ghzhost
diff --git a/‎install/dist/lib/fedora.lib.php‎
Lines changed: 5 additions & 51 deletions b/‎install/dist/lib/fedora.lib.php‎
Lines changed: 5 additions & 51 deletions
diff --git a/‎install/dist/lib/gentoo.lib.php‎
Lines changed: 3 additions & 0 deletions b/‎install/dist/lib/gentoo.lib.php‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎install/dist/lib/opensuse.lib.php‎
Lines changed: 5 additions & 48 deletions b/‎install/dist/lib/opensuse.lib.php‎
Lines changed: 5 additions & 48 deletions
diff --git a/‎install/lib/installer_base.lib.php‎
Lines changed: 58 additions & 61 deletions b/‎install/lib/installer_base.lib.php‎
Lines changed: 58 additions & 61 deletions
diff --git a/‎install/sql/incremental/upd_dev_collection.sql‎
Lines changed: 13 additions & 1 deletion b/‎install/sql/incremental/upd_dev_collection.sql‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎install/sql/ispconfig3.sql‎
Lines changed: 6 additions & 1 deletion b/‎install/sql/ispconfig3.sql‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎install/tpl/debian_postfix.conf.master‎
Lines changed: 10 additions & 4 deletions b/‎install/tpl/debian_postfix.conf.master‎
Lines changed: 10 additions & 4 deletions
@@ -57,58 +57,12 @@ function configure_postfix($options = '')
 			$this->error("The postfix configuration directory '$config_dir' does not exist.");
 		}
 
-		//* mysql-virtual_domains.cf
-		$this->process_postfix_config('mysql-virtual_domains.cf');
-
-		//* mysql-virtual_forwardings.cf
-		$this->process_postfix_config('mysql-virtual_forwardings.cf');
-
-		//* mysql-virtual_alias_domains.cf
-		$this->process_postfix_config('mysql-virtual_alias_domains.cf');
-
-		//* mysql-virtual_alias_maps.cf
-		$this->process_postfix_config('mysql-virtual_alias_maps.cf');
-
-		//* mysql-virtual_mailboxes.cf
-		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
-
-		//* mysql-virtual_email2email.cf
-		$this->process_postfix_config('mysql-virtual_email2email.cf');
-
-		//* mysql-virtual_transports.cf
-		$this->process_postfix_config('mysql-virtual_transports.cf');
-
-		//* mysql-virtual_recipient.cf
-		$this->process_postfix_config('mysql-virtual_recipient.cf');
-
-		//* mysql-virtual_sender.cf
-		$this->process_postfix_config('mysql-virtual_sender.cf');
-
-		//* mysql-virtual_sender_login_maps.cf
-		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
-
-		//* mysql-virtual_client.cf
-		$this->process_postfix_config('mysql-virtual_client.cf');
-
-		//* mysql-virtual_relaydomains.cf
-		$this->process_postfix_config('mysql-virtual_relaydomains.cf');
-
-		//* mysql-virtual_relayrecipientmaps.cf
-		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
-
-		//* mysql-virtual_outgoing_bcc.cf
-		$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
-
-		//* mysql-virtual_policy_greylist.cf
-		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
-
-		//* mysql-virtual_gids.cf.master
-		$this->process_postfix_config('mysql-virtual_gids.cf');
-
-		//* mysql-virtual_uids.cf
-		$this->process_postfix_config('mysql-virtual_uids.cf');
+		//* Install virtual mappings
+		foreach (glob('tpl/mysql-virtual_*.master') as $filename) {
+			$this->process_postfix_config( basename($filename, '.master') );
+		}
 
-		//* mysql-virtual_alias_domains.cf
+		//* mysql-verify_recipients.cf
 		$this->process_postfix_config('mysql-verify_recipients.cf');
 
 		//* postfix-dkim
 
@@ -63,6 +63,9 @@ public function configure_postfix($options = '')
 			$this->process_postfix_config( basename($filename, '.master') );
 		}
 
