Version 1.45.0

Released: 2014-03-08

Ability to delete old majordomo archives new

Added info about archive space usage, and a purge button on the majordom lists page.

https://forum.directadmin.com/posts/180571

When viewing the list of mailing lists, another column called:

Archive Size

has been added.

It will count up the size of all files in the listname-digest.archive folder (example below).

At the bottom of this table, a new button and text filed has been added:

[Purge Archives] older than [90] days.

Where you can specify any valid numeric value for the days.

0 is valid, meaning it will delete all archive files.

/etc/virtual/domain.com/majordomo/lists/listname-digest.archive

[root@mail all-digest.archive]# ls -la
total 3928880
-rw-rw---- 1 majordomo daemon 19642005 Mar 12  2010 v01.n001
-rw-rw---- 1 majordomo daemon 17564517 Mar 18  2010 v01.n002
-rw-rw---- 1 majordomo daemon 28688123 Mar 25  2010 v01.n003
-rw-rw---- 1 majordomo daemon 22741996 Mar 29  2010 v01.n004
-rw-rw---- 1 majordomo daemon 19922727 Mar 30  2010 v01.n005
-rw-rw---- 1 majordomo daemon 19292494 Mar 30  2010 v01.n006
-rw-rw---- 1 majordomo daemon 14449228 Mar 31  2010 v01.n007

Per-user count_pop_usage user.conf setting new

Related to this feature:

option to disable quota counting for pop accounts page

You can now add:

count_pop_usage=0

to the user.conf file for an account to disable the option on a per-User basis.

Ability to set an IPv6 IP in the spf/txt records by default (TEMPLATES) new

New directadmin.conf option, disabled by default.

If exim is sending email from your IPv6 IP instead of your server IP, then you'll want to use this option.

The internal default is "null", so if you're not using the option, ensure you've not added it in the directadmin.conf at all.

To use it, add the following option to your directadmin.conf:

extra_spf_value= ip6:1080::8:800:200C:417A

(just as an example IP)

** Note the space after the = character **

This is required, else the text you insert here will end up being appended to the server IP.

DA isn't adding a space for you to allow for the use of the token in other creative manners, like netmasks, or like if-then-else statements on it or other template/tokenizer things.

TEMPLATE changes:

dns_txt.conf and dns_spf.conf:

|DOMAIN|.="v=spf1 a mx ip4:|SERVER_IP||EXTRA_SPF| ~all"

where the |EXTRA_SPF| is added, right after the |SERVER_IP| field.

Allow domain exceptions to the check_subdomain_owner new

If you create the file:

/usr/local/directadmin/data/admin/allowed_sub_domains.list

and add a list of one or more domains in it, you can then override the:

check_subdomain_owner=1

for this domain, in case you want to use this domain for subdomain hosting (as full domains)

Ensure you chown the file to diradmin:diradmin.

If there is a match (starting from the top domain.com down, to sub.domain.com), then DA will check the subdomain.list file for domain.com (under the true owner, if that's on the box) and if a subdomain already matches that name, the creation will abort.

The true domain's subdomains have priority if they already exists.

Ability to skip backup paths from the home.tar.gz new

You can now create one or both of the following files:

Per User:

/usr/local/directadmin/data/users/username/skip_backup_home_files.list

Global:

/usr/local/directadmin/data/admin/skip_backup_home_files.list

Where the Global file is used if the Per User is used file doesn't exist.

If the Per User file exists, it will be used (the files are not merged)

In these files you can list files or folders below the given User's /home/username path, such that they are skipped, and not added into the home.tar.gz file in the backup.

Note, that this list will remove the values from a directory listing that DA has of /home/user, so this means you cannot add sub/paths.

Sample valid values:

Maildir

application_backups

And these are invalid values that won't be skipped:

some/specific/path.txt

This doesn't work because it won't be in the /home/user is... only "some" would be in the list.. so you can only skip complete folders, starting from /home/username.

Using "some" in the list, would be vaild, but of course, it would skip everything in that folder, not just the specific path.txt file.

Bypass dns for Multi Server Setup clustering (SKINS) new

If clustering is turned on, enable these options at the Admin Level:

  1. When Deleting a User through "Show All Users", extra checkbox to leave the dns zone.

This will leave the local copy in place, but will also prevent any removal of remote dns zones.

This will be handy if you're moving a User between 2 servers, the data exists on both, but only want to remove the User data, and not the dns data.

Would imply that the zone most likely points to the other server already.

