ad4f17df · 3f9c6a3a · ddef5140 · 04d8e6f6 · 74b3b31f · 061583cf
--- a/helper_scripts/fixcerts
+++ b/helper_scripts/fixcerts
+ #!/bin/bash
+#####################################################################################
+#                                                                                   #
+# Syntax: fixcerts DOMAIN                                                           #
+#                                                                                   #
+# Use: Extend Letsencrypt SSl certificates for commonly grouped services such as    #
+#       Apache,Postfix,Dovecot using Certbot. Useful for keeping all client         #
+#       applications referencing the same virtual domain name, such as auto-config  #
+#       email clients on phones, i.e. mailuser@mydomain.TLD smtp.mydomain.TLD       #
+#       imaps.mydomain.TLD instead of mailuser@mydomain.TLD mail.ISPmaildomain.TLD  #
+#       Also useful when sending mail through services like Gmail that will         #
+#       validate sender through a negotiated TLS encrypted connection.              #
+#                                                                                   #
+#       Ex: sh fixcerts myhosteddomain.com                                          #
+#                                                                                   #
+# Prerequisites:                                                                    #
+#   - A Letsencrypt certificate for the DOMAIN must already exist                   #
+#   - A seperate certificate each for Dovecot and Postfix were previously generated #
+#   - All new host names to add MUST  already exist in DNS at least as a CNAME      #
+#   - Edit the Dovecot/Postfix conf to use the alternate certificate                #
+#   - Set the variable wr_file to a directory that certbot can read and write from  #
+#   - Set the dom_cert=,dv_cert=,pf_cert=,dv_file=, and pf_file= variables          #
+#                                                                                   #
+# In my case, I ran:                                                                #
+#   certbot certonly -webroot /usr/local/ispconfig/interface/acme -d dc.hrst.xyz    #
+#   certbot certonly -webroot /usr/local/ispconfig/interface/acme -d pf.hrst.xyz    #
+#   to create the separate Dovecot and Postscript certificates, then edited and     #
+#   ran the script to extend those certificate, once per hosted domain              #
+#                                                                                   #
+# If you use only one alternate certifcate for both mail services, set both dv_file #
+#     and pf_file to the same file name and set one of  _cert files=""  and         #
+#     use the other. If you don't wish to add to a particular certificate, set the  #
+#     variable ="", such as dom_cert                                                #
+# TODO: Pre-validate desired additions as already existing in DNS                   #
+#       Generate SRV Records and add to DNS to autoconfig clients                   #
+#                                                                                   #
+# Author: tad.hasse@gmail.com                                                       #
+#                                                                                   #
+#####################################################################################
+
+#bail out on error
+set -e
+
+# Hostnames to add to the main domain certificate
+dom_cert="webmail"
+
