install/dist/lib/centos_base.lib.php

@@ -48,13 +48,21 @@ class installer_centos extends installer_dist {
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
 		$content = str_replace('/var/spool/amavisd/clamd.sock', $this->clamav_socket, $content);
+		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
 		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 		
+		if(!is_file($conf['amavis']['config_dir'].'/60-dkim')) {
+			touch($conf['amavis']['config_dir'].'/60-dkim');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0640);
+		}
+		
 		// for CentOS 7.2 only
 		if($dist['confid'] == 'centos72') {
 			chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0750);
 			chgrp($conf['amavis']['config_dir'].'/amavisd.conf', 'amavis');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0750);
+			chgrp($conf['amavis']['config_dir'].'/60-dkim', 'amavis');
 		}
 
 

install/dist/lib/debian60.lib.php

@@ -61,7 +61,7 @@ class installer extends installer_base {
 			}
 			//* Configure master.cf and add a line for deliver
 			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -a ${original_recipient}'."\n";
 			af($config_dir.'/master.cf', $deliver_content);
 			unset($content);
 			unset($deliver_content);
@@ -105,9 +105,17 @@ class installer extends installer_base {
 				copy('tpl/debian6_dovecot2.conf.master', $config_dir.'/'.$configfile);
 			}
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			if(version_compare($dovecot_version,2.1) < 0) {
 				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
 			}
+			if(version_compare($dovecot_version,2.2) >= 0) {
+				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
 		} else {
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian6_dovecot.conf.master')) {
 				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian6_dovecot.conf.master', $config_dir.'/'.$configfile);
@@ -134,6 +142,10 @@ class installer extends installer_base {
 		$content = str_replace('{mysql_server_host}', $conf['mysql']['host'], $content);
 		$content = str_replace('{mysql_server_port}', $conf['mysql']['port'], $content);
 		$content = str_replace('{server_id}', $conf['server_id'], $content);
+		# enable iterate_query for dovecot2
+		if(version_compare($dovecot_version,2, '>=')) {
+			$content = str_replace('# iterate_query', 'iterate_query', $content);
+		}
 		wf($config_dir.'/'.$configfile, $content);
 
 		chmod($config_dir.'/'.$configfile, 0600);

install/dist/lib/fedora.lib.php

@@ -103,17 +103,17 @@ class installer_dist extends installer_base {
 		$this->process_postfix_config('mysql-virtual_uids.cf');
 
 		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
-
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
+		$filename='tag_as_originating.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
+
+		$filename='tag_as_foreign.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
 
 		//* Changing mode and group of the new created config files.
 		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
@@ -394,7 +394,7 @@ class installer_dist extends installer_base {
 			}
 			//* Configure master.cf and add a line for deliver
 			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -a ${original_recipient}'."\n";
 			af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
 			unset($content);
 			unset($deliver_content);
@@ -443,6 +443,15 @@ class installer_dist extends installer_base {
 			if(version_compare($dovecot_version,2.1) < 0) {
 				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
 			}
+			if(version_compare($dovecot_version,2.2) >= 0) {
+				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 		} else {
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master')) {
 				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_dovecot.conf.master', $config_dir.'/'.$configfile);
@@ -500,13 +509,21 @@ class installer_dist extends installer_base {
 		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
+		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
 		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 		
+		if(!is_file($conf['amavis']['config_dir'].'/60-dkim')) {
+			touch($conf['amavis']['config_dir'].'/60-dkim');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0640);
+		}
+		
 		// for CentOS 7.2 only
 		if($dist['confid'] == 'centos72') {
 			chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0750);
 			chgrp($conf['amavis']['config_dir'].'/amavisd.conf', 'amavis');
+			chmod($conf['amavis']['config_dir'].'/60-dkim', 0750);
+			chgrp($conf['amavis']['config_dir'].'/60-dkim', 'amavis');
 		}
 
 
@@ -1066,6 +1083,8 @@ class installer_dist extends installer_base {
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -1139,6 +1158,11 @@ class installer_dist extends installer_base {
 		$command = "chmod +x $install_dir/server/scripts/*.sh";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
+		if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+			$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
+			$this->db->query($sql, $conf['interface_password']);
+		}
+		
 		if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
 			//* Copy the ISPConfig vhost for the controlpanel
 			// TODO: These are missing! should they be "vhost_dist_*_dir" ?
@@ -1264,8 +1288,8 @@ class installer_dist extends installer_base {
 		if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
 		exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
 		exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
-		exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
-		exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
+		exec('chown root /usr/local/ispconfig/server/scripts/update_stable.sh');
+		exec('chmod 700 /usr/local/ispconfig/server/scripts/update_stable.sh');
 		exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
 		exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
 		if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');

install/dist/lib/gentoo.lib.php

@@ -212,17 +212,17 @@ class installer extends installer_base
 		}
 
 		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		$this->write_config_file($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
-
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		$this->write_config_file($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
+		$filename='tag_as_originating.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
+
+		$filename='tag_as_foreign.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
 
 		//* Chmod and chown the .mailfilter file
 		$command = 'chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base'].'/.mailfilter';
@@ -303,7 +303,7 @@ class installer extends installer_base
 			}
 			//* Configure master.cf and add a line for deliver
 			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -a ${original_recipient}'."\n";
 			af($config_dir.'/master.cf', $deliver_content);
 			unset($content);
 			unset($deliver_content);
@@ -345,6 +345,7 @@ class installer extends installer_base
 		if(version_compare($dovecot_version,2, '>=')) {
 			$content = str_replace('# iterate_query', 'iterate_query', $content);
 		}
+		$content = str_replace('{server_id}', $conf['server_id'], $content);
 		$this->write_config_file($configfile, $content);
 	}
 
@@ -996,7 +997,9 @@ class installer extends installer_base
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
 
@@ -1076,6 +1079,11 @@ class installer extends installer_base
 		$command = "chmod +x $install_dir/server/scripts/*.sh";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
+		if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+			$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
+			$this->db->query($sql, $conf['interface_password']);
+		}
+		
 		if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
 			//* Copy the ISPConfig vhost for the controlpanel
 			$content = $this->get_template_file("apache_ispconfig.vhost", true);

install/dist/lib/opensuse.lib.php

@@ -100,17 +100,17 @@ class installer_dist extends installer_base {
 		$this->process_postfix_config('mysql-virtual_uids.cf');
 
 		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
-
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
-		if(is_file($full_file_name)) {
-			copy($full_file_name, $config_dir.$configfile.'~');
-		}
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
+		$filename='tag_as_originating.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
+
+		$filename='tag_as_foreign.re';
+		$full_file_name=$config_dir.'/'.$filename;
+		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
 
 		//* Changing mode and group of the new created config files.
 		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
@@ -404,7 +404,7 @@ class installer_dist extends installer_base {
 			}
 			//* Configure master.cf and add a line for deliver
 			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -a ${original_recipient}'."\n";
 			af($conf["postfix"]["config_dir"].'/master.cf', $deliver_content);
 			unset($content);
 			unset($deliver_content);
@@ -450,6 +450,8 @@ class installer_dist extends installer_base {
 			} else {
 				copy('tpl/opensuse_dovecot2.conf.master', $config_dir.'/'.$configfile);
 			}
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 		} else {
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master')) {
 				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_dovecot.conf.master', $config_dir.'/'.$configfile);
@@ -505,6 +507,7 @@ class installer_dist extends installer_base {
 		$content = str_replace('{mysql_server_port}', $conf["mysql"]["port"], $content);
 		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
+		$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir']);
 		wf($conf["amavis"]["config_dir"].'/amavisd.conf', $content);
 		chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 
@@ -1091,7 +1094,9 @@ class installer_dist extends installer_base {
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
 
@@ -1167,6 +1172,11 @@ class installer_dist extends installer_base {
 		$command = "chmod +x $install_dir/server/scripts/*.sh";
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
+		if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') {
+			$sql = "UPDATE sys_user SET passwort = md5(?) WHERE username = 'admin';";
+			$this->db->query($sql, $conf['interface_password']);
+		}
+		
 		if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
 			//* Copy the ISPConfig vhost for the controlpanel
 			// TODO: These are missing! should they be "vhost_dist_*_dir" ?
@@ -1291,8 +1301,8 @@ class installer_dist extends installer_base {
 		if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
 		exec('chown root /usr/local/ispconfig/server/scripts/update_from_dev.sh');
 		exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_dev.sh');
-		exec('chown root /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
-		exec('chmod 700 /usr/local/ispconfig/server/scripts/update_from_tgz.sh');
+		exec('chown root /usr/local/ispconfig/server/scripts/update_stable.sh');
+		exec('chmod 700 /usr/local/ispconfig/server/scripts/update_stable.sh');
 		exec('chown root /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
 		exec('chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_update.sh');
 		if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_update.sh /usr/local/bin/ispconfig_update_from_dev.sh');

install/dist/tpl/gentoo/amavisd-ispconfig.conf.master

@@ -55,7 +55,7 @@ $sql_select_policy =
 
 
 $sql_select_white_black_list = 'SELECT wb FROM spamfilter_wblist'.
-    ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))' .
+    ' WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k)) AND (spamfilter_wblist.active="y")' .
     ' ORDER BY spamfilter_wblist.priority DESC';
 
 #
@@ -112,9 +112,10 @@ $policy_bank{'ORIGINATING'} = {
 # Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port
 @inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 );
 
-$signed_header_fields{'received'} = 0; # turn off signing of Received
+# DKIM
 $enable_dkim_verification = 1;
-$enable_dkim_signing = 1;
+$enable_dkim_signing = 1; # load DKIM signing code
+$signed_header_fields{'received'} = 0;  # turn off signing of Received
 @dkim_signature_options_bysender_maps = (
 { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
 

install/install.php

@@ -57,19 +57,21 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
 error_reporting(E_ALL|E_STRICT);
+require_once realpath(dirname(__FILE__)) . '/lib/classes/libbashcolor.inc.php';
 
 define('INSTALLER_RUN', true);
 
 //** The banner on the command line
 echo "\n\n".str_repeat('-', 80)."\n";
-echo " _____ ___________   _____              __ _         ____
-|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
-  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
-  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
- _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
- \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
+echo PXBashColor::getString( "<darkgrey>
+<strong> _____ ___________</strong>   _____              __ _         ____
+<strong>|_   _/  ___| ___ \</strong> /  __ \            / _(_)       /__  \
+<strong>  | | \ `--.| |_/ /</strong> | /  \/ ___  _ __ | |_ _  __ _    _/ /
+<strong>  | |  `--. \  __/</strong>  | |    / _ \| '_ \|  _| |/ _` |  |_ |
+<strong> _| |_/\__/ / |   </strong>  | \__/\ (_) | | | | | | | (_| | ___\ \
+<strong> \___/\____/\_|   </strong>   \____/\___/|_| |_|_| |_|\__, | \____/
                                               __/ |
-                                             |___/ ";
+                                             |___/ </darkgrey>");
 echo "\n".str_repeat('-', 80)."\n";
 echo "\n\n>> Initial configuration  \n\n";
 
@@ -114,7 +116,11 @@ if(isset($cmd_opt['autoinstall']) && is_file($cmd_opt['autoinstall'])) {
 	if($path_parts['extension'] == 'php') {
 		include_once $cmd_opt['autoinstall'];
 	} elseif($path_parts['extension'] == 'ini') {
-		$tmp = ini_to_array(file_get_contents('autoinstall.ini'));
+		if(is_file('autoinstall.ini')) {
+			$tmp = ini_to_array(file_get_contents('autoinstall.ini'));
+		} else {
+			$tmp = ini_to_array(file_get_contents($cmd_opt['autoinstall']));
+		}
 		if(!is_array($tmp['install'])) $tmp['install'] = array();
 		if(!is_array($tmp['ssl_cert'])) $tmp['ssl_cert'] = array();
 		if(!is_array($tmp['expert'])) $tmp['expert'] = array();
@@ -144,12 +150,12 @@ $retval=shell_exec("which which");
 if (empty($retval)) die ("ISPConfig requieres which \n");
 
 swriteln($inst->lng('    Following will be a few questions for primary configuration so be careful.'));
-swriteln($inst->lng('    Default values are in [brackets] and can be accepted with <ENTER>.'));
-swriteln($inst->lng('    Tap in "quit" (without the quotes) to stop the installer.'."\n\n"));
+swriteln($inst->lng('    Default values are in <strong>[brackets]</strong> and can be accepted with <em><ENTER></em>.'));
+swriteln($inst->lng('    Tap in "<em>quit</em>" (without the quotes) to stop the installer.'."\n\n"));
 