+		//* mysql-verify_recipients.cf
+		$this->process_postfix_config('mysql-verify_recipients.cf');
+
 		//* Changing mode and group of the new created config files.
 		caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
 			__FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed');
 
@@ -57,55 +57,12 @@ function configure_postfix($options = '')
 			$this->error("The postfix configuration directory '$config_dir' does not exist.");
 		}
 
-		//* mysql-virtual_domains.cf
-		$this->process_postfix_config('mysql-virtual_domains.cf');
-
-		//* mysql-virtual_forwardings.cf
-		$this->process_postfix_config('mysql-virtual_forwardings.cf');
-
-		//* mysql-virtual_alias_domains.cf
-		$this->process_postfix_config('mysql-virtual_alias_domains.cf');
-
-		//* mysql-virtual_alias_maps.cf
-		$this->process_postfix_config('mysql-virtual_alias_maps.cf');
-
-		//* mysql-virtual_mailboxes.cf
-		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
-
-		//* mysql-virtual_email2email.cf
-		$this->process_postfix_config('mysql-virtual_email2email.cf');
-
-		//* mysql-virtual_transports.cf
-		$this->process_postfix_config('mysql-virtual_transports.cf');
-
-		//* mysql-virtual_recipient.cf
-		$this->process_postfix_config('mysql-virtual_recipient.cf');
-
-		//* mysql-virtual_sender.cf
-		$this->process_postfix_config('mysql-virtual_sender.cf');
-
-		//* mysql-virtual_sender_login_maps.cf
-		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
-
-		//* mysql-virtual_client.cf
-		$this->process_postfix_config('mysql-virtual_client.cf');
-
-		//* mysql-virtual_relaydomains.cf
-		$this->process_postfix_config('mysql-virtual_relaydomains.cf');
-
-		//* mysql-virtual_relayrecipientmaps.cf
-		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
-
-		//* mysql-virtual_policy_greylist.cf
-		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
-
-		//* mysql-virtual_gids.cf.master
-		$this->process_postfix_config('mysql-virtual_gids.cf');
-
-		//* mysql-virtual_uids.cf
-		$this->process_postfix_config('mysql-virtual_uids.cf');
+		//* Install virtual mappings
+		foreach (glob('tpl/mysql-virtual_*.master') as $filename) {
+			$this->process_postfix_config( basename($filename, '.master') );
+		}
 
-		//* mysql-virtual_alias_domains.cf
+		//* mysql-verify_recipients.cf
 		$this->process_postfix_config('mysql-verify_recipients.cf');
 
 		//* postfix-dkim
 
@@ -42,6 +42,15 @@ public function __construct() {
 		global $conf; //TODO: maybe $conf  should be passed to constructor
 	}
 
+	private function install_acme() {
+		$install_cmd = 'wget -O -  https://get.acme.sh | sh';
+		$ret = null;
+		$val = 0;
+		exec($install_cmd . ' 2>&1', $ret, $val);
+
+		return ($val == 0 ? true : false);
+	}
+
 	//: TODO  Implement the translation function and language files for the installer.
 	public function lng($text) {
 		return $text;
@@ -1044,58 +1053,12 @@ public function configure_postfix($options = '') {
 		$postfix_version = preg_replace('/.*=\s*/', '', $out[0]);
 		unset($out);
 
-		//* mysql-virtual_domains.cf
-		$this->process_postfix_config('mysql-virtual_domains.cf');
-
-		//* mysql-virtual_forwardings.cf
-		$this->process_postfix_config('mysql-virtual_forwardings.cf');
-
-		//* mysql-virtual_alias_domains.cf
-		$this->process_postfix_config('mysql-virtual_alias_domains.cf');
-
-		//* mysql-virtual_alias_maps.cf
-		$this->process_postfix_config('mysql-virtual_alias_maps.cf');
-
-		//* mysql-virtual_mailboxes.cf
-		$this->process_postfix_config('mysql-virtual_mailboxes.cf');
-
-		//* mysql-virtual_email2email.cf
-		$this->process_postfix_config('mysql-virtual_email2email.cf');
-
-		//* mysql-virtual_transports.cf
-		$this->process_postfix_config('mysql-virtual_transports.cf');
-
-		//* mysql-virtual_recipient.cf
-		$this->process_postfix_config('mysql-virtual_recipient.cf');
-
-		//* mysql-virtual_sender.cf
-		$this->process_postfix_config('mysql-virtual_sender.cf');
-
-		//* mysql-virtual_sender_login_maps.cf
-		$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
-
-		//* mysql-virtual_client.cf
-		$this->process_postfix_config('mysql-virtual_client.cf');
-
-		//* mysql-virtual_relaydomains.cf
-		$this->process_postfix_config('mysql-virtual_relaydomains.cf');
-
-		//* mysql-virtual_relayrecipientmaps.cf
-		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
-
-		//* mysql-virtual_outgoing_bcc.cf
-		$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
-
-		//* mysql-virtual_policy_greylist.cf
-		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
-
-		//* mysql-virtual_gids.cf.master
-		$this->process_postfix_config('mysql-virtual_gids.cf');
-
-		//* mysql-virtual_uids.cf
-		$this->process_postfix_config('mysql-virtual_uids.cf');
+		//* Install virtual mappings
+		foreach (glob('tpl/mysql-virtual_*.master') as $filename) {
+			$this->process_postfix_config( basename($filename, '.master') );
+		}
 
-		//* mysql-virtual_alias_domains.cf
+		//* mysql-verify_recipients.cf
 		$this->process_postfix_config('mysql-verify_recipients.cf');
 
 		// test if lmtp if available
@@ -1789,11 +1752,18 @@ public function configure_rspamd() {
 				$new_options[] = $value;
 			}
 			if ($mail_config['reject_sender_login_mismatch'] == 'y') {
-				array_splice($new_options, 0, 0, array('reject_authenticated_sender_login_mismatch'));
-
+				// insert before permit_mynetworks
 				for ($i = 0; isset($new_options[$i]); $i++) {
 					if ($new_options[$i] == 'permit_mynetworks') {
-						array_splice($new_options, $i+1, 0, array('reject_sender_login_mismatch'));
+						array_splice($new_options, $i, 0, array('reject_authenticated_sender_login_mismatch'));
+						break;
+					}
+				}
+
+				// insert before permit_sasl_authenticated
+				for ($i = 0; isset($new_options[$i]); $i++) {
+					if ($new_options[$i] == 'permit_sasl_authenticated') {
+						array_splice($new_options, $i, 0, array('reject_sender_login_mismatch'));
 						break;
 					}
 				}
@@ -2939,6 +2909,21 @@ public function make_ispconfig_ssl_cert() {
 			$acme = explode("\n", shell_exec('which /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
 			$acme = reset($acme);
 
+			if((!$acme || !is_executable($acme)) && (!$le_client || !is_executable($le_client))) {
+				$success = $this->install_acme();
+				if(!$success) {
+					swriteln('Failed installing acme.sh. Will not be able to issue certificate during install.');
+				} else {
+					$acme = explode("\n", shell_exec('which /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
+					$acme = reset($acme);
+					if($acme && is_executable($acme)) {
+						swriteln('Installed acme.sh and using it for certificate creation during install.');
+					} else {
+						swriteln('Failed installing acme.sh. Will not be able to issue certificate during install.');
+					}
+				}
+			}
+
 			$restore_conf_symlink = false;
 
 			// we only need this for apache, so use fixed conf index
@@ -2969,15 +2954,24 @@ public function make_ispconfig_ssl_cert() {
 			$issued_successfully = false;
 
 			// Backup existing ispserver ssl files
-			if(file_exists($ssl_crt_file) || is_link($ssl_crt_file))
-				rename($ssl_crt_file, $ssl_crt_file.'-temporary.bak');
-			if(file_exists($ssl_key_file) || is_link($ssl_key_file))
-				rename($ssl_key_file, $ssl_key_file.'-temporary.bak');
-			if(file_exists($ssl_pem_file) || is_link($ssl_pem_file))
-				rename($ssl_pem_file, $ssl_pem_file.'-temporary.bak');
+			if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) {
+				rename($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
+			}
+			if(file_exists($ssl_key_file) || is_link($ssl_key_file)) {
+				rename($ssl_key_file, $ssl_key_file . '-temporary.bak');
+			}
+			if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) {
+				rename($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
+			}
 
 			// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
 			if (is_executable($acme)) {
+				$acme_cert_dir = dirname($acme) . '/' . $hostname;
+
+				swriteln('acme.sh is installed, overriding certificate path to use ' . $acme_cert_dir);
+
+				# acme.sh does not set umask, resulting in incorrect permissions (ispconfig issue #6015)
+				$old_umask = umask(0022);
 
 				$out = null;
 				$ret = null;
@@ -3000,6 +2994,7 @@ public function make_ispconfig_ssl_cert() {
 					$acme_chain = "--fullchain-file " . escapeshellarg($ssl_crt_file);
 					exec("$acme --install-cert -d " . escapeshellarg($hostname) . " $acme_key $acme_chain");
 					$issued_successfully = true;
+					umask($old_umask);
 
 					// Make temporary backup of self-signed certs permanent
 					if(file_exists($ssl_crt_file.'-temporary.bak') || is_link($ssl_crt_file.'-temporary.bak'))
@@ -3012,6 +3007,8 @@ public function make_ispconfig_ssl_cert() {
 				} else {
 					swriteln('Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt');
 
+					umask($old_umask);
+
 					// Restore temporary backup of self-signed certs
 					if(file_exists($ssl_crt_file.'-temporary.bak') || is_link($ssl_crt_file.'-temporary.bak'))
 						rename($ssl_crt_file.'-temporary.bak', $ssl_crt_file);
@@ -3075,7 +3072,7 @@ public function make_ispconfig_ssl_cert() {
 							rename($ssl_key_file.'-temporary.bak', $ssl_key_file);
 						if(file_exists($ssl_pem_file.'-temporary.bak') || is_link($ssl_pem_file.'-temporary.bak'))
 							rename($ssl_pem_file.'-temporary.bak', $ssl_pem_file);
-						
+
 					}
 				} else {
 					swriteln('Did not find any valid acme client (acme.sh or certbot)');
 
