ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-09-22T16:19:50Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3423Add massive actions in WebUI2020-09-22T16:19:50ZYannick MOLINETAdd massive actions in WebUIHI all,
It could be interresting to have some massive actions in the WebUI. By example :
- Disable email account
- Disable fetchmail account
- Remove fetchmail accout
- Change some parameters like disabling smtp/imap/pop or reset passwordHI all,
It could be interresting to have some massive actions in the WebUI. By example :
- Disable email account
- Disable fetchmail account
- Remove fetchmail accout
- Change some parameters like disabling smtp/imap/pop or reset passwordhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3481Improve mail server safety with postfwd2020-12-28T07:56:06ZZironda SrlImprove mail server safety with postfwdIt would be interesting to integrate postfwd in ispconfig ecosystem
http://postfwd.org/It would be interesting to integrate postfwd in ispconfig ecosystem
http://postfwd.org/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3486ISPConfig only supports MD5 passwords.2020-02-02T18:44:44ZJasmine IwanekISPConfig only supports MD5 passwords.MD5 passwords are insecure and ISPConfig should really use SHA256 or SHA512 passwords where possible, below is some example code which could easily be used to support multiple password types, It currently can support DES, Extended DES, M...MD5 passwords are insecure and ISPConfig should really use SHA256 or SHA512 passwords where possible, below is some example code which could easily be used to support multiple password types, It currently can support DES, Extended DES, MD5, Blowfish, SHA256 and SHA512, I've left debug info in and it's based on the password code currently in ISPConfig, It still needs changes to select which hash to use and it would likely be improved by allowing the administrator to select which hash algo to use in the web interface, along with some code to detect when a password using an old hash has been entered and update it on the fly to use the currently selected one (This would allow installations to change from MD5 to SHA??? without causing users to reset their passwords.
```php
$password = 'TemporaryPasswordForTest';
$base64_alphabet='+/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (CRYPT_STD_DES == 1) {
$salt='';
for ($n=0;$n<2;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$outpass = crypt($password, $salt);
echo 'Standard DES: ' . $outpass . strlen($outpass) . "\n";
}
if (CRYPT_EXT_DES == 1) {
$algorithm="_";
$cost='zz..'; // 4 bytes of iteration count.
$salt=$algorithm . $cost; // . '$';
for ($n=0;$n<4;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$outpass = crypt($password, $salt);
echo 'Extended DES: ' . $outpass . strlen($outpass) . "\n";
}
if (CRYPT_MD5 == 1) {
$salt="$1$";
for ($n=0;$n<8;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.="$";
$outpass = crypt($password, $salt);
echo 'MD5: ' . $outpass . " Len: " . strlen($outpass) . "\n";
}
if (CRYPT_BLOWFISH == 1) {
# $2$ (old broken behaviour) $2b$ (new behaviour, same as $2y), $2x$ (old broken behaviour)
if (version_compare(PHP_VERSION, '5.3.7') >= 0)
$algorithm = '2y'; // BCrypt, with fixed unicode problem
// $algorithm = '2b';
else
$algorithm = '2a'; // BCrypt
// $algorithm = '2x';
$cost='08'; // Should be between 04 and 31
$salt='$' . $algorithm . '$' . $cost . '$';
for ($n=0;$n<22;$n++) {
$salt.= str_replace('+', '.', $base64_alphabet[mt_rand(0, 63)]);
}
$outpass = crypt($password, $salt);
echo 'Blowfish: ' . $outpass . " Len: " . strlen($outpass) . "\n";
}
if (CRYPT_SHA256 == 1) {
$algorithm='$5$';
$cost='rounds=5000';
$salt=$algorithm . $cost . '$';
for ($n=0;$n<16;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.='$';
$outpass = str_replace('rounds=5000$', '', crypt($password, $salt));
echo 'SHA-256: ' . $outpass . " Len: " . strlen($outpass) . "\n";
}
if (CRYPT_SHA512 == 1) {
$algorithm='$6$';
$cost='rounds=5000';
$salt=$algorithm . $cost . '$';
for ($n=0;$n<16;$n++) {
$salt.=$base64_alphabet[mt_rand(0, 63)];
}
$salt.='$';
$outpass = str_replace('rounds=5000$', '', crypt($password, $salt));
echo 'SHA-512: ' . $outpass . " Len: " . strlen($outpass) . "\n";
}
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3494Allow enable/disable directive snippets for clients2020-11-01T16:11:59ZsdafsadfsdAllow enable/disable directive snippets for clientsI know that apache and php additional options are disabled for clients/resellers due to security as they can potentially break the whole webserver setup. However it is still needed to allow clients/resellers to enable some options in cer...I know that apache and php additional options are disabled for clients/resellers due to security as they can potentially break the whole webserver setup. However it is still needed to allow clients/resellers to enable some options in certain situations. My suggestions is to allow them to simply include some of the predefined snippets. I.e. the snippets that are added in the Directive snippets section are available as a list of checkboxes which resellers/clients can simply enable or disable.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3532Add dynamic reject with postfix verify service2020-09-25T20:35:26ZTill BrehmAdd dynamic reject with postfix verify serviceAdd a dynmic reject configuration by using the postfix verify service for systems that use transports in fron of other mail servers like exchange servers.Add a dynmic reject configuration by using the postfix verify service for systems that use transports in fron of other mail servers like exchange servers.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3636Backups: Grandparent / Parent / Child implementation2020-06-08T14:45:21ZBart GuijtBackups: Grandparent / Parent / Child implementationAlthough it's great to be able to have up to 10 daily/weekly/monthly backups, ideally the choice between daily/weekly/monthly shouldn't be "OR", but "AND".
It would be great if we could keep both daily backups (childs), weekly backups...Although it's great to be able to have up to 10 daily/weekly/monthly backups, ideally the choice between daily/weekly/monthly shouldn't be "OR", but "AND".
It would be great if we could keep both daily backups (childs), weekly backups (parents) and monthly backups (grandparents). Ideally these intervals should be able to be set through the configuration panel itself (e.g. "3 months", "6 months", "Year"), but already being able to choose 2 or more intervals would greatly add to the functionality of the backup system.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3644Request for password length increase and validation when changing password in...2020-02-26T16:56:18ZEdRequest for password length increase and validation when changing password in the interface.I had initially changed my new ISPConfig3 latest with patch 8 and used a greater than 64 character password for the admin user in ispconfig3 - and there was no error message when I changed the password, however when I attempted to login ...I had initially changed my new ISPConfig3 latest with patch 8 and used a greater than 64 character password for the admin user in ispconfig3 - and there was no error message when I changed the password, however when I attempted to login again, it didn't work with error message that the password can't be greater than 64 characters. So, my recommendation is to increase the allowable password length to 256 characters. Strong passwords = long paswords. In addition I recommend that you throw an error when changing the password in the tools section of the control panel so that it doesn't accept longer than 256 character (or 64 character currently) passwords.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3652Integrate imapsync instead of getmail (imap)2019-11-04T11:38:25ZSteffen NielsenIntegrate imapsync instead of getmail (imap)imapsync seems easy to install and use and even supports sync of subfolders which getmail doesn't.
https://github.com/imapsync/imapsync
Found installation notes on: http://blog.grossi.io/2013/migrating-emails-using-imap-imapsync-to...imapsync seems easy to install and use and even supports sync of subfolders which getmail doesn't.
https://github.com/imapsync/imapsync
Found installation notes on: http://blog.grossi.io/2013/migrating-emails-using-imap-imapsync-tofrom-gmail-yahoo-etc/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3654Syntax error in "Custom php.ini settings" field causes php-fpm to go down; ch...2020-01-08T11:58:49ZBen JohnsonSyntax error in "Custom php.ini settings" field causes php-fpm to go down; check with FPM's --testHello!
While editing a virtual host's "Custom php.ini settings" value, I entered the following, which contains a superfluous and erroneous "&":
[code]
error_reporting = E_ALL & & ~E_DEPRECATED
[/code]
This is, of course, synta...Hello!
While editing a virtual host's "Custom php.ini settings" value, I entered the following, which contains a superfluous and erroneous "&":
[code]
error_reporting = E_ALL & & ~E_DEPRECATED
[/code]
This is, of course, syntactically invalid. But ISPConfig went ahead and attempted to restart php-fpm anyway, which resulted in a PHP outage across every site on the server, because php-fpm was stopped but never restarted (due to the syntax error that ISPConfig saved to the configuration).
Given that php-fpm has a built-in mechanism for validating its configuration, ISPConfig should make use of this feature.
If ISPConfig is already using "php-fpm --test", then something is not working correctly, because I just tested this very example and it is caught as expected:
# php-fpm --test PHP: syntax error, unexpected '&' in Unknown on line 1
[09-Sep-2015 09:56:23] ERROR: Unable to include /usr/local/zend/etc/fpm.d/web4.conf from /usr/local/zend/etc/php-fpm.conf at line 24
[09-Sep-2015 09:56:23] ERROR: failed to load configuration file '/usr/local/zend/etc/php-fpm.conf'
[09-Sep-2015 09:56:23] ERROR: FPM initialization failed
Calling "php-fpm --test" returns "0" status code if the configuration is valid, and a non-zero code if it is invalid. This should make it relatively simple to test the configuration before reloading PHP-FPM, rolling-back if necessary.
This is exactly what is done with NGINX and Apache configuration changes, so the same should be applied to other services, such as PHP, wherever possible.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3689Updated croatian languange2020-06-07T15:55:21ZZvonimirUpdated croatian languangehttp://www.weboteka.net/ispconfig/hr.lnghttp://www.weboteka.net/ispconfig/hr.lnghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3707Force password on first login" setting2020-08-08T13:08:38ZTill BrehmForce password on first login" settingThat way when we provide access to a user it is a secure way to email a password that we know can only be utilized by one user - and confirm that only that user utilized it.That way when we provide access to a user it is a secure way to email a password that we know can only be utilized by one user - and confirm that only that user utilized it.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3708Support NodeJS2020-04-05T07:54:52ZLeonhard WolfmayrSupport NodeJSAs discussed in this thread: https://www.howtoforge.com/community/threads/support-for-nodejs.71538/#post-336594
NodeJS will be used much more widely if Wordpress makes the switch. ISPConfig should definitely support it then.As discussed in this thread: https://www.howtoforge.com/community/threads/support-for-nodejs.71538/#post-336594
NodeJS will be used much more widely if Wordpress makes the switch. ISPConfig should definitely support it then.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3726client filter in top menu2017-08-10T20:10:47ZAntalclient filter in top menuPlease consider a client filter in the top menu, only display items for the selected client and be able to deleted everything just like I can do as an admin.
Log in as client, does not provide all abilities an admin has and is too muc...Please consider a client filter in the top menu, only display items for the selected client and be able to deleted everything just like I can do as an admin.
Log in as client, does not provide all abilities an admin has and is too much of a hassle.
The system wide filter would save a lot of time and system resources when switching tabs.Planned featuresMarius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3767Add support for mailing list manager SYMPA2024-01-02T17:38:14ZEricAdd support for mailing list manager SYMPAThe sympa mailing list manager is capable of virtual domains in so called "robots" and can serve data from various formats: text (via ftp, http, ...), various databases.
Packages are available in debian.
Basic aliases and transports fo...The sympa mailing list manager is capable of virtual domains in so called "robots" and can serve data from various formats: text (via ftp, http, ...), various databases.
Packages are available in debian.
Basic aliases and transports for postfix can be set in transport-regexp e.g.:
```
/^.*+owner\@domain\.tld$/ sympabounce:
/^.*\@domain\.tld$/ sympa:
```
sympabounce and sympa represent services in master.cf - e.g.
```
sympa unix - n n - 1 pipe flags=RF user
=sympa argv=/usr/lib/sympa/lib/sympa/queue ${recipient}
sympabounce unix - n n - 1 pipe flags=RF user
=sympa argv=/usr/lib/sympa/lib/sympa/bouncequeue ${user}@${domain}
Domain owners will be listed in virtual-regexp:
/^(.*)-owner\@(.*)$/ $1+owner@$2
```
Eventually aliases retrieved through ispconfig's database are preferable.
The web interface can be made available through fpm-wrapper and one aliased virtual host. Example config for nginx:
```
server {
listen _default:443;
listen [2001:db8::1]:443;
server_name hostname.domain.tld lists.otherdomain.tld;
root /var/www/lists;
location / {
rewrite ^/$ https://$http_host/home last;
rewrite ^/wws/(.*)$ /$1 last;
rewrite ^/wws$ /home last;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param HTTPS on;
if (-f $request_filename) { break; }
if (!-e $request_filename) {
gzip off;
fastcgi_pass unix:/var/run/sympa/wwsympa.socket;
}
}
location /static-sympa {
alias /var/lib/sympa/static_content;
}
}
```
/var/www/lists/[domain]_css/ will contain css data and may be adapted per domain.
config data will reside in /etc/sympa/hostname.domain.tld
I plea for integration of Sympa as a better alternative to mailman.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3768SSL certificate management2021-01-21T09:39:10ZEricSSL certificate managementCurrently ssl certificates, keys, certificate requests and chaincerts need to be added by copy-n-paste into a vhost configuration. The plesk/odin approach seems to be more comfortable: They use an upload button and certs, keys, etc will ...Currently ssl certificates, keys, certificate requests and chaincerts need to be added by copy-n-paste into a vhost configuration. The plesk/odin approach seems to be more comfortable: They use an upload button and certs, keys, etc will be added to a named set of certificates, that can be later chosen in vhost configs.
As letsencrypt certificates will be supported in upcoming versions of ispconfig, it would seem wise to create these (if enabled) as such a set, that the user can choose of as described above.
It should also be possible to save only the location of a cert instead of it's contents in such a set.
Sets of certificates should be swapped out to their own tables, that are referenced by the vhost.
IMO that would improve the handling a lot.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3771AWS Route532020-08-28T16:09:21ZRyan AWS Route53I know there has been previous requests before, but nothing really became of it.
At the moment i used Route53 almost exclusively for my DNS, there are many advantages. Anyways, it could be great with some implementaiton for support w...I know there has been previous requests before, but nothing really became of it.
At the moment i used Route53 almost exclusively for my DNS, there are many advantages. Anyways, it could be great with some implementaiton for support with external DNS services, route53 (others are also available).. I know AWS R53 has a php library, and a cli too.
If there is nothing planned, i might look into writing one myself. Just dont need to be re-inventing the wheel here :)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3782Drop ?> in just PHP files.2020-08-31T14:20:03ZBradley WestonDrop ?> in just PHP files.How do you guys feel about this. https://pear.php.net/manual/en/standards.tags.php#2203
Could also start using PSR-2, then you can have static analysis tests from `php-cs-fixer` which I'd be more then happy to make a PR for.How do you guys feel about this. https://pear.php.net/manual/en/standards.tags.php#2203
Could also start using PSR-2, then you can have static analysis tests from `php-cs-fixer` which I'd be more then happy to make a PR for.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3794Dovecot SNI support2021-06-25T08:17:14ZNapDovecot SNI supportWith Lets Encrypt, it would be nice to incorporate Dovecot SNI configuration through ISPConfig.
Send and Receive works with my installation across a number of domains when using Outlook 2007 and iPhone4 (iOS7).
My iPhone complains abou...With Lets Encrypt, it would be nice to incorporate Dovecot SNI configuration through ISPConfig.
Send and Receive works with my installation across a number of domains when using Outlook 2007 and iPhone4 (iOS7).
My iPhone complains about the LE certificate, but after accepting it, all mail functions work fine.
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MariaDB Server 5.5.40, MariaDB Client 5.5.41, PHP 5.5.9, ISPConfig 3.0.5.4p8, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, amavis, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3804disable modification of /etc/fstab2019-05-22T15:08:23ZRobert Vergedisable modification of /etc/fstabProvide option to disable modification of /etc/fstabProvide option to disable modification of /etc/fstabhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3805Replace/cleanup DNS hostname validators2020-09-07T13:10:55ZDavid KreitschmannReplace/cleanup DNS hostname validatorsI noticed that the validators for DNS entries are different for most forms. Sometimes * is allowed, sometimes _, sometimes none. Often it can result in invalid entries: _ is only allowed at the beginning, - only in the middle of a label....I noticed that the validators for DNS entries are different for most forms. Sometimes * is allowed, sometimes _, sometimes none. Often it can result in invalid entries: _ is only allowed at the beginning, - only in the middle of a label.
I think this should be a good validator:
```
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(\*|(\*\.)?_?([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\._?([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*\.?)$/',
',
'errmsg'=> 'name_error_regex'),
```
It allows corner cases, e.g.:
*
*._asdf._asdf (currently not possible for TXT)
asdf.example.com.
but disallows the following invalid records which can currently be entered e.g.:
-asdf
asd_f
asdf*3.3