Helmo · Helmo · Helmo · Helmo · Helmo · Helmo
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -3847,6 +3847,10 @@ class installer_base {
 			$root_cron_jobs[] = "0 0 * * * ".$install_dir."/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
 		}

+		if ($conf['services']['mail'] == 1) {
+			$root_cron_jobs[] = "30 23 * * * ".$install_dir."/server/scripts/handle_mailbox_soft_deleted.sh &> /dev/null";
+		}
+
 		foreach($root_cron_jobs as $cron_job) {
 			if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
 				$existing_root_cron_jobs[] = $cron_job."\n";

--- a/install/tpl/debian6_dovecot-sql.conf.master
+++ b/install/tpl/debian6_dovecot-sql.conf.master
 # http://wiki.dovecot.org/AuthDatabase/SQL
-#
-# CREATE TABLE users (
-#     userid VARCHAR(128) NOT NULL,
-#     password VARCHAR(64) NOT NULL,
-#     home VARCHAR(255) NOT NULL,
-#     uid INTEGER NOT NULL,
-#     gid INTEGER NOT NULL,
-#     active CHAR(1) DEFAULT 'Y' NOT NULL
-# );

 driver = mysql
 connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password} port={mysql_server_port}
@@ -20,4 +11,4 @@ user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':',

 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.
 # Do not enable it on Dovecot 1.x servers
-# iterate_query = SELECT email as user FROM mail_user WHERE server_id = '{server_id}'
+# iterate_query = SELECT email as user FROM mail_user WHERE disabledoveadm='n' AND server_id = '{server_id}'
--- a/install/tpl/debian_dovecot-sql.conf.master
+++ b/install/tpl/debian_dovecot-sql.conf.master
-# This file is opened as root, so it should be owned by root and mode 0600.
-#
 # http://wiki.dovecot.org/AuthDatabase/SQL
-#
-# For the sql passdb module, you'll need a database with a table that
-# contains fields for at least the userid and password. If you want to
-# use the user@domain syntax, you might want to have a separate domain
-# field as well.
-#
-# If your users all have the same uig/gid, and have predictable home
-# directories, you can use the static userdb module to generate the home
-# dir based on the userid and domain. In this case, you won't need fields
-# for home, uid, or gid in the database.
-#
-# If you prefer to use the sql userdb module, you'll want to add fields
-# for home, uid, and gid. Here is an example table:
-#
-# CREATE TABLE users (
-#     userid VARCHAR(128) NOT NULL,
-#     password VARCHAR(64) NOT NULL,
-#     home VARCHAR(255) NOT NULL,
-#     uid INTEGER NOT NULL,
-#     gid INTEGER NOT NULL,
-#     active CHAR(1) DEFAULT 'Y' NOT NULL
-# );
-
-# Database driver: mysql, pgsql, sqlite
-#driver = 
-
-# Database connection string. This is driver-specific setting.
-#
-# pgsql:
-#   For available options, see the PostgreSQL documention for the
-#   PQconnectdb function of libpq.
-#
-# mysql:
-#   Basic options emulate PostgreSQL option names:
-#     host, port, user, password, dbname
-#
-#   But also adds some new settings:
-#     client_flags        - See MySQL manual
-#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
-#     ssl_cert, ssl_key   - For sending client-side certificates to server
-#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
-# 
-#   You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock
-#   Note that currently you can't use spaces in parameters.
-#
-# sqlite:
-#   The path to the database file.
-#
-# Examples:
-#   connect = host=192.168.1.1 dbname=users
-#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
-#   connect = /etc/dovecot/authdb.sqlite
-#
-#connect = dbname=virtual user=virtual
-
-# Default password scheme.
-#
-# List of supported schemes is in
-# http://wiki.dovecot.org/Authentication/PasswordSchemes
-#
-#default_pass_scheme = PLAIN-MD5
-
-# Query to retrieve the password.
-#
-# This query must return only one row with "user" and "password" columns.
-# The query can also return other fields which have a special meaning, see
-# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
-#
-# The "user" column is needed to make sure the username gets used with exactly
-# the same casing as it's in the database. Note that if you store username and
-# domain in separate fields, you most likely want to return a combination of
-# them as the "user" column, otherwise the domain gets stripped.
-#
-# Commonly used available substitutions (see
-# http://wiki.dovecot.org/Variables for full list):
-#   %u = entire userid
-#   %n = user part of user@domain
-#   %d = domain part of user@domain
-# 
-# Note that these can be used only as input to SQL query. If the query outputs
-# any of these substitutions, they're not touched. Otherwise it would be
-# difficult to have eg. usernames containing '%' characters.
-#
-# Example:
-#   password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d'
-#   password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y'
-#
-#password_query = SELECT userid as user, password FROM users WHERE userid = '%u'
-
-# Query to retrieve the user information.
-#
-# The query must return only one row. Commonly returned columns are:
-#   uid - System UID
-#   gid - System GID
-#   home - Home directory
-#   mail - Mail location
-#
-# Either home or mail is required. uid and gid are required. If more than one
-# row is returned or there are missing fields, the login will fail. For a list
-# of all fields that can be returned, see 
-# http://wiki.dovecot.org/UserDatabase/ExtraFields
-#
-# Examples
-#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'
-#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
-#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
-#
-#user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
-
-# If you wish to avoid two SQL lookups (passdb + userdb), you can use
-# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
-# also have to return userdb fields in password_query prefixed with "userdb_"
-# string. For example:
-#password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'