** DNNSEC issues? domain.com.signed possibly needs to be swapped to domain.com.db on future writes from external source.

  1. When adding a User via Restore by an Admin at:

Admin Level -> Admin Backup/Transfer

new checkbox to bypass a dns check, knowing that the zone alerady exists.

This will fallback to check /etc/virtual/domainowners to ensure the domain isn't added twice.

But.. will allow for a User to be added to a box where a zone from a remote box already exists.

SKINS:

admin/admin_backup.html

Bottom section, restore settings:

|*if CLUSTER_ENABLED="1"|
<tr>
<td class=list align=center>
<input type=checkbox name=confirm_with_domainowners value="yes" |CONFIRM_WITH_DOMAINOWNERS|>
</td>
<td class=list>
On restore, check for domain conflict in domainowners, rather than the named.conf, or remote named.conf files.
</td>
</tr>
|*endif|

Custom Stats Path new

New directadmin.conf option, this is the internal default:

custom_stats_path=(NULL)

where it's completely unset.

If you add the following to your directadmin.conf:

custom_stats_path=/some/path/%s/index.html

then DA will swap the href="value" with your custom_stats_path value on the CMD_USER_STATS page (webalizer and awstats table, left column)

For example:

custom_stats_path=/CMD_FILE_MANAGER/domains/%s/stats/index.html

Would essentially do the exact same thing the normal webalizer link.

NOTE you must provide exactly one instance of %s else DA will fill the href with:

javascript:alert('check custom_stats_path setting');

so when clicked, Users will see a popup.

If this option is set, it will override any webalizer/awstats setting, enabled or not.


Related bugfix:

webalizer=0
awstats=0

will remove any a href link, and will show just the domain.

Previously, if both were 0, then the webalizer URL was still shown.

Thread:

https://forum.directadmin.com/threads/48304

Alternate email for high-volume messages new

You can now manually add a field to your user.conf (possibly interface later), eg:

alternate_email=attacks@domain.com

such that the brute force monitor notices will go to that email, if the field exists.

The file can support multiple values too, eg:

alternate_email=attacks@domain.com,other@email.com

This will free up your inbox from getting flooded, while still being able to get notified with a different email of the attacks.

Note, if you're satisfied that the BFM is working correctly, you could completely suppress the emails:

Ability to suppress BFM messages

Or inversely, you can disable the messages from the Message System, and make them email-only (can be used with the altnernate_email)

BFM: Option to only send an email notification

max_read_to_memory_size to limit big files new

In some cases, DA uses a function to read the contents of a file to memory so it can be worked on.

This change imposes an upper limit as to the max size that this file can be.

The internal default is 500Meg (the function is usually mainly only used on small files)

The value will be in bytes, so will look like:

max_read_to_memory_size=524288000

If you want to change it, add the value to your directadmin.conf with a new size.

ajax for password check and username check (SKINS) new

When creating a DA User, a valid username, domain and password is required.

Currently, javascript is used for this, but if the "difficult password" option is enabled, and the options are changed, then without this feature, the javascript also needs to be changed.

The feature will use ajax to ask DA if the password is valid, rather than relying on just javascript.

The same idea can be used for a username check.. although the validity never really changes, the existence of a value that already exists can.

The domain value will be checked as well.

Note that these checks are more than just validity checks; they will also check for the existence of values on other boxes if the multi-server setup is used, or values already exist on the box. As such, they could be tools used to determine if a value exists on the server, but it's nothing different than actually submitting the form.. would give the same error anyway.

The "Random" buttons, for new passwords, will also fetch a new value from ajax. This is handy, because DA will internally try the new password against the diffiult password script (if enabled) up to 20 times, to try and satisfy whatever creative rules you may have added. If it fails after 20 tries, you can still type in a value to try and satisfy it by hand.

Also, the output from the difficult password script is dumped directly into the error div, so if you have a custom rule, you can tell the User exactly what they're typing wrong, causing less confusion.

Requires:

ajax=1

to be set in the directadmin.conf.

The internal default is:

ajax=0

may be turned on by default for a future version.

Related:

AJAX (SKINS) (BETA)

note: enabling ajax for these form checks also enables the username auto-fill in the "change password" page for Admin/Resellers.