+# Hostnames to add to the Dovecot domain certificate
+dv_cert="pop3s imap"
+
+# Hostnames to add to the Postfix domain certificate
+pf_cert="mail smtp smtps"
+
+# Name of the certificate file that handles Dovecot
+dv_file="dc.hrst.xyz"
+
+# Name of the certificate file that handles Postfix
+pf_file="pf.hrst.xyz"
+
+# Writeable webroot for certbot (I use ISPConfig,
+wr_file="/usr/local/ispconfig/interface/acme"
+
+new_cert=""
+nanobot=""
+affected_services=""
+
+if [ -z "$1" ]                           # Is parameter #1 zero length?
+   then
+     echo "-No DOMAIN specified"          # Or no parameter passed.
+     exit 1
+   fi
+
+#live_check='/etc/letsencrypt/live/'$1
+if [[ ! -d '/etc/letsencrypt/live/'$1 ]]; then
+    echo "- DOMAIN certificate for \"$1\" not found -"
+    exit 1
+   fi
+
+if [[ ! -d '/etc/letsencrypt/live/'${dv_file} ]]; then
+    echo "- Dovecot/postoffice certificate" ${dv_file}" for \"$1\" not found -"
+    exit 1
+   fi
+
+if [[ ! -d '/etc/letsencrypt/live/'${pf_file} ]]; then
+    echo "- Postfix/mail certificate" ${pf_file}" for \"$1\" not found -"
+    exit 1
+   fi
+
+# Have certbot generate its current certificate list for use as input
+certbot certificates >~/certfile
+
+# Extend base domain certificate which typically only contains the domain.TLD and www.domain.TLD
+if [[ ! -z "${dom_cert}" ]]; then
+    echo
+    new_cert=$(echo $dom_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to "$1
+    nanobot=$(grep -A1 "Certificate Name: "$1 certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"A"
+else
+    echo "Domain Certificate unaffected"
+  fi
+
+# Extend the Dovecot certificate
+if [[ ! -z "${dv_cert}" ]]; then
+    echo
+    new_cert=$(echo $dv_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to "${dv_file}
+    nanobot=$(grep -A1 "Certificate Name: "${dv_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"D"
+else
+    echo "Dovecot Certificate unaffected"
+  fi
+
+# Extend the Postscript certificate
+if [[ ! -z "{$pf_cert}" ]]; then
+    echo
+    new_cert=$(echo $pf_cert| sed -e "s/ /.$1 /g" -e 's/ / -d /g' -e "s/$/.$1 /g" -e 's/^/-d /g')
+    echo "Adding" ${new_cert} " to " ${pf_file}
+    nanobot=$(grep -A1 "Certificate Name: "${pf_file} certfile |awk -F': ' '{ {getline}; $1=""; print }'|sed  's/ / -d /g')
+    doit_cert=$(echo "certbot certonly --webroot -w ${wr_file}${nanobot} ${new_cert}")
+    ${doit_cert}
+    affected_services=${affected_services}+"P"
+else
+    echo "Postfix Certificate unaffected"
+  fi
+
+  if [[ $affected_services == *"A"* ]]; then
+     echo "Remember to restart the httpd service"
+   fi
+  if [[ $affected_services == *"D"* ]]; then
+    echo "Remember to restart the dovecot/postoffice service"
+   fi
+  if [[ $affected_services == *"P"* ]]; then
+    echo "Remember to restart the postfix/sendmail  service"
+   fi
+
+echo
+echo
+echo "Add the following SRV records to DNS for client setup for "$1
+  if [[ $affected_services == *"D"* ]]; then
+    echo "_imaps._tcp."$1 "SRV 3600  4 60 993 imaps"
+    echo "_pop3s._tcp."$1 "SRV 3600  6 60 995 pop3s"
+    echo "_imap._tcp."$1 " SRV 3600  8 60 143 imap"
+  fi
+if [[ $affected_services == *"P"* ]]; then
+    echo "_smtps._tcp."$1 "SRV 3600  8 60 465 smtps"
+    echo "_smtp._tcp."$1 " SRV 3600 10 60 587 smtp"
+  fi
\ No newline at end of file
--- a/install/dist/conf/centos70.conf.php
+++ b/install/dist/conf/centos70.conf.php
@@ -147,6 +147,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavisd';
 $conf['amavis']['init_script'] = 'amavisd';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd@amavisd';

