diff --git a/install/dist/lib/debian60.lib.php b/install/dist/lib/debian60.lib.php
index ecf3db3a4b1eadd884d90967b811fb1449db3d67..730058f6e77d499dec6a23dcf7455ff1eba26bb7 100644
--- a/install/dist/lib/debian60.lib.php
+++ b/install/dist/lib/debian60.lib.php
@@ -111,7 +111,10 @@ class installer extends installer_base {
 			}
 			if(version_compare($dovecot_version,2.2) >= 0) {
 				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
-				replaceLine($config_dir.'/'.$configfile, 'ssl_protocols = !SSLv2 !SSLv3', 'ssl_protocols = !SSLv3', 1, 0);
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
 			}
 		} else {
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian6_dovecot.conf.master')) {
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index c4beb0dffa6757e0179cb5fa4ed3ede79bf2aaab..b50062403eb461ec5985f8bed7a868be5b8a8847 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -443,6 +443,13 @@ class installer_dist extends installer_base {
 			if(version_compare($dovecot_version,2.1) < 0) {
 				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
 			}
+			if(version_compare($dovecot_version,2.2) >= 0) {
+				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 		} else {
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index fbef274d0bb68b54f56905a57b85fe9f9d56739b..ec279d13d01373e83749eba0b158d1d35cb42dff 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -1378,7 +1378,10 @@ class installer_base {
 			}
 			if(version_compare($dovecot_version,2.2) >= 0) {
 				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
-				replaceLine($config_dir.'/'.$configfile, 'ssl_protocols = !SSLv2 !SSLv3', 'ssl_protocols = !SSLv3', 1, 0);
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
 			}
 		}
 
diff --git a/install/patches/upd_0086.php b/install/patches/upd_0086.php
new file mode 100644
index 0000000000000000000000000000000000000000..045c48b2f3e0acf40606118094b3d75a911fb183
--- /dev/null
+++ b/install/patches/upd_0086.php
@@ -0,0 +1,46 @@
+<?php
+
+if(!defined('INSTALLER_RUN')) die('Patch update file access violation.');
+
+/*
+	Example installer patch update class. the classname must match
+	the php and the sql patch update filename. The php patches are
+	only executed when a corresponding sql patch exists.
+*/
+
+class upd_0086 extends installer_patch_update {
+
+	public function onAfterSQL() {
+		global $inst;
+		
+		// delete all the files that were deleted on previous updates
+		$delete = array(
+			'interface/web/js/mail_domain_dkim.js',
+			'interface/web/mail/mail_domain_dkim_create.php'
+		);
+		
+		$curpath = dirname(dirname(realpath(dirname(__FILE__))));
+		
+		$c = 0;
+		$del_all = false;
+		foreach($delete as $file) {
+			if(strpos($file, '..') !== false) continue; // security!
+			
+			if($del_all == false) {
+				$answer = $inst->simple_query('Delete obsolete file ' . $file . '?', array('y', 'n', 'a', 'all', 'none'), 'y');
+				if($answer == 'n') continue;
+				elseif($answer == 'a' || $answer == 'all') $del_all = true;
+				elseif($answer == 'none') break;
+			}
+			if(@is_file('/usr/local/ispconfig/' . $file) && !@is_file($curpath . '/' . $file)) {
+				// be sure this is not a file contained in installation!
+				@unlink('/usr/local/ispconfig/' . $file);
+				ilog('Deleted obsolete file /usr/local/ispconfig/' . $file);
+				$c++;
+			}
+		}
+		ilog($c . 'obsolete files deleted.');
+	}
+}
+
+?>
diff --git a/install/tpl/debian6_dovecot-sql.conf.master b/install/tpl/debian6_dovecot-sql.conf.master
index 496e9965dfbd41d8b67946a55adcd74fd2ba61cf..e05330dc26a4216d28e5d85f2918d005558232f4 100644
--- a/install/tpl/debian6_dovecot-sql.conf.master
+++ b/install/tpl/debian6_dovecot-sql.conf.master
@@ -19,4 +19,4 @@ user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':',
 
 # The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.
 # Do not enable it on Dovecot 1.x servers
-# iterate_query = SELECT email as user FROM mail_user WHERE `disable%Ls` = 'n' AND server_id = '{server_id}'
+# iterate_query = SELECT email as user FROM mail_user WHERE server_id = '{server_id}'
diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index cfbdfa3a06c93c755bfbc479976f10cdb76ab948..b0454cdfd80dba67701ded60b83bf63de0657775 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -16,6 +16,7 @@ firewall=bastille
 loglevel=2
 admin_notify_events=1
 backup_dir=/var/backup
+backup_tmp=/tmp
 backup_dir_is_mount=n
 backup_mode=rootgz
 backup_time=0:00
diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master
index b5a09ba5ff6c87db8e162f542262956ed22b3f90..5cd9b0873724da0be26870df8e3ffac163fe1a1c 100644
--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -15,6 +15,8 @@ mailbox_show_backup_tab=y
 mailboxlist_webmail_link=y
 webmail_url=/webmail
 dkim_path=/var/lib/amavis/dkim
+smtp_enabled=y
+smtp_host=localhost
 
 [monitor]
 
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index e6f81c6fa6bf4fc4054d91a244f4d7dd21128d69..3ee0556226758989ce3b21c48af98767f370e8c6 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -58,6 +58,10 @@ class functions {
 		if($cc != '') $app->ispcmail->setHeader('Cc', $cc);
 		if($bcc != '') $app->ispcmail->setHeader('Bcc', $bcc);
 
+		if(is_string($to) && strpos($to, ',') !== false) {
+				$to = preg_split('/\s*,\s*/', $to);
+		}
+		
 		$app->ispcmail->send($to);
 		$app->ispcmail->finish();
 
diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index 256b483c4f377a470b2175096024ebee1b26eeaf..4652e2a07b1ddc65f5776a4538ec34d4ab382db4 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -174,10 +174,8 @@ class validate_client {
 					}
 				}
 			}
-
-			$client = new SoapClient("http://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl");
-
-			if($client){
+			try {
+				$client = new SoapClient("http://ec.europa.eu/taxation_customs/vies/checkVatService.wsdl");
 				$params = array('countryCode' => $cc, 'vatNumber' => $vn);
 				try{
 					$r = $client->checkVat($params);
@@ -191,12 +189,12 @@ class validate_client {
 							}
 					}
 
-					// This foreach shows every single line of the returned information
-					/*
-					foreach($r as $k=>$prop){
-						echo $k . ': ' . $prop;
-					}
-					*/
+				// This foreach shows every single line of the returned information
+				/*
+				foreach($r as $k=>$prop){
+					echo $k . ': ' . $prop;
+				}
+				*/
 
