Merge branch 'stable-3.1' of https://git.ispconfig.org/ispconfig/ispconfig3 into stable-3.1

ms217 · ms217 · commit 3318f4ff834c · 2020-08-10T15:27:50.000+02:00
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
@@ -66,6 +66,9 @@ function configure_postfix($options = '')
 		//* mysql-virtual_alias_domains.cf
 		$this->process_postfix_config('mysql-virtual_alias_domains.cf');
 
+		//* mysql-virtual_alias_maps.cf
+		$this->process_postfix_config('mysql-virtual_alias_maps.cf');
+
 		//* mysql-virtual_mailboxes.cf
 		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
 
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
@@ -66,6 +66,9 @@ function configure_postfix($options = '')
 		//* mysql-virtual_alias_domains.cf
 		$this->process_postfix_config('mysql-virtual_alias_domains.cf');
 
+		//* mysql-virtual_alias_maps.cf
+		$this->process_postfix_config('mysql-virtual_alias_maps.cf');
+
 		//* mysql-virtual_mailboxes.cf
 		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
 
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -976,6 +976,9 @@ public function configure_postfix($options = '') {
 		//* mysql-virtual_alias_domains.cf
 		$this->process_postfix_config('mysql-virtual_alias_domains.cf');
 
+		//* mysql-virtual_alias_maps.cf
+		$this->process_postfix_config('mysql-virtual_alias_maps.cf');
+
 		//* mysql-virtual_mailboxes.cf
 		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
 
diff --git a/install/tpl/apache_ispconfig.vhost.master b/install/tpl/apache_ispconfig.vhost.master
@@ -70,15 +70,15 @@ NameVirtualHost *:<tmpl_var name="vhost_port">
   # SSL Configuration
   <tmpl_var name="ssl_comment">SSLEngine On
   <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
-  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3
+  <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
   <tmpl_else>
   <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
   </tmpl_if>
   <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
   <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
   <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
 
-  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+  <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
   <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
   <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
   <tmpl_var name="ssl_comment">SSLCompression Off
diff --git a/install/tpl/debian6_dovecot2.conf.master b/install/tpl/debian6_dovecot2.conf.master
@@ -7,8 +7,10 @@ mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
 ssl_dh = </etc/dovecot/dh.pem
-ssl_protocols = !SSLv2 !SSLv3
-ssl_min_protocol = TLSv1
+ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = no
 auth_verbose = yes
 mail_max_userip_connections = 100
 mail_plugins = quota
diff --git a/install/tpl/debian_dovecot2.conf.master b/install/tpl/debian_dovecot2.conf.master
@@ -7,7 +7,9 @@ mail_privileged_group = vmail
 postmaster_address = postmaster@example.com
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
-ssl_protocols = !SSLv2 !SSLv3
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = no
 auth_verbose = yes
 mail_max_userip_connections = 100
 mail_plugins = $mail_plugins quota
diff --git a/install/tpl/debian_postfix.conf.master b/install/tpl/debian_postfix.conf.master
@@ -1,7 +1,7 @@
 alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
 alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
 virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
-virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
@@ -14,7 +14,7 @@ smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
-greylisting = check_policy_service inet:127.0.0.1:10023 
+greylisting = check_policy_service inet:127.0.0.1:10023
 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
@@ -39,10 +39,13 @@ nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 owner_request_special = no
 smtp_tls_security_level = may
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_tls_protocols = !SSLv2,!SSLv3
-smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_tls_mandatory_ciphers = medium
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+tls_preempt_cipherlist = no
 # needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
 enable_original_recipient = yes
diff --git a/install/tpl/fedora_dovecot2.conf.master b/install/tpl/fedora_dovecot2.conf.master
@@ -6,7 +6,9 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
-ssl_protocols = !SSLv2 !SSLv3
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = no
 auth_verbose = yes
 mail_plugins = quota
 passdb {
diff --git a/install/tpl/fedora_postfix.conf.master b/install/tpl/fedora_postfix.conf.master
@@ -1,5 +1,5 @@
 virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
-virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
@@ -35,10 +35,13 @@ nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
 smtp_tls_security_level = may
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_tls_protocols = !SSLv2,!SSLv3
-smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_tls_mandatory_ciphers = medium
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+tls_preempt_cipherlist = no
 # needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
 enable_original_recipient = yes
diff --git a/install/tpl/gentoo_postfix.conf.master b/install/tpl/gentoo_postfix.conf.master
@@ -1,5 +1,5 @@
 virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
-virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
@@ -34,10 +34,13 @@ nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
 smtp_tls_security_level = may
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_tls_protocols = !SSLv2,!SSLv3
-smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_tls_mandatory_ciphers = medium
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+tls_preempt_cipherlist = no
 # needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
 enable_original_recipient = yes
diff --git a/install/tpl/mysql-virtual_alias_domains.cf.master b/install/tpl/mysql-virtual_alias_domains.cf.master
@@ -2,5 +2,6 @@ user = {mysql_server_ispconfig_user}
 password = {mysql_server_ispconfig_password}
 dbname = {mysql_server_database}
 hosts = {mysql_server_ip}
-query = SELECT destination FROM mail_forwarding
-         WHERE source = '@%d' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id}
+query = SELECT SUBSTRING_INDEX(destination, '@', -1) FROM mail_forwarding
+         WHERE source = '@%s' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id}
+
diff --git a/install/tpl/mysql-virtual_alias_maps.cf.master b/install/tpl/mysql-virtual_alias_maps.cf.master
@@ -0,0 +1,6 @@
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+hosts = {mysql_server_ip}
+query = SELECT destination FROM mail_forwarding
+         WHERE source = '@%d' AND type = 'aliasdomain' AND active = 'y' AND server_id = {server_id}
diff --git a/install/tpl/nginx_apps.vhost.master b/install/tpl/nginx_apps.vhost.master
@@ -2,7 +2,7 @@ server {
         listen {apps_vhost_port} {ssl_on};
         listen [::]:{apps_vhost_port} {ssl_on} ipv6only=on;
 
-        {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        {ssl_comment}ssl_protocols TLSv1.2;
         {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
 
@@ -115,7 +115,7 @@ server {
         location /phpMyAdmin {
                rewrite ^/* /phpmyadmin last;
         }
-		
+
         location /squirrelmail {
                root /usr/share/;
                index index.php index.html index.htm;
diff --git a/install/tpl/nginx_ispconfig.vhost.master b/install/tpl/nginx_ispconfig.vhost.master
@@ -1,13 +1,13 @@
 server {
         listen {vhost_port} {ssl_on};
         listen [::]:{vhost_port} {ssl_on} ipv6only=on;
-		
-		{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+		{ssl_comment}ssl_protocols TLSv1.2;
         {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
         {ssl_comment}ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
         {ssl_comment}ssl_prefer_server_ciphers on;
-		
+
 		# redirect to https if accessed with http
 		{ssl_comment}error_page 497 https://$host:{vhost_port}$request_uri;
 
@@ -44,7 +44,7 @@ server {
         location ~ /\. {
                deny  all;
         }
-		
+
 #        location /phpmyadmin {
 #               root /usr/share/;
 #               index index.php index.html index.htm;
@@ -64,7 +64,7 @@ server {
 #        location /phpMyAdmin {
 #               rewrite ^/* /phpmyadmin last;
 #        }
-#		
+#
 #        location /squirrelmail {
 #               root /usr/share/;
 #               index index.php index.html index.htm;
diff --git a/install/tpl/opensuse_dovecot2.conf.master b/install/tpl/opensuse_dovecot2.conf.master
@@ -6,7 +6,9 @@ log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_privileged_group = vmail
 ssl_cert = </etc/postfix/smtpd.cert
 ssl_key = </etc/postfix/smtpd.key
-ssl_protocols = !SSLv2 !SSLv3
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+ssl_prefer_server_ciphers = no
 mail_plugins = quota
 passdb {
   args = /etc/dovecot/dovecot-sql.conf
@@ -79,7 +81,7 @@ mail_plugins = $mail_plugins quota
 #2.3+         group = vmail
 #2.3+         mode = 0660
 #2.3+     }
-#2.3+ 
+#2.3+
 #2.3+     unix_listener stats-writer {
 #2.3+         user = vmail
 #2.3+         group = vmail
@@ -122,4 +124,3 @@ namespace inbox {
     special_use = \Trash
   }
 }
-
diff --git a/install/tpl/opensuse_postfix.conf.master b/install/tpl/opensuse_postfix.conf.master
@@ -1,7 +1,7 @@
 alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
 alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
 virtual_alias_domains = proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf
-virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_domains.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_alias_maps.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
@@ -37,10 +37,13 @@ nested_header_checks = regexp:{config_dir}/nested_header_checks
 body_checks = regexp:{config_dir}/body_checks
 inet_interfaces = all
 smtp_tls_security_level = may
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-smtpd_tls_protocols = !SSLv2,!SSLv3
-smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
+smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
 smtpd_tls_exclude_ciphers = RC4, aNULL
 smtp_tls_exclude_ciphers = RC4, aNULL
+smtpd_tls_mandatory_ciphers = medium
+tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+tls_preempt_cipherlist = no
 # needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
 enable_original_recipient = yes
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
@@ -613,7 +613,7 @@ function update($event_name, $data) {
 			unset($tmp);
 
 			if($app->system->is_blacklisted_web_path($web_folder)) {
-				$app->log('Vhost is using a blacklisted web folder: ' . $web_folder, LOGLEVEL_ERROR);
+				$app->log('Vhost ' . $subdomain_host . ' is using a blacklisted web folder: ' . $web_folder, LOGLEVEL_ERROR);
 				return 0;
 			}
 
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
@@ -455,7 +455,7 @@ function update($event_name, $data) {
 			unset($tmp);
 
 			if($app->system->is_blacklisted_web_path($web_folder)) {
-				$app->log('Vhost is using a blacklisted web folder: ' . $web_folder, LOGLEVEL_ERROR);
+				$app->log('Vhost ' . $subdomain_host . ' is using a blacklisted web folder: ' . $web_folder, LOGLEVEL_ERROR);
 				return 0;
 			}
 