--- a/install/dist/conf/centos72.conf.php
+++ b/install/dist/conf/centos72.conf.php
@@ -147,6 +147,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavisd';
 $conf['amavis']['init_script'] = 'amavisd';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd@amavisd';

--- a/install/dist/conf/debian100.conf.php
+++ b/install/dist/conf/debian100.conf.php
+<?php
+
+/*
+Copyright (c) 2016, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+//***  Debian 10 default settings
+
+//* Main
+$conf['language'] = 'en';
+$conf['distname'] = 'debian100';
+$conf['hostname'] = 'server1.domain.tld'; // Full hostname
+$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
+$conf['ispconfig_log_priority'] = 2;  // 0 = Debug, 1 = Warning, 2 = Error
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+$conf['server_id'] = 1;
+$conf['init_scripts'] = '/etc/init.d';
+$conf['runlevel'] = '/etc';
+$conf['shells'] = '/etc/shells';
+$conf['pam'] = '/etc/pam.d';
+
+//* Services provided by this server, this selection will be overridden by the expert mode
+$conf['services']['mail'] = true;
+$conf['services']['web'] = true;
+$conf['services']['dns'] = true;
+$conf['services']['file'] = true;
+$conf['services']['db'] = true;
+$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
+
+//* MySQL
+$conf['mysql']['installed'] = false; // will be detected automatically during installation
+$conf['mysql']['init_script'] = 'mysql';
+$conf['mysql']['host'] = 'localhost';
+$conf['mysql']['ip'] = '127.0.0.1';
+$conf['mysql']['port'] = '3306';
+$conf['mysql']['database'] = 'dbispconfig';
+$conf['mysql']['admin_user'] = 'root';
+$conf['mysql']['admin_password'] = '';
+$conf['mysql']['charset'] = 'utf8';
+$conf['mysql']['ispconfig_user'] = 'ispconfig';
+$conf['mysql']['ispconfig_password'] = md5(uniqid(rand()));
+$conf['mysql']['master_slave_setup'] = 'n';
+$conf['mysql']['master_host'] = '';
+$conf['mysql']['master_database'] = 'dbispconfig';
+$conf['mysql']['master_admin_user'] = 'root';
+$conf['mysql']['master_admin_password'] = '';
+$conf['mysql']['master_ispconfig_user'] = '';
+$conf['mysql']['master_ispconfig_password'] = md5(uniqid(rand()));
+
+//* Apache
+$conf['apache']['installed'] = false; // will be detected automatically during installation
+$conf['apache']['user'] = 'www-data';
+$conf['apache']['group'] = 'www-data';
+$conf['apache']['init_script'] = 'apache2';
+$conf['apache']['version'] = '2.4';
+$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
+$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
+$conf['apache']['vhost_port'] = '8080';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.3/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.3/cgi/php.ini';
+
+//* Website base settings
+$conf['web']['website_basedir'] = '/var/www';
+$conf['web']['website_path'] = '/var/www/clients/client[client_id]/web[website_id]';
+$conf['web']['website_symlinks'] = '/var/www/[website_domain]/:/var/www/clients/client[client_id]/[website_domain]/';
+
+//* Apps base settings
+$conf['web']['apps_vhost_ip'] = '_default_';
+$conf['web']['apps_vhost_port'] = '8081';
+$conf['web']['apps_vhost_servername'] = '';
+$conf['web']['apps_vhost_user'] = 'ispapps';
+$conf['web']['apps_vhost_group'] = 'ispapps';
+
+//* Fastcgi
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.3/cgi/';
+$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
+$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
+
+//* Postfix
+$conf['postfix']['installed'] = false; // will be detected automatically during installation
+$conf['postfix']['config_dir'] = '/etc/postfix';
+$conf['postfix']['init_script'] = 'postfix';
+$conf['postfix']['user'] = 'postfix';
+$conf['postfix']['group'] = 'postfix';
+$conf['postfix']['vmail_userid'] = '5000';
+$conf['postfix']['vmail_username'] = 'vmail';
+$conf['postfix']['vmail_groupid'] = '5000';
+$conf['postfix']['vmail_groupname'] = 'vmail';
+$conf['postfix']['vmail_mailbox_base'] = '/var/vmail';
+
+//* Mailman
+$conf['mailman']['installed'] = false; // will be detected automatically during installation
+$conf['mailman']['config_dir'] = '/etc/mailman';
+$conf['mailman']['init_script'] = 'mailman';
+
+//* mlmmj
+$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
+$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