 driver = mysql
 connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password} port={mysql_server_port}
@@ -127,5 +11,4 @@ user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':',

 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.
 # Do not enable it on Dovecot 1.x servers
-# iterate_query = SELECT email as user FROM mail_user WHERE server_id = '{server_id}'
-
+# iterate_query = SELECT email as user FROM mail_user WHERE disabledoveadm='n' AND server_id = '{server_id}'
--- a/install/tpl/fedora_dovecot-sql.conf.master
+++ b/install/tpl/fedora_dovecot-sql.conf.master
-# This file is opened as root, so it should be owned by root and mode 0600.
-#
 # http://wiki.dovecot.org/AuthDatabase/SQL
-#
-# For the sql passdb module, you'll need a database with a table that
-# contains fields for at least the username and password. If you want to
-# use the user@domain syntax, you might want to have a separate domain
-# field as well.
-#
-# If your users all have the same uig/gid, and have predictable home
-# directories, you can use the static userdb module to generate the home
-# dir based on the username and domain. In this case, you won't need fields
-# for home, uid, or gid in the database.
-#
-# If you prefer to use the sql userdb module, you'll want to add fields
-# for home, uid, and gid. Here is an example table:
-#
-# CREATE TABLE users (
-#     username VARCHAR(128) NOT NULL,
-#     domain VARCHAR(128) NOT NULL,
-#     password VARCHAR(64) NOT NULL,
-#     home VARCHAR(255) NOT NULL,
-#     uid INTEGER NOT NULL,
-#     gid INTEGER NOT NULL,
-#     active CHAR(1) DEFAULT 'Y' NOT NULL
-# );
-
-# Database driver: mysql, pgsql, sqlite
-#driver = 
-
-# Database connection string. This is driver-specific setting.
-#
-# pgsql:
-#   For available options, see the PostgreSQL documention for the
-#   PQconnectdb function of libpq.
-#
-# mysql:
-#   Basic options emulate PostgreSQL option names:
-#     host, port, user, password, dbname
-#
-#   But also adds some new settings:
-#     client_flags        - See MySQL manual
-#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
-#     ssl_cert, ssl_key   - For sending client-side certificates to server
-#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
-#     option_file         - Read options from the given file instead of
-#                           the default my.cnf location
-#     option_group        - Read options from the given group (default: client)
-# 
-#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
-#   Note that currently you can't use spaces in parameters.
-#
-#   MySQL supports multiple host parameters for load balancing / HA.
-#
-# sqlite:
-#   The path to the database file.
-#
-# Examples:
-#   connect = host=192.168.1.1 dbname=users
-#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
-#   connect = /etc/dovecot/authdb.sqlite
-#
-#connect =
-
-# Default password scheme.
-#
-# List of supported schemes is in
-# http://wiki.dovecot.org/Authentication/PasswordSchemes
-#
-#default_pass_scheme = MD5
-
-# passdb query to retrieve the password. It can return fields:
-#   password - The user's password. This field must be returned.
-#   user - user@domain from the database. Needed with case-insensitive lookups.
-#   username and domain - An alternative way to represent the "user" field.
-#
-# The "user" field is often necessary with case-insensitive lookups to avoid
-# e.g. "name" and "nAme" logins creating two different mail directories. If
-# your user and domain names are in separate fields, you can return "username"
-# and "domain" fields instead of "user".
-#
-# The query can also return other fields which have a special meaning, see
-# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
-#
-# Commonly used available substitutions (see http://wiki.dovecot.org/Variables
-# for full list):
-#   %u = entire user@domain
-#   %n = user part of user@domain
-#   %d = domain part of user@domain
-# 
-# Note that these can be used only as input to SQL query. If the query outputs
-# any of these substitutions, they're not touched. Otherwise it would be
-# difficult to have eg. usernames containing '%' characters.
-#
-# Example:
-#   password_query = SELECT userid AS user, pw AS password \
-#     FROM users WHERE userid = '%u' AND active = 'Y'
-#
-#password_query = \
-#  SELECT username, domain, password \
-#  FROM users WHERE username = '%n' AND domain = '%d'
-
-# userdb query to retrieve the user information. It can return fields:
-#   uid - System UID (overrides mail_uid setting)
-#   gid - System GID (overrides mail_gid setting)
-#   home - Home directory
-#   mail - Mail location (overrides mail_location setting)
-#
-# None of these are strictly required. If you use a single UID and GID, and
-# home or mail directory fits to a template string, you could use userdb static
-# instead. For a list of all fields that can be returned, see
-# http://wiki.dovecot.org/UserDatabase/ExtraFields
-#
-# Examples:
-#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
-#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
-#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
-#
-#user_query = \
-#  SELECT home, uid, gid \
-#  FROM users WHERE username = '%n' AND domain = '%d'
-
-# If you wish to avoid two SQL lookups (passdb + userdb), you can use
-# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
-# also have to return userdb fields in password_query prefixed with "userdb_"
-# string. For example:
-#password_query = \
-#  SELECT userid AS user, password, \
-#    home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
-#  FROM users WHERE userid = '%u'

 driver = mysql
 connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password} port={mysql_server_port}
@@ -140,4 +11,4 @@ user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':',

