -> mailbox stats, backup stats, traffic stats
![Screenshot_2022-12-16_at_11-37-04_ISPConfig](/uploads/03158c0ae...When account is new or don't have any stats there are NAN everywere.
Sites -> ftp stats, traffic stats, backup stats
Email -> mailbox stats, backup stats, traffic stats
![Screenshot_2022-12-16_at_11-37-04_ISPConfig](/uploads/03158c0aee0a0ff6d9d9411d5f4863d8/Screenshot_2022-12-16_at_11-37-04_ISPConfig.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6427Dovecot & postfix - add allow_nets setting2022-12-15T11:32:37ZKrzysztof BaranowskiDovecot & postfix - add allow_nets settingFuture request.
Dovecot has security setting called allow_nets that allow only login to mailbox from listed ip.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
This setting control not only login to imap, pop3 ...Future request.
Dovecot has security setting called allow_nets that allow only login to mailbox from listed ip.
https://doc.dovecot.org/configuration_manual/authentication/allow_nets/
This setting control not only login to imap, pop3 byt also smtp.
Setting can be done for selected emails.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6426Create API or function to import DNSSEC keys2022-12-14T18:32:00ZTill BrehmCreate API or function to import DNSSEC keysCreate API or function to import DNSSEC keys using remote API and maybe also in the GUI.Create API or function to import DNSSEC keys using remote API and maybe also in the GUI.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6425Include ModSecurity and OWASP ModSecurity Core Rule Set (CRS)2022-12-14T18:30:24ZRaffael LuthigerInclude ModSecurity and OWASP ModSecurity Core Rule Set (CRS)Many websites / CMS systems get attacked on a daily basis. There is an open source project which is providing ModSecurity rules to mitigate many common attacks. It would be great if ModSecurity and the OWASP ModSecurity Core Rule Set (CR...Many websites / CMS systems get attacked on a daily basis. There is an open source project which is providing ModSecurity rules to mitigate many common attacks. It would be great if ModSecurity and the OWASP ModSecurity Core Rule Set (CRS) is included in ISPconfig in the sense that those rules can be enabled or disabled on a per website basis. ModSecurity is available for nginx and apache.
More information about the project:
https://owasp.org/www-project-modsecurity-core-rule-set/ or here
https://coreruleset.org/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6410Add website php version as alias to the .bashrc file of the web user2023-12-08T11:47:42ZTill BrehmAdd website php version as alias to the .bashrc file of the web userSee: https://forum.howtoforge.com/threads/installed-ispconfig-3.89709/#post-440465See: https://forum.howtoforge.com/threads/installed-ispconfig-3.89709/#post-440465https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6402Feature Request: BorgBackup also for email2022-11-12T16:44:47ZJacco van KollFeature Request: BorgBackup also for emailFirst, I want to say **THANK YOU** for implementing BorgBackup for websites! It works fast, amazing, and saves tons of space! It's great!
Now my humble request: Can BorgBackup also be implemented for mailboxes? This would have a huge im...First, I want to say **THANK YOU** for implementing BorgBackup for websites! It works fast, amazing, and saves tons of space! It's great!
Now my humble request: Can BorgBackup also be implemented for mailboxes? This would have a huge impact on saving storage too!
Thank you in advance!