+
+//* Getmail
+$conf['getmail']['installed'] = false; // will be detected automatically during installation
+$conf['getmail']['config_dir'] = '/etc/getmail';
+$conf['getmail']['program'] = '/usr/bin/getmail';
+
+//* Courier
+$conf['courier']['installed'] = false; // will be detected automatically during installation
+$conf['courier']['config_dir'] = '/etc/courier';
+$conf['courier']['courier-authdaemon'] = 'courier-authdaemon';
+$conf['courier']['courier-imap'] = 'courier-imap';
+$conf['courier']['courier-imap-ssl'] = 'courier-imap-ssl';
+$conf['courier']['courier-pop'] = 'courier-pop';
+$conf['courier']['courier-pop-ssl'] = 'courier-pop-ssl';
+
+//* Dovecot
+$conf['dovecot']['installed'] = false; // will be detected automatically during installation
+$conf['dovecot']['config_dir'] = '/etc/dovecot';
+$conf['dovecot']['init_script'] = 'dovecot';
+
+//* SASL
+$conf['saslauthd']['installed'] = false; // will be detected automatically during installation
+$conf['saslauthd']['config'] = '/etc/default/saslauthd';
+$conf['saslauthd']['init_script'] = 'saslauthd';
+
+//* Amavisd
+$conf['amavis']['installed'] = false; // will be detected automatically during installation
+$conf['amavis']['config_dir'] = '/etc/amavis';
+$conf['amavis']['init_script'] = 'amavis';
+
+//* ClamAV
+$conf['clamav']['installed'] = false; // will be detected automatically during installation
+$conf['clamav']['init_script'] = 'clamav-daemon';
+
+//* Pureftpd
+$conf['pureftpd']['installed'] = false; // will be detected automatically during installation
+$conf['pureftpd']['config_dir'] = '/etc/pure-ftpd';
+$conf['pureftpd']['init_script'] = 'pure-ftpd-mysql';
+
+//* MyDNS
+$conf['mydns']['installed'] = false; // will be detected automatically during installation
+$conf['mydns']['config_dir'] = '/etc';
+$conf['mydns']['init_script'] = 'mydns';
+
+//* PowerDNS
+$conf['powerdns']['installed'] = false; // will be detected automatically during installation
+$conf['powerdns']['database'] = 'powerdns';
+$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
+$conf['powerdns']['init_script'] = 'pdns';
+
+//* BIND DNS Server
+$conf['bind']['installed'] = false; // will be detected automatically during installation
+$conf['bind']['bind_user'] = 'root';
+$conf['bind']['bind_group'] = 'bind';
+$conf['bind']['bind_zonefiles_dir'] = '/etc/bind';
+$conf['bind']['named_conf_path'] = '/etc/bind/named.conf';
+$conf['bind']['named_conf_local_path'] = '/etc/bind/named.conf.local';
+$conf['bind']['init_script'] = 'bind9';
+
+//* Jailkit
+$conf['jailkit']['installed'] = false; // will be detected automatically during installation
+$conf['jailkit']['config_dir'] = '/etc/jailkit';
+$conf['jailkit']['jk_init'] = 'jk_init.ini';
+$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch';
+$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
+
+//* Squid
+$conf['squid']['installed'] = false; // will be detected automatically during installation
+$conf['squid']['config_dir'] = '/etc/squid';
+$conf['squid']['init_script'] = 'squid';
+
+//* Nginx
+$conf['nginx']['installed'] = false; // will be detected automatically during installation
+$conf['nginx']['user'] = 'www-data';
+$conf['nginx']['group'] = 'www-data';
+$conf['nginx']['config_dir'] = '/etc/nginx';
+$conf['nginx']['vhost_conf_dir'] = '/etc/nginx/sites-available';
+$conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
+$conf['nginx']['init_script'] = 'nginx';
+$conf['nginx']['vhost_port'] = '8080';
+$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
+$conf['nginx']['php_fpm_init_script'] = 'php7.3-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.3/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.3/fpm/pool.d';
+$conf['nginx']['php_fpm_start_port'] = 9010;
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.3-fpm';
+
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
+//* vlogger
+$conf['vlogger']['config_dir'] = '/etc';
+
+//* cron
+$conf['cron']['init_script'] = 'cron';
+$conf['cron']['crontab_dir'] = '/etc/cron.d';
+$conf['cron']['wget'] = '/usr/bin/wget';
+
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
+
+
+?>
--- a/install/dist/conf/debian40.conf.php
+++ b/install/dist/conf/debian40.conf.php
@@ -149,6 +149,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';

--- a/install/dist/conf/debian60.conf.php
+++ b/install/dist/conf/debian60.conf.php
@@ -149,6 +149,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';

--- a/install/dist/conf/debian90.conf.php
+++ b/install/dist/conf/debian90.conf.php
@@ -153,6 +153,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';

--- a/install/dist/conf/debiantesting.conf.php
+++ b/install/dist/conf/debiantesting.conf.php
@@ -28,11 +28,11 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

-//***  Ubuntu 16.04 default settings
+//***  Debian Testing default settings

 //* Main
 $conf['language'] = 'en';
-$conf['distname'] = 'ubuntu1604';
+$conf['distname'] = 'debian100';
 $conf['hostname'] = 'server1.domain.tld'; // Full hostname
 $conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
 $conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
@@ -83,8 +83,8 @@ $conf['apache']['version'] = '2.4';
 $conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
 $conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
 $conf['apache']['vhost_port'] = '8080';
-$conf['apache']['php_ini_path_apache'] = '/etc/php/7.0/apache2/php.ini';
-$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.0/cgi/php.ini';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.3/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.3/cgi/php.ini';

 //* Website base settings
 $conf['web']['website_basedir'] = '/var/www';
@@ -99,7 +99,7 @@ $conf['web']['apps_vhost_user'] = 'ispapps';
 $conf['web']['apps_vhost_group'] = 'ispapps';

 //* Fastcgi
-$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.0/cgi/';
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.3/cgi/';
 $conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
 $conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';

@@ -120,6 +120,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
 $conf['mailman']['config_dir'] = '/etc/mailman';
 $conf['mailman']['init_script'] = 'mailman';

+//* mlmmj
+$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
+$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
+
 //* Getmail
 $conf['getmail']['installed'] = false; // will be detected automatically during installation
 $conf['getmail']['config_dir'] = '/etc/getmail';
@@ -149,6 +153,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';
@@ -201,11 +210,11 @@ $conf['nginx']['vhost_conf_enabled_dir'] = '/etc/nginx/sites-enabled';
 $conf['nginx']['init_script'] = 'nginx';
 $conf['nginx']['vhost_port'] = '8080';
 $conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
-$conf['nginx']['php_fpm_init_script'] = 'php7.0-fpm';
-$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.0/fpm/php.ini';
-$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.0/fpm/pool.d';
+$conf['nginx']['php_fpm_init_script'] = 'php7.3-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.3/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.3/fpm/pool.d';
 $conf['nginx']['php_fpm_start_port'] = 9010;
-$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.0-fpm';
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.3-fpm';

 //* OpenVZ
 $conf['openvz']['installed'] = false;

--- a/install/dist/conf/fedora9.conf.php
+++ b/install/dist/conf/fedora9.conf.php
@@ -147,6 +147,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavisd';
 $conf['amavis']['init_script'] = 'amavisd';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd.amavisd';

--- a/install/dist/conf/gentoo.conf.php
+++ b/install/dist/conf/gentoo.conf.php
@@ -162,6 +162,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_file'] = '/etc/amavisd.conf';
 $conf['amavis']['init_script'] = 'amavisd';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd';

--- a/install/dist/conf/opensuse112.conf.php
+++ b/install/dist/conf/opensuse112.conf.php
@@ -147,6 +147,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamd';

--- a/install/dist/conf/ubuntu1604.conf.php
+++ b/install/dist/conf/ubuntu1604.conf.php
@@ -149,6 +149,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';

--- a/install/dist/conf/ubuntu1710.conf.php
+++ b/install/dist/conf/ubuntu1710.conf.php
@@ -149,6 +149,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';

--- a/install/dist/conf/ubuntu1804.conf.php
+++ b/install/dist/conf/ubuntu1804.conf.php
@@ -149,6 +149,11 @@ $conf['amavis']['installed'] = false; // will be detected automatically during i
 $conf['amavis']['config_dir'] = '/etc/amavis';
 $conf['amavis']['init_script'] = 'amavis';

+//* Rspamd
+$conf['rspamd']['installed'] = false; // will be detected automatically during installation
+$conf['rspamd']['config_dir'] = '/etc/rspamd';
+$conf['rspamd']['init_script'] = 'rspamd';
+
 //* ClamAV
 $conf['clamav']['installed'] = false; // will be detected automatically during installation
 $conf['clamav']['init_script'] = 'clamav-daemon';
@@ -227,4 +232,4 @@ $conf['xmpp']['installed'] = false;
 $conf['xmpp']['init_script'] = 'metronome';


-?>
\ No newline at end of file
+?>
--- a/install/dist/lib/centos_base.lib.php
+++ b/install/dist/lib/centos_base.lib.php
@@ -111,6 +111,25 @@ class installer_centos extends installer_dist {

 		removeLine('/etc/sysconfig/freshclam', 'FRESHCLAM_DELAY=disabled-warn   # REMOVE ME', 1);
 		replaceLine('/etc/freshclam.conf', 'Example', '# Example', 1);
+		
+		// get shell-group for amavis
+		$amavis_group=exec('grep -o "^amavis:\|^vscan:" /etc/group');
+		if(!empty($amavis_group)) {
+			$amavis_group=rtrim($amavis_group, ":");
+		}
+		// get shell-user for amavis
+		$amavis_user=exec('grep -o "^amavis:\|^vscan:" /etc/passwd');
+		if(!empty($amavis_user)) {
+			$amavis_user=rtrim($amavis_user, ":");
+		}
+		
+		// Create the director for DKIM-Keys
+		if(!is_dir('/var/lib/amavis')) mkdir('/var/lib/amavis', 0750, true);
+		if(!empty($amavis_user)) exec('chown '.$amavis_user.' /var/lib/amavis');
+		if(!empty($amavis_group)) exec('chgrp '.$amavis_group.' /var/lib/amavis');
+		if(!is_dir('/var/lib/amavis/dkim')) mkdir('/var/lib/amavis/dkim', 0750);
+		if(!empty($amavis_user)) exec('chown -R '.$amavis_user.' /var/lib/amavis/dkim');
+		if(!empty($amavis_group)) exec('chgrp -R '.$amavis_group.' /var/lib/amavis/dkim');


 	}

--- a/install/dist/lib/debian60.lib.php
+++ b/install/dist/lib/debian60.lib.php
@@ -68,7 +68,6 @@ class installer extends installer_base {
 		}

 		//* Reconfigure postfix to use dovecot authentication
-		// Adding the amavisd commands to the postfix configuration
 		$postconf_commands = array (
 			'dovecot_destination_recipient_limit = 1',
 			'virtual_transport = '.$virtual_transport,
@@ -116,6 +115,38 @@ class installer extends installer_base {
 				file_put_contents($config_dir.'/'.$configfile,$content);
 				unset($content);
 			}
+			if(version_compare($dovecot_version,2.3) >= 0) {
+				// Remove deprecated setting(s)
+				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+				
+				// Check if we have a dhparams file and if not, create it
+				if(!file_exists('/etc/dovecot/dh.pem')) {
+					swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
+					if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
+						// convert existing ssl parameters file
+						$command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					} else {
+						/*
+						   Create a new dhparams file. We use 2048 bit only as it simply takes too long
+						   on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
+						   a 4096 bit file, create it manually before you install ISPConfig
+						*/
+						$command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					}
+				}
+				//remove #2.3+ comment
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('#2.3+','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+				
+			} else {
+				// remove settings which are not supported in Dovecot < 2.3
+				removeLine($config_dir.'/'.$configfile, 'ssl_min_protocol =');
+				removeLine($config_dir.'/'.$configfile, 'ssl_dh =');
+			}
 		} else {
 			if(is_file($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian6_dovecot.conf.master')) {
 				copy($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian6_dovecot.conf.master', $config_dir.'/'.$configfile);

--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -401,7 +401,6 @@ class installer_dist extends installer_base {
 		}