 //** Check log file is writable (probably not root or sudo)
 if(!is_writable(dirname(ISPC_LOG_FILE))){
-	die("ERROR: Cannot write to the ".dirname(ISPC_LOG_FILE)." directory. Are you root or sudo ?\n\n");
+	die(PXBashColor::getString("<strong><red>[ERROR]</red></strong> Cannot write to the ".dirname(ISPC_LOG_FILE)." directory. Are you root or sudo ?\n\n"));
 }
 
 if(is_dir('/root/ispconfig') || is_dir('/home/admispconfig')) {
@@ -441,6 +447,7 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Configure DNS
 
 }
 
+if($install_mode == 'expert') swriteln('The Web Server option has to be enabled when you want run a web server or when this node shall host the ISPConfig interface.');
 if($install_mode == 'standard' || strtolower($inst->simple_query('Configure Web Server', array('y', 'n'), 'y','configure_webserver')) == 'y') {
 	//* Configure Apache
 	if($conf['apache']['installed']){
@@ -510,12 +517,20 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Configure Fire
 	}
 }
 
-//* Configure XMPP
-$force = @($conf['xmpp']['installed']) ? true : $inst->force_configure_app('Metronome XMPP Server', ($install_mode == 'expert'));
-if($force) {
-	swriteln('Configuring Metronome XMPP Server');
-	$inst->configure_xmpp();
-	$conf['services']['xmpp'] = true;
+if($install_mode == 'standard' || strtolower($inst->simple_query('Configure XMPP Server', array('y', 'n') , 'y','configure_xmpp') ) == 'y') {
+//* Configure XMPP Metronome
+    if ($conf['metronome']['installed']) {
+        swriteln('Configuring Metronome XMPP Server');
+        $inst->configure_metronome();
+        $conf['services']['xmpp'] = true;
+    }
+
+//* Configure XMPP Prosody
+    if ($conf['prosody']['installed']) {
+        swriteln('Configuring Prosody XMPP Server');
+        $inst->configure_prosody();
+        $conf['services']['xmpp'] = true;
+    }
 }
 
 //* Configure Fail2ban
@@ -552,18 +567,20 @@ if($install_mode == 'standard' || strtolower($inst->simple_query('Install ISPCon
 
 	//** Customise the port ISPConfig runs on
 	$ispconfig_vhost_port = $inst->free_query('ISPConfig Port', '8080','ispconfig_port');
-	$conf['interface_password'] = $inst->free_query('Admin password', 'admin','ispconfig_admin_password');
-	if($conf['interface_password'] != 'admin') {
+	$temp_admin_password = str_shuffle(bin2hex(openssl_random_pseudo_bytes(4)));
+	$conf['interface_password'] = $inst->free_query('Admin password', $temp_admin_password, 'ispconfig_admin_password');
+	if($conf['interface_password'] != $temp_admin_password) {
 		$check = false;
 		do {
 			unset($temp_password);
-			$temp_password = $inst->free_query('Re-enter admin password', '');
+			$temp_password = $inst->free_query('Re-enter admin password', '','ispconfig_admin_password');
 			$check = @($temp_password == $conf['interface_password'])?true:false;
 			if(!$check) swriteln('Passwords do not match.');
 		} while (!$check);
 	}
 	unset($check);
 	unset($temp_password);
+	unset($temp_admin_password);
 	if($conf['apache']['installed'] == true) $conf['apache']['vhost_port']  = $ispconfig_vhost_port;
 	if($conf['nginx']['installed'] == true) $conf['nginx']['vhost_port']  = $ispconfig_vhost_port;
 	unset($ispconfig_vhost_port);
@@ -621,7 +638,7 @@ if($conf['bind']['installed'] == true && $conf['bind']['init_script'] != '') sys
 //if($conf['squid']['installed'] == true && $conf['squid']['init_script'] != '' && is_file($conf['init_scripts'].'/'.$conf['squid']['init_script']))     system($conf['init_scripts'].'/'.$conf['squid']['init_script'].' restart &> /dev/null');
 if($conf['nginx']['installed'] == true && $conf['nginx']['init_script'] != '') system($inst->getinitcommand($conf['nginx']['init_script'], 'restart').' &> /dev/null');
 if($conf['ufw']['installed'] == true && $conf['ufw']['init_script'] != '') system($inst->getinitcommand($conf['ufw']['init_script'], 'restart').' &> /dev/null');
-if($conf['xmpp']['installed'] == true && $conf['xmpp']['init_script'] != '') system($inst->getinitcommand($conf['xmpp']['init_script'], 'restart').' &> /dev/null');
+if($conf['metronome']['installed'] == true && $conf['metronome']['init_script'] != '') system($inst->getinitcommand($conf['metronome']['init_script'], 'restart').' &> /dev/null');
 
 //* test tRNG
 if($conf['tRNG']) tRNG();

install/lib/classes/libbashcolor.inc.php

+<?php
+
+/*
+(c) 2017 by Marius Burkard, pixcept KG 
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+		* Redistributions of source code must retain the above copyright notice,
+			this list of conditions and the following disclaimer.
+		* Redistributions in binary form must reproduce the above copyright notice,
+			this list of conditions and the following disclaimer in the documentation
+			and/or other materials provided with the distribution.
+		* Neither the name of ISPConfig nor the names of its contributors
+			may be used to endorse or promote products derived from this software without
+			specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+abstract class PXBashColor {
+
+		
+	private static $markers = array(
+		'black' => 30,
+		'red' => 31,
+		'green' => 32,
+		'yellow' => 33,
+		'blue' => 34,
+		'magenta' => 35,
+		'cyan' => 36,
+		'lightgrey' => 37,
+		'default' => 39,
+		'darkgrey' => 90,
+		'lightred' => 91,
+		'lightgreen' => 92,
+		'lightyellow' => 93,
+		'lightblue' => 94,
+		'lightmagenta' => 95,
+		'lightcyan' => 96,
+		'white' => 97,
+		
+		'bg:black' => 40,
+		'bg:red' => 41,
+		'bg:green' => 42,
+		'bg:yellow' => 43,
+		'bg:blue' => 44,
+		'bg:magenta' => 45,
+		'bg:cyan' => 46,
+		'bg:lightgrey' => 47,
+		'bg:default' => 49,
+		'bg:darkgrey' => 100,
+		'bg:lightred' => 101,
+		'bg:lightgreen' => 102,
+		'bg:lightyellow' => 103,
+		'bg:lightblue' => 104,
+		'bg:lightmagenta' => 105,
+		'bg:lightcyan' => 106,
+		'bg:white' => 107,
+		
+		'bold' => 1,
+		'dim' => 2,
+		'italic' => 3,
+		'underlined' => 4,
+		'blink' => 5,
+		'invert' => 7,
+		'hidden' => 8
+		
+	);
+	
+	private static function getCode($active) {
+		$code = "\033[0;";
+		if(count($active) > 0) {
+			$tmp = array();
+			for($i = 0; $i < count($active); $i++) {
+				$tmp[] = self::$markers[$active[$i]];
+			}
+			sort($tmp);
+			$code .= implode(';', $tmp);
+			unset($tmp);
+		} else {
+			$code .= "0";
+		}
+		
+		$code .= "m";
+		return $code;
+	}
+
+	public static function getString($string, $ignore_unknown_tags = false) {
+		
+		$active = array();
+		$echo_string = "";
+		
+		while(preg_match('/<(\/?(?:bg:)?\w+)>/i', $string, $match, PREG_OFFSET_CAPTURE)) {
+			$pos = $match[0][1];
+			$tag = $match[1][0];
+			$len = strlen($match[0][0]);
+			
+			$close = false;
+			if(substr($tag, 0, 1) == '/') {
+				$close = true;
+				$tag = substr($tag, 1);
+			}
+			
+			$key = $tag;
+			if($key == 'strong' || $key == 'b') $key = 'bold';
+			elseif($key == 'em' || $key == 'i') $key = 'italic';
+			elseif($key == 'u') $key = 'underlined';
+			elseif($key == 'inv') $key = 'invert';
+			
+			if(!array_key_exists($key, self::$markers)) {
+				if($ignore_unknown_tags == false) {
+					throw new Exception('unknown tag: ' . $tag);
+				} else {
+					$echo_string .= self::getCode($active);
+					$echo_string .= substr($string, 0, $pos + $len);
+					$string = substr($string, $pos + $len);
+					continue;
+				}
+			}
+			
+			if($pos > 0) {
+				$echo_string .= self::getCode($active);
+				$echo_string .= substr($string, 0, $pos);
+			}
+			
+			if($close == true) {
+				$last = end($active);
+				if($key != $last) {
+					throw new Exception('unbalanced tag: ' . $tag . ' (' . $last . ' expected), ' . var_export($active, true));
+				}
+				array_pop($active);
+			} else {
+				array_push($active, $key);
+			}
+
+			$string = substr($string, $pos + $len);
+		}
+		
+		if($string != '') {
+			$echo_string .= self::getCode($active);
+			$echo_string .= $string;
+		}
+		
+		$echo_string .= "\e[0m";
+		return $echo_string;
+	}
+
+}
\ No newline at end of file

install/lib/install.lib.php

@@ -32,6 +32,8 @@ error_reporting(E_ALL|E_STRICT);
 
 $FILE = realpath('../install.php');
 
+require_once realpath(dirname(__FILE__)) . '/classes/libbashcolor.inc.php';
+
 //** Get distribution identifier
 //** IMPORTANT!
 //   This is the same code as in server/lib/classes/monitor_tools.inc.php
@@ -90,8 +92,19 @@ function get_distname() {
 				$ver = explode(" ", $ver, 2);
 				$ver = reset($ver);
 				$mainver = $ver;
+				$mainver = explode('.', $ver);
+				$mainver = array_filter($mainver);
+				$mainver = current($mainver).'.'.next($mainver);
 			}
 			switch ($mainver){
+			case "17.10":
+				$relname = "(Artful Aardvark)";
+				$distconfid = 'ubuntu1710';
+				break;
+			case "17.04":
+				$relname = "(Zesty Zapus)";
+				$distconfid = 'ubuntu1604';
+				break;
 			case "16.10":
 				$relname = "(Yakkety Yak)";
 				$distconfid = 'ubuntu1604';
@@ -171,6 +184,7 @@ function get_distname() {
 				break;
 			default:
 				$relname = "UNKNOWN";
+				$distconfid = 'ubuntu1604';
 			}
 			$distver = $ver.$lts." ".$relname;
 			swriteln("Operating System: ".$distname.' '.$distver."\n");
@@ -204,6 +218,13 @@ function get_distname() {
 			$distid = 'debian60';
 			$distbaseid = 'debian';
 			swriteln("Operating System: Debian 8.0 (Jessie) or compatible\n");
+		} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '9') || substr(trim(file_get_contents('/etc/debian_version')),0,1) == '9') {
+			$distname = 'Debian';
+			$distver = 'Stretch';
+			$distconfid = 'debian90';
+			$distid = 'debian60';
+			$distbaseid = 'debian';
+			swriteln("Operating System: <strong>Debian 9.0 (Stretch)</strong> or compatible\n");
 		} elseif(strstr(trim(file_get_contents('/etc/debian_version')), '/sid')) {
 			$distname = 'Debian';
 			$distver = 'Testing';
@@ -214,12 +235,30 @@ function get_distname() {
 		} else {
 			$distname = 'Debian';
 			$distver = 'Unknown';
-			$distid = 'debian40';
+			$distid = 'debian60';
+			$distconfid = 'debian90';
 			$distbaseid = 'debian';
 			swriteln("Operating System: Debian or compatible, unknown version.\n");
 		}
 	}
 
