ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2024-03-28T10:51:33Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6671Pending queue query does not take active state of servers into account2024-03-28T10:51:33ZTill BrehmPending queue query does not take active state of servers into accounthttps://forum.howtoforge.com/threads/queue-stack.92103/#post-455034https://forum.howtoforge.com/threads/queue-stack.92103/#post-4550343.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6670DKIM for locally submitted mail - set content_filter = amavis:[127.0.0.1]:100262024-03-22T17:48:08ZMatus UhlarDKIM for locally submitted mail - set content_filter = amavis:[127.0.0.1]:10026With amavis, the default value of content_filter set by ISPConfig is:
content_filter = amavis:[127.0.0.1]:10024
Port 10024 is used for incoming mail, not outgoing, and DKIM signing is available on port 10026 in amavis config:
$interfa...With amavis, the default value of content_filter set by ISPConfig is:
content_filter = amavis:[127.0.0.1]:10024
Port 10024 is used for incoming mail, not outgoing, and DKIM signing is available on port 10026 in amavis config:
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
originating => 1,
};
This results in all mail submitted locally:
- cron jobs
- ISPConfig when "Use SMTP to send system mails" is unset
- other applications calling /usr/sbin/sendmail (standard way to submit mail)
is sent without DKIM signature.
Since ALL mail received via SMTP has content_filter overridden by FILTER directives called from smtpd_sender_restrictions:
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
where the last rule sets:
/^/ FILTER lmtp:[127.0.0.1]:10024
I believe setting content_filter to port 10026 by default should be safe.
Please set default port for content_filter do 10026 instead.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6665security.txt2024-03-15T12:15:01ZSteffan Noordsecurity.txtRequest to adopt security.txt to the panel
idee is to I add a default security.txt to the .well-known folders of all domains, and clients can eddit it in the panel
https://www.rfc-editor.org/rfc/rfc9116Request to adopt security.txt to the panel
idee is to I add a default security.txt to the .well-known folders of all domains, and clients can eddit it in the panel
https://www.rfc-editor.org/rfc/rfc9116https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6663Menu item title link shall use target of the first item2024-03-08T10:11:08ZTill BrehmMenu item title link shall use target of the first itemhttps://forum.howtoforge.com/threads/menu-head-name-linking.92005/#post-454637https://forum.howtoforge.com/threads/menu-head-name-linking.92005/#post-4546373.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6662Add amazontrust.com CA2024-03-07T09:30:48ZTill BrehmAdd amazontrust.com CAAdd the CA amazontrust.com for CAA records.Add the CA amazontrust.com for CAA records.3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6659Probable bug on roundcube default Content-Security-Policy2024-03-04T13:28:06ZLucaProbable bug on roundcube default Content-Security-PolicyWe see that if we use the webmail from the default URL of the server:
https://nameoftheserver:8081/webmail
basically no image are opened from the webmail.
Because rise a policy error for "Content-Security-Policy", like:
```
Content-Se...We see that if we use the webmail from the default URL of the server:
https://nameoftheserver:8081/webmail
basically no image are opened from the webmail.
Because rise a policy error for "Content-Security-Policy", like:
```
Content-Security-Policy: Download a resource from https://external-url/9/9d08eac.png it was blocked by the page settings (“img-src”).
```
In my opinion the configuration here:
```
-- /etc/apache2/sites-available/apps.vhost
Row: 31
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
```
should be a little bit more relaxed like:
```
# ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
Header set Content-Security-Policy "'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'"
```
otherwise basically the webmail from the default url is useless for html mail. And this is a problem, because we are trying to keep our installation as standard as possible.
We known that we can use a different host to access webmail (like webmail.domain.com or something like that) but imho that should be fixed also on the main host above.
Tell me you thoughts about.
Thank's.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6658The spamfilter of all users (that used it) is rewritten although only the pol...2024-03-01T07:43:05ZHannesThe spamfilter of all users (that used it) is rewritten although only the policy name has been changed## Summary
The spamfilter is rewritten although only the policy name has been changed.
Is not a big problem at all but if there are a lot of users than the system rewrites a lot of config files.
## Steps to reproduce
1. change only t...## Summary
The spamfilter is rewritten although only the policy name has been changed.
Is not a big problem at all but if there are a lot of users than the system rewrites a lot of config files.
## Steps to reproduce
1. change only the name of a spamfilter policy than all spamfilter users of this filter get new config
## Correct behaviour
don't rewrite the spamfilter config of every user of this spamfilter policy if only policy_name got changed.
I don't think the policy_name is used anywhere on the server side - only in the interface.
