From 49195dd188d0967b7df7028eb623a6006850baf0 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Tue, 09 Feb 2016 12:03:20 -0500
Subject: [PATCH] Merge branch 'stable-3.1'
---
install/uninstall-fedora.php | 12 +-
install/tpl/debian_postfix.conf.master | 7 +
server/lib/classes/db_mysql.inc.php | 10 +-
install/update.php | 8
install/tpl/blacklist_helo.master | 22 ++++
install/tpl/opensuse_postfix.conf.master | 7 +
server/plugins-available/software_update_plugin.inc.php | 16 +-
install/tpl/gentoo_postfix.conf.master | 7 +
install/tpl/helo_access.master | 19 +++
docs/examples/blacklist_helo.master | 74 ++++++++++++++
install/install.php | 10 +-
install/lib/installer_base.lib.php | 24 ++++
install/tpl/fedora_postfix.conf.master | 7 +
server/plugins-available/mail_plugin.inc.php | 18 +++
interface/lib/app.inc.php | 7 +
install/uninstall.php | 12 +-
install/lib/mysql.lib.php | 4
server/lib/classes/system.inc.php | 2
18 files changed, 226 insertions(+), 40 deletions(-)
diff --git a/docs/examples/blacklist_helo.master b/docs/examples/blacklist_helo.master
new file mode 100644
index 0000000..5d696d4
--- /dev/null
+++ b/docs/examples/blacklist_helo.master
@@ -0,0 +1,74 @@
+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases. .local is particularly problematic, and commented out by default.
+#
+# Note that any server hitting this check is misconfigured, all of the names below are bogus
+# and not allowed per RFC 2821.
+#
+# If your own users are blocked by this, they are not authenticating to your server when
+# sending (this check is after permit_sasl, which permits authenticated senders).
+#
+# Instructions:
+#
+# Copy this file to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# as well as /etc/postfix/blacklist_helo, so your changes are not overwritten with ispconfig
+# updates.
+
+# probably just put REJECT lines in here,
+# as OK lines will bypass a lot of other checks you may want done
+# (use DUNNO instead of OK)
+#
+
+# common for spammers (check https://data.iana.org/TLD/tlds-alpha-by-domain.txt and remove valid tld's occasionally)
+/.*\.administrator$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.admin$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.bac$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.coma$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.dlink$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.dns$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.domain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.dynamic$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.dyndns\.org$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.dyn$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.firewall$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.gateway$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.home$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.internal$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.intern$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.janak$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.kornet$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.lab$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.lan$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.localdomain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.localhost$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+
+# .local is used by spammers a lot, but too many otherwise legit servers hit it
+# (instead of REJECT, should send to greylisting)
+#/.*\.local$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+
+/.*\.loc$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.lokal$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.mail$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.nat$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.netzwerk$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.pc$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.privat$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.private$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.router$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.setup$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+
+/.*\.119$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.beeline$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.cici$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.gt_3g$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.gt-3g$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.hananet$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.skbroadband$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+/.*\.tbroad$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+
diff --git a/install/install.php b/install/install.php
index cab7069..c023e8f 100644
--- a/install/install.php
+++ b/install/install.php
@@ -188,7 +188,7 @@
} while (!$check);
// Check if the mysql functions are loaded in PHP
-if(!function_exists('mysql_connect')) die('No PHP MySQL functions available. Please ensure that the PHP MySQL module is loaded.');
+if(!function_exists('mysqli_connect')) die('No PHP MySQLi functions available. Please ensure that the PHP MySQL module is loaded.');
//** Get MySQL root credentials
$finished = false;
@@ -208,7 +208,7 @@
}
//* Initialize the MySQL server connection
- if(@mysql_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
+ if(@mysqli_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
$conf['mysql']['host'] = $tmp_mysql_server_host;
$conf['mysql']['port'] = $tmp_mysql_server_port;
$conf['mysql']['admin_user'] = $tmp_mysql_server_admin_user;
@@ -217,7 +217,7 @@
$conf['mysql']['charset'] = $tmp_mysql_server_charset;
$finished = true;
} else {
- swriteln($inst->lng('Unable to connect to the specified MySQL server').' '.mysql_error());
+ swriteln($inst->lng('Unable to connect to the specified MySQL server').' '.mysqli_error());
}
} while ($finished == false);
unset($finished);
@@ -553,7 +553,7 @@
$tmp_mysql_server_database = $inst->free_query('MySQL master server database name', $conf['mysql']['master_database'],'mysql_master_database');
//* Initialize the MySQL server connection
- if(@mysql_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
+ if(@mysqli_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
$conf['mysql']['master_host'] = $tmp_mysql_server_host;
$conf['mysql']['master_port'] = $tmp_mysql_server_port;
$conf['mysql']['master_admin_user'] = $tmp_mysql_server_admin_user;
@@ -561,7 +561,7 @@
$conf['mysql']['master_database'] = $tmp_mysql_server_database;
$finished = true;
} else {
- swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
+ swriteln($inst->lng('Unable to connect to mysql server').' '.mysqli_error());
}
} while ($finished == false);
unset($finished);
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 2ca0e54..503aa0b 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -896,6 +896,8 @@
}
unset($server_ini_array);
+ $tmp = str_replace('.','\.',$conf['hostname']);
+
$postconf_placeholders = array('{config_dir}' => $config_dir,
'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
'{vmail_userid}' => $cf['vmail_userid'],
@@ -903,6 +905,7 @@
'{rbl_list}' => $rbl_list,
'{greylisting}' => $greylisting,
'{reject_slm}' => $reject_sender_login_mismatch,
+ '{myhostname}' => $tmp,
);
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
@@ -933,6 +936,27 @@
if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
exec('/usr/sbin/postmap /var/lib/mailman/data/transport-mailman');
+ //* Create auxillary postfix conf files
+ $configfile = 'helo_access';
+ if(is_file($config_dir.'/'.$configfile)) {
+ copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+ chmod($config_dir.'/'.$configfile.'~', 0400);
+ }
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+ $content = strtr($content, $postconf_placeholders);
+ # todo: look up this server's ip addrs and loop through each
+ # todo: look up domains hosted on this server and loop through each
+ wf($config_dir.'/'.$configfile, $content);
+
+ $configfile = 'blacklist_helo';
+ if(is_file($config_dir.'/'.$configfile)) {
+ copy($config_dir.'/'.$configfile, $config_dir.'/'.$configfile.'~');
+ chmod($config_dir.'/'.$configfile.'~', 0400);
+ }
+ $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+ $content = strtr($content, $postconf_placeholders);
+ wf($config_dir.'/'.$configfile, $content);
+
//* Make a backup copy of the main.cf file
copy($config_dir.'/main.cf', $config_dir.'/main.cf~');
diff --git a/install/lib/mysql.lib.php b/install/lib/mysql.lib.php
index 11fd2ec..7cf06ee 100644
--- a/install/lib/mysql.lib.php
+++ b/install/lib/mysql.lib.php
@@ -776,7 +776,7 @@
*
* @access private
*/
- public function db_result($iResId, $iConnection) {
+ public function __construct($iResId, $iConnection) {
$this->_iResId = $iResId;
$this->_iConnection = $iConnection;
}
@@ -902,7 +902,7 @@
*
* @access private
*/
- public function fakedb_result($aData) {
+ public function __construct($aData) {
$this->aResultData = $aData;
$this->aLimitedData = $aData;
reset($this->aLimitedData);
diff --git a/install/tpl/blacklist_helo.master b/install/tpl/blacklist_helo.master
new file mode 100644
index 0000000..f8d9ee2
--- /dev/null
+++ b/install/tpl/blacklist_helo.master
@@ -0,0 +1,22 @@
+# blacklist_helo - after permit_sasl, used to stop common spammers/misconfigurations
+#
+# This file can be used to block hostnames used in smtp HELO command which are known bad.
+# Occasionally you will run into legitimate mail servers which are misconfigured and end
+# up blocked here, so this is not enabled by default, but it is useful if you are prepared
+# to address those cases.
+#
+# See docs/extras/blacklist_helo.master from ispconfig source for a more complete example list.
+#
+# If you make changes here, also copy them to /usr/local/ispconfig/server/conf-custom/install/blacklist_helo.master,
+# so your changes are not overwritten with ispconfig updates.
+
+
+#/.*\.administrator$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.admin$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.adsl$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.arpa$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.dhcp$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.dns$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.domain$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+#/.*\.dynamic$/ REJECT HELO hostname is using a top level domain that does not exist. See RFC 2821 section 3.6.
+
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
index 911b1ca..c518250 100644
--- a/install/tpl/debian_postfix.conf.master
+++ b/install/tpl/debian_postfix.conf.master
@@ -24,6 +24,8 @@
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
@@ -41,3 +43,8 @@
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
index 473bbce..cedaa14 100644
--- a/install/tpl/fedora_postfix.conf.master
+++ b/install/tpl/fedora_postfix.conf.master
@@ -21,6 +21,8 @@
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
@@ -38,3 +40,8 @@
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
index f5730f7..5439cc5 100644
--- a/install/tpl/gentoo_postfix.conf.master
+++ b/install/tpl/gentoo_postfix.conf.master
@@ -20,6 +20,8 @@
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
@@ -37,3 +39,8 @@
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes
diff --git a/install/tpl/helo_access.master b/install/tpl/helo_access.master
new file mode 100644
index 0000000..796c3ed
--- /dev/null
+++ b/install/tpl/helo_access.master
@@ -0,0 +1,19 @@
+# helo_access - before permit_sasl
+# be sure to list your own hostname(s), domain(s) and IP address(es) here
+
+# Reject others identifying with this machine's hostnames and IP addresses
+/^{myhostname}$/ REJECT
+#/^((smtp|mx|mail)\.domain1\.com$/ REJECT
+#/^mail\.domain2\.com$/ REJECT
+
+# TODO: this server's ip addr loop here
+#/^\[?1\.2\.3\.4\]?$/ REJECT
+#/^\[?12\.34\.56\.78\]?$/ REJECT
+#/^\[?123\.234\.123\.234\]?$/ REJECT
+
+# Reject others identifying as domains we host
+# TODO: this server's hosted mail domains loop here
+#/^domain1\.com$/ REJECT
+#/^domain2\.com$/ REJECT
+#/^domain3\.net$/ REJECT
+
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
index f018e23..a66536f 100644
--- a/install/tpl/opensuse_postfix.conf.master
+++ b/install/tpl/opensuse_postfix.conf.master
@@ -23,6 +23,8 @@
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, warn_if_reject reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
@@ -40,3 +42,8 @@
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
+strict_rfc821_envelopes = yes
+disable_vrfy_command = yes
+allow_percent_hack = no
+swap_bangpath = no
+smtpd_reject_unlisted_sender = yes
diff --git a/install/uninstall-fedora.php b/install/uninstall-fedora.php
index b1d7e47..8aa5fcf 100644
--- a/install/uninstall-fedora.php
+++ b/install/uninstall-fedora.php
@@ -65,16 +65,16 @@
//exec("/etc/init.d/mysqld stop");
//exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
//exec("/etc/init.d/mysqld start");
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
+ $link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
} else {
- $result=mysql_query("DROP DATABASE ".$conf['db_database']."';", $link);
- if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysql_error($link)."\n";
- $result=mysql_query("DROP USER '".$conf['db_user'] ."';");
- if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysql_error($link)."\n";
+ $result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
+ if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
+ $result=mysqli_query($link, "DROP USER '".$conf['db_user'] ."';");
+ if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
}
- mysql_close($link);
+ mysqli_close($link);
// Deleting the symlink in /var/www
// Apache
diff --git a/install/uninstall.php b/install/uninstall.php
index 111f574..198a145 100644
--- a/install/uninstall.php
+++ b/install/uninstall.php
@@ -60,16 +60,16 @@
echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
+ $link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
} else {
- $result=mysql_query("DROP DATABASE ".$conf['db_database']."';", $link);
- if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysql_error($link)."\n";