CMD_AJAX_CHECK_USERNAME?username=fred
CMD_AJAX_CHECK_PASSWORD?passwd=pass
CMD_AJAX_CHECK_PASSWORD?action=get
CMD_AJAX_CHECK_DOMAIN?domain=domain.com
SKINS:

new file:

creation_check.js

files_user.conf:

JS_CREATION_CHECK=creation_check.js

Account creation (Admin/Reseller/User), but not in the "customize" areas.

admin/create_admin.html
admin/create_reseller.html
reseller/create_user.html
user/add_domain.html

The username, domain, passwd, and passwd2 files need id values with the same name, eg:

id=username name=username, etc..

Also, to the right of the file, for username, domain, and passwd, a div is added, eg:

<div id=username_result class=warning></div>

and for id=domain_result, id=passwd_result.

As well, anywhere there is a "Random" button, similar to above, the password bits are there as well.

user/db/db_create.html

user/db/db_user_create.html

user/db/db_user_modify.html

user/ftp/ftp_create.html

user/ftp/ftp_show.html

admin/change_user_password.html


Example changes for create_reseller.html (has username, domain, passwd, passwd2)

|?CHECK_NAME=checkName()|
|?CHECK_PASS=|
|?RANDOM_PASS=randomPass()|
|?CHECK_DOMAIN=checkDomain()|

|*if AJAX="1"|
|?CHECK_NAME=ajax_checkName()|
|?CHECK_PASS=onChange="ajax_checkPass()"|
|?RANDOM_PASS=ajax_randomPass('')|
|?CHECK_DOMAIN=ajax_checkDomain()|

<script type="text/javascript" src="JS_CREATION_CHECK"></script>
|*endif|

<input type=text id=username name=username size=32 maxlength=|MAX_USERNAME_LENGTH| onChange="|CHECK_NAME|"><div id=username_result class=warning></div>
<input type=password id=passwd name=passwd size=32 |CHECK_PASS|> <input type=button value="|LANG_RANDOM|" onClick="|RANDOM_PASS|"><div id=passwd_result class=warning></div>
<input type=password id=passwd2 name=passwd2 size=32 onChange="checkPass()">
<input type=text id=domain name=domain size=32 onChange="|CHECK_DOMAIN|"><div id=domain_result class=warning>

Email a notice to email account if email limit reached new

Send an email to an email account if their per-email limit is reached. (not referring to the per-DA-User limit)

Of course, the per-email limit must be turned on, see tip #3 to turn it on to have a limit in the first place:

https://help.directadmin.com/item.php?id=514

internal directadmin.conf default:

notify_email_on_per_email_limit=1

New template:

/usr/local/directadmin/data/templates/per_email_limit_email_message.txt

like other templates, if you want to change it, copy it to:

/usr/local/directadmin/data/templates/custom/per_email_limit_email_message.txt

to make changes.

This email template uses <html> for a more friendly experience when they get the notice.

There will also be a new token:

NOTICE_SENT_TO_EMAIL=1|0

included in the per_email_limit_message.txt template, so it can add a note about a notice having been sent to the email account.

Lastly, if email_ftp_password_change=1 is set (as it is by default), there will be a link to:

CMD_CHANGE_EMAIL_PASSWORD

where the DOMAIN token will be filled with the email of the domain.

If force_hostname is set to some value, then this will be present instead.

Keep in mind that your Users may be suspect of the email, as it does mention to login to a strange link, but that's likely beyond our control.

If you were to create a custom template, be sure to make mention of your hosting company, so they recognize it.

Contents of the template:
<html>
|?SUBJECT=Warning: Your E-Mail account has just sent \`COUNT\` E-Mails|
<center><table width=600 cellspacing=20px><tr><td id=main_text><h1>

|EMAIL| has just finished sending |COUNT| E-Mails.</h1>

There could be a spammer, your account could be compromised, or you're just sending more E-Mails than usual.<br><br>

This warning was generated because the daily threshold of |LIMIT| E-Mails was hit.<br>
Either wait until tomorrow for the count to be reset, or contact your domain manager.<br><br>

The IP that sent the last email was:<br>
|HOST|<br><br>

|*if CAN_CHANGE_PASS="1"|
If this is not your IP, or you did not send these emails, please change your password immediately:<br>
<a target=_blank href="|HTTP|://|DOMAIN|:|PORT|/CMD_CHANGE_EMAIL_PASSWORD">|HTTP|://|DOMAIN|:|PORT|/CMD_CHANGE_EMAIL_PASSWORD</a><br><br>
|*endif|

<span id=footer>================================<br>
Automated Message Generated by DirectAdmin
</span>
</td></tr></table>
</center>
<style>
* { font-family: verdana; font-size: 10pt; COLOR: gray; }
b { font-weight: bold; }
table {
    border-radius:10px;
    box-shadow: 10px 10px 50px #000000;
    background: #28619c;
}
#main_text {
    background: #eef6ff;
    text-align: left;
    padding: 25;
    border-radius:5px;
    box-shadow: 2px 2px 15px #000000;
}
html {
    background: #ffffff;
}
h1 {
    font-size: 12pt;
    font-wight: bold;
    COLOR: #594842;
}
#footer {
    COLOR: #cad4e0;
}
</style>
</html>

Ability to specify a dynamic dated append value in backup paths (SKINS) new

Dynamic backup paths allowing for multiple rotating/overwriting backup repositories with only 1 cronjob.

