newAbility to suspend one email account
New feature allowing the suspension of individual email accounts.
All this feature does is it edits the /etc/virtual/domain.com/passwd file and adds a ! character in front of the password crypt.
Removal of the ! character unsuspends the account.
The usage.cache is also updated with the suspended=yes|no, if you're using the pop_disk_usage_cache=1 option.
The effect of a suspended email account is that they will not be able to login to pop/imap, and they will not be able to send email with smtp-authentication.
Note: if they were using popb4smtp, suspending their account may still give them a 30 minute window of mail delivery until their IP expires.
Once you suspend the account, each of their pop/imap/smtp login attempts will fail, and this will be counted in the brute force monitor, so ensure you're aware of this before blacklisting IPs just because you've suspended their email account.
newbrute_force_notify_pre.sh && brute_skip.list (SKINS)
New default values for the IP/User limit will be:
brute_force_notify_pre.sh, to allow a notice for IP or User to be ignored.
Variables will be:
Exit with a non-zero status to abort the inclusion of this value from the brute force scanning/notices.
Also include a skip list file, with skin GUI, where the admin can add/remove exceptions so they won't trigger a notification.
Where the list looks like:
IP or User for each line, both are valid in this file.
extensive changes to:
newInternal translation of CMD_LOST_PASSWORD
Translation text is now available for CMD_LOST_PASSWORD.
The file is at:
The 2 templates have not changed, and are available at:
as per all templates, first copy them to the custom directory if you wish to make custom changes.
newDrop minimum username length to 2 characters (SKINS)
Usernames can now be created with just 2 characters.
var shortUserName='Username must be at least 2 characters';
if (name.length < 2) return false;
if (username.value.length < 2)
new80 and 443 to be directadmin.conf options
Ability to change the 80 and 443 port values in DA to be something different in the case that you need apache to run on different ports (eg: when using nginx)
The 5 related templates have also been updated (virtual_host* and ips_virtual_host.conf) with tokens |PORT_80| and |PORT_443| so the directadmin.conf values will be set.
The default directadmin.conf values (internal) are:
so add these to your directadmin.conf if you wish to change them.
Note that they are used for all areas that the DA binaries write.
To issue a rewrite of the configs, type:
cd /usr/local/directadmin/custombuild ./build rewrite_confs
The exception is the /etc/httpd/conf/extra/httpd-vhosts.conf and httpd-ssl.conf. Those need to be changed manually after the rewrite.
You may want to use:
chattr +i httpd-vhosts.conf chattr +i httpd-ssl.conf
to lock those files, so they're note changed by the rewrite in the future.
Use -i to unlock them.
newBrute force log scanner disabled for existing installs, enabled for new ones
After receiving much feedback for this feature, we've changed how it's distributed.
Since existing installs may already have a scanner in place, this feature will be disabled for existing installs.
will be the internal default.
New installs will have:
set in the directadmin.conf template.
Note that if you've already made a "save" in your Admin Settings, this will set the value in the directadmin.conf, so it won't enabled or disable your setting if you've already changed the value.
newadd_email.sh to add email accounts via command line
used to add email accounts via the command line.
Mainly used for conversion of imported data, to add into DA via a script.
[root@server scripts]# ./add_email.sh
./add_email.sh <user> <domain> '<cryptedpass>' <plaintext> <quota>
Where the cryptedpass can either be an MD5/DES/SHA512 password
If plaintext is set to 1, then it can be a raw password
Else, set plaintext to 0 to use the provided crypted pass.
quota, in bytes. Use 0 for unlimited
The domain must already exist under a DA account
newPer-Email send limit
BETA - feature is new and in testing. Limited support.
Ability to specify a limit for each email account on the system, individually.
The old per-DA-User method still applies, and is still counted in parallel to this counter/limit.
The limit only applies to emails being sent using smtp-authentication, so if you rely on da-popb4smtp and require this feature to be accurate, disable da-popb4smtp.
An interface with DA for this feature will be added at a later date (once the exim.pl is out of testing)
*** MANUAL DOWNLOAD REQUIRED ***
- First, a new exim.pl (Version 9 or newer) is required, and needed if you want to use this feature. Must be downloaded manually:
wget -O /etc/exim.pl http://files1.directadmin.com/services/exim.pl
- Then setup a global per-email limit:
echo 50 > /etc/virtual/user_limit
- The exim.pl will create:
if it doesn't exist (including the usage directory), to log the outbound emails.
- If you wish to have a custom limit for one or more email address, create a limit in the following path, which will override the /etc/virtual/user_limit file.
echo 100 > /etc/virtual/domain.com/limit/user
where "user" is without the @domain.com.
** Note that setting a user limit value higher than the /etc/virtual/limit, or /etc/virtual/limit_username will not bypass this limit.
The DA-User limit is still in place and is enforced if enabled.
Similar to the per-DA-User feature, emails will be sent out, notifying the Admin's and DA Users upon the limit being hit.
The same values from the old feature will affect if the emails are sent:
and a new option:
which some may want to set to 0, since this per-email limit is likely going to be much smaller, and more likely to be hit under normal situations.
With notify_admins_on_per_email_mass_emailings=0 set, but the other 2 options both set to 1, then only the User (owner of the domain) will be notified, and no Admin's will be notified.
The template is at:
and if you need to change it, copy it to:
and edit the custom copy.
fixedDelete SquirrelMail/Uebimiau data when deleting a domain
When deleting just one email account, the data is removed from /var/www/html/squirrelmail/data and /var/www/html/webmail/tmp.
However, the bug is that this data is not removed when an entire domain is deleted.
The cause was DA was running as "apache", but many modern boxes use suPhp which runs as webapps, hence apache didn't have sufficient privileges to read or remove the files.
fixedBrute force log scanner entries not clearing
If there are more than 9999 entries, the index values gain an extra digit. The logic of the timestamp+XXXX no longer worked in determining the time of the entry as 4 characters were removed off the end. The fix simple does the opposite, and takes the first 10 characters for the time.
You can either let the new dataskq delete the large data files (if they get too big), or if you don't need the history (or the dataskq takes too long), delete the file:
which should help speed up the dataskq. The file will be re-created automatically with new values.
Using a smaller amount of time will also help keep this log small.
Admin Level -> Admin Settings -> Clear failed login attempts from log 2 days after entry was made.
The current default will be 4 days (for 1.39.1)
There is also new logic for adding/removing data to/from the brute_log_entries.list.
The per-minute scan of the system logs will only append new values to the end, which uses essentially zero load.
The previous method read in the entire list, sorted it, removed old values, added new ones, sorted, and saved. This is where the high load came from.
With the new method, the sorting and clearing of values will be done with the nightly tally (action=tally&value=all), but will be done after all User data is done processing.
As well, the removal of data has been changed from the removal of values from the internal list, to simply resaving the non-delete itmes one at a time to a file, then overwriting the old one. Far more efficient this way.
fixedSave user httpd.conf to temp file, then rename.
When doing rewrites on User httpd.conf files, DA will now save the httpd.conf to httpd.conf.temp. Once saved, it will rename httpd.conf.temp to httpd.conf.
This will prevent any issues if apache is being reloaded/restarted mid-write. The rename is done as "diradmin", just as with the old method of write.
fixedvalign=top in td values of List Users and Show All Users
Add valign=top in the
<td> cells for "Show All Users", and "List Users".
This is because some people have many domains under one User account, and this causes the old centered stats (user, disk usage, bandwidth, etc..) to show up several pages down, even though it's showing the first User. (The cell is multiple pages high with many domains).
The change aligns all contents to the top of their cells, so with the cells are that large, the data is at the top, not pages down in the middle.