+    //** Devuan
+    elseif(file_exists('/etc/devuan_version')) {
+		if(false !== strpos(trim(file_get_contents('/etc/devuan_version')), 'jessie')) {
+			$distname = 'Devuan';
+			$distver = 'Jessie';
+			$distid = 'debian60';
+			$distbaseid = 'debian';
+			swriteln("Operating System: Devuan 1.0 (Jessie) or compatible\n");
+		} elseif(false !== strpos(trim(file_get_contents('/etc/devuan_version')), 'ceres')) {
+            $distname = 'Devuan';
+            $distver = 'Ceres';
+            $distid = 'debiantesting';
+            $distbaseid = 'debian';
+            swriteln("Operating System: Devuan Unstable (Ceres) or compatible\n");
+        }
+    }
+
 	//** OpenSuSE
 	elseif(file_exists('/etc/SuSE-release')) {
 		if(stristr(file_get_contents('/etc/SuSE-release'), '11.0')) {
@@ -291,7 +330,7 @@ function get_distname() {
 			$distid = 'centos53';
 			$distbaseid = 'fedora';
 			swriteln("Operating System: CentOS 5 or compatible\n");
-		} elseif(stristr($content, 'CentOS Linux release 6')) {
+		} elseif(stristr($content, 'CentOS Linux release 6') || stristr($content, 'CentOS release 6')) {
 			$distname = 'CentOS';
 			$distver = 'Unknown';
 			$distid = 'centos53';
@@ -351,7 +390,7 @@ function swrite($text = '') {
 }
 
 function swriteln($text = '') {
-	echo $text."\n";
+	echo PXBashColor::getString($text, true)."\n";
 }
 
 function ilog($msg){
@@ -628,6 +667,7 @@ function ini_to_array($ini) {
 				$section = strtolower($matches[1]);
 			} elseif(preg_match("/^([\w\d_]+)=(.*)$/", $line, $matches) && $section != null) {
 				$item = trim($matches[1]);
+				if(!isset($config[$section])) $config[$section] = array();
 				$config[$section][$item] = trim($matches[2]);
 			}
 		}

install/lib/installer_base.lib.php

@@ -59,7 +59,7 @@ class installer_base {
 	}
 
 	public function simple_query($query, $answers, $default, $name = '') {
-		global $autoinstall;
+		global $autoinstall, $autoupdate;
 		$finished = false;
 		do {
 			if($name != '' && $autoinstall[$name] != '') {
@@ -104,7 +104,7 @@ class installer_base {
 	}
 
 	public function free_query($query, $default, $name = '') {
-		global $autoinstall;
+		global $autoinstall, $autoupdate;
 		if($name != '' && $autoinstall[$name] != '') {
 			if($autoinstall[$name] == 'default') {
 				$input = $default;
@@ -179,7 +179,8 @@ class installer_base {
 		}
 		if(is_installed('fail2ban-server')) $conf['fail2ban']['installed'] = true;
 		if(is_installed('vzctl')) $conf['openvz']['installed'] = true;
-		if(is_installed('metronome') && is_installed('metronomectl')) $conf['xmpp']['installed'] = true;
+        if(is_installed('metronome') && is_installed('metronomectl')) $conf['metronome']['installed'] = true;
+        if(is_installed('prosody') && is_installed('prosodyctl')) $conf['prosody']['installed'] = true;
 		if(is_installed('spamassassin')) $conf['spamassassin']['installed'] = true;
 		// if(is_installed('vlogger')) $conf['vlogger']['installed'] = true;
 		// ISPConfig ships with vlogger, so it is always installed.
@@ -189,20 +190,21 @@ class installer_base {
 		if (($conf['apache']['installed'] && is_file($conf['apache']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost")) || ($conf['nginx']['installed'] && is_file($conf['nginx']["vhost_conf_enabled_dir"]."/000-ispconfig.vhost"))) $this->ispconfig_interface_installed = true;
 	}
 
-    public function force_configure_app($service, $enable_force=true) {
+	public function force_configure_app($service, $enable_force=true) {
 		$force = false;
+		if(AUTOINSTALL == true) return false;
 		if($enable_force == true) {
 			swriteln("[WARN] autodetect for $service failed");
 		} else {
 			swriteln("[INFO] service $service not detected");
 		}
 		if($enable_force) {
-	        if(strtolower($this->simple_query("Force configure $service", array('y', 'n'), 'n') ) == 'y') {
-	            $force = true;
+			if(strtolower($this->simple_query("Force configure $service", array('y', 'n'), 'n') ) == 'y') {
+				$force = true;
 			} else swriteln("Skipping $service\n");
 		}
 		return $force;
-    }
+	}
 
 	public function reconfigure_app($service, $reconfigure_services_answer) {
 		$reconfigure = false;
@@ -227,6 +229,13 @@ class installer_base {
 		//* ensure no modes with errors for ENGINE=MyISAM
 		$this->db->query("SET sql_mode = ''");
 
+		$unwanted_sql_plugins = array('validate_password');
+		$sql_plugins = $this->db->queryAllRecords("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ?", $unwanted_sql_plugins);
+		if(is_array($sql_plugins) && !empty($sql_plugins)) {
+			foreach ($sql_plugins as $plugin) echo "Login in to MySQL and disable $plugin[plugin_name] with:\n\n    UNINSTALL PLUGIN $plugin[plugin_name];";
+			die();
+		}
+
 		//** Create the database
 		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
 			$this->error('Unable to create MySQL database: '.$conf['mysql']['database'].'.');
@@ -325,6 +334,9 @@ class installer_base {
 		$tpl_ini_array['web']['php_fpm_start_port'] = $conf['nginx']['php_fpm_start_port'];
 		$tpl_ini_array['web']['php_fpm_socket_dir'] = $conf['nginx']['php_fpm_socket_dir'];
 
+        $tpl_ini_array['xmpp']['xmpp_daemon'] = ($conf['metronome']['installed'] == true)?'metronome':'prosody';
+        $tpl_ini_array['xmpp']['xmpp_modules_enabled'] = $conf[$tpl_ini_array['xmpp']['xmpp_daemon']]['initial_modules'];
+
 		if ($conf['nginx']['installed'] == true) {
 			$tpl_ini_array['web']['server_type'] = 'nginx';
 			$tpl_ini_array['global']['webserver'] = 'nginx';
@@ -337,7 +349,7 @@ class installer_base {
 		}
 
 		$server_ini_content = array_to_ini($tpl_ini_array);
-		
+
 		$mail_server_enabled = ($conf['services']['mail'])?1:0;
 		$web_server_enabled = ($conf['services']['web'])?1:0;
 		$dns_server_enabled = ($conf['services']['dns'])?1:0;
@@ -389,12 +401,12 @@ class installer_base {
 
 
 	}
-	
+
 	public function detect_ips(){
 		global $conf;
 
 		exec("ip addr show | awk '/global/ { print $2 }' | cut -d '/' -f 1", $output, $retval);
-		
+
 		if($retval == 0){
 			if(is_array($output) && !empty($output)){
 				foreach($output as $line){
@@ -489,15 +501,22 @@ class installer_base {
 
 			//* insert the ispconfig user in the remote server
 			$from_host = $conf['hostname'];
-			$from_ip = gethostbyname($conf['hostname']);
 
 			$hosts[$from_host]['user'] = $conf['mysql']['master_ispconfig_user'];
 			$hosts[$from_host]['db'] = $conf['mysql']['master_database'];
 			$hosts[$from_host]['pwd'] = $conf['mysql']['master_ispconfig_password'];
 
-			$hosts[$from_ip]['user'] = $conf['mysql']['master_ispconfig_user'];
-			$hosts[$from_ip]['db'] = $conf['mysql']['master_database'];
-			$hosts[$from_ip]['pwd'] = $conf['mysql']['master_ispconfig_password'];
+			$ip_list=array();
+			$ip_rec=dns_get_record($conf['hostname'], DNS_A + DNS_AAAA);
+			if(!empty($ip_rec)) foreach($ip_rec as $rec => $ip) $ip_list[]=@(isset($ip['ip']))?$ip['ip']:$ip['ipv6'];
+
+				if(!empty($ip_list)) {
+					foreach($ip_list as $ip) {
+						$hosts[$ip]['user'] = $conf['mysql']['master_ispconfig_user'];
+						$hosts[$ip]['db'] = $conf['mysql']['master_database'];
+						$hosts[$ip]['pwd'] = $conf['mysql']['master_ispconfig_password'];
+					}
+				}
 		} else{
 			/*
 			 * it is NOT a master-slave - Setup so we have to find out all clients and their
@@ -635,7 +654,7 @@ class installer_base {
 				if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances', $value['user'], $host)) {
 					$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
 				}
-				
+
 				$query = "GRANT SELECT, DELETE ON ?? TO ?@?";
 				if ($verbose){
 					echo $query ."\n";
@@ -659,7 +678,7 @@ class installer_base {
 				if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {
 					$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
 				}
-				
+
 				$query = "GRANT SELECT, UPDATE(`dnssec_initialized`, `dnssec_info`, `dnssec_last_signed`) ON ?? TO ?@?";
 				if ($verbose){
 					echo $query ."\n";
@@ -668,6 +687,14 @@ class installer_base {
 					$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
 				}
 
+				$query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";
+				if ($verbose){
+					echo $query ."\n";
+				}
+				if(!$this->dbmaster->query($query, $value['db'] . '.ftp_traffic', $value['user'], $host)) {
+					$this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);
+				}
+
 			}
 
 		}
@@ -772,7 +799,7 @@ class installer_base {
 			$virtual_domains = "' '";
 
 		$content = str_replace('{hostname}', $conf['hostname'], $content);
-		if(!isset($old_options['DEFAULT_SERVER_LANGUAGE'])) $old_options['DEFAULT_SERVER_LANGUAGE'] = '';
+		if(!isset($old_options['DEFAULT_SERVER_LANGUAGE']) || $old_options['DEFAULT_SERVER_LANGUAGE'] == '') $old_options['DEFAULT_SERVER_LANGUAGE'] = "'en'";
 		$content = str_replace('{default_language}', $old_options['DEFAULT_SERVER_LANGUAGE'], $content);
 		$content = str_replace('{virtual_domains}', $virtual_domains, $content);
 
@@ -895,14 +922,14 @@ class installer_base {
 
 		if ($ret === 0) { //* with postfix >= 2.9 we can detect configured services with postconf
 			unset($out);
-			exec ("postconf -M $service/$type 2> /dev/null", $out, $ret); //* Postfix >= 2.11
+			exec("postconf -M $service/$type 2> /dev/null", $out, $ret); //* Postfix >= 2.11
 			if (!isset($out[0])) { //* try Postfix 2.9
-				exec ("postconf -M $service.$type 2> /dev/null", $out, $ret);
+				exec("postconf -M $service.$type 2> /dev/null", $out, $ret);
 			}
 			$postfix_service = @($out[0]=='')?false:true;
-        } else { //* fallback - Postfix < 2.9
+		} else { //* fallback - Postfix < 2.9
 			$content = rf($conf['postfix']['config_dir'].'/master.cf');
-			$regex = "/^((?!#)".$service.".*".$type.".*)$/m"; 
+			$regex = "/^((?!#)".$service.".*".$type.".*)$/m";
 			$postfix_service = @(preg_match($regex, $content))?true:false;
 		}
 
@@ -950,7 +977,7 @@ class installer_base {
 
 		//* mysql-virtual_relayrecipientmaps.cf
 		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
-		
+
 		//* mysql-virtual_outgoing_bcc.cf
 		$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
 
@@ -964,16 +991,20 @@ class installer_base {
 		$this->process_postfix_config('mysql-virtual_uids.cf');
 
 		//* postfix-dkim
-		$full_file_name=$config_dir.'/tag_as_originating.re';
+		$filename='tag_as_originating.re';
+		$full_file_name=$config_dir.'/'.$filename;
 		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10026');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
 
-		$full_file_name=$config_dir.'/tag_as_foreign.re';
+		$filename='tag_as_foreign.re';
+		$full_file_name=$config_dir.'/'.$filename;
 		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
-		wf($full_file_name, '/^/ FILTER amavis:[127.0.0.1]:10024');
+		$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master');
+		wf($full_file_name, $content);
 