When creating a backup at:

Admin Level -> Admin Backup/Transfer

a new select-box called "Append to path" in the "Step 3: Where" section, that lets you select a dynamic value for DA to append to the end of the backup path.

It applies to both local and remote ftp paths.

The dropdown options are:

  • Nothing

  • Day of Week: /Tuesday

  • Day of Month: /4

  • Week of Month: /week-2

  • Month: /Mar (this will be only the 3 letter abbreviation)

  • Full Date: 2014-03-04 (this doesn't rotate, it will keep the backups forever)

  • Custom: strftime for advanced usage. See https://help.directadmin.com/item.php?id=539

It's important to use the correct append value for your cron frequency.. else it may not give you expected results.

If you run a cronjob every day, and select "Month", then it will overwrite the same backup everyday for that entire month.

You'd usually pick a value that matches your cron frequency.. eg: daily backup, you'd use either Day of Week or Day of Month.

A weekly backup, use the Week of Month value, and Monthly use use the Month.

The full Date value is for cases where you never want to delete your backups, but this would eventually lead to a full disk, so a custom cleanup cron would be needed.

The ftp backup pre-check will only do so on the ftp path, it doesn't check if /Wednesday exists.

But we rely on the ncftpput -m option to create the /Wednesday folder in the ftp path... so ncftpput will create the /Wednesday folder, if it's missing.


Example usage for daily backups, in 7 repositories, Sunday to Saturday.

Local Path: /home/admin/admin_backups

And set Append to path: Day of Week

If this backup is created "now", then it will create the bacukps in the path:

/home/admin/admin_backups/Tuesday

but if you create a cronjob with the same values, and the cronjob runs tomorrow, when the cron runs, it backs up to the path for that day, eg:

/home/admin/admin_backups/Wednesday

/home/admin/admin_backups/Thursday

This lets you create only 1 cronjob, when you previously needed to create 7, each with a different path. (for this particular scenario)

Old way: https://help.directadmin.com/item.php?id=146

Of course, the above example is if you'd create a cron that runs every day, where you'd want


SKINS:

admin/admin_backup.html

admin/admin_backup_modify.html

Added this info, just below the ftp backup information:

<tr><td class=listtitle>&nbsp;</td>
<td class=listtitle>
- Append to path |PATH_APPEND|
</td>
</tr>
<tr class="|CUSTOM_PATH_CLASS|" id="custom_path"><td></td>
<td class=list>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Append: /<input type=text name="custom_append" value="|CUSTOM_APPEND_VALUE|" size=21>
<a target=_blank href="https://help.directadmin.com/item.php?id=539">(?)</a>&nbsp;
</td>
</tr>

Also, a new javascript function is added near the top:

function set_custom_path()
{
    if (document.getElementById('append_path').value == 'custom')
        document.getElementById('custom_path').className = 'path_visible';
    else
        document.getElementById('custom_path').className = 'path_hidden';
}

Lastly, the style.css page needs 2 new classes:

.path_hidden
{
    visibility: hidden;
}
.path_visible
{
    visibility: visible;
}

Minor CSS tweaks to Enhanced and power_user (SKINS) new

Made a few changes to both the Enhanced and power_user skins.

You might need to clear your browser cache with an F5 or ctrl-F5.

Enhanced:

  • the td.list and td.list2 now use a linear gradient for a more interesting look.

  • Removed the left and right shadow images, replaced with css linear gradient

  • remove the blue listtitle image, replaced with a gradient.

These changes should speed up the loading of the page by a fraction of a section, as it will require 3 fewer image loads.

power_user:

  • similar td.list and td.list2 as to enhanced

  • forced left menus to use nowrap, to maintain the proper look

  • added gradients in the header/footer bars, and listtitles

  • rounded td corders and shadows for a depth look

Limit the tracking of message IDs fixed

With this fix in 1.44.1:

exim.pl version 15

It required a more precise level of tracking of message IDs.