 				} catch(SoapFault $e) {
 					//echo 'Error, see message: '.$e->faultstring;
@@ -217,7 +215,7 @@ class validate_client {
 							break;
 					}
 				}
-			} else {
+			} catch(SoapFault $e){
 				// Connection to host not possible, europe.eu down?
 				// this shouldn't be the user's fault, so we return no error
 			}
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index df1d2befdfacce4632facb3f0ce3afb5b031ed5c..ade5d978ae56894350e17aeafc375eba1b42343a 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -183,6 +183,20 @@ $form["tabs"]['server'] = array(
 			'width' => '40',
 			'maxlength' => '255'
 		),
+		'backup_tmp' => array(
+			'datatype' => 'VARCHAR',
+			'formtype' => 'TEXT',
+			'default' => '/tmp/',
+			'validators' => array(	0 => array('type' => 'NOTEMPTY',
+										'errmsg' => 'tmpdir_path_error_empty'),
+									1 => array ( 	'type' => 'REGEX',
+										'regex' => "/^\/[a-zA-Z0-9\.\-\_\/]{4,128}$/",
+										'errmsg'=> 'tmpdir_path_error_regex'),
+			),
+			'value' => '',
+			'width' => '40',
+			'maxlength' => '255'
+		),
 		'backup_dir_is_mount' => array(
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index f1658a00b29f0991aa1820f3f87e775de9ba29e7..ea1ce1aaf773bc0cabb0e179c337e72a26af45ad 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -323,7 +323,7 @@ $form["tabs"]['mail'] = array (
 		'smtp_enabled' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',
-			'default' => 'n',
+			'default' => 'y',
 			'value'  => array(0 => 'n', 1 => 'y')
 		),
 		'smtp_host' => array (
@@ -340,7 +340,7 @@ $form["tabs"]['mail'] = array (
 					'type' => 'STRIPNL')
 			),
 			'formtype' => 'TEXT',
-			'default' => '',
+			'default' => 'localhost',
 			'value'  => '',
 			'width'  => '30',
 			'maxlength' => '255'
diff --git a/interface/web/admin/lib/lang/de_server_config.lng b/interface/web/admin/lib/lang/de_server_config.lng
index 1d2755fe41c147b7aa59ed8b8f8f331c2343bdcf..3f349369a72db97f3c053cfc75a08f14f31add12 100644
--- a/interface/web/admin/lib/lang/de_server_config.lng
+++ b/interface/web/admin/lib/lang/de_server_config.lng
@@ -81,6 +81,7 @@ $wb['awstats_data_dir_txt'] = 'AWStats Datenverzeichnis';
 $wb['awstats_pl_txt'] = 'AWStats awstats.pl Script';
 $wb['awstats_buildstaticpages_pl_txt'] = 'AWStats awstats_buildstaticpages.pl Script';
 $wb['backup_dir_txt'] = 'Backupverzeichnis';
+$wb['backup_tmp_txt'] = 'Backup tmp-Dir (zip)';
 $wb['named_conf_local_path_txt'] = 'BIND named.conf.local Pfad';
 $wb['php_ini_path_cgi_txt'] = 'CGI php.ini Pfad';
 $wb['php_ini_path_apache_txt'] = 'Apache php.ini Pfad';
@@ -103,6 +104,8 @@ $wb['nginx_user_txt'] = 'Nginx Benutzer';
 $wb['nginx_group_txt'] = 'Nginx Gruppe';
 $wb['nginx_cgi_socket_txt'] = 'Nginx CGI Socket';
 $wb['backup_dir_error_empty'] = 'Backup Verzeichnis ist leer.';
+$wb['tmpdir_path_error_empty'] = 'Tmp-Dir Pfad ist leer.';
+$wb['tmpdir_path_error_regex'] = 'Invalid Tmp-Dir Pfad.';
 $wb['maildir_path_error_empty'] = 'Maildir Pfad ist leer.';
 $wb['homedir_path_error_empty'] = 'Homedir Pfad ist leer.';
 $wb['mailuser_uid_error_empty'] = 'Mail Benutzer UID ist leer.';
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index b851dae68f8f68b8a7019b7055fddba61535072c..30f6f1e8d31977ef0f964b4ad1ad5327fd291896 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -90,6 +90,7 @@ $wb["awstats_data_dir_txt"] = 'awstats data folder';
 $wb["awstats_pl_txt"] = 'awstats.pl script';
 $wb["awstats_buildstaticpages_pl_txt"] = 'awstats_buildstaticpages.pl script';
 $wb["backup_dir_txt"] = 'Backup directory';
+$wb["backup_tmp_txt"] = 'Backup tmp directory for zip';
 $wb["named_conf_local_path_txt"] = 'BIND named.conf.local path';
 $wb["php_ini_path_cgi_txt"] = 'CGI php.ini path';
 $wb["php_ini_path_apache_txt"] = 'Apache php.ini path';
@@ -101,6 +102,8 @@ $wb["fastcgi_config_syntax_txt"] = 'FastCGI config syntax';
 $wb["backup_mode_txt"] = 'Backup mode';
 $wb["backup_mode_userzip"] = 'Backup web files owned by web user as zip';
 $wb["backup_mode_rootgz"] = 'Backup all files in web directory as root user';
+$wb['tmpdir_path_error_empty'] = 'tmp-dir Path is empty.';
+$wb['tmpdir_path_error_regex'] = 'Invalid tmp-dir path.';
 $wb["backup_time_txt"] = 'Backup time';
 $wb["server_type_txt"] = 'Server Type';
 $wb["nginx_vhost_conf_dir_txt"] = 'Nginx Vhost config dir';
diff --git a/interface/web/admin/templates/server_config_server_edit.htm b/interface/web/admin/templates/server_config_server_edit.htm
index 90be365f174f662e39cd3e3182c2e003a00400fe..df81f72846b0bc5962210fc984f4047ae2bb86a0 100644
--- a/interface/web/admin/templates/server_config_server_edit.htm
+++ b/interface/web/admin/templates/server_config_server_edit.htm
@@ -63,6 +63,10 @@
                     {tmpl_var name='backup_mode'}
                 </select></div>
             </div>
+            <div class="form-group">
+                <label for="backup_tmp" class="col-sm-3 control-label">{tmpl_var name='backup_tmp_txt'}</label>
+                <div class="col-sm-9"><input type="text" name="backup_tmp" id="backup_tmp" value="{tmpl_var name='backup_tmp'}" class="form-control" /></div>
+			</div>
 			<div class="form-group">
                 <label for="backup_time" class="col-sm-3 control-label">{tmpl_var name='backup_time_txt'}</label>
                 <div class="col-sm-3"><select name="backup_time" id="backup_time" class="form-control">
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index 8bef6e9d634868439d7d57ff49f8ab78e4341e26..dfb4e7464909dfe4d31724ec844b4e064230953d 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -128,7 +128,7 @@ class page_action extends tform_actions {
 			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
 