- $result=mysql_query("DROP USER '".$conf['db_user'] ."';");
- if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysql_error($link)."\n";
+ $result=mysqli_query($link,"DROP DATABASE ".$conf['db_database']."';");
+ if (!$result) echo "Unable to remove the ispconfig-database ".$conf['db_database']." ".mysqli_error($link)."\n";
+ $result=mysqli_query($link,"DROP USER '".$conf['db_user'] ."';");
+ if (!$result) echo "Unable to remove the ispconfig-database-user ".$conf['db_user']." ".mysqli_error($link)."\n";
}
- mysql_close($link);
+ mysqli_close($link);
// Deleting the symlink in /var/www
// Apache
diff --git a/install/update.php b/install/update.php
index 504a637..6422e54 100644
--- a/install/update.php
+++ b/install/update.php
@@ -226,10 +226,10 @@
//** Test mysql root connection
$finished = false;
do {
- if(@mysql_connect($conf["mysql"]["host"], $conf["mysql"]["admin_user"], $conf["mysql"]["admin_password"])) {
+ if(@mysqli_connect($conf["mysql"]["host"], $conf["mysql"]["admin_user"], $conf["mysql"]["admin_password"])) {
$finished = true;
} else {
- swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
+ swriteln($inst->lng('Unable to connect to mysql server').' '.mysqli_error());
$conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password'],'mysql_root_password');
}
} while ($finished == false);
@@ -255,7 +255,7 @@
$tmp_mysql_server_database = $inst->free_query('MySQL master server database name', $conf['mysql']['master_database'],'mysql_master_database');
//* Initialize the MySQL server connection
- if(@mysql_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
+ if(@mysqli_connect($tmp_mysql_server_host . ':' . (int)$tmp_mysql_server_port, $tmp_mysql_server_admin_user, $tmp_mysql_server_admin_password)) {
$conf['mysql']['master_host'] = $tmp_mysql_server_host;
$conf['mysql']['master_port'] = $tmp_mysql_server_port;
$conf['mysql']['master_admin_user'] = $tmp_mysql_server_admin_user;
@@ -263,7 +263,7 @@
$conf['mysql']['master_database'] = $tmp_mysql_server_database;
$finished = true;
} else {
- swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
+ swriteln($inst->lng('Unable to connect to mysql server').' '.mysqli_error());
}
} while ($finished == false);
unset($finished);
diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index e23b6ca..f9ef167 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -71,6 +71,13 @@
$this->uses('session');
$sess_timeout = $this->conf('interface', 'session_timeout');
$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
+
+ // Workaround for Nginx servers
+ if($cookie_domain == '_') {
+ $tmp = explode(':',$_SERVER["HTTP_HOST"]);
+ $cookie_domain = $tmp[0];
+ unset($tmp);
+ }
$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
if($sess_timeout) {
/* check if user wants to stay logged in */
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 52a5e50..e3d0c69 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -556,19 +556,19 @@
global $app;
include 'lib/mysql_clientdb.conf';
/* Connect to the database */
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
+ $link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link), LOGLEVEL_DEBUG);
+ $app->log('Unable to connect to the database'.mysqli_error($link), LOGLEVEL_DEBUG);
return;
}
/* Get database-size from information_schema */
- $result=mysql_query("SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='".mysql_real_escape_string($database_name)."';", $link);
+ $result=mysqli_query("SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='".mysqli_real_escape_string($database_name)."';", $link);
$this->close;
if (!$result) {
- $app->log('Unable to get the database-size'.mysql_error($link), LOGLEVEL_DEBUG);
+ $app->log('Unable to get the database-size'.mysqli_error($link), LOGLEVEL_DEBUG);
return;
}
- $database_size = mysql_fetch_row($result);
+ $database_size = mysqli_fetch_row($result);
return $database_size[0];
}
diff --git a/server/lib/classes/system.inc.php b/server/lib/classes/system.inc.php
index 739e822..2c36c38 100644
--- a/server/lib/classes/system.inc.php
+++ b/server/lib/classes/system.inc.php
@@ -44,7 +44,7 @@
*/
- public function system(){
+ public function __construct(){
//global $go_info;
//$this->server_id = $go_info['isp']['server_id'];