 		//* Reconfigure postfix to use dovecot authentication
-		// Adding the amavisd commands to the postfix configuration
 		$postconf_commands = array (
 			'dovecot_destination_recipient_limit = 1',
 			'virtual_transport = '.$virtual_transport,
@@ -450,6 +449,38 @@ class installer_dist extends installer_base {
 				file_put_contents($config_dir.'/'.$configfile,$content);
 				unset($content);
 			}
+			if(version_compare($dovecot_version,2.3) >= 0) {
+				// Remove deprecated setting(s)
+				removeLine($config_dir.'/'.$configfile, 'ssl_protocols =');
+				
+				// Check if we have a dhparams file and if not, create it
+				if(!file_exists('/etc/dovecot/dh.pem')) {
+					swriteln('Creating new DHParams file, this takes several minutes. Do not interrupt the script.');
+					if(file_exists('/var/lib/dovecot/ssl-parameters.dat')) {
+						// convert existing ssl parameters file
+						$command = 'dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					} else {
+						/*
+						   Create a new dhparams file. We use 2048 bit only as it simply takes too long
+						   on smaller systems to generate a 4096 bit dh file (> 30 minutes). If you need
+						   a 4096 bit file, create it manually before you install ISPConfig
+						*/
+						$command = 'openssl dhparam -out /etc/dovecot/dh.pem 2048';
+						caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+					}
+				}
+				//remove #2.3+ comment
+				$content = file_get_contents($config_dir.'/'.$configfile);
+				$content = str_replace('#2.3+','',$content);
+				file_put_contents($config_dir.'/'.$configfile,$content);
+				unset($content);
+				
+			} else {
+				// remove settings which are not supported in Dovecot < 2.3
+				removeLine($config_dir.'/'.$configfile, 'ssl_min_protocol =');
+				removeLine($config_dir.'/'.$configfile, 'ssl_dh =');
+			}
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = postmaster@example.com', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 			replaceLine($config_dir.'/'.$configfile, 'postmaster_address = webmaster@localhost', 'postmaster_address = postmaster@'.$conf['hostname'], 1, 0);
 		} else {
@@ -1253,11 +1284,11 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);

 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_on}', ' on', $content);
+				$content = str_replace('{ssl_on}', 'ssl', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{fastcgi_ssl}', 'on', $content);
 			} else {
-				$content = str_replace('{ssl_on}', ' off', $content);
+				$content = str_replace('{ssl_on}', '', $content);
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = str_replace('{fastcgi_ssl}', 'off', $content);
 			}

--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -785,7 +785,7 @@ class installer extends installer_base
 			$content = str_replace('{cgi_socket}', $cgi_socket, $content);
 			
 			// SSL in apps vhost is off by default. Might change later.
-			$content = str_replace('{ssl_on}', 'off', $content);
+			$content = str_replace('{ssl_on}', 'ssl', $content);
 			$content = str_replace('{ssl_comment}', '#', $content);
 			
 			wf($vhost_conf_dir.'/apps.vhost', $content);
@@ -1139,11 +1139,11 @@ class installer extends installer_base
 			$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);

 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_on}', ' on', $content);
+				$content = str_replace('{ssl_on}', 'ssl', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{fastcgi_ssl}', 'on', $content);
 			} else {
-				$content = str_replace('{ssl_on}', ' off', $content);
+				$content = str_replace('{ssl_on}', '', $content);
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = str_replace('{fastcgi_ssl}', 'off', $content);
 			}

--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -1264,11 +1264,11 @@ class installer_dist extends installer_base {
 			$content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);

 			if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
-				$content = str_replace('{ssl_on}', ' on', $content);
+				$content = str_replace('{ssl_on}', 'ssl', $content);
 				$content = str_replace('{ssl_comment}', '', $content);
 				$content = str_replace('{fastcgi_ssl}', 'on', $content);
 			} else {
-				$content = str_replace('{ssl_on}', ' off', $content);
+				$content = str_replace('{ssl_on}', '', $content);
 				$content = str_replace('{ssl_comment}', '#', $content);
 				$content = str_replace('{fastcgi_ssl}', 'off', $content);
 			}

--- a/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
+++ b/install/dist/tpl/gentoo/amavisd-ispconfig.conf.master
@@ -67,7 +67,7 @@ $final_spam_destiny = D_DISCARD;
 $final_banned_destiny = D_BOUNCE;
 $final_bad_header_destiny = D_PASS;

-# Default settings, we st this very high to not filter aut emails accidently
+# Default settings, we set this very high to not filter out emails accidentally
 $sa_spam_subject_tag = '***SPAM*** ';
 $sa_tag_level_deflt  = 20.0;  # add spam info headers if at, or above that level
 $sa_tag2_level_deflt = 60.0; # add 'spam detected' headers at that level