As such, this needs far more lookups and far more indexing.

One report where ~250,000 emails were sent in one day caused this tracking to become slow.

The solution is to limit the size of the ID/recipient tracking pool to 2000.

This change can cause a message to be counted multiple times, in some cases... but if you have the newer exim.pl version 15, it will prevent duplicates from being logged in the first place, nulling the issue.

Add rewrite inherit for cli when use_hostname_for_alias is used. (TEMPLATES) fixed

All 4 virtual_host2*.conf templates have changed.

New variable:

USE_HOSTNAME_FOR_ALIAS=1|0

(if yes_hostname_for_alias=auto is set in the options.conf, then it's set to 1 in the template if fastcgi is used)

At the bottom of the 4 virtual_host2*.conf files, it now looks like this (sorry the logic isn't shorter):

================

|?ADD_REWRITE_INHERIT=no|
|*if HAVE_PHP_FCGI="1"|
|?ADD_REWRITE_INHERIT=yes|
|*endif|

|?ADD_CLI_INHERIT=yes|
|*if CLI!="1"|
|?ADD_CLI_INHERIT=no|
|*endif|
|*if USE_HOSTNAME_FOR_ALIAS!="1"|
|?ADD_CLI_INHERIT=no|
|*endif|
|*if ADD_CLI_INHERIT="yes"|
|?ADD_REWRITE_INHERIT=yes|
|*endif|

|*if ADD_REWRITE_INHERIT="yes"|
RewriteEngine on
RewriteOptions inherit
|*endif|

Disable SSL Renegotiations (SECURITY) fixed

Prevent SSL renegotiations after the SSL handshake has already completed.

Addresses CVE-2009-3555.

This will also help with PCI compliance.

Forum thread:

https://forum.directadmin.com/threads/48255

You can test your instance of DA (must already be using SSL=1 in the directadmin.conf for this to have any point)

openssl s_client -port 2222 -host 127.0.0.1

Once connected, you'll see info about your certificate and connection, and most likely this:

Secure Renegotiation IS supported

Press shift-R, and press enter.

You'll get one of two outputs:

  1. This is what you don't want to see, as it mean post-handshake ssl renegotiation is allowed:

R

RENEGOTIATING

depth=0 /C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd

verify return:1

closed

  1. This is what you do want to see:

R

RENEGOTIATING

31686:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

You can change 127.0.0.1 to any host you want, and even test Apache (port 443 instead of 2222).

Also, seeing "Secure Renegotiation IS supported" is ok, as long as the renegotiation fails with the "R" command.

A server/client connection is allowed to renegotiate as long as it's done before the handshake is completed.

Basically, once the request comes in, or DA sends data out, no more negotiation should be done.

As for the usefulness with DA... DA itself doesn't really need renegotiation as it does not support persistent connections. (pre-handshake aside)

High dataskq load for tally on accounts with many email sends fixed

exim.pl version 15 tracks more info about each email being sent, including each sender address, which can be multiple, per message ID.

The internal tracking of this data requires an array.

The bug was using the old sorting mechanism, which adds a new entry to the end, then sorts the whole array.

For huge arrays (eg: many email sends), this would mean one sort per email, which will slow down the server.

The change is to use the newer/fasert insert method, which inserts an entry to it's correct spot, and shifts the array as needed.

No sorting is done, making it much quicker.

Enforce disabled CMD_LOGIN for commands.allow/deny (SECURITY) fixed

Related to the commands.allow and commmands.deny feature:

commands.allow and commands.deny for per-user control

If you've told these files not to allow CMD_LOGIN, the "Login As" feature in DA still worked because CMD_LOGIN is a public command, and doesn't fall under those same checks.

Fix is to load in the commands.allow and commands.deny for all "Login As" requests.

This will affect any existing scripts or clients that may be using the "Login As" feature, but have failed to allow CMD_LOGIN in the commands.allow, or have denied it in the commands.deny.

If you are a using the commands.allow/deny files, and if you do not allow CMD_LOGIN, you cannot use the "Login As" feature.

Thanks to inten.pl for the report.

Error in memory re-sizng (SECURITY) fixed

Segfault during memory re-sizing. Changes need more live testing before release.

Will add more info about the issue once people have the opportunity to get the update.

Added extra IPs to updates list fixed

When DA gets a new license or update, there are now more IP options for this update, should any of the update servers be down or blocked.

Last Updated: