- fixed vhost settings for nginx

- fixed rspamd settings
- fixed errors in webserver plugin
- fixed error in dkim domain handling

Author: Marius Burkard

install/tpl/nginx_ispconfig.vhost.master

@@ -2,7 +2,7 @@ server {
         listen {vhost_port}{ssl_on};
         listen [::]:{vhost_port} ipv6only=on{ssl_on};
 
-		{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+		{ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
         {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
         {ssl_comment}ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

install/tpl/rspamd_users.conf.master

@@ -4,10 +4,10 @@ settings {
 		authenticated = yes;
 		#apply "default" { groups_disabled = ["rbl", "spf"]; }
 		apply "default" {
-			symbols_enabled = [];
+			#symbols_enabled = [];
 			symbols_disabled = [];
-			groups_enabled = [];
-			groups_disabled = [];
+			#groups_enabled = [];
+			groups_disabled = ["rbl"];
 		}
 	}
 	whitelist {

interface/web/mail/mail_domain_edit.php

@@ -318,7 +318,7 @@ function onAfterInsert() {
 			$soaDomain = $this->dataRecord['domain'].'.';
  			while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) {
 				$soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain);
-				$soaDomain = preg_replace("/^\w+\./","",$soaDomain);
+				$soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain);
 			}
 			if ( isset($soa) && !empty($soa) ) $this->update_dns($this->dataRecord, $soa);
 		}
@@ -444,7 +444,7 @@ function onAfterUpdate() {
 			$soaDomain = $this->dataRecord['domain'].'.';
 			while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) {
 				$soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain);
-				$soaDomain = preg_replace("/^\w+\./","",$soaDomain);
+				$soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain);
 			}
 
 			if ( ($selector || $dkim_private || $dkim_active) && $dkim_active )

server/conf/nginx_vhost.conf.master

@@ -28,7 +28,7 @@ server {
 </tmpl_if>
 </tmpl_if>
         listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
-		ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 		# ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 		# ssl_prefer_server_ciphers on;
 <tmpl_if name='ipv6_enabled'>

server/lib/classes/plugin_webserver_base.inc.php

@@ -1719,7 +1719,7 @@ public function eventDelete($event_name, $data, $server_type = 'apache') {
 			$this->action = 'update';
 			$this->update_letsencrypt = true;
 			// just run the update function
-			$this->update($event_name, $data);
+			$this->eventUpdate($event_name, $data, 'update', $server_type);
 
 		} else {
 			$conf_prefix = '';

server/lib/classes/plugin_webserver_nginx.inc.php

@@ -632,7 +632,7 @@ public function processRewriteRules(&$tpl, &$data, &$vhost_data) {
 		if(count($server_alias) > 0) {
 			$server_alias_str = '';
 			foreach($server_alias as $tmp_alias) {
-				$server_alias_str .= $tmp_alias;
+				$server_alias_str .= ' ' . $tmp_alias;
 			}
 			unset($tmp_alias);
 

server/plugins-available/mail_plugin_dkim.inc.php

@@ -104,6 +104,8 @@ function get_amavis_config() {
 	function check_system($data) {
 		global $app, $mail_config;
 
+		/** TODO: FIX IF ONLY RSPAMD IS INSTALLED AND NO AMAVIS! **/
+		
 		$app->uses('getconf');
 		$check=true;
 

server/plugins-available/nginx_plugin.inc.php

@@ -98,7 +98,7 @@ function update($event_name, $data) {
 
 		if($this->action != 'insert') $this->action = 'update';
 
-		$app->plugins_webserver_base->eventUpdate($event_name, $data, 'nginx');
+		$app->plugin_webserver_base->eventUpdate($event_name, $data, $this->action, 'nginx');
 
 		//* Unset action to clean it for next processed vhost.
 		$this->action = '';

server/plugins-available/rspamd_plugin.inc.php

@@ -88,7 +88,7 @@ function spamfilter_users_update($event_name, $data) {
 		$app->uses('getconf,system,functions');
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
-		if($mail_config['content_filter'] == 'rspamd'){
+		if(is_dir('/etc/rspamd')) {
 			$policy = $app->db->queryOneRecord("SELECT * FROM spamfilter_policy WHERE id = ?", intval($data['new']['policy_id']));
 
 			//* Create the config file
@@ -129,10 +129,14 @@ function spamfilter_users_update($event_name, $data) {
 
 				$app->system->file_put_contents($user_file, $tpl->grab());
 			} else {
-				if(is_file($user_file)) unlink($user_file);
+				if(is_file($user_file)) {
+					unlink($user_file);
+				}
+			}
+			
+			if($mail_config['content_filter'] == 'rspamd'){
+				if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
 			}
-			//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
-			if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
 		}
 	}
 
@@ -143,11 +147,14 @@ function spamfilter_users_delete($event_name, $data) {
 		$app->uses('getconf');
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
-		if($mail_config['content_filter'] == 'rspamd'){
+		if(is_dir('/etc/rspamd')) {
 			//* delete the config file
 			$user_file = $this->users_config_dir.'spamfilter_user_'.intval($data['old']['id']).'.conf';
 			if(is_file($user_file)) unlink($user_file);
-			//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
+			
+		}
+		
+		if($mail_config['content_filter'] == 'rspamd') {
 			if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
 		}
 	}
@@ -166,7 +173,7 @@ function spamfilter_wblist_update($event_name, $data) {
 		$app->uses('getconf,system,functions');
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
-		if($mail_config['content_filter'] == 'rspamd'){
+		if(is_dir('/etc/rspamd')) {
 			$recipient = $app->db->queryOneRecord("SELECT email FROM spamfilter_users WHERE id = ?", intval($data['new']['rid']));
 			//* Create the config file
 			$wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['new']['wblist_id']).'.conf';
@@ -191,8 +198,10 @@ function spamfilter_wblist_update($event_name, $data) {
 			} else {
 				if(is_file($wblist_file)) unlink($wblist_file);
 			}
-			//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
-			if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
+			
+			if($mail_config['content_filter'] == 'rspamd'){
+				if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
+			}
 		}
 	}
 
@@ -202,12 +211,14 @@ function spamfilter_wblist_delete($event_name, $data) {
 		$app->uses('getconf');
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
-		if($mail_config['content_filter'] == 'rspamd'){
+		if(is_dir('/etc/rspamd')) {
 			//* delete the config file
 			$wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['old']['wblist_id']).'.conf';
 			if(is_file($wblist_file)) unlink($wblist_file);
-			//if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null');
-			if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
+			
+			if($mail_config['content_filter'] == 'rspamd'){
+				if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload');
+			}
 		}
 	}
 
@@ -220,7 +231,7 @@ function server_ip($event_name, $data) {
 
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
-		if($mail_config['content_filter'] == 'rspamd'){
+		if(is_dir('/etc/rspamd')) {
 			$tpl = new tpl();
 			$tpl->newTemplate('rspamd_users.conf.master');
 
@@ -234,7 +245,9 @@ function server_ip($event_name, $data) {
 			$tpl->setLoop('whitelist_ips', $whitelist_ips);
 			$app->system->file_put_contents('/etc/rspamd/local.d/users.conf', $tpl->grab());
 
-			$app->services->restartServiceDelayed('rspamd', 'reload');
+			if($mail_config['content_filter'] == 'rspamd'){
+				$app->services->restartServiceDelayed('rspamd', 'reload');
+			}
 		}
 	}