 		//* Changing mode and group of the new created config files.
-		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
+		caselog('chmod u=rw,g=r,o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
 			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
 		caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
 			__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
@@ -1005,13 +1036,13 @@ class installer_base {
 		if($conf['postgrey']['installed'] == true) {
 			$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
 		}
-		
+
 		$reject_sender_login_mismatch = '';
 		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
 			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
 		}
 		unset($server_ini_array);
-		
+
 		$tmp = str_replace('.','\.',$conf['hostname']);
 
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
@@ -1105,7 +1136,7 @@ class installer_base {
 		$regex = "/^maildrop   unix.*pipe flags=DRhu user=vmail argv=\\/usr\\/bin\\/maildrop -d ".$cf['vmail_username']." \\$\{extension} \\$\{recipient} \\$\{user} \\$\{nexthop} \\$\{sender}/";
 		$configfile = $config_dir.'/master.cf';
 		if($this->get_postfix_service('maildrop', 'unix')) {
-			exec ("postconf -M maildrop.unix &> /dev/null", $out, $ret);
+			exec("postconf -M maildrop.unix &> /dev/null", $out, $ret);
 			$change_maildrop_flags = @(preg_match($regex, $out[0]) && $out[0] !='')?false:true;
 		} else {
 			$change_maildrop_flags = @(preg_match($regex, $configfile))?false:true;
@@ -1117,12 +1148,12 @@ class installer_base {
 			}
 			if(is_file($config_dir.'/master.cf~')) {
 				chmod($config_dir.'/master.cf~', 0400);
- 			}
+			}
 			$configfile = $config_dir.'/master.cf';
 			$content = rf($configfile);
-			$content =	str_replace('flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
-						'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
-						$content);
+			$content = str_replace('flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
+				'flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d '.$cf['vmail_username'].' ${extension} ${recipient} ${user} ${nexthop} ${sender}',
+				$content);
 			wf($configfile, $content);
 		}
 
@@ -1149,7 +1180,7 @@ class installer_base {
 		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 	}
-	
+
 	public function configure_saslauthd() {
 		global $conf;
 
@@ -1265,17 +1296,17 @@ class installer_base {
 
 	public function configure_dovecot() {
 		global $conf;
-		
+
 		$virtual_transport = 'dovecot';
 
 		$configure_lmtp = false;
-		
+
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
 			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
-			
+
 			if(isset($ini_array['mail']['mailbox_virtual_uidgid_maps']) && $ini_array['mail']['mailbox_virtual_uidgid_maps'] == 'y') {
 				$virtual_transport = 'lmtp:unix:private/dovecot-lmtp';
 				$configure_lmtp = true;
@@ -1286,7 +1317,7 @@ class installer_base {
 
 		//* Configure master.cf and add a line for deliver
 		if(!$this->get_postfix_service('dovecot', 'unix')) {
- 			//* backup
+			//* backup
 			if(is_file($config_dir.'/master.cf')){
 				copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
 			}
@@ -1295,7 +1326,7 @@ class installer_base {
 			}
 			//* Configure master.cf and add a line for deliver
 			$content = rf($conf["postfix"]["config_dir"].'/master.cf');
-			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}'."\n";
+			$deliver_content = 'dovecot   unix  -       n       n       -       -       pipe'."\n".'  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -a ${original_recipient}'."\n";
 			af($config_dir.'/master.cf', $deliver_content);
 			unset($content);
 			unset($deliver_content);
@@ -1332,22 +1363,30 @@ class installer_base {
 		unset($tmp);
 
 		//* Copy dovecot configuration file
-		if(version_compare($dovecot_version,1, '<=')) {	//* Dovecot 1.x
+		if(version_compare($dovecot_version,1, '<=')) { //* Dovecot 1.x
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master')) {
 				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
 			} else {
 				copy('tpl/debian_dovecot.conf.master', $config_dir.'/'.$configfile);
 			}
-		} else {	//* Dovecot 2.x
+		} else { //* Dovecot 2.x
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master')) {
 				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
 			} else {
 				copy('tpl/debian_dovecot2.conf.master', $config_dir.'/'.$configfile);
 			}
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
+			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			if(version_compare($dovecot_version, 2.1, '<')) {
 				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
 			}
+			if(version_compare($dovecot_version,2.2) >= 0) {
+				// Dovecot > 2.2 does not recognize !SSLv2 anymore on Debian 9
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('!SSLv2','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+			}
 		}
 
 		//* dovecot-lmtpd
@@ -1377,7 +1416,7 @@ class installer_base {
 		chmod($config_dir.'/'.$configfile, 0600);
 		chown($config_dir.'/'.$configfile, 'root');
 		chgrp($config_dir.'/'.$configfile, 'root');
-		
+
 		// Dovecot shall ignore mounts in website directory
 		if(is_installed('doveadm')) exec("doveadm mount add '/var/www/*' ignore > /dev/null 2> /dev/null");
 
@@ -1447,7 +1486,7 @@ class installer_base {
 				$content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/master_cf_amavis10027.master', 'tpl/master_cf_amavis10027.master');
 				af($config_dir.'/master.cf', $content);
 				unset($content);
-    		}
+			}
 		}
 
 		// Add the clamav user to the amavis group
@@ -1476,7 +1515,7 @@ class installer_base {
 	public function configure_spamassassin() {
 		global $conf;
 
-		//* Enable spamasasssin on debian and ubuntu
+		//* Enable spamasasssin on debian, devuan and ubuntu
 		$configfile = '/etc/default/spamassassin';
 		if(is_file($configfile)) {
 			copy($configfile, $configfile.'~');
@@ -1539,36 +1578,36 @@ class installer_base {
 			//if(is_file($conf['init_scripts'].'/'.'openbsd-inetd')) exec($conf['init_scripts'].'/'.'openbsd-inetd restart');
 		}
 
-		if(!$this->is_update) {
-			//* backup old settings
-			exec("for i in $config_dir/conf/*; do printf \$i\ ; cat \$i; printf '\n'; done 2>&1 >$config_dir/conf/.backup~");
-			//* clean common unused settings
-			exec("rm $config_dir/conf/MinUID $config_dir/conf/PAMAuthentication $config_dir/conf/PureDB $config_dir/conf/UnixAuthentication 2> /dev/null");
-			//* improves client compatibility
-			file_put_contents("$config_dir/conf/BrokenClientsCompatibility","yes");
-			//* needed for ispconfig implementation
-			file_put_contents("$config_dir/conf/ChrootEveryone","yes");
-			//* improves client compatibility
-			file_put_contents("$config_dir/conf/DisplayDotFiles","yes");
-			//* improves performance
-			file_put_contents("$config_dir/conf/DontResolve","yes");
-			//* complies with RFC2640
-			file_put_contents("$config_dir/conf/FSCharset","UTF-8");
-			//* provides welcome message
-			file_put_contents("$config_dir/conf/FortunesFile","$config_dir/welcome.msg");
-			//* increases the clients limit from 50 (default) to 1024
-			file_put_contents("$config_dir/conf/MaxClientsNumber","1024");
-			//* prevents DoS attack from the same IP address
-			file_put_contents("$config_dir/conf/MaxClientsPerIP","64");
-			//* needed for ispconfig implementation
-			file_put_contents("$config_dir/conf/MySQLConfigFile","$config_dir/db/mysql.conf");
-			//* recommended for ispconfig implementation
-			file_put_contents("$config_dir/conf/NoAnonymous","yes");
-			//* grade A encryption
-			file_put_contents("$config_dir/conf/TLSCipherSuite","ECDHE:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!RC4");
-			//* hides implementation details
-			file_put_contents("$config_dir/welcome.msg","Welcome");
-		}
+		//* backup old settings
+		exec("for i in $config_dir/conf/*; do printf \$i\ ; cat \$i; printf '\n'; done 2>&1 >$config_dir/conf/.backup~");
+		//* clean common unused settings
+		exec("rm $config_dir/conf/MinUID $config_dir/conf/PAMAuthentication $config_dir/conf/PureDB $config_dir/conf/UnixAuthentication 2> /dev/null");
+		//* required for ftp traffic stats
+		file_put_contents("$config_dir/conf/AltLog","clf:/var/log/pure-ftpd/transfer.log");
+		//* improves client compatibility
+		file_put_contents("$config_dir/conf/BrokenClientsCompatibility","yes");
+		//* needed for ispconfig implementation
+		file_put_contents("$config_dir/conf/ChrootEveryone","yes");
+		//* improves client compatibility
+		file_put_contents("$config_dir/conf/DisplayDotFiles","yes");
+		//* improves performance
+		file_put_contents("$config_dir/conf/DontResolve","yes");
+		//* complies with RFC2640
+		file_put_contents("$config_dir/conf/FSCharset","UTF-8");
+		//* provides welcome message
+		file_put_contents("$config_dir/conf/FortunesFile","$config_dir/welcome.msg");
+		//* increases the clients limit from 50 (default) to 1024
+		file_put_contents("$config_dir/conf/MaxClientsNumber","1024");
+		//* prevents DoS attack from the same IP address
+		file_put_contents("$config_dir/conf/MaxClientsPerIP","64");
+		//* needed for ispconfig implementation
+		file_put_contents("$config_dir/conf/MySQLConfigFile","$config_dir/db/mysql.conf");
+		//* recommended for ispconfig implementation
+		file_put_contents("$config_dir/conf/NoAnonymous","yes");
+		//* grade A encryption
+		file_put_contents("$config_dir/conf/TLSCipherSuite","ECDHE:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!RC4");
+		//* hides implementation details
+		file_put_contents("$config_dir/welcome.msg","Welcome");
 	}
 
 	public function configure_mydns() {
@@ -1632,14 +1671,14 @@ class installer_base {
 
 
 	}
-	
+
 	//** writes bind configuration files
 	public function process_bind_file($configfile, $target='/', $absolute=false) {
 		global $conf;
 
 		if ($absolute) $full_file_name = $target.$configfile;
 		else $full_file_name = $conf['ispconfig_install_dir'].$target.$configfile;
-		
+
 		//* Backup exiting file
 		if(is_file($full_file_name)) {
 			copy($full_file_name, $config_dir.$configfile.'~');
@@ -1671,45 +1710,165 @@ class installer_base {
 		chown($content, $conf['bind']['bind_user']);
 		chgrp($content, $conf['bind']['bind_group']);
 		chmod($content, 02770);
-		
+
 		//* Install scripts for dnssec implementation
 		$this->process_bind_file('named.conf.options', '/etc/bind/', true); //TODO replace hardcoded path
 	}
 
 
-    public function configure_xmpp($options = '') {
+	public function configure_metronome($options = '') {
+		global $conf;
+
+		if($conf['metronome']['installed'] == false) return;
+		//* Create the logging directory for xmpp server
+		if(!@is_dir('/var/log/metronome')) mkdir('/var/log/metronome', 0755, true);
+		chown('/var/log/metronome', 'metronome');
+		if(!@is_dir('/var/run/metronome')) mkdir('/var/run/metronome', 0755, true);
+		chown('/var/run/metronome', 'metronome');
+		if(!@is_dir('/var/lib/metronome')) mkdir('/var/lib/metronome', 0755, true);
+		chown('/var/lib/metronome', 'metronome');
+		if(!@is_dir('/etc/metronome/hosts')) mkdir('/etc/metronome/hosts', 0755, true);
+		if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
+		unlink('/etc/metronome/metronome.cfg.lua');
+
+		$row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
+		$server_name = $row["server_name"];
+
+		$tpl = new tpl('xmpp_metronome_conf_main.master');
+		wf('/etc/metronome/metronome.cfg.lua', $tpl->grab());
+		unset($tpl);
+
+		$tpl = new tpl('xmpp_metronome_conf_global.master');
+		$tpl->setVar('xmpp_admins','');
+		wf('/etc/metronome/global.cfg.lua', $tpl->grab());
+		unset($tpl);
+
+		// Copy isp libs
+		if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
+		caselog('cp -rf apps/xmpp_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
+		caselog('chmod 755 /usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh', __FILE__, __LINE__);
+		// Process db config
+		$full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
+		$content = rf($full_file_name);
+		$content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
+		$content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
+		$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
+		$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
+		$content = str_replace('{server_id}', $conf['server_id'], $content);
+		wf($full_file_name, $content);
+
+		if(!stristr($options, 'dont-create-certs')){
+			// Create SSL Certificate for localhost
+			// Ensure no line is left blank
+			echo "writing new private key to 'localhost.key'\n-----\n";
+			$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU','ssl_cert_country');
+			$ssl_locality = $this->free_query('Locality Name (eg, city)', 'City Name','ssl_cert_locality');
+			$ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd','ssl_cert_organisation');
+			$ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', 'Infrastructure','ssl_cert_organisation_unit');
+			$ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname'],'ssl_cert_common_name');
+			$ssl_email = $this->free_query('Email Address', 'hostmaster@'.$conf['hostname'],'ssl_cert_email');
+
+			$tpl = new tpl('xmpp_metronome_conf_ssl.master');
+			$tpl->setVar('ssl_country',$ssl_country);
+			$tpl->setVar('ssl_locality',$ssl_locality);
+			$tpl->setVar('ssl_organisation',$ssl_organisation);
+			$tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
+			$tpl->setVar('domain',$ssl_domain);
+			$tpl->setVar('ssl_email',$ssl_email);
+			wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
+			unset($tpl);
+			// Generate new key, csr and cert
+			exec("(cd /etc/metronome/certs && make localhost.key)");
+			exec("(cd /etc/metronome/certs && make localhost.csr)");
+			exec("(cd /etc/metronome/certs && make localhost.cert)");
+			exec('chmod 0400 /etc/metronome/certs/localhost.key');
+			exec('chown metronome /etc/metronome/certs/localhost.key');
+
+			echo "IMPORTANT:\n";
+			echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs\n";
+			echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
+			echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
+			echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
+			echo "\n";
+
+		}else{
+			/*
+			echo "-----\n";
+            echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
+            echo "# (cd /etc/metronome/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown metronome localhost.key)\n";
+            echo "-----\n";
+			*/
+		}
+
+		// Copy init script
+		caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
+		caselog('chmod u+x /etc/init.d/metronome', __FILE__, __LINE__);
+		caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
+
+		exec($this->getinitcommand($conf['metronome']['init_script'], 'restart'));
+	}
+
+    public function configure_prosody($options = '') {
         global $conf;
 
-        if($conf['xmpp']['installed'] == false) return;
+        if($conf['prosody']['installed'] == false) return;
         //* Create the logging directory for xmpp server
-        if(!@is_dir('/var/log/metronome')) mkdir('/var/log/metronome', 0755, true);
-        chown('/var/log/metronome', 'metronome');
-        if(!@is_dir('/var/run/metronome')) mkdir('/var/run/metronome', 0755, true);
-        chown('/var/run/metronome', 'metronome');
-        if(!@is_dir('/var/lib/metronome')) mkdir('/var/lib/metronome', 0755, true);
-        chown('/var/lib/metronome', 'metronome');
-        if(!@is_dir('/etc/metronome/hosts')) mkdir('/etc/metronome/hosts', 0755, true);
-        if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);
-        unlink('/etc/metronome/metronome.cfg.lua');
-
-        $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);
-        $server_name = $row["server_name"];
-
-        $tpl = new tpl('metronome_conf_main.master');
-        wf('/etc/metronome/metronome.cfg.lua', $tpl->grab());
+        if(!@is_dir('/var/log/prosody')) mkdir('/var/log/prosody', 0755, true);
+        chown('/var/log/prosody', 'prosody');
+        if(!@is_dir('/var/run/prosody')) mkdir('/var/run/prosody', 0755, true);
+        chown('/var/run/prosody', 'prosody');
+        if(!@is_dir('/var/lib/prosody')) mkdir('/var/lib/prosody', 0755, true);
+        chown('/var/lib/prosody', 'prosody');
+        if(!@is_dir('/etc/prosody/hosts')) mkdir('/etc/prosody/hosts', 0755, true);
+        if(!@is_dir('/etc/prosody/status')) mkdir('/etc/prosody/status', 0755, true);
+        unlink('/etc/prosody/prosody.cfg.lua');
+
+        $tpl = new tpl('xmpp_prosody_conf_main.master');
+        wf('/etc/prosody/prosody.cfg.lua', $tpl->grab());
         unset($tpl);
 
-        $tpl = new tpl('metronome_conf_global.master');
+        $tpl = new tpl('xmpp_prosody_conf_global.master');
+        $tpl->setVar('main_host', $conf['hostname']);
         $tpl->setVar('xmpp_admins','');
-        wf('/etc/metronome/global.cfg.lua', $tpl->grab());
+        wf('/etc/prosody/global.cfg.lua', $tpl->grab());
+        unset($tpl);
+
+        //** Create the database
+        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['prosody']['storage_database'], $conf['mysql']['charset'])) {
+            $this->error('Unable to create MySQL database: '.$conf['prosody']['storage_database'].'.');
+        }
+        if($conf['mysql']['host'] == 'localhost') {
+            $from_host = 'localhost';
+        } else {
+            $from_host = $conf['hostname'];
+        }
+        $this->dbmaster->query("CREATE USER ?@? IDENTIFIED BY ?", $conf['prosody']['storage_user'], $from_host, $conf['prosody']['storage_password']); // ignore the error
+        $query = 'GRANT ALL PRIVILEGES ON ?? TO ?@? IDENTIFIED BY ?';
+        if(!$this->db->query($query, $conf['prosody']['storage_database'] . ".*", $conf['prosody']['storage_user'], $from_host, $conf['prosody']['storage_password'])) {
+            $this->error('Unable to create database user: '.$conf['prosody']['storage_user'].' Error: '.$this->db->errorMessage);
+        }
+
+
+
+        $tpl = new tpl('xmpp_prosody_conf_storage.master');
+        $tpl->setVar('db_name', $conf['prosody']['storage_database']);
+        $tpl->setVar('db_host', $conf['mysql']['host']);
+        $tpl->setVar('db_port', $conf['mysql']['port']);
+        $tpl->setVar('db_username', $conf['prosody']['storage_user']);
+        $tpl->setVar('db_password', $conf['prosody']['storage_password']);
+        wf('/etc/prosody/storage.cfg.lua', $tpl->grab());
         unset($tpl);
 
+
         // Copy isp libs
-        if(!@is_dir('/usr/lib/metronome/isp-modules')) mkdir('/usr/lib/metronome/isp-modules', 0755, true);
-        caselog('cp -rf apps/metronome_libs/* /usr/lib/metronome/isp-modules/', __FILE__, __LINE__);
-        caselog('chmod 755 /usr/lib/metronome/isp-modules/mod_auth_external/authenticate_isp.sh', __FILE__, __LINE__);
+        if(!@is_dir('/usr/local/lib/prosody/auth')) mkdir('/usr/local/lib/prosody/auth', 0755, true);
+        caselog('cp -rf apps/xmpp_libs/auth_prosody/* /usr/local/lib/prosody/auth/', __FILE__, __LINE__);
+		caselog('chmod 755 /usr/local/lib/prosody/auth/authenticate_isp.sh', __FILE__, __LINE__);
+		caselog('chown root:ispconfig /usr/local/lib/prosody/auth/prosody-purge', __FILE__, __LINE__);
+		caselog('chmod 750 /usr/local/lib/prosody/auth/prosody-purge', __FILE__, __LINE__);
+
         // Process db config
-        $full_file_name = '/usr/lib/metronome/isp-modules/mod_auth_external/db_conf.inc.php';
+        $full_file_name = '/usr/local/lib/prosody/auth/db_conf.inc.php';
         $content = rf($full_file_name);
         $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content);
         $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content);
@@ -1721,52 +1880,47 @@ class installer_base {
         if(!stristr($options, 'dont-create-certs')){
             // Create SSL Certificate for localhost
             // Ensure no line is left blank
-			echo "writing new private key to 'localhost.key'\n-----\n";
-			$ssl_country = $this->free_query('Country Name (2 letter code)', 'AU','ssl_cert_country');
+            echo "writing new private key to 'localhost.key'\n-----\n";
+            $ssl_country = $this->free_query('Country Name (2 letter code)', 'AU','ssl_cert_country');
             $ssl_locality = $this->free_query('Locality Name (eg, city)', 'City Name','ssl_cert_locality');
             $ssl_organisation = $this->free_query('Organization Name (eg, company)', 'Internet Widgits Pty Ltd','ssl_cert_organisation');
             $ssl_organisation_unit = $this->free_query('Organizational Unit Name (eg, section)', 'Infrastructure','ssl_cert_organisation_unit');
             $ssl_domain = $this->free_query('Common Name (e.g. server FQDN or YOUR name)', $conf['hostname'],'ssl_cert_common_name');
             $ssl_email = $this->free_query('Email Address', 'hostmaster@'.$conf['hostname'],'ssl_cert_email');
 
-            $tpl = new tpl('metronome_conf_ssl.master');
+            $tpl = new tpl('xmpp_prosody_conf_ssl.master');
             $tpl->setVar('ssl_country',$ssl_country);
             $tpl->setVar('ssl_locality',$ssl_locality);
             $tpl->setVar('ssl_organisation',$ssl_organisation);
             $tpl->setVar('ssl_organisation_unit',$ssl_organisation_unit);
             $tpl->setVar('domain',$ssl_domain);
             $tpl->setVar('ssl_email',$ssl_email);
-            wf('/etc/metronome/certs/localhost.cnf', $tpl->grab());
+            wf('/etc/prosody/certs/localhost.cnf', $tpl->grab());
             unset($tpl);
             // Generate new key, csr and cert
-            exec("(cd /etc/metronome/certs && make localhost.key)");
-            exec("(cd /etc/metronome/certs && make localhost.csr)");
-            exec("(cd /etc/metronome/certs && make localhost.cert)");
-            exec('chmod 0400 /etc/metronome/certs/localhost.key');
-            exec('chown metronome /etc/metronome/certs/localhost.key');
-
-			echo "IMPORTANT:\n";
-			echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs\n";
-			echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
-			echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
-			echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
-			echo "\n";
+            exec("(cd /etc/prosody/certs && make localhost.key)");
+            exec("(cd /etc/prosody/certs && make localhost.csr)");
+            exec("(cd /etc/prosody/certs && make localhost.crt)");
+            exec('chmod 0400 /etc/prosody/certs/localhost.key');
+            exec('chown prosody /etc/prosody/certs/localhost.key');
+
+            echo "IMPORTANT:\n";
+            echo "Localhost Key, Csr and a self-signed Cert have been saved to /etc/prosody/certs\n";
+            echo "In order to work with all clients, the server must have a trusted certificate, so use the Csr\n";
+            echo "to get a trusted certificate from your CA or replace Key and Cert with already signed files for\n";
+            echo "your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.\n";
+            echo "\n";
 
         }else{
             /*
-			echo "-----\n";
-            echo "Metronome XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
-            echo "# (cd /etc/metronome/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown metronome localhost.key)\n";
             echo "-----\n";
-			*/
+            echo "Prosody XMPP SSL server certificate is not renewed. Run the following command manual as root to recreate it:\n";
+            echo "# (cd /etc/prosody/certs && make localhost.key && make localhost.csr && make localhost.cert && chmod 0400 localhost.key && chown prosody localhost.key)\n";
+            echo "-----\n";
+            */
         }
 
-        // Copy init script
-        caselog('cp -f apps/metronome-init /etc/init.d/metronome', __FILE__, __LINE__);
-        caselog('chmod u+x /etc/init.d/metronome', __FILE__, __LINE__);
-        caselog('update-rc.d metronome defaults', __FILE__, __LINE__);
-
-        exec($this->getinitcommand($conf['xmpp']['init_script'], 'restart'));
+        exec($this->getinitcommand($conf['prosody']['init_script'], 'restart'));
     }
 
