Version 1.45.0
Released: 2014-03-08
new
Ability to delete old majordomo archivesAdded info about archive space usage, and a purge button on the majordom lists page.
https://forum.directadmin.com/posts/180571
When viewing the list of mailing lists, another column called:
Archive Size
has been added.
It will count up the size of all files in the listname-digest.archive folder (example below).
At the bottom of this table, a new button and text filed has been added:
[Purge Archives] older than [