@@ -1 +1,13 @@
-ALTER TABLE `remote_user` MODIFY `remote_password` VARCHAR(200) NOT NULL DEFAULT '';
+ALTER TABLE `remote_user` MODIFY `remote_password` VARCHAR(200) NOT NULL DEFAULT '';
+
+ALTER TABLE `client` ADD COLUMN `limit_mail_wblist` INT(11) NOT NULL DEFAULT '0' AFTER `limit_mailrouting`;
+ALTER TABLE `client_template` ADD COLUMN `limit_mail_wblist` INT(11) NOT NULL DEFAULT '0' AFTER `limit_mailrouting`;
+
+ALTER TABLE mail_access DROP CONSTRAINT `server_id`;
+SET SESSION old_alter_table=1;
+ALTER IGNORE TABLE mail_access ADD UNIQUE KEY `unique_source` (`server_id`,`source`,`type`);
+SET SESSION old_alter_table=0;
+
+ALTER TABLE mail_domain ADD COLUMN `relay_host` varchar(255) NOT NULL default '' AFTER `dkim_public`,
+  ADD COLUMN `relay_user` varchar(255) NOT NULL default '' AFTER `relay_host`,
+  ADD COLUMN `relay_pass` varchar(255) NOT NULL default '' AFTER `relay_user`;
@@ -178,6 +178,7 @@ CREATE TABLE `client` (
   `limit_mailforward` int(11) NOT NULL DEFAULT '-1',
   `limit_mailcatchall` int(11) NOT NULL DEFAULT '-1',
   `limit_mailrouting` int(11) NOT NULL DEFAULT '0',
+  `limit_mail_wblist` int(11) NOT NULL DEFAULT '0',
   `limit_mailfilter` int(11) NOT NULL DEFAULT '-1',
   `limit_fetchmail` int(11) NOT NULL DEFAULT '-1',
   `limit_mailquota` int(11) NOT NULL DEFAULT '-1',
@@ -309,6 +310,7 @@ CREATE TABLE `client_template` (
   `limit_mailforward` int(11) NOT NULL default '-1',
   `limit_mailcatchall` int(11) NOT NULL default '-1',
   `limit_mailrouting` int(11) NOT NULL default '0',
+  `limit_mail_wblist` int(11) NOT NULL default '0',
   `limit_mailfilter` int(11) NOT NULL default '-1',
   `limit_fetchmail` int(11) NOT NULL default '-1',
   `limit_mailquota` int(11) NOT NULL default '-1',
@@ -820,7 +822,7 @@ CREATE TABLE `mail_access` (
   `type` set('recipient','sender','client') NOT NULL DEFAULT 'recipient',
   `active` enum('n','y') NOT NULL default 'y',
   PRIMARY KEY  (`access_id`),
-  KEY `server_id` (`server_id`,`source`)
+  UNIQUE KEY `unique_source` (`server_id`,`source`,`type`)
 ) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
@@ -882,6 +884,9 @@ CREATE TABLE `mail_domain` (
   `dkim_selector` varchar(63) NOT NULL DEFAULT 'default',
   `dkim_private` mediumtext NULL,
   `dkim_public` mediumtext NULL,
+  `relay_host` varchar(255) NOT NULL DEFAULT '',
+  `relay_user` varchar(255) NOT NULL DEFAULT '',
+  `relay_pass` varchar(255) NOT NULL DEFAULT '',
   `active` enum('n','y') NOT NULL DEFAULT 'n',
   PRIMARY KEY  (`domain_id`),
   KEY `server_id` (`server_id`,`domain`),
 
@@ -24,11 +24,11 @@ transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{conf
 relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
 relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
 smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_reject_unlisted_sender = yes
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
+smtpd_reject_unlisted_sender = no
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
@@ -53,3 +53,9 @@ tls_preempt_cipherlist = yes
 address_verify_negative_refresh_time=60s
 # needed for postfix < 3.3 when using reject_unverified_recipient (lmtp):
 enable_original_recipient = yes
+sender_dependent_relayhost_maps = proxy:mysql:{config_dir}/mysql-virtual_sender-relayhost.cf
+smtp_sasl_password_maps = proxy:mysql:{config_dir}/mysql-virtual_sender-relayauth.cf, hash:{config_dir}/sasl_passwd
+smtp_sender_dependent_authentication = yes
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options = noanonymous, noplaintext
+smtp_sasl_tls_security_options = noanonymous
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,9 @@ public function configure_postfix($options = '')`
`63`	`63`	`$this->process_postfix_config( basename($filename, '.master') );`
`64`	`64`	`}`
`65`	`65`
	`66`	`+ //* mysql-verify_recipients.cf`
	`67`	`+ $this->process_postfix_config('mysql-verify_recipients.cf');`
	`68`	`+`
`66`	`69`	`//* Changing mode and group of the new created config files.`
`67`	`70`	`caselog('chmod o= '.$config_dir.'/mysql-virtual_.cf &> /dev/null',`
`68`	`71`	`__FILE__, __LINE__, 'chmod on mysql-virtual_.cf', 'chmod on mysql-virtual_.cf failed');`