 			// Delete all records (sub-clients, mail, web, etc....)  of this client.
-			$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist,spamfilter_wblist';
+			$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain,mail_mailinglist,spamfilter_wblist';
 			$tables_array = explode(',', $tables);
 			$client_group_id = $app->functions->intval($client_group['groupid']);
 			if($client_group_id > 1) {
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index d2dce6d502e3e76f3e5bbb75d09e36db1994c7fa..d1d69ef6d1e89dce1f2766ec7586dda7ea6c0b58 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -8,6 +8,11 @@ class dashlet_limits {
 		$limits = array();
 
 		/* Limits to be shown*/
+		
+		$limits[] = array('field' => 'limit_mailquota',
+			'db_table' => 'mail_user',
+			'db_where' => 'quota > 0',  /* Count only posive value of quota, negative value -1 is unlimited */
+			'q_type' => 'quota');
 
 		$limits[] = array('field' => 'limit_maildomain',
 			'db_table' => 'mail_domain',
@@ -61,6 +66,11 @@ class dashlet_limits {
 			'db_table' => 'spamfilter_policy',
 			'db_where' => "");
 
+		$limits[] = array('field' => 'limit_web_quota',
+			'db_table' => 'web_domain',
+			'db_where' => 'hd_quota > 0', /* Count only posive value of quota, negative value -1 is unlimited */
+			'q_type' => 'hd_quota');
+			
 		$limits[] = array('field' => 'limit_web_domain',
 			'db_table' => 'web_domain',
 			'db_where' => "type = 'vhost'");
@@ -93,6 +103,11 @@ class dashlet_limits {
 			'db_table' => 'dns_rr',
 			'db_where' => "");
 
+		$limits[] = array('field' => 'limit_database_quota',
+			'db_table' => 'web_database',
+			'db_where' => 'database_quota > 0', /* Count only posive value of quota, negative value -1 is unlimited */
+			'q_type' => 'database_quota');
+			
 		$limits[] = array('field' => 'limit_database',
 			'db_table' => 'web_database',
 			'db_where' => "");
@@ -143,9 +158,15 @@ class dashlet_limits {
 			}
 			if($value != 0 || $value == $wb['unlimited_txt']) {
 				$value_formatted = ($value == '-1')?$wb['unlimited_txt']:$value;
-				$usage = $this->_get_limit_usage($limit);
-				$percentage = ($value == '-1' || $value == 0 ? -1 : round(100 * $usage / $value));
+
+				if($limit['q_type']!=''){
+					$usage = $this->_get_assigned_quota($limit) . " MB";
+					$value_formatted = ($value == '-1')?$wb['unlimited_txt']:$value . " MB";
+				}
+				else $usage = $this->_get_limit_usage($limit);
+				$percentage = ($value == '-1' || $value == 0 ? 0 : round(100 * $usage / $value));
 				$progressbar = $percentage > 100 ? 100 : $percentage;
+
 				$rows[] = array('field' => $field,
 					'field_txt' => $wb[$field.'_txt'],
 					'value' => $value_formatted,
@@ -174,6 +195,19 @@ class dashlet_limits {
 		return $rec['number'];
 
 	}
+	
+	function _get_assigned_quota($limit) {
+		global $app;
+
+		$sql = "SELECT sum(??) as number FROM ?? WHERE ";
+		if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
+		$sql .= $app->tform->getAuthSQL('r');
+		$rec = $app->db->queryOneRecord($sql, $limit['q_type'], $limit['db_table']);
+		if($limit['db_table']=='mail_user') $quotaMB = $rec['number'] / 1048576; // Mail quota is in bytes, must be converted to MB
+		else $quotaMB = $rec['number'];
+		return $quotaMB;
+
+	}
 
 }
 
diff --git a/interface/web/dashboard/lib/lang/en_dashlet_limits.lng b/interface/web/dashboard/lib/lang/en_dashlet_limits.lng
index 3f0ce2f43cbe940045df7a75f89b64b59b66f78a..5d504c8e9b6e91dd62aa181fcd354781b5470567 100644
--- a/interface/web/dashboard/lib/lang/en_dashlet_limits.lng
+++ b/interface/web/dashboard/lib/lang/en_dashlet_limits.lng
@@ -28,4 +28,7 @@ $wb["limit_webdav_user_txt"] = 'Number of Webdav users';
 $wb["limit_client_txt"] = 'Number of Clients';
 $wb["limit_database_txt"] = 'Number of Databases';
 $wb['limit_domain_txt'] = 'Number of Domains';
+$wb['limit_mailquota_txt'] = 'Assigned mailbox quota';
+$wb['limit_web_quota_txt'] = 'Assigned web quota';
+$wb['limit_database_quota_txt'] = 'Assigned database quota';
 ?>
diff --git a/interface/web/js/mail_domain_dkim.js b/interface/web/js/mail_domain_dkim.js
deleted file mode 100755
index 0e9be0aecab976d37fd0dded9827a339d4bf4b52..0000000000000000000000000000000000000000
--- a/interface/web/js/mail_domain_dkim.js
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
-Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
-Copyright (c) 2013, Florian Schaal, info@schaal-24.de
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright notice,
-      this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright notice,
-      this list of conditions and the following disclaimer in the documentation
-      and/or other materials provided with the distribution.
-    * Neither the name of ISPConfig nor the names of its contributors
-      may be used to endorse or promote products derived from this software without
-      specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-
-This Javascript is invoked by
-	* mail/templates/mail_domain_edit.htm to show and/or create the key-pair
-*/
-
-var request = false;
-
-//function setRequest(action) {
-function setRequest() {
-	if (window.XMLHttpRequest) {
-			request = new XMLHttpRequest();
-	} else if (window.ActiveXObject) {
-		try {
-			request = new ActiveXObject('Msxml2.XMLHTTP');
-		}
-		catch (e) {
-			try {
-				request = new ActiveXObject('Microsoft.XMLHTTP');
-			}
-			catch (e) {}
-		}
-	}
-	if (!request) {
-		alert("Error creating XMLHTTP-instance");
-		return false;
-	} else {
-		// jQuery depends on domain-module active / inactive
-		var check = jQuery('#domain_module').val();
-		if ( check == "1" ) {
-			var skillsSelect = document.getElementById("domain");
-			var domain = skillsSelect.options[skillsSelect.selectedIndex].text;
-		} else { 
-			var domain = jQuery('#domain').val();
-		}
-
-		// we nedd the client-id to get the dkim-strength of the right mail-server
-		try {
-			var clientid = document.getElementById("client_group_id").selectedIndex; // admin and reseller
-		}
-		catch (e) {
-			var clientid = jQuery('#client_id').val();; // user
-		}
-
-		var selector=jQuery('#dkim_selector').val();
-		var publickey=jQuery('#dkim_public').val();
-		request.open('POST', 'mail/mail_domain_dkim_create.php', true);
-		request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
-		request.send('domain='+domain+'&dkim_selector='+selector+'&dkim_public='+publickey+'&client_id='+clientid);
-		request.onreadystatechange = interpretRequest;
-	}
-}
-
-function interpretRequest() {
-	switch (request.readyState) {
-		case 4:
-			if ( request.status != 200 ) {
-				alert("Request done but NOK\nError:"+request.status);
-			} else {
-				document.getElementsByName('dkim_selector')[0].value = request.responseXML.getElementsByTagName('selector')[0].firstChild.nodeValue;
-				document.getElementsByName('dkim_private')[0].value = request.responseXML.getElementsByTagName('privatekey')[0].firstChild.nodeValue;
-				document.getElementsByName('dkim_public')[0].value = request.responseXML.getElementsByTagName('publickey')[0].firstChild.nodeValue;
-				document.getElementsByName('dns_record')[0].value = request.responseXML.getElementsByTagName('dns_record')[0].firstChild.nodeValue;
-			}
-		break;
-		default:
-		break;
-	}
-}
-
-//setRequest('show');
diff --git a/interface/web/mail/ajax_get_json.php b/interface/web/mail/ajax_get_json.php
new file mode 100644
index 0000000000000000000000000000000000000000..153b3e87e956040789166cd534c1637ef94c899b
--- /dev/null
+++ b/interface/web/mail/ajax_get_json.php
@@ -0,0 +1,115 @@
+<?php
+
+/*
+Copyright (c) 2018, Florian Schaal - schaal @it UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('mail');
+
+$type = $_GET['type'];
+$domain_id = $_GET['domain_id'];
+
+if($type == 'create_dkim' && $domain_id != ''){
+	$dkim_public = $_GET['dkim_public'];
+	$dkim_selector = $_GET['dkim_selector'];
+	$client_id = $_GET['client_group_id'];
+	$server_id = $_GET['server_id'];
+
+	$domain=@(is_numeric($domain_id))?$app->db->queryOneRecord("SELECT domain FROM domain WHERE domain_id = ?", $domain_id)['domain']:$domain_id;
+	$maildomain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $domain)['domain'];
+
+	$mail_config = $app->getconf->get_server_config($server_id, 'mail');
+	$dkim_strength = $app->functions->intval($mail_config['dkim_strength']);
+	if ($dkim_strength=='') $dkim_strength = 2048;
+	
+	$rnd_val = $dkim_strength * 10;
+	exec('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
+	exec('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
+	unlink("../../temp/random-data.bin");
+	$dkim_private='';
+	foreach($privkey as $values) $dkim_private=$dkim_private.$values."\n";
+
+	if ($dkim_public != '' && $maildomain != '') {
+		if (validate_domain($domain) && validate_selector($dkim_selector) ) {
+			//* get active selectors from dns
+			$soa_rec = $app->db->queryOneRecord("SELECT origin FROM dns_soa WHERE active = 'Y' AND origin = ?", $domain.'.');
+			if (isset($soa_rec) && !empty($soa_rec)) {
+				//* check for a dkim-record in the dns?
+				$dns_data = $app->db->queryOneRecord("SELECT name FROM dns_rr WHERE name = ? AND active = 'Y'", $dkim_selector.'._domainkey.'.$domain.'.');
+				if (!empty($dns_data)){
+					$selector = str_replace( '._domainkey.'.$domain.'.', '', $dns_data['name']);
+				} else {
+				}
+			}
+			if ($dkim_selector == $selector || !isset($selector)) {
+				$selector = substr($old_selector,0,53).time(); //* add unix-timestamp to delimiter to allow old and new key in the dns
+			}
+		} else {
+			$selector = 'invalid domain or selector';
+		}
+	} else {
+		unset($dkim_public);
+		exec('echo '.escapeshellarg($dkim_private).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
+		foreach($pubkey as $values) $dkim_public=$dkim_public.$values."\n";
+		$selector = $dkim_selector;
+	}
+
+	$dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$dkim_public);
+	$dns_record = str_replace(array("\r\n", "\n", "\r"),'',$dns_record);
+
+	$dkim_private=json_encode($dkim_private);
+	$dkim_private=substr($dkim_private, 1, -1);
+
+	$dkim_public=json_encode($dkim_public);
+	$dkim_public=substr($dkim_public, 1, -1);
+
+	$json = '{';
+	$json .= '"dkim_private":"'.$dkim_private.'"';
+	$json .= ',"dkim_public":"'.$dkim_public.'"';
+	$json .= ',"dkim_selector":"'.$selector.'"';
+	$json .= ',"dns_record":"'.$dns_record.'"';
+	$json .= ',"domain":"'.$domain.'"';
+	$json .= '}';
+}
+header('Content-type: application/json');
+echo $json;
+
+function validate_domain($domain) {
+	$regex = '/^[\w\.\-]{2,255}\.[a-zA-Z0-9\-]{2,30}$/';
+	if ( preg_match($regex, $domain) === 1 ) return true; else return false;
+}
+
+function validate_selector($selector) {
+	$regex = '/^[a-z0-9]{0,63}$/';
+	if ( preg_match($regex, $selector) === 1 ) return true; else return false;
+}
+
+?>
diff --git a/interface/web/mail/mail_domain_dkim_create.php b/interface/web/mail/mail_domain_dkim_create.php
deleted file mode 100644
index 940c110240dea82c61386a254f0da47532d2eb52..0000000000000000000000000000000000000000
--- a/interface/web/mail/mail_domain_dkim_create.php
+++ /dev/null
@@ -1,163 +0,0 @@
-<?php
-
-/**
- Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
- Copyright (c) 2013, Florian Schaal, info@schaal-24.de
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without modification,
- are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
- * Neither the name of ISPConfig nor the names of its contributors
- may be used to endorse or promote products derived from this software without
- specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/**
-* This script is invoked by interface/js/mail_domain_dkim.js
-* to generate or show the DKIM Private-key and to show the Private-key.
-* returns DKIM keys, selector, and dns-record
-*/
-
-
-require_once '../../lib/config.inc.php';
-require_once '../../lib/app.inc.php';
-require_once '../../lib/classes/validate_dkim.inc.php';
-
-//* Check permissions for module
-$app->auth->check_module_permissions('mail');
-
-header('Content-Type: text/xml; charset=utf-8');
-header('Cache-Control: must-revalidate, pre-check=0, no-store, no-cache, max-age=0, post-check=0');
-
-function validate_domain($domain) {
-	$regex = '/^[\w\.\-]{2,255}\.[a-zA-Z0-9\-]{2,30}$/';
-	if ( preg_match($regex, $domain) === 1 ) return true; else return false;
-}
-
-function validate_selector($selector) {
-	$regex = '/^[a-z0-9]{0,63}$/';
-	if ( preg_match($regex, $selector) === 1 ) return true; else return false;
-}
-
-/**
- * This function formats the public-key
- * @param array $pubkey
- * @return string public-key
- */
-function pub_key($pubkey) {
-	$public_key='';
-	foreach($pubkey as $values) $public_key=$public_key.$values."\n";
-	return $public_key;
-}
-
-function get_public_key($private_key, $dkim_strength) {
-	$validate_dkim=new validate_dkim ();
-	if($validate_dkim->validate_post('private', $private_key, $dkim_strength)) { /* validate the $_POST-value */
-		exec('echo '.escapeshellarg($private_key).'|openssl rsa -pubout -outform PEM 2> /dev/null',$pubkey,$result);
-		$public_key=pub_key($pubkey);
-	} else {
-		$public_key='invalid key';
-	}
-	return $public_key;
-}
-
-/**
- * This function updates the selector if a new key-pair was created
- * and the selector is already used in the dns-record
- * @param string $old_selector
- * @return string selector
- */
-function new_selector ($old_selector, $domain, $client_id = -1) {
-	global $app;
-	//* validate post-values
-	if ( validate_domain($domain) && validate_selector($old_selector) ) {
-		//* get active selectors from dns
-		$soa_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE active = 'Y' AND origin = ?", $domain.'.');
-		if ( isset($soa_rec) && !empty($soa_rec) ) {
-			//* check for a dkim-record in the dns?
-			$dns_data = $app->db->queryOneRecord("SELECT name FROM dns_rr WHERE name = ? AND active = 'Y'", $old_selector.'._domainkey.'.$domain.'.');
-			if ( !empty($dns_data) ){
-				$selector = str_replace( '._domainkey.'.$domain.'.', '', $dns_data['name']);
-			} else {
-			}
-		} else { //* no dns-zone found - check for existing mail-domain to create a new selector (we need this if a external dns is used)
-			if ( $client_id >= 0 ) {
-				$sql = "SELECT * from mail_domain WHERE dkim = 'y' AND domain = ? AND dkim_selector = ?";
-				$maildomain =  $app->db->queryOneRecord($sql, $domain, $old_selector);
-				if ( !empty($maildomain) ) {
-					$selector = $maildomain['selector'];
-				}
-			}
-		}
-		if ( $old_selector == $selector) {
-			$selector = substr($old_selector, 0, 53) . time(); //* add unix-timestamp to delimiter to allow old and new key in the dns
-		} else {
-			$selector = $old_selector;
-		}
-	} else {
-		$selector = 'invalid domain or selector';
-	}
-	return $selector;
-}
-
-$client_id = $app->functions->intval($_POST['client_id']);
-
-//* get dkim-strength for server_id
-$sql = "SELECT server_id from mail_domain WHERE domain = ?";
-$mail_server = $app->db->queryOneRecord($sql, $_POST['domain']);
-if ( is_array($mail_server) ) { //* we are adding an existing mail-domain
-	$mail_server_id = $app->functions->intval( $mail_server['server_id'] );
-} else {
-	$sql = "SELECT default_mailserver FROM client WHERE client_id = ?";
-	$mail_server = $app->db->queryOneRecord($sql, $client_id);
-	$mail_server_id = $app->functions->intval( $mail_server['default_mailserver'] );
-}
-unset($mail_server);
-$mail_config = $app->getconf->get_server_config($mail_server_id, 'mail');
-$dkim_strength = $app->functions->intval($mail_config['dkim_strength']);
-unset($mail_config);
-
-if ( empty($dkim_strength) ) $dkim_strength = 2048;
-
-$rnd_val = $dkim_strength * 10;
-exec('openssl rand -out ../../temp/random-data.bin '.$rnd_val.' 2> /dev/null', $output, $result);
-exec('openssl genrsa -rand ../../temp/random-data.bin '.$dkim_strength.' 2> /dev/null', $privkey, $result);
-unlink("../../temp/random-data.bin");
-foreach($privkey as $values) $private_key=$private_key.$values."\n";
-//* check the selector for updated dkim-settings only
-if ( isset($_POST['dkim_public']) && !empty($_POST['dkim_public']) ) $selector = new_selector($_POST['dkim_selector'], $_POST['domain'], $client_id); 
-
-if ( !isset($public_key) ) $public_key=get_public_key($private_key, $dkim_strength);
-
-$dns_record=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$public_key);
-
-if ( !isset($selector) ) {
-	if ( validate_selector($_POST['dkim_selector']) ) $selector=$_POST['dkim_selector']; 
-}
-echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
-echo "<formatname>\n";
-echo "<selector>".$selector."</selector>\n";
-echo "<privatekey>".$private_key."</privatekey>\n";
-echo "<publickey>".$public_key."</publickey>\n";
-if ( validate_domain($_POST['domain']) ) {
-	echo '<dns_record>'.$selector.'._domainkey.'.$_POST['domain'].'. 3600	TXT	"v=DKIM1; t=s; p='.$dns_record.'"</dns_record>';
-}
-echo "</formatname>\n";
-?>
diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php
index 65667726ad39ff8d6c0d5d5d8b18adc51b6ef705..3923d9c48764bdeecd1a61b6364267e2d98e5cae 100644
--- a/interface/web/mail/mail_transport_edit.php
+++ b/interface/web/mail/mail_transport_edit.php
@@ -107,7 +107,7 @@ class page_action extends tform_actions {
 			}
 		}
 		$rec["type"] = $type_select;
-		$app->tpl->setVar($rec, null, true);
+		$app->tpl->setVar($rec);
 		unset($type);
 		unset($types);
 
diff --git a/interface/web/mail/templates/mail_domain_edit.htm b/interface/web/mail/templates/mail_domain_edit.htm
index 960f4462bc38836e9c2dfa477cb50cca71521cb0..ab02aa2ce24659fe67e13ea19440e49a80fa71a3 100644
--- a/interface/web/mail/templates/mail_domain_edit.htm
+++ b/interface/web/mail/templates/mail_domain_edit.htm
@@ -101,7 +101,10 @@
                 <label for="dkim_private" class="col-sm-3 control-label">{tmpl_var name='dkim_private_txt'}</label>
                 <div class="col-sm-9"><textarea class="form-control" name="dkim_private" id="dkim_private" rows='10' cols='30'>{tmpl_var name='dkim_private'}</textarea></div>
               </div>
+<!--
 				<a class="btn btn-default formbutton-default" href="javascript:setRequest('create')" value="{tmpl_var name='dkim_generate_txt'}">{tmpl_var name='dkim_generate_txt'}</a>
+-->
+				<a class="btn btn-default formbutton-default" id="dkim-button" value="{tmpl_var name='dkim_generate_txt'}">{tmpl_var name='dkim_generate_txt'}</a>
 		<div class="form-group">
                 <div class="col-sm-9"><textarea class="form-control" name="dkim_public" style="display:none;" id="dkim_public" rows='5' cols='30' readonly>{tmpl_var name='dkim_public'}</textarea></div>
               </div>
@@ -121,4 +124,30 @@
             <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="mail/mail_domain_edit.php">{tmpl_var name='btn_save_txt'}</button>
             <button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="mail/mail_domain_list.php">{tmpl_var name='btn_cancel_txt'}</button>
         </div></div>
-<script language="JavaScript" type="text/javascript" src="js/mail_domain_dkim.js"></script>
+<script language="JavaScript" type="text/javascript">
+	$("#dkim-button").click(function() { getDKIM(); });
+
+	function getDKIM() {
+		var domain_id = jQuery('#domain').val();
+		var client_group_id = jQuery('#client_group_id').val();
+		var server_id = jQuery('#server_id').val();
+		var dkim_selector = jQuery('#dkim_selector').val();
+		var dkim_public = jQuery('#dkim_public').val();
+		jQuery.getJSON('mail/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {
+			domain_id : domain_id,
+			client_group_id : client_group_id,
+			server_id : server_id,
+			dkim_public : dkim_public,
+			dkim_selector : dkim_selector,
+			type : "create_dkim" 
+		}, function(data) {
+			var dns=data['dkim_selector'] + '._domainkey.' + data['domain'] + '. 3600	TXT	v=DKIM1; t=s; p=' + data['dns_record'];
+			$("#dkim_selector").val(data.dkim_selector);
+			$("#dkim_public").val(data.dkim_public);
+			$("#dkim_private").val(data.dkim_private);
+			$("#dns_record").val(dns);
+		});
+	};
+</script>
+
+
diff --git a/remoting_client/examples/mail_user_add.php b/remoting_client/examples/mail_user_add.php
index 25e3590af10bde0a838388ca395b3481925d9836..3b7d240eccea9805b43526959ed5298ed025cc86 100644
--- a/remoting_client/examples/mail_user_add.php
+++ b/remoting_client/examples/mail_user_add.php
@@ -29,8 +29,8 @@ try {
 		'cc' => '',
 		'homedir' => '/var/vmail',
 		'autoresponder' => 'n',
-		'autoresponder_start_date' => array('day' => 1, 'month' => 7, 'year' => 2012, 'hour' => 0, 'minute' => 0),
-		'autoresponder_end_date' => array('day' => 20, 'month' => 7, 'year' => 2012, 'hour' => 0, 'minute' => 0),
+		'autoresponder_start_date' => '',
+		'autoresponder_end_date' => '',
 		'autoresponder_text' => 'hallo',
 		'move_junk' => 'n',
 		'custom_mailfilter' => 'spam',
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
index cdf1cb4c15a569d2d0b9af18a0c85c474a2a1d5b..d80fff3e01298e0979b0bee04dce0f789a9ae90b 100644
--- a/server/conf/nginx_vhost.conf.master
+++ b/server/conf/nginx_vhost.conf.master
@@ -334,8 +334,19 @@ server {
         }
 </tmpl_loop>
 </tmpl_if>
+		## no redirect for acme
+		location ^~ /.well-known/acme-challenge/ {
+			access_log off;
+			log_not_found off;
+			root /usr/local/ispconfig/interface/acme/;
+			autoindex off;
+			index index.html;
+			try_files $uri $uri/ =404;
+        }
 <tmpl_if name='use_rewrite'>
-        rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
+		location / {
+			rewrite ^ <tmpl_var name='rewrite_target'>$request_uri? <tmpl_var name='rewrite_type'>;
+		}
 </tmpl_if>
 <tmpl_if name='use_proxy'>
         location / {
diff --git a/server/conf/sieve_filter_1.2.master b/server/conf/sieve_filter_1.2.master
index 47370ec0a919e4c165835e8fd5ae8734cc7b5c45..8a1c80713fb7fafda8fbed675e2a7f1183aaff23 100644
--- a/server/conf/sieve_filter_1.2.master
+++ b/server/conf/sieve_filter_1.2.master
@@ -1,12 +1,5 @@
 require ["fileinto", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress"];
 
-<tmpl_if name="cc">
-# Send a copy of email to
-<tmpl_loop name="ccloop">
-redirect "<tmpl_var name='address'>";
-</tmpl_loop>
-</tmpl_if>
-
 <tmpl_if name="move_junk" op="==" value="y">
 # Move spam to spam folder
 if header :contains "X-Spam-Flag" "YES" {
@@ -16,6 +9,13 @@ if header :contains "X-Spam-Flag" "YES" {
 }
 </tmpl_if>
 
+<tmpl_if name="cc">
+# Send a copy of email to
+<tmpl_loop name="ccloop">
+redirect "<tmpl_var name='address'>";
+</tmpl_loop>
+</tmpl_if>
+
 <tmpl_var name='custom_mailfilter'>
 
 keep;
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index 145f3b7cfc22a26b959d9a1ba8da0f3f98337612..f90e14d20ed43a6afe33fb055f16e5292de74421 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -258,16 +258,16 @@
 </tmpl_if>
 <tmpl_if name='php' op='==' value='cgi'>
 		# php as cgi enabled
-		ScriptAlias /php5-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
-		Action php5-cgi /php5-cgi
+		ScriptAlias /php-cgi <tmpl_var name='cgi_starter_path'><tmpl_var name='cgi_starter_script'>
+		Action php-cgi /php-cgi
 		<Directory {tmpl_var name='web_document_root_www'}>
 			<FilesMatch "\.php[345]?$">
-				SetHandler php5-cgi
+				SetHandler php-cgi
 			</FilesMatch>
 		</Directory>
 		<Directory {tmpl_var name='web_document_root'}>
 			<FilesMatch "\.php[345]?$">
-				SetHandler php5-cgi
+				SetHandler php-cgi
 			</FilesMatch>
 		</Directory>
 		<Directory {tmpl_var name='cgi_starter_path'}>
@@ -354,10 +354,10 @@
 					<FilesMatch "\.php[345]?$">
                     <tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
                             <If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
-                                SetHandler php5-fcgi
+                                SetHandler php-fcgi
                             </If>
                     <tmpl_else>
-                            SetHandler php5-fcgi
+                            SetHandler php-fcgi
                     </tmpl_if>
 					</FilesMatch>
 				</Directory>
@@ -365,20 +365,20 @@
 					<FilesMatch "\.php[345]?$">
                     <tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
                             <If "-f %{DOCUMENT_ROOT} . '/' . %{REQUEST_URI}">
-                                SetHandler php5-fcgi
+                                SetHandler php-fcgi
                             </If>
                     <tmpl_else>
-                            SetHandler php5-fcgi
+                            SetHandler php-fcgi
                     </tmpl_if>
 					</FilesMatch>
 				</Directory>
-                Action php5-fcgi /php5-fcgi virtual
-				Alias /php5-fcgi {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
+                Action php-fcgi /php-fcgi virtual
+				Alias /php-fcgi {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
 <tmpl_if name='use_tcp'>
-                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization  -pass-header Content-Type    
+                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization  -pass-header Content-Type    
 </tmpl_if>
 <tmpl_if name='use_socket'>
-                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php5-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization  -pass-header Content-Type
+                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization  -pass-header Content-Type
 </tmpl_if>
 		</IfModule>
 		<IfModule mod_proxy_fcgi.c>
@@ -507,7 +507,7 @@
 		</tmpl_if>
 <tmpl_if name="rewrite_is_url" op="==" value="n">
 		RewriteCond %{REQUEST_URI} !^/webdav/
-		RewriteCond %{REQUEST_URI} !^/php5-fcgi/
+		RewriteCond %{REQUEST_URI} !^/php-fcgi/
 		RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
 </tmpl_if>
 		RewriteRule /(.*) <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
diff --git a/server/lib/classes/cron.d/100-monitor_raid.inc.php b/server/lib/classes/cron.d/100-monitor_raid.inc.php
index 3349ffbf444241e21e70b90acf2508808df0666c..d1a9a53455c6a70e2efab0a561c1d7e21b1e6404 100644
--- a/server/lib/classes/cron.d/100-monitor_raid.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_raid.inc.php
@@ -283,7 +283,7 @@ class cronjob_monitor_raid extends cronjob {
 		if($retval === 0 || $retval64 === 0) {
 			$binary=@($retval === 0)?'megacli':'megacli64';
 			$state = 'ok';
-			$data['output'] = shell_exec($binary.' -LDInfo -Lall -aAll');
+			$data['output'] = shell_exec($binary.' -LDInfo -Lall -aAll -NoLog');
 			if (strpos($data['output'], 'Optimal') !== false) {
 				$this->_tools->_setState($state, 'ok');
 			} else if (strpos($data['output'], 'Degraded') !== false) {
diff --git a/server/lib/classes/cron.d/500-backup.inc.php b/server/lib/classes/cron.d/500-backup.inc.php
index 5dcb2d5fc3973ec07abee3d9ee861808bd8a860e..fa574311164630cc933539b914e6ca71b5b6c6fa 100644
--- a/server/lib/classes/cron.d/500-backup.inc.php
+++ b/server/lib/classes/cron.d/500-backup.inc.php
@@ -54,6 +54,7 @@ class cronjob_backup extends cronjob {
 		$global_config = $app->getconf->get_global_config('sites');
 		$backup_dir = trim($server_config['backup_dir']);
 		$backup_mode = $server_config['backup_mode'];
+		$backup_tmp = trim($server_config['backup_tmp']);
 		if($backup_mode == '') $backup_mode = 'userzip';
 
 		$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
@@ -77,6 +78,15 @@ class cronjob_backup extends cronjob {
             if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $run_backups = false;
 			if($run_backups){
 				$web_array = array();
+
+				system('which pigz > /dev/null', $ret);
+				if($ret === 0) {
+					$use_pigz = true;
+					$zip_cmd = 'pigz'; // db-backups
+				} else {
+					$use_pigz = false;
+					$zip_cmd = 'gzip'; // db-backups
+				}
 				
 				//* backup only active domains
 				$sql = "SELECT * FROM web_domain WHERE server_id = ? AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y'";
@@ -117,12 +127,16 @@ class cronjob_backup extends cronjob {
 							if($backup_mode == 'userzip') {
 								//* Create a .zip backup as web user and include also files owned by apache / nginx user
 								$web_backup_file = 'web'.$web_id.'_'.date('Y-m-d_H-i').'.zip';
-								exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print 2> /dev/null | zip -b /tmp --exclude=./backup\*'.$backup_excludes.' --symlinks '.escapeshellarg($web_backup_dir.'/'.$web_backup_file).' -@', $tmp_output, $retval);
-								if($retval == 0 || $retval == 12) exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -user '.escapeshellarg($http_server_user).' -print 2> /dev/null | zip -b /tmp --exclude=./backup\*'.$backup_excludes.' --update --symlinks '.escapeshellarg($web_backup_dir.'/'.$web_backup_file).' -@', $tmp_output, $retval);
+								exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print 2> /dev/null | zip -b '.escapeshellarg($backup_tmp).' --exclude=./backup\*'.$backup_excludes.' --symlinks '.escapeshellarg($web_backup_dir.'/'.$web_backup_file).' -@', $tmp_output, $retval);
+								if($retval == 0 || $retval == 12) exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -user '.escapeshellarg($http_server_user).' -print 2> /dev/null | zip -b '.escapeshellarg($backup_tmp).' --exclude=./backup\*'.$backup_excludes.' --update --symlinks '.escapeshellarg($web_backup_dir.'/'.$web_backup_file).' -@', $tmp_output, $retval);
 							} else {
 								//* Create a tar.gz backup as root user
 								$web_backup_file = 'web'.$web_id.'_'.date('Y-m-d_H-i').'.tar.gz';
-								exec('tar pczf '.escapeshellarg($web_backup_dir.'/'.$web_backup_file).' --exclude=./backup\*'.$backup_excludes.' --directory '.escapeshellarg($web_path).' .', $tmp_output, $retval);
+								if ($use_pigz) {
+									exec('tar pcf - --directory '.escapeshellarg($web_path).' . --exclude=./backup\*'.$backup_excludes.' | pigz > '.escapeshellarg($web_backup_dir.'/'.$web_backup_file), $tmp_output, $retval);
+								} else {
+									exec('tar pczf '.escapeshellarg($web_backup_dir.'/'.$web_backup_file).' --exclude=./backup\*'.$backup_excludes.' --directory '.escapeshellarg($web_path).' .', $tmp_output, $retval);
+}
 							}
 							if($retval == 0 || ($backup_mode != 'userzip' && $retval == 1) || ($backup_mode == 'userzip' && $retval == 12)) { // tar can return 1, zip can return 12(due to harmless warings) and still create valid backups  
 								if(is_file($web_backup_dir.'/'.$web_backup_file)){
@@ -241,8 +255,8 @@ class cronjob_backup extends cronjob {
 							$command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." -c --add-drop-table --create-options --quick --max_allowed_packet=512M --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";
 							exec($command, $tmp_output, $retval);
 
-							//* Compress the backup with gzip
-							if($retval == 0) exec("gzip -c '".escapeshellcmd($db_backup_dir.'/'.$db_backup_file)."' > '".escapeshellcmd($db_backup_dir.'/'.$db_backup_file).".gz'", $tmp_output, $retval);
+							//* Compress the backup with gzip / pigz
+							if($retval == 0) exec("$zip_cmd -c '".escapeshellcmd($db_backup_dir.'/'.$db_backup_file)."' > '".escapeshellcmd($db_backup_dir.'/'.$db_backup_file).".gz'", $tmp_output, $retval);
 
 							if($retval == 0){
 								if(is_file($db_backup_dir.'/'.$db_backup_file.'.gz')){
diff --git a/server/lib/classes/cron.d/500-backup_mail.inc.php b/server/lib/classes/cron.d/500-backup_mail.inc.php
index 5e84fb3417890a18d716d9ef011d1bb5b42d6d44..a6807021df866ab9f7d29986134e4bb3c7a0460f 100644
--- a/server/lib/classes/cron.d/500-backup_mail.inc.php
+++ b/server/lib/classes/cron.d/500-backup_mail.inc.php
@@ -59,6 +59,7 @@ class cronjob_backup_mail extends cronjob {
 
 		$backup_mode = $server_config['backup_mode'];
 		if($backup_mode == '') $backup_mode = 'userzip';
+		$backup_tmp = trim($server_config['backup_tmp']);
 
 		if($backup_dir != '') {
 			$run_backups = true;
@@ -72,7 +73,12 @@ class cronjob_backup_mail extends cronjob {
 				} else {
 					chmod(escapeshellcmd($backup_dir), $backup_dir_permissions);
 				}
-
+				system('which pigz > /dev/null', $ret);
+				if($ret === 0) {
+					$use_pigz = true;
+				} else {
+					$use_pigz = false;
+				}
 				foreach($records as $rec) {
 					//* Do the mailbox backup
 					$email = $rec['email'];
@@ -120,11 +126,15 @@ class cronjob_backup_mail extends cronjob {
 		
 							if($backup_mode == 'userzip') {
 								$mail_backup_file.='.zip';
-								exec('cd '.$this->tmp_backup_dir.' && zip '.$mail_backup_dir.'/'.$mail_backup_file.' -b /tmp -r backup > /dev/null && rm -rf backup', $tmp_output, $retval);
+								exec('cd '.$this->tmp_backup_dir.' && zip '.$mail_backup_dir.'/'.$mail_backup_file.' -b '.escapeshellarg($backup_tmp).' -r backup > /dev/null && rm -rf backup', $tmp_output, $retval);
 							}
 							else {
 								$mail_backup_file.='.tar.gz';
-								exec(escapeshellcmd('tar pczf '.$mail_backup_dir.'/'.$mail_backup_file.' --directory '.$this->tmp_backup_dir.' backup && rm -rf '.$this->tmp_backup_dir.'/backup'), $tmp_output, $retval);
+								if ($use_pigz) {
+									exec('tar pcf - --directory '.escapeshellarg($this->tmp_backup_dir).' backup | pigz > '.$mail_backup_dir.'/'.$mail_backup_file.' && rm -rf '.$this->tmp_backup_dir.'/backup', $tmp_output, $retval);
+								} else {
+									exec(escapeshellcmd('tar pczf '.$mail_backup_dir.'/'.$mail_backup_file.' --directory '.$this->tmp_backup_dir.' backup && rm -rf '.$this->tmp_backup_dir.'/backup'), $tmp_output, $retval);
+								}
 							}
 							
 							if ($retval != 0) {
@@ -144,11 +154,15 @@ class cronjob_backup_mail extends cronjob {
 							//* create archives
 							if($backup_mode == 'userzip') {
 								$mail_backup_file.='.zip';
-								exec('cd '.$domain_dir.' && zip '.$mail_backup_dir.'/'.$mail_backup_file.' -b /tmp -r '.$source_dir.' > /dev/null', $tmp_output, $retval);
+								exec('cd '.$domain_dir.' && zip '.$mail_backup_dir.'/'.$mail_backup_file.' -b '.escapeshellarg($backup_tmp).' -r '.$source_dir.' > /dev/null', $tmp_output, $retval);
 							} else {
 								/* Create a tar.gz backup */
 								$mail_backup_file.='.tar.gz';
-								exec(escapeshellcmd('tar pczf '.$mail_backup_dir.'/'.$mail_backup_file.' --directory '.$domain_dir.' '.$source_dir), $tmp_output, $retval);
+								if ($use_pigz) {
+									exec('tar pcf - --directory '.escapeshellarg($domain_dir).' '.escapeshellarg($source_dir).' | pigz > '.$mail_backup_dir.'/'.$mail_backup_file, $tmp_output, $retval);
+								} else {
+									exec(escapeshellcmd('tar pczf '.$mail_backup_dir.'/'.$mail_backup_file.' --directory '.$domain_dir.' '.$source_dir), $tmp_output, $retval);
+								}
 							}
 						}
 						
diff --git a/server/plugins-available/backup_plugin.inc.php b/server/plugins-available/backup_plugin.inc.php
index 6d89eb6ac26e48a5d4398eff56062aec2286aeba..11f0363c917929538e56682a41290dc80312c310 100644
--- a/server/plugins-available/backup_plugin.inc.php
+++ b/server/plugins-available/backup_plugin.inc.php
@@ -170,7 +170,7 @@ class backup_plugin {
 						
 						$sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";
 						$app->db->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
-						if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql);
+						if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);
 						$app->log('unlink '.$backup_dir.'/'.$backup['filename'], LOGLEVEL_DEBUG);
 					}
 				}
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
index 35ade14c45a9c095a6c1629ed3ebfcaa1a09e3df..14052e5b7078747e415ff2568d7c3c5662c72340 100644
--- a/server/plugins-available/mysql_clientdb_plugin.inc.php
+++ b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -504,7 +504,7 @@ class mysql_clientdb_plugin {
 							$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
 						} else {
 							// Find out users to drop and users to revoke
-							$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
+							$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
 							if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
 							if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
 						}
@@ -580,7 +580,7 @@ class mysql_clientdb_plugin {
 						$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
 					} else {
 						// Find out users to drop and users to revoke
-						$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $data['old']['remote_ips']);
+						$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $data['old']['remote_ips']);
 						if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
 						if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
 					}
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 295112d4230e1f77ad55b862b78f5bba577d6506..9a29a10a6fcc7da9c6cedaee82af41cc60070369 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -399,7 +399,7 @@ class shelluser_jailkit_plugin {
 		if($this->data['new']['active'] != 'y') $shell = '/bin/false';
 		
 		$app->system->usermod($this->data['new']['username'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, $shell);
-		$app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_userhome, '/usr/sbin/jk_chrootsh');
+		$app->system->usermod($this->data['new']['puser'], 0, 0, $this->data['new']['dir'].'/.'.$jailkit_chroot_puserhome, '/usr/sbin/jk_chrootsh');
 
 		$this->app->log("Added jailkit user to chroot with command: ".$command, LOGLEVEL_DEBUG);