 
@@ -1791,12 +1945,12 @@ class installer_base {
 		if(is_file('/etc/apache2/ports.conf')) {
 			// add a line "Listen 443" to ports conf if line does not exist
 			replaceLine('/etc/apache2/ports.conf', 'Listen 443', 'Listen 443', 1);
-			
+
 			// Comment out the namevirtualhost lines, as they were added by ispconfig in ispconfig.conf file again
 			replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost *:80', '# NameVirtualHost *:80', 1);
 			replaceLine('/etc/apache2/ports.conf', 'NameVirtualHost *:443', '# NameVirtualHost *:443', 1);
 		}
-		
+
 		if(is_file('/etc/apache2/mods-available/fcgid.conf')) {
 			// add or modify the parameters for fcgid.conf
 			replaceLine('/etc/apache2/mods-available/fcgid.conf','MaxRequestLen','MaxRequestLen 15728640',1);
@@ -1811,7 +1965,7 @@ class installer_base {
 				}
 			}
 		}
-		
+
 		if(is_file('/etc/apache2/apache2.conf')) {
 			if(hasLine('/etc/apache2/apache2.conf', 'Include sites-enabled/', 1) == false && hasLine('/etc/apache2/apache2.conf', 'IncludeOptional sites-enabled/', 1) == false) {
 				if(hasLine('/etc/apache2/apache2.conf', 'Include sites-enabled/*.conf', 1) == true) {
@@ -1827,11 +1981,11 @@ class installer_base {
 		$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
 
 		$tpl = new tpl('apache_ispconfig.conf.master');
-		$tpl->setVar('apache_version',getapacheversion());
-		
+		$tpl->setVar('apache_version',getapacheversion(true));
+
 		$records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);
 		$ip_addresses = array();
-		
+
 		if(is_array($records) && count($records) > 0) {
 			foreach($records as $rec) {
 				if($rec['ip_type'] == 'IPv6') {
@@ -1850,9 +2004,9 @@ class installer_base {
 				}
 			}
 		}
-		
+
 		if(count($ip_addresses) > 0) $tpl->setLoop('ip_adresses',$ip_addresses);
-		
+
 		wf($vhost_conf_dir.'/ispconfig.conf', $tpl->grab());
 		unset($tpl);
 
@@ -2071,7 +2225,7 @@ class installer_base {
 			$vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
 			$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
 			$apps_vhost_servername = ($conf['web']['apps_vhost_servername'] == '')?'':'ServerName '.$conf['web']['apps_vhost_servername'];
-			
+
 			//* Get the apps vhost port
 			if($this->is_update == true) {
 				$conf['web']['apps_vhost_port'] = get_apps_vhost_port_number();
@@ -2177,11 +2331,11 @@ class installer_base {
 			}
 			$content = str_replace('{use_tcp}', $use_tcp, $content);
 			$content = str_replace('{use_socket}', $use_socket, $content);
-			
+
 			// SSL in apps vhost is off by default. Might change later.
 			$content = str_replace('{ssl_on}', 'off', $content);
 			$content = str_replace('{ssl_comment}', '#', $content);
-			
+
 			// Fix socket path on PHP 7 systems
 			if(file_exists('/var/run/php/php7.0-fpm.sock')) {
 				$content = str_replace('/var/run/php5-fpm.sock', '/var/run/php/php7.0-fpm.sock', $content);
@@ -2231,7 +2385,7 @@ class installer_base {
 		exec("openssl rsa -passin pass:$ssl_pw -in $ssl_key_file -out $ssl_key_file.insecure");
 		rename($ssl_key_file, $ssl_key_file.'.secure');
 		rename($ssl_key_file.'.insecure', $ssl_key_file);
-		
+
 		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 	}
@@ -2261,14 +2415,14 @@ class installer_base {
 		//* copy the ISPConfig server part
 		$command = 'cp -rf ../server '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* Make a backup of the security settings
 		if(is_file('/usr/local/ispconfig/security/security_settings.ini')) copy('/usr/local/ispconfig/security/security_settings.ini','/usr/local/ispconfig/security/security_settings.ini~');
-		
+
 		//* copy the ISPConfig security part
 		$command = 'cp -rf ../security '.$install_dir;
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* Apply changed security_settings.ini values to new security_settings.ini file
 		if(is_file('/usr/local/ispconfig/security/security_settings.ini~')) {
 			$security_settings_old = ini_to_array(file_get_contents('/usr/local/ispconfig/security/security_settings.ini~'));
@@ -2443,15 +2597,19 @@ class installer_base {
 		//* chown the interface files to the ispconfig user and group
 		$command = 'chown -R ispconfig:ispconfig '.$install_dir.'/interface';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
+		//* Chmod the files and directories in the acme dir
+		$command = 'chmod -R 755 '.$install_dir.'/interface/acme';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+
 		//* chown the server files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/server';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security files to the root user and group
 		$command = 'chown -R root:root '.$install_dir.'/security';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-		
+
 		//* chown the security directory and security_settings.ini to root:ispconfig
 		$command = 'chown root:ispconfig '.$install_dir.'/security/security_settings.ini';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
@@ -2463,6 +2621,8 @@ class installer_base {
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 		$command = 'chown root:ispconfig '.$install_dir.'/security/apache_directives.blacklist';
 		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+		$command = 'chown root:ispconfig '.$install_dir.'/security/nginx_directives.blacklist';
+		caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 		//* Make the global language file directory group writable
 		exec("chmod -R 770 $install_dir/interface/lib/lang");
@@ -2514,7 +2674,7 @@ class installer_base {
 			exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
 			exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
 		}
-		
+
 		exec('chown -R root:root /usr/local/ispconfig/interface/ssl');
 
 		// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
@@ -2553,6 +2713,8 @@ class installer_base {
 
 			// Dont just copy over the virtualhost template but add some custom settings
 			$tpl = new tpl('apache_ispconfig.vhost.master');
+			$tpl->setVar('apache_version',getapacheversion());
+			$tpl->setVar(array_fill_keys(getapachemodules(), true)); // set all apache modules as template variables
 			$tpl->setVar('vhost_port',$conf['apache']['vhost_port']);
 
 			// comment out the listen directive if port is 80 or 443
@@ -2572,7 +2734,7 @@ class installer_base {
 			} else {
 				$tpl->setVar('ssl_bundle_comment','#');
 			}
-			
+
 			$tpl->setVar('apache_version',getapacheversion());
 
 			wf($vhost_conf_dir.'/ispconfig.vhost', $tpl->grab());
@@ -2651,8 +2813,8 @@ class installer_base {
 		if(is_file('/usr/local/bin/ispconfig_update_from_dev.sh')) unlink('/usr/local/bin/ispconfig_update_from_dev.sh');
 		chown($install_dir.'/server/scripts/update_from_dev.sh', 'root');
 		chmod($install_dir.'/server/scripts/update_from_dev.sh', 0700);
-//		chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');
-//		chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);
+		//  chown($install_dir.'/server/scripts/update_from_tgz.sh', 'root');
+		//  chmod($install_dir.'/server/scripts/update_from_tgz.sh', 0700);
 		chown($install_dir.'/server/scripts/ispconfig_update.sh', 'root');
 		chmod($install_dir.'/server/scripts/ispconfig_update.sh', 0700);
 		if(!is_link('/usr/local/bin/ispconfig_update_from_dev.sh')) symlink($install_dir.'/server/scripts/ispconfig_update.sh', '/usr/local/bin/ispconfig_update_from_dev.sh');
@@ -2711,16 +2873,16 @@ class installer_base {
 
 		//* Remove Domain module as its functions are available in the client module now
 		if(@is_dir('/usr/local/ispconfig/interface/web/domain')) exec('rm -rf /usr/local/ispconfig/interface/web/domain');
-		
+
 		//* Disable rkhunter run and update in debian cronjob as ispconfig is running and updating rkhunter
 		if(is_file('/etc/default/rkhunter')) {
 			replaceLine('/etc/default/rkhunter', 'CRON_DAILY_RUN="yes"', 'CRON_DAILY_RUN="no"', 1, 0);
 			replaceLine('/etc/default/rkhunter', 'CRON_DB_UPDATE="yes"', 'CRON_DB_UPDATE="no"', 1, 0);
 		}
-		
+
 		// Add symlink for patch tool
 		if(!is_link('/usr/local/bin/ispconfig_patch')) exec('ln -s /usr/local/ispconfig/server/scripts/ispconfig_patch /usr/local/bin/ispconfig_patch');
-		
+
 		// Change mode of a few files from amavisd
 		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
@@ -2814,12 +2976,12 @@ class installer_base {
 		chmod($conf['ispconfig_log_dir'].'/cron.log', 0660);
 
 	}
-	
+
 	public function create_mount_script(){
 		global $app, $conf;
 		$mount_script = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';
 		$mount_command = '';
-		
+
 		if(is_file($mount_script)) return;
 		if(is_file('/etc/rc.local')){
 			$rc_local = file('/etc/rc.local');
@@ -2840,25 +3002,25 @@ class installer_base {
 			}
 		}
 	}
-	
+
 	// This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases
 	public function cleanup_ispconfig() {
 		global $app,$conf;
-		
+
 		// Remove directories recursively
 		if(is_dir('/usr/local/ispconfig/interface/web/designer')) exec('rm -rf /usr/local/ispconfig/interface/web/designer');
 		if(is_dir('/usr/local/ispconfig/interface/web/themes/default-304')) exec('rm -rf /usr/local/ispconfig/interface/web/themes/default-304');
-		
+
 		// Remove files
 		if(is_file('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/db_firebird.inc.php');
 		if(is_file('/usr/local/ispconfig/interface/lib/classes/form.inc.php')) unlink('/usr/local/ispconfig/interface/lib/classes/form.inc.php');
-		
+
 		// Change mode of a few files from amavisd
 		if(is_file($conf['amavis']['config_dir'].'/conf.d/50-user')) chmod($conf['amavis']['config_dir'].'/conf.d/50-user', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/50-user~')) chmod($conf['amavis']['config_dir'].'/50-user~', 0400);
 		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf')) chmod($conf['amavis']['config_dir'].'/amavisd.conf', 0640);
 		if(is_file($conf['amavis']['config_dir'].'/amavisd.conf~')) chmod($conf['amavis']['config_dir'].'/amavisd.conf~', 0400);
-		
+
 	}
 
 	public function getinitcommand($servicename, $action, $init_script_directory = ''){

install/lib/mysql.lib.php

@@ -27,7 +27,7 @@
  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-class db extends mysqli
+class db
 {
 	/**#@+
      * @access private
@@ -36,6 +36,7 @@ class db extends mysqli
 	private $_iConnId;
 
 	private $dbHost = '';  // hostname of the MySQL server
+	private $dbPort = '';  // port of the MySQL server
 	private $dbName = '';  // logical database name on that server
 	private $dbUser = '';  // database authorized user
 	private $dbPass = '';  // user's password
@@ -68,7 +69,8 @@ class db extends mysqli
 		global $conf;
 		
 		if($this->_iConnId) return true;
-		$this->dbHost = $conf["mysql"]["host"];
+		$this->dbHost = $conf['mysql']['host'];
+		$this->dbPort = $conf['mysql']['port'];
 		$this->dbName = false;//$conf["mysql"]["database"];
 		$this->dbUser = $conf["mysql"]["admin_user"];
 		$this->dbPass = $conf["mysql"]["admin_password"];
@@ -76,13 +78,13 @@ class db extends mysqli
 		$this->dbNewLink = false;
 		$this->dbClientFlags = null;
 		
-		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
 		$try = 0;
 		while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
 			if($try > 0) sleep(1);
 
 			$try++;
-			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
+			$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
 		}
 
 		if(!is_object($this->_iConnId) || mysqli_connect_error()) {
@@ -101,11 +103,12 @@ class db extends mysqli
 		$this->dbPort = $port;
 		$this->dbUser = $user;
 		$this->dbPass = $password;
+		$this->dbPort = $port;
 	}
 	
 	public function setDBName($name) {
 		$this->dbName = $name;
-		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', $this->dbPort);
+		$this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort);
 		if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {
 			$this->close();
 			$this->_sqlerror('Datenbank nicht gefunden / Database not found');
@@ -202,7 +205,7 @@ class db extends mysqli
 			$try++;
 			$ok = mysqli_ping($this->_iConnId);
 			if(!$ok) {
-				if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
+				if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName, (int)$this->dbPort)) {
 					if($this->errorNumber == '111') {
 						// server is not available
 						if($try > 9) {

install/lib/update.lib.php

@@ -59,6 +59,8 @@ function prepareDBDump() {
 
 		system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
 	}
+	chmod('existing_db.sql', 0400);
+	chown('existing_db.sql', 'root');
 