## Environment
Server OS + version: (Ubu 22.04) \
ISPConfig version: (3.2.11p2)
## Proposed fix
```
diff --git a/interface/web/mail/spamfilter_policy_edit.php b/interface/web/mail/spamfilter_policy_edit.php
--- a/interface/web/mail/spamfilter_policy_edit.php
+++ b/interface/web/mail/spamfilter_policy_edit.php (date 1709230118549)
@@ -93,7 +93,9 @@
function onAfterUpdate() {
$this->record_has_changed = false;
foreach($this->dataRecord as $key => $val) {
+ if ($key == 'policy_name') { continue; } // Don't trigger update of all spamfilter users if only policy_name is changed
if(isset($this->oldDataRecord[$key]) && @$this->oldDataRecord[$key] != $val) {
// Record has changed
$this->record_has_changed = true;
}
```
i ll send a MRhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6656Spamfilter white/blacklist entries can not be added by the client2024-02-26T15:18:03ZTill BrehmSpamfilter white/blacklist entries can not be added by the clienthttps://forum.howtoforge.com/threads/filters.91847/https://forum.howtoforge.com/threads/filters.91847/3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6655Detect and add new IP addresses to ISPConfig2024-02-26T11:14:52ZHairyDetect and add new IP addresses to ISPConfig## Summary
On the very first and only the very first install of ISPConfig, the installer will detect and add the IP addresses of the server.
After installing ISPConfig, I have added additional IP addresses to the server.
After recently u...## Summary
On the very first and only the very first install of ISPConfig, the installer will detect and add the IP addresses of the server.
After installing ISPConfig, I have added additional IP addresses to the server.
After recently updating ISPConfig to the latest version, my new IP addresses were not added to ISPConfig.
ISPConfig should be able to scan for new IP addresses and add them to ISPConfig.
This single feature should be available from at least three places.
Additionally, I think you should be asked whether you want to scan for server IP addresses to add when installing and updating ISPConfig.
Currently, the installer forces you to add the new IP addresses whether you want to or not.
First, the feature should be fixed in the file /install/install.php, directly above the Restarting services section.
Second, the feature should be added to the file /install/update.php, directly above the Restarting services section.
Third, the feature should be added to the ISPConfig admin interface, under System->Server IP Addresses, with a new button labeled "Detect and Add New IPs."
## Proposed fix
I think I can fix this by changing or implementing the following code in the /install/install.php and /install/update.php files:
```
// Detect and add server IP addresses to ISPconfig
$detect_ips_answer = $inst->simple_query('Detect and add server IPs to ISPConfig?', array('yes', 'no'), 'no','detect_ips');
if($detect_ips_answer == 'yes') {
swriteln('Detecting IP addresses');
$inst->detect_ips();
}
```
I think the field server_ip.ip_address should be changed to unique to prevent duplicate entries.
Perhaps in time, I can offer more information for the button in the admin interface.
Maybe someone else can push a commit for the button before I can get to it.
## Environment
ISPConfig 3.2.11p2
Debian 11
## Related log entries
issue-fix-detect-ips-on-install
issue-add-detect-ips-on-update
issue-add-detect-ips-sysadmin-buttonhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6654Rspamd R_DUMMY Symbol is missing on some systems2024-02-26T09:21:45ZTill BrehmRspamd R_DUMMY Symbol is missing on some systemshttps://forum.howtoforge.com/threads/rspamd-whitelist.84552/
https://forum.howtoforge.com/threads/spamfilter-blacklist-does-not-work.91946/https://forum.howtoforge.com/threads/rspamd-whitelist.84552/
https://forum.howtoforge.com/threads/spamfilter-blacklist-does-not-work.91946/3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6653Disable message function does not work2024-02-26T11:31:55ZHairyDisable message function does not work## Summary
ISPConfig ALMOST allows you to disable showing the message function, effectively disabling support messages.
Navigation to the setting:
System->Main config->Misc->Show message function in help module
After you disable showing...## Summary
ISPConfig ALMOST allows you to disable showing the message function, effectively disabling support messages.
Navigation to the setting:
System->Main config->Misc->Show message function in help module
After you disable showing the message function, ISPConfig still shows the message function to resellers and clients.
When the admin navigates to the Help tab,
In the right view the ISPConfig version is shown.
In the left navigation pane there is no longer an option for message functions.
When the reseller or client navigates to the Help tab,
In the right view the message function is still shown.
In the left navigation pane there is no longer an option for message functions.
## Proposed fix
I can fix this by showing the ISPConfig version in the default admin, reseller and client views by editing the files:
help/version.php
help/lib/module.conf.php
## Secondary issue
This brings us to a secondary issue.
A previous developer considered the ISPConfig version top secret information that should be kept secret from everyone except the admin.
If anyone can give a rational explanation why the version number should be kept top secret from everyone, please let me know so I can change my fix.