//$this->server_conf = $go_info['isp']['server_conf'];
diff --git a/server/plugins-available/mail_plugin.inc.php b/server/plugins-available/mail_plugin.inc.php
index 20388a4..8696205 100644
--- a/server/plugins-available/mail_plugin.inc.php
+++ b/server/plugins-available/mail_plugin.inc.php
@@ -207,7 +207,14 @@
//* Send the welcome email message
$domain = explode('@', $data["new"]["email"])[1];
- if(file_exists($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$domain.'.txt')) {
+ $html = false;
+ if(file_exists($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$domain.'.html')) {
+ $lines = file($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$domain.'.html');
+ $html = true;
+ } elseif(file_exists($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$conf['language'].'.html')) {
+ $lines = file($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$conf['language'].'.html');
+ $html = true;
+ } elseif(file_exists($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$domain.'.txt')) {
$lines = file($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$domain.'.txt');
} elseif(file_exists($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$conf['language'].'.txt')) {
$lines = file($conf['rootpath'].'/conf-custom/mail/welcome_email_'.$conf['language'].'.txt');
@@ -236,8 +243,13 @@
unset($tmp);
$mailHeaders = "MIME-Version: 1.0" . "\n";
- $mailHeaders .= "Content-type: text/plain; charset=utf-8" . "\n";
- $mailHeaders .= "Content-Transfer-Encoding: 8bit" . "\n";
+ if($html) {
+ $mailHeaders .= "Content-Type: text/html; charset=utf-8" . "\n";
+ $mailHeaders .= "Content-Transfer-Encoding: quoted-printable" . "\n";
+ } else {
+ $mailHeaders .= "Content-Type: text/plain; charset=utf-8" . "\n";
+ $mailHeaders .= "Content-Transfer-Encoding: 8bit" . "\n";
+ }
$mailHeaders .= "From: $welcome_mail_from" . "\n";
$mailHeaders .= "Reply-To: $welcome_mail_from" . "\n";
$mailTarget = $data["new"]["email"];
diff --git a/server/plugins-available/software_update_plugin.inc.php b/server/plugins-available/software_update_plugin.inc.php
index ae6b79c..bd8159e 100644
--- a/server/plugins-available/software_update_plugin.inc.php
+++ b/server/plugins-available/software_update_plugin.inc.php
@@ -246,29 +246,29 @@
}
//* Connect to the database
- $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
+ $link = mysqli_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
- $app->log('Unable to connect to the database'.mysql_error($link), LOGLEVEL_ERROR);
+ $app->log('Unable to connect to the database'.mysqli_error($link), LOGLEVEL_ERROR);
return;
}
$query_charset_table = '';
//* Create the new database
- if (mysql_query('CREATE DATABASE '.mysql_real_escape_string($db_config['database_name']).$query_charset_table, $link)) {
+ if (mysqli_query($link,'CREATE DATABASE '.mysqli_real_escape_string($link, $db_config['database_name']).$query_charset_table, $link)) {
$app->log('Created MySQL database: '.$db_config['database_name'], LOGLEVEL_DEBUG);
} else {
- $app->log('Unable to connect to the database'.mysql_error($link), LOGLEVEL_ERROR);
+ $app->log('Unable to connect to the database'.mysqli_error($link), LOGLEVEL_ERROR);
}
- if(mysql_query("GRANT ALL ON ".mysql_real_escape_string($db_config['database_name'], $link).".* TO '".mysql_real_escape_string($db_config['database_user'], $link)."'@'".$db_config['database_host']."' IDENTIFIED BY '".mysql_real_escape_string($db_config['database_password'], $link)."';", $link)) {
+ if(mysqli_query("GRANT ALL ON ".mysqli_real_escape_string($link, $db_config['database_name']).".* TO '".mysqli_real_escape_string($link, $db_config['database_user'])."'@'".$db_config['database_host']."' IDENTIFIED BY '".mysqli_real_escape_string($link, $db_config['database_password'])."';", $link)) {
$app->log('Created MySQL user: '.$db_config['database_user'], LOGLEVEL_DEBUG);
} else {
- $app->log('Unable to create database user'.$db_config['database_user'].' '.mysql_error($link), LOGLEVEL_ERROR);
+ $app->log('Unable to create database user'.$db_config['database_user'].' '.mysqli_error($link), LOGLEVEL_ERROR);
}
- mysql_query("FLUSH PRIVILEGES;", $link);
- mysql_close($link);
+ mysqli_query($link, "FLUSH PRIVILEGES;");
+ mysqli_close($link);
}
--
Gitblit v1.9.1