 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.
 # Do not enable it on Dovecot 1.x servers
-# iterate_query = SELECT email as user FROM mail_user WHERE server_id = '{server_id}'
+# iterate_query = SELECT email as user FROM mail_user WHERE disabledoveadm='n' AND server_id = '{server_id}'
--- a/install/tpl/opensuse_dovecot-sql.conf.master
+++ b/install/tpl/opensuse_dovecot-sql.conf.master
-# This file is opened as root, so it should be owned by root and mode 0600.
-#
 # http://wiki.dovecot.org/AuthDatabase/SQL
-#
-# For the sql passdb module, you'll need a database with a table that
-# contains fields for at least the username and password. If you want to
-# use the user@domain syntax, you might want to have a separate domain
-# field as well.
-#
-# If your users all have the same uig/gid, and have predictable home
-# directories, you can use the static userdb module to generate the home
-# dir based on the username and domain. In this case, you won't need fields
-# for home, uid, or gid in the database.
-#
-# If you prefer to use the sql userdb module, you'll want to add fields
-# for home, uid, and gid. Here is an example table:
-#
-# CREATE TABLE users (
-#     username VARCHAR(128) NOT NULL,
-#     domain VARCHAR(128) NOT NULL,
-#     password VARCHAR(64) NOT NULL,
-#     home VARCHAR(255) NOT NULL,
-#     uid INTEGER NOT NULL,
-#     gid INTEGER NOT NULL,
-#     active CHAR(1) DEFAULT 'Y' NOT NULL
-# );
-
-# Database driver: mysql, pgsql, sqlite
-#driver = 
-
-# Database connection string. This is driver-specific setting.
-#
-# pgsql:
-#   For available options, see the PostgreSQL documention for the
-#   PQconnectdb function of libpq.
-#
-# mysql:
-#   Basic options emulate PostgreSQL option names:
-#     host, port, user, password, dbname
-#
-#   But also adds some new settings:
-#     client_flags        - See MySQL manual
-#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
-#     ssl_cert, ssl_key   - For sending client-side certificates to server
-#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
-#     option_file         - Read options from the given file instead of
-#                           the default my.cnf location
-#     option_group        - Read options from the given group (default: client)
-# 
-#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
-#   Note that currently you can't use spaces in parameters.
-#
-#   MySQL supports multiple host parameters for load balancing / HA.
-#
-# sqlite:
-#   The path to the database file.
-#
-# Examples:
-#   connect = host=192.168.1.1 dbname=users
-#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
-#   connect = /etc/dovecot/authdb.sqlite
-#
-#connect =
-
-# Default password scheme.
-#
-# List of supported schemes is in
-# http://wiki.dovecot.org/Authentication/PasswordSchemes
-#
-#default_pass_scheme = MD5
-
-# passdb query to retrieve the password. It can return fields:
-#   password - The user's password. This field must be returned.
-#   user - user@domain from the database. Needed with case-insensitive lookups.
-#   username and domain - An alternative way to represent the "user" field.
-#
-# The "user" field is often necessary with case-insensitive lookups to avoid
-# e.g. "name" and "nAme" logins creating two different mail directories. If
-# your user and domain names are in separate fields, you can return "username"
-# and "domain" fields instead of "user".
-#
-# The query can also return other fields which have a special meaning, see
-# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
-#
-# Commonly used available substitutions (see http://wiki.dovecot.org/Variables
-# for full list):
-#   %u = entire user@domain
-#   %n = user part of user@domain
-#   %d = domain part of user@domain
-# 
-# Note that these can be used only as input to SQL query. If the query outputs
-# any of these substitutions, they're not touched. Otherwise it would be
-# difficult to have eg. usernames containing '%' characters.
-#
-# Example:
-#   password_query = SELECT userid AS user, pw AS password \
-#     FROM users WHERE userid = '%u' AND active = 'Y'
-#
-#password_query = \
-#  SELECT username, domain, password \
-#  FROM users WHERE username = '%n' AND domain = '%d'
-
-# userdb query to retrieve the user information. It can return fields:
-#   uid - System UID (overrides mail_uid setting)
-#   gid - System GID (overrides mail_gid setting)
-#   home - Home directory
-#   mail - Mail location (overrides mail_location setting)
-#
-# None of these are strictly required. If you use a single UID and GID, and
-# home or mail directory fits to a template string, you could use userdb static
-# instead. For a list of all fields that can be returned, see
-# http://wiki.dovecot.org/UserDatabase/ExtraFields
-#
-# Examples:
-#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
-#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
-#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
-#
-#user_query = \
-#  SELECT home, uid, gid \
-#  FROM users WHERE username = '%n' AND domain = '%d'
-
-# If you wish to avoid two SQL lookups (passdb + userdb), you can use
-# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
-# also have to return userdb fields in password_query prefixed with "userdb_"
-# string. For example:
-#password_query = \
-#  SELECT userid AS user, password, \
-#    home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
-#  FROM users WHERE userid = '%u'

 driver = mysql
 connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password} port={mysql_server_port}
@@ -140,4 +11,4 @@ user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':',

 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.
 # Do not enable it on Dovecot 1.x servers
-# iterate_query = SELECT email as user FROM mail_user WHERE server_id = '{server_id}'
+# iterate_query = SELECT email as user FROM mail_user WHERE disabledoveadm='n' AND server_id = '{server_id}'
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -56,6 +56,7 @@ relayhost_user=
 relayhost_password=
 mailbox_size_limit=0
 message_size_limit=0
+mailbox_soft_delete=n
 mailbox_quota_stats=y
 realtime_blackhole_list=zen.spamhaus.org
 overquota_notify_threshold=90

--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -39,6 +39,7 @@ web_php_options=no,fast-cgi,mod,php-fpm
 show_aps_menu=n
 client_protection=y
 ssh_authentication=
+le_caa_autocreate_options=y


 [tools]

--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -334,6 +334,14 @@ class functions {
 			$domain = substr($domain, strrpos($domain, '@') + 1);
 		}

+		// idn_to_* chokes on leading dots, but we need them for amavis, so remove it for later
+		if(substr($domain, 0, 1) === '.') {
+			$leading_dot = true;
+			$domain = substr($domain, 1);
+		} else {
+			$leading_dot = false;
+		}
+
 		if($encode == true) {
 			if(function_exists('idn_to_ascii')) {
 				if(defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46') && constant('IDNA_NONTRANSITIONAL_TO_ASCII')) {
@@ -378,6 +386,10 @@ class functions {
 			}
 		}

+		if($leading_dot == true) {
+			$domain = '.' . $domain;
+		}
+
 		if($user_part !== false) return $user_part . '@' . $domain;
 		else return $domain;
 	}

--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -397,6 +397,8 @@ class remoting_client extends remoting {
 			return false;
 		}

+		// DUPLICATE CODE IN interface/web/client/client_del.php
+
 		$client_id = $app->functions->intval($client_id);

 		if($client_id > 0) {
@@ -413,7 +415,7 @@ class remoting_client extends remoting {
 			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);

 			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
-			$tables = 'cron,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain,mail_mailinglist,client,spamfilter_wblist';
+			$tables = 'cron,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,mail_domain,support_message,web_database,web_database_user,web_domain,web_traffic,domain,mail_mailinglist,client,spamfilter_wblist';
 			$tables_array = explode(',', $tables);
 			$client_group_id = $app->functions->intval($client_group['groupid']);
 			if($client_group_id > 1) {

--- a/interface/lib/classes/remote.d/mail.inc.php
+++ b/interface/lib/classes/remote.d/mail.inc.php
@@ -196,6 +196,24 @@ class remoting_mail extends remoting {
 		return $app->remoting_lib->getDataRecord($primary_id);
 	}

+	//* Get mail user details for all account that belong to a client.
+	public function mail_user_get_all_by_client($session_id, $client_id)
+	{
+		global $app;
+
+		if(!$this->checkPerm($session_id, 'mail_user_get_all_by_client')) {
+			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		$app->uses('remoting_lib');
+		$sql = "SELECT u.* FROM `mail_user` u
+			LEFT JOIN `sys_group` g ON (u.sys_groupid=g.groupid)
+			WHERE g.client_id=?";
+		$params[] = $client_id;
+
+		$result = $app->db->queryAllRecords($sql, true, $params);
+		return $result;
+	}

 	//* Add mail domain
 	public function mail_user_add($session_id, $client_id, $params){
@@ -1110,4 +1128,4 @@ class remoting_mail extends remoting {

 }

-?>
\ No newline at end of file
+?>
--- a/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
+++ b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
@@ -65,9 +65,11 @@ class system_config_dns_ca_plugin {
 	} 

 	function web_vhost_domain_edit($event_name, $page_form) {
-		global $app;
+		global $app, $conf;
+		
+		$global_config = $app->getconf->get_global_config('sites');

-		if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
+		if(($page_form->dataRecord['ssl_letsencrypt'] == 'y') && ($global_config['le_caa_autocreate_options'] != 'n')) {
 			$domain = $page_form->dataRecord['domain'];
 			$subdomain = $page_form->dataRecord['subdomain'];
 			$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');

--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -734,6 +734,12 @@ $form["tabs"]['mail'] = array(
 			'default' => 'y',
 			'value' => array(0 => 'n', 1 => 'y')
 		),
+		'mailbox_soft_delete' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'n',
+			'value' => array(0 => 'n', 1 => 'y')
+		),
 		'mailbox_quota_stats' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',

--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -246,7 +246,13 @@ $form["tabs"]['sites'] = array (
 			'formtype' => 'SELECT',
 			'default' => '',
 			'value'  => array('' => 'ssh_authentication_password_key', 'password' => 'ssh_authentication_password', 'key' => 'ssh_authentication_key')
-		)
+		),
+		'le_caa_autocreate_options' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'y',
+			'value'  => array(0 => 'n', 1 => 'y')
+		),	
 		//#################################
 		// END Datatable fields
 		//#################################

--- a/interface/web/admin/lib/lang/ar_server_config.lng
+++ b/interface/web/admin/lib/lang/ar_server_config.lng
@@ -342,3 +342,5 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['mailbox_soft_delete_txt'] = 'Mailbox soft delete';
+$wb['mailbox_soft_delete_info_txt'] = 'by default cleaned up after 7 days.';
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
 $wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
 $wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
 $wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
 ?>
--- a/interface/web/admin/lib/lang/bg_server_config.lng
+++ b/interface/web/admin/lib/lang/bg_server_config.lng
@@ -342,3 +342,5 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['mailbox_soft_delete_txt'] = 'Mailbox soft delete';
+$wb['mailbox_soft_delete_info_txt'] = 'by default cleaned up after 7 days.';
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
 $wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
 $wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
 $wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
 ?>
--- a/interface/web/admin/lib/lang/br_server_config.lng
+++ b/interface/web/admin/lib/lang/br_server_config.lng
@@ -342,3 +342,5 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Usar links físicos é inseguro, mas eco
 $wb['jailkit_hardlinks_allow_txt'] = 'Permitir links físicos enjaulados';
 $wb['jailkit_hardlinks_no_txt'] = 'Não, remover arquivos de links físicos';
 $wb['jailkit_hardlinks_yes_txt'] = 'Sim, usar links físicos quando possível';
+$wb['mailbox_soft_delete_txt'] = 'Mailbox soft delete';
+$wb['mailbox_soft_delete_info_txt'] = 'by default cleaned up after 7 days.';
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -107,3 +107,4 @@ $wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near
 $wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
 $wb['monitor_key_txt'] = 'Senha do Monitor';
 $wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
--- a/interface/web/admin/lib/lang/ca_server_config.lng
+++ b/interface/web/admin/lib/lang/ca_server_config.lng
@@ -342,3 +342,5 @@ $wb['tooltip_jailkit_hardlinks_txt'] = 'Using hardlinks is insecure, but saves d
 $wb['jailkit_hardlinks_allow_txt'] = 'Allow hardlinks within the jail';
 $wb['jailkit_hardlinks_no_txt'] = 'No, remove hardlinked files';
 $wb['jailkit_hardlinks_yes_txt'] = 'Yes, use hardlinks if possible';
+$wb['mailbox_soft_delete_txt'] = 'Mailbox soft delete';
+$wb['mailbox_soft_delete_info_txt'] = 'by default cleaned up after 7 days.';