## Related log entries
issue-fix-message-function-disablinghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6651Remove old OpenVZ code (vm module)2024-02-20T07:51:27ZTill BrehmRemove old OpenVZ code (vm module)The traditional OpenVZ Kernel has not been available for quite some time, so keeping the code for it in ISPConfig makes no sense as its of no use on any current Linux system. The last OpenVZ Kernel was Linux Kernel 2.5 or 2.6, if I remem...The traditional OpenVZ Kernel has not been available for quite some time, so keeping the code for it in ISPConfig makes no sense as its of no use on any current Linux system. The last OpenVZ Kernel was Linux Kernel 2.5 or 2.6, if I remember correctly. This feature request is to remove the old legacy OpenVZ code to clean up the code base.3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6649Parse options from php.ini settings to php pool file directly2024-02-13T16:54:44ZKreso PendicParse options from php.ini settings to php pool file directly3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6639ISPConfig CLI command2024-02-01T16:05:49ZTill BrehmISPConfig CLI commandImplement a new modular ISPConfig command-line interface. The command will be named "ispc". It will also replace the old update command, ispconfig_update.sh.
Example commands:
ispc version (Shows ISPConfig version)
ispc update (Runs IS...Implement a new modular ISPConfig command-line interface. The command will be named "ispc". It will also replace the old update command, ispconfig_update.sh.
Example commands:
ispc version (Shows ISPConfig version)
ispc update (Runs ISPConfig Update)
ispc backup (Make a backup of the ISPConfig database and files)
ispc password admin (set new password for user admin)
ispc server plugin enable cron (enables the cron server plugin)
ispc help (Will show available modules and command options)
In the first step, the basis for the new cli will be implemented with a few simple base functions like the version command. More commands will be added later on.3.2.12Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6632Disable FastCGI option on newly installed systems2024-01-23T22:58:24ZThomDisable FastCGI option on newly installed systems3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6630Remove Pagespeed support2024-03-12T17:40:11ZMichaelRemove Pagespeed supportThe Pagespeed project (Apache module as well as Nginx) has not been maintained since at least 30. June 2022 and the Git repositories have been archived.
I therefore suggest removing Pagespeed.
Maybe it is possible to "substitute" Pa...The Pagespeed project (Apache module as well as Nginx) has not been maintained since at least 30. June 2022 and the Git repositories have been archived.
I therefore suggest removing Pagespeed.
Maybe it is possible to "substitute" Pagespeed with Google's Lighthouse some day in the future which provides a similar set of features, except that the website owner has to manually make the adjustments to his website.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6627Wrong CNAME DNS Validation2024-01-10T07:04:45Zteuto.netWrong CNAME DNS ValidationThe current cname validation only checks if there is already an entry with the same name.
There i no validation for DNS entry's like name.origin.The current cname validation only checks if there is already an entry with the same name.
There i no validation for DNS entry's like name.origin.teuto.netteuto.nethttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6626Mirror server IP not automatically added to database Remote Access IPs list2024-01-09T19:17:02ZHelmoMirror server IP not automatically added to database Remote Access IPs listThe webserver's IP is auto added to the list of Remote Access IPs when the database is not on the same host.
However when that host has a mirror server those IP's are not added. MR incoming ...
It annoyed me that a huge chunk of code w...The webserver's IP is auto added to the list of Remote Access IPs when the database is not on the same host.
However when that host has a mirror server those IP's are not added. MR incoming ...
It annoyed me that a huge chunk of code was duplicated there so I first created #6625HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6625De-duplicate onBeforeUpdate and onBeforeInsert in database_edit.php2024-01-09T19:17:19ZHelmoDe-duplicate onBeforeUpdate and onBeforeInsert in database_edit.phpIt annoyed me that a huge chunk of code was duplicated between onBeforeUpdate() and onBeforeInsert() in database_edit.php, and a few subtle differences had already crept up... bugs.
E.g. on Insert we were not checking is a database_user...It annoyed me that a huge chunk of code was duplicated between onBeforeUpdate() and onBeforeInsert() in database_edit.php, and a few subtle differences had already crept up... bugs.
E.g. on Insert we were not checking is a database_user was filled in, but in the update method we call an error database_user_missing_txt for it.HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6623LDAP Acces feature request2023-12-27T08:51:18ZImad DaouLDAP Acces feature requestDear ISPConfig Team,
Is there a way to have ISPConfig works with LDAP the way OPNSense does?
https://docs.opnsense.org/manual/how-tos/user-ldap.html
That would be great, this way we can have Enterprise LDAP platform like Active direc...Dear ISPConfig Team,
Is there a way to have ISPConfig works with LDAP the way OPNSense does?
https://docs.opnsense.org/manual/how-tos/user-ldap.html
That would be great, this way we can have Enterprise LDAP platform like Active directory use ISPConfig for mailboxes; I strongly believe ISPConfig can do great at the enterprise level, especially if AD users can use ISPConfig for mailboxes.
Thank you!