 	/*
 	 * If we have a server with nothing in it except VE's then the database of thie server is empty.
@@ -126,6 +128,13 @@ function updateDbAndIni() {
 	//* ensure no modes with errors for ENGINE=MyISAM
 	$inst->db->query("SET sql_mode = ''");
 
+	$unwanted_sql_plugins = array('validate_password');
+	$sql_plugins = $inst->db->queryAllRecords("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ?", $unwanted_sql_plugins);
+	if(is_array($sql_plugins) && !empty($sql_plugins)) {
+		foreach ($sql_plugins as $plugin) echo "Login in to MySQL and disable $plugin[plugin_name] with:\n\n    UNINSTALL PLUGIN $plugin[plugin_name];";
+		die();
+	}
+
 	//* Update $conf array with values from the server.ini that shall be preserved
 	$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
 	$ini_array = ini_to_array(stripslashes($tmp['config']));
@@ -336,6 +345,8 @@ function updateDbAndIni() {
 	$tpl_ini_array['web']['php_fpm_start_port'] = $conf['nginx']['php_fpm_start_port'];
 	$tpl_ini_array['web']['php_fpm_socket_dir'] = $conf['nginx']['php_fpm_socket_dir'];
 
+    $tpl_ini_array['xmpp']['xmpp_daemon'] = ($conf['metronome']['installed'] == true)?'metronome':'prosody';
+
 	if ($conf['nginx']['installed'] == true) {
 		$tpl_ini_array['web']['server_type'] = 'nginx';
 		$tpl_ini_array['global']['webserver'] = 'nginx';

install/patches/upd_0085.php

+<?php
+
+if(!defined('INSTALLER_RUN')) die('Patch update file access violation.');
+
+/*
+	Example installer patch update class. the classname must match
+	the php and the sql patch update filename. The php patches are
+	only executed when a corresponding sql patch exists.
+*/
+
+class upd_0085 extends installer_patch_update {
+
+	public function onAfterSQL() {
+		global $inst, $conf;
+		
+		$cron_files = $conf['cron']['crontab_dir'] . '/ispc_*';
+		$check_suffix = '';
+		if (file_exists('/etc/gentoo-release')) {
+			$cron_files .= '.cron';
+			$check_suffix = '.cron';
+		}
+		
+		$file_list = glob($cron_files);
+		if(is_array($file_list) && !empty($file_list)) {
+			for($f = 0; $f < count($file_list); $f++) {
+				$cron_file = $file_list[$f];
+				$fp = fopen($cron_file, 'r');
+				while($fp && !feof($fp)) {
+					$line = trim(fgets($fp));
+					if($line == '') continue;
+					elseif(substr($line, 0, 1) === '#') continue; // commented out
+					
+					$fields = preg_split('/\s+/', $line);
+					if(trim($fields[0]) == '') {
+						// invalid line
+						swriteln($inst->lng('[INFO] Invalid cron line in file ' . $cron_file));
+					} elseif(preg_match('/^\w+=/', $line)) {
+						if(preg_match('/\s/', $line)) {
+							// warning line with env var and space!
+							swriteln($inst->lng("\n" . '[WARNING] Cron line in file ' . $cron_file . ' contains environment variable.' . "\n"));
+						}
+					} elseif(!isset($fields[5])) {
+						// invalid line (missing user)
+							swriteln($inst->lng("\n" . '[WARNING] Cron line in file ' . $cron_file . ' misses user field.' . "\n"));
+					} else {
+						$check_filename = trim($fields[5]) . $check_suffix;
+						if(substr($cron_file, -strlen($check_filename)) != $check_filename) {
+							// warning user not equal to file name
+							swriteln($inst->lng("\n" . '[WARNING] SUSPECT USER IN CRON FILE ' . $cron_file . '! CHECK CRON FILE FOR MALICIOUS ENTRIES!' . "\n"));
+						}
+					}
+				}
+				fclose($fp);
+			}
+		}
+	}
+}
+
+?>

install/patches/upd_0086.php

+<?php
+
+if(!defined('INSTALLER_RUN')) die('Patch update file access violation.');
+
+/*
+	Example installer patch update class. the classname must match
+	the php and the sql patch update filename. The php patches are
+	only executed when a corresponding sql patch exists.
+*/
+
+class upd_0086 extends installer_patch_update {
+
+	public function onAfterSQL() {
+		global $inst;
+		
+		// delete all the files that were deleted on previous updates
+		$delete = array(
+			'interface/web/js/mail_domain_dkim.js',
+			'interface/web/mail/mail_domain_dkim_create.php'
+		);
+		
+		$curpath = dirname(dirname(realpath(dirname(__FILE__))));
+		
+		$c = 0;
+		$del_all = false;
+		foreach($delete as $file) {
+			if(strpos($file, '..') !== false) continue; // security!
+			
+			if($del_all == false) {
+				$answer = $inst->simple_query('Delete obsolete file ' . $file . '?', array('y', 'n', 'a', 'all', 'none'), 'y');
+				if($answer == 'n') continue;
+				elseif($answer == 'a' || $answer == 'all') $del_all = true;
+				elseif($answer == 'none') break;
+			}
+			if(@is_file('/usr/local/ispconfig/' . $file) && !@is_file($curpath . '/' . $file)) {
+				// be sure this is not a file contained in installation!
+				@unlink('/usr/local/ispconfig/' . $file);
+				ilog('Deleted obsolete file /usr/local/ispconfig/' . $file);
+				$c++;
+			}
+		}
+		ilog($c . 'obsolete files deleted.');
+	}
+}
+
+?>

install/sql/incremental/upd_0085.sql

+ALTER TABLE `web_domain` CHANGE `folder_directive_snippets` `folder_directive_snippets` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL;
+ALTER TABLE `web_domain` ADD `log_retention` INT NOT NULL DEFAULT '30' AFTER `https_port`;
+ALTER TABLE `web_domain` CHANGE `stats_type` `stats_type` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT 'awstats';
+ALTER TABLE `spamfilter_policy` 
+CHANGE `virus_lover` `virus_lover` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `spam_lover` `spam_lover` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `banned_files_lover` `banned_files_lover` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `bad_header_lover` `bad_header_lover` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `bypass_virus_checks` `bypass_virus_checks` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `bypass_spam_checks` `bypass_spam_checks` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `bypass_banned_checks` `bypass_banned_checks` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `bypass_header_checks` `bypass_header_checks` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `spam_modifies_subj` `spam_modifies_subj` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `warnvirusrecip` `warnvirusrecip` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `warnbannedrecip` `warnbannedrecip` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N',
+CHANGE `warnbadhrecip` `warnbadhrecip` ENUM('N','Y') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'N';
+ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL;
+ALTER TABLE `web_database` CHANGE `database_quota` `database_quota` INT(11) NULL DEFAULT NULL;
+ALTER TABLE `web_domain` ADD `log_retention` INT NOT NULL DEFAULT '30' ;
+ALTER TABLE spamfilter_policy CHANGE spam_tag_level spam_tag_level DECIMAL(5,2) NULL DEFAULT NULL, CHANGE spam_tag2_level spam_tag2_level DECIMAL(5,2) NULL DEFAULT NULL, CHANGE spam_kill_level spam_kill_level DECIMAL(5,2) NULL DEFAULT NULL, CHANGE spam_dsn_cutoff_level spam_dsn_cutoff_level DECIMAL(5,2) NULL DEFAULT NULL, CHANGE spam_quarantine_cutoff_level spam_quarantine_cutoff_level DECIMAL(5,2) NULL DEFAULT NULL;
+UPDATE `web_database` as d LEFT JOIN `web_domain` as w ON (w.domain_id = d.parent_domain_id) SET d.parent_domain_id = 0 WHERE w.domain_id IS NULL AND d.parent_domain_id != 0 AND (SELECT EXISTS(SELECT * FROM web_domain)); 
\ No newline at end of file

install/sql/incremental/upd_dev_collection.sql

+<<<<<<< HEAD
 ALTER TABLE `mail_mailinglist` ADD `list_type` enum('open','closed') NOT NULL DEFAULT 'open';
 ALTER TABLE `mail_mailinglist` ADD `subject_prefix` varchar(50) NOT NULL DEFAULT '';
 ALTER TABLE `mail_mailinglist` ADD `admins` mediumtext;
@@ -9,7 +10,100 @@ ALTER TABLE `mail_mailinglist` ADD `digestsub` ENUM('n','y') NOT NULL DEFAULT 'n
 ALTER TABLE `mail_mailinglist` ADD `mail_footer` mediumtext;
 ALTER TABLE `mail_mailinglist` ADD `subscribe_policy` enum('disabled','confirm','approval','both','none') NOT NULL DEFAULT 'confirm';
 ALTER TABLE `mail_mailinglist` ADD `posting_policy` enum('closed','moderated','free') NOT NULL DEFAULT 'free';
-ALTER TABLE `web_domain` CHANGE `folder_directive_snippets` `folder_directive_snippets` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL;
 ALTER TABLE `sys_user` ADD `last_login_ip` VARCHAR(50) NULL AFTER `lost_password_reqtime`;
 ALTER TABLE `sys_user` ADD `last_login_at` BIGINT(20) NULL AFTER `last_login_ip`;
-ALTER TABLE `sys_remoteaction` CHANGE `action_state` `action_state` ENUM('pending','processing','ok','warning','error') NOT NULL DEFAULT 'pending';
+ALTER TABLE `sys_remoteaction` CHANGE `action_state` `action_state` ENUM('pending','processing','ok','warning','error') NOT NULL DEFAULT 'pending';
\ No newline at end of file
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+ALTER TABLE `dns_ssl_ca` ADD UNIQUE(`ca_issue`);
+
+UPDATE `dns_ssl_ca` SET `ca_issue` = 'comodo.com' WHERE `ca_issue` = 'comodoca.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'geotrust.com';
+DELETE FROM `dns_ssl_ca` WHERE `ca_issue` = 'thawte.com';
+UPDATE `dns_ssl_ca` SET `ca_name` = 'Symantec / Thawte / GeoTrust' WHERE `ca_issue` = 'symantec.com';
+
+INSERT IGNORE INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodoca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;
+ALTER TABLE `web_domain` ADD COLUMN `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n' AFTER `ssl_letsencrypt`;
+ALTER TABLE `remote_user` ADD `remote_access` ENUM('y','n') NOT NULL DEFAULT 'y' AFTER `remote_password`;
+ALTER TABLE `remote_user` ADD `remote_ips` TEXT AFTER `remote_access`;
+ALTER TABLE `web_domain` ADD `php_fpm_chroot` enum('n','y') NOT NULL DEFAULT 'n' AFTER `php_fpm_use_socket`;
+
+
+
+
+ALTER TABLE `client_template`
+  ADD COLUMN `limit_xmpp_webpresence` ENUM( 'n', 'y' ) NOT NULL default 'y',
+  ADD COLUMN `limit_xmpp_http_upload` ENUM( 'n', 'y' ) NOT NULL default 'n';
+
+ALTER TABLE `client`
+  ADD COLUMN `limit_xmpp_webpresence` ENUM( 'n', 'y' ) NOT NULL default 'y',
+  ADD COLUMN `limit_xmpp_http_upload` ENUM( 'n', 'y' ) NOT NULL default 'n';
+
+ALTER TABLE `xmpp_domain`
+  ADD COLUMN `use_webpresence` enum('n','y') NOT NULL DEFAULT 'y',
+  ADD COLUMN `use_http_upload` enum('n','y') NOT NULL DEFAULT 'n';

install/sql/ispconfig3.sql

@@ -489,7 +489,7 @@ CREATE TABLE `dns_rr` (
   `server_id` int(11) NOT NULL default '1',
   `zone` int(11) unsigned NOT NULL DEFAULT '0',
   `name` varchar(255) NOT NULL DEFAULT '',
-  `type` enum('A','AAAA','ALIAS','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
+  `type` enum('A','AAAA','ALIAS','CAA','CNAME','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','TXT','TLSA','DNSKEY') default NULL,
   `data` TEXT NOT NULL,
   `aux` int(11) unsigned NOT NULL default '0',
   `ttl` int(11) unsigned NOT NULL default '3600',
@@ -500,6 +500,79 @@ CREATE TABLE `dns_rr` (
   KEY `rr` (`zone`,`type`,`name`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
+-- --------------------------------------------------------
+
+-- 
+-- Table structure for table  `dns_ssl_ca`
+-- 
+
+CREATE TABLE IF NOT EXISTS `dns_ssl_ca` (
+  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+  `sys_userid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_groupid` int(11) unsigned NOT NULL DEFAULT '0',
+  `sys_perm_user` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
+  `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
+  `active` enum('N','Y') NOT NULL DEFAULT 'N',
+  `ca_name` varchar(255) NOT NULL DEFAULT '',
+  `ca_issue` varchar(255) NOT NULL DEFAULT '',
+  `ca_wildcard` enum('Y','N') NOT NULL DEFAULT 'N',
+  `ca_iodef` text NOT NULL,
+  `ca_critical` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY (`ca_issue`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+INSERT INTO `dns_ssl_ca` (`id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `active`, `ca_name`, `ca_issue`, `ca_wildcard`, `ca_iodef`, `ca_critical`) VALUES
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'AC Camerfirma', 'camerfirma.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'ACCV', 'accv.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Actalis', 'actalis.it', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Amazon', 'amazon.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Asseco', 'certum.pl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Buypass', 'buypass.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CA Disig', 'disig.sk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CATCert', 'aoc.cat', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certinomis', 'www.certinomis.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Certizen', 'hongkongpost.gov.hk', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'certSIGN', 'certsign.ro', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'CFCA', 'cfca.com.cn', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Chunghwa Telecom', 'cht.com.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Comodo', 'comodo.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'D-TRUST', 'd-trust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DigiCert', 'digicert.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'DocuSign', 'docusign.fr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'e-tugra', 'e-tugra.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'EDICOM', 'edicomgroup.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Entrust', 'entrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Firmaprofesional', 'firmaprofesional.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'FNMT', 'fnmt.es', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GlobalSign', 'globalsign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GoDaddy', 'godaddy.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Google Trust Services', 'pki.goog', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'GRCA', 'gca.nat.gov.tw', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'HARICA', 'harica.gr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'IdenTrust', 'identrust.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Izenpe', 'izenpe.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Kamu SM', 'kamusm.gov.tr', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Let''s Encrypt', 'letsencrypt.org', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Microsec e-Szigno', 'e-szigno.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'NetLock', 'netlock.hu', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PKIoverheid', 'www.pkioverheid.nl', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'PROCERT', 'procert.net.ve', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'QuoVadis', 'quovadisglobal.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SECOM', 'secomtrust.net', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Sertifitseerimiskeskuse', 'sk.ee', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'StartCom', 'startcomca.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'SwissSign', 'swisssign.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Symantec / Thawte / GeoTrust', 'symantec.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'T-Systems', 'telesec.de', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Telia', 'telia.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Trustwave', 'trustwave.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'Web.com', 'web.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WISeKey', 'wisekey.com', 'Y', '', 0),
+(NULL, 1, 1, 'riud', 'riud', '', 'Y', 'WoSign', 'wosign.com', 'Y', '', 0);
+
+
 -- --------------------------------------------------------
 
 --
@@ -1257,6 +1330,8 @@ CREATE TABLE `remote_user` (
   `sys_perm_other` varchar(5) default NULL,
   `remote_username` varchar(64) NOT NULL DEFAULT '',
   `remote_password` varchar(64) NOT NULL DEFAULT '',
+  `remote_access` enum('y','n') NOT NULL DEFAULT 'y',
+  `remote_ips` TEXT,
   `remote_functions` text,
   PRIMARY KEY  (`remote_userid`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
@@ -1483,33 +1558,33 @@ CREATE TABLE `spamfilter_policy` (
   `sys_perm_group` varchar(5) NOT NULL DEFAULT '',
   `sys_perm_other` varchar(5) NOT NULL DEFAULT '',
   `policy_name` varchar(64) default NULL,
-  `virus_lover` enum('N','Y') default NULL,
-  `spam_lover` enum('N','Y') default NULL,
-  `banned_files_lover` enum('N','Y') default NULL,
-  `bad_header_lover` enum('N','Y') default NULL,
-  `bypass_virus_checks` enum('N','Y') default NULL,
-  `bypass_spam_checks` enum('N','Y') default NULL,
-  `bypass_banned_checks` enum('N','Y') default NULL,
-  `bypass_header_checks` enum('N','Y') default NULL,
-  `spam_modifies_subj` enum('N','Y') default NULL,
+  `virus_lover` enum('N','Y') default 'N',
+  `spam_lover` enum('N','Y') default 'N',
+  `banned_files_lover` enum('N','Y') default 'N',
+  `bad_header_lover` enum('N','Y') default 'N',
+  `bypass_virus_checks` enum('N','Y') default 'N',
+  `bypass_spam_checks` enum('N','Y') default 'N',
+  `bypass_banned_checks` enum('N','Y') default 'N',
+  `bypass_header_checks` enum('N','Y') default 'N',
+  `spam_modifies_subj` enum('N','Y') default 'N',
   `virus_quarantine_to` varchar(255) default NULL,
   `spam_quarantine_to` varchar(255) default NULL,
   `banned_quarantine_to` varchar(255) default NULL,
   `bad_header_quarantine_to` varchar(255) default NULL,
   `clean_quarantine_to` varchar(255) default NULL,
   `other_quarantine_to` varchar(255) default NULL,
-  `spam_tag_level` float default NULL,
-  `spam_tag2_level` float default NULL,
-  `spam_kill_level` float default NULL,
-  `spam_dsn_cutoff_level` float default NULL,
-  `spam_quarantine_cutoff_level` float default NULL,
+  `spam_tag_level` DECIMAL(5,2) default NULL,
+  `spam_tag2_level` DECIMAL(5,2) default NULL,
+  `spam_kill_level` DECIMAL(5,2) default NULL,
+  `spam_dsn_cutoff_level` DECIMAL(5,2) default NULL,
+  `spam_quarantine_cutoff_level` DECIMAL(5,2) default NULL,
   `addr_extension_virus` varchar(64) default NULL,
   `addr_extension_spam` varchar(64) default NULL,
   `addr_extension_banned` varchar(64) default NULL,
   `addr_extension_bad_header` varchar(64) default NULL,
-  `warnvirusrecip` enum('N','Y') default NULL,
-  `warnbannedrecip` enum('N','Y') default NULL,
-  `warnbadhrecip` enum('N','Y') default NULL,
+  `warnvirusrecip` enum('N','Y') default 'N',
+  `warnbannedrecip` enum('N','Y') default 'N',
+  `warnbadhrecip` enum('N','Y') default 'N',
   `newvirus_admin` varchar(64) default NULL,
   `virus_admin` varchar(64) default NULL,
   `banned_admin` varchar(64) default NULL,
@@ -1877,7 +1952,7 @@ CREATE TABLE `web_database` (
   `type` varchar(16) NOT NULL DEFAULT 'y',
   `database_name` varchar(64) DEFAULT NULL,
   `database_name_prefix` varchar(50) NOT NULL default '',
-  `database_quota` int(11) unsigned DEFAULT NULL,
+  `database_quota` int(11) DEFAULT NULL,
   `quota_exceeded` enum('n','y') NOT NULL DEFAULT 'n',
   `last_quota_notification` date NULL default NULL,
   `database_user_id` int(11) unsigned DEFAULT NULL,
@@ -1956,6 +2031,7 @@ CREATE TABLE `web_domain` (
   `rewrite_to_https` ENUM('y','n') NOT NULL DEFAULT 'n',
   `ssl` enum('n','y') NOT NULL default 'n',
   `ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n',
+  `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n',
   `ssl_state` varchar(255) NULL,
   `ssl_locality` varchar(255) NULL,
   `ssl_organisation` varchar(255) NULL,
@@ -1968,11 +2044,12 @@ CREATE TABLE `web_domain` (
   `ssl_key` mediumtext NULL,
   `ssl_action` varchar(16) NULL,
   `stats_password` varchar(255) default NULL,
-  `stats_type` varchar(255) default 'webalizer',
+  `stats_type` varchar(255) default 'awstats',
   `allow_override` varchar(255) NOT NULL default 'All',
   `apache_directives` mediumtext,
   `nginx_directives` mediumtext,
   `php_fpm_use_socket` ENUM('n','y') NOT NULL DEFAULT 'y',
+  `php_fpm_chroot` ENUM('n','y') NOT NULL DEFAULT 'n',
   `pm` enum('static','dynamic','ondemand') NOT NULL DEFAULT 'dynamic',
   `pm_max_children` int(11) NOT NULL DEFAULT '10',
   `pm_start_servers` int(11) NOT NULL DEFAULT '2',
@@ -1999,6 +2076,7 @@ CREATE TABLE `web_domain` (
   `http_port` int(11) unsigned NOT NULL DEFAULT '80',
   `https_port` int(11) unsigned NOT NULL DEFAULT '443',
   `folder_directive_snippets` text,
+  `log_retention` int(11) NOT NULL DEFAULT '30',
   PRIMARY KEY  (`domain_id`),
   UNIQUE KEY `serverdomain` (  `server_id` , `ip_address`,  `domain` )
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

install/tpl/apache_ispconfig.conf.master

@@ -4,16 +4,22 @@
 ServerTokens ProductOnly
 ServerSignature Off
 
-
+<tmpl_if name='apache_version' op='>=' value='2.4' format='version'>
+<IfModule mod_ssl.c>
+SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
 
 ################################################
 # ISPConfig Logfile configuration for vlogger
 ################################################
 
-SetEnvIf Request_URI "^/datalogstatus.php$" dontlog
-
+<tmpl_if name='apache_version' op='>=' value='2.5' format='version'>
+LogFormat '%v %h %l %u %t "%r" %>s %S "%{Referer}i" "%{User-Agent}i"' combined_ispconfig
+<tmpl_else>
 LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
-CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog
+</tmpl_if>
+CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig
 
 <Directory /var/www/clients>
     AllowOverride None
@@ -123,9 +129,7 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 		</tmpl_if>
 </Directory>
 
-<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
 Alias /awstats-icon "/usr/share/awstats/icon"
-</tmpl_if>
 
 Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
 <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
@@ -135,6 +139,9 @@ Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-know
         Order allow,deny
         Allow from all
 		</tmpl_if>
+        <IfModule mpm_itk_module>
+           AssignUserId www-data www-data
+        </IfModule>
 </Directory>
 
 <tmpl_if name='apache_version' op='<' value='2.4' format='version'>

install/tpl/apache_ispconfig.vhost.master

@@ -8,6 +8,9 @@
 
 <VirtualHost _default_:<tmpl_var name="vhost_port">>
   ServerAdmin webmaster@localhost
+  <tmpl_if name='http2_module' op='==' value='true'>
+		Protocols h2 h2c http/1.1
+  </tmpl_if>
 
   <Directory /var/www/ispconfig/>
     <FilesMatch "\.ph(p3?|tml)$">
@@ -76,7 +79,7 @@
   </tmpl_if>
   <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
   <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
-  <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
+  <tmpl_var name="ssl_bundle_comment">SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
 
   <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
   <tmpl_var name="ssl_comment">SSLHonorCipherOrder On

install/tpl/debian6_dovecot2.conf.master

@@ -66,3 +66,20 @@ protocol lmtp {
   postmaster_address = webmaster@localhost
   mail_plugins = quota sieve
 }
+mail_plugins = $mail_plugins quota
+imap_capability=+SEPCIAL-USE XLIST
+namespace inbox {
+  inbox = yes
+  mailbox Drafts {
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+  mailbox Sent {
+    special_use = \Sent
+  }
+  mailbox Trash {
+    special_use = \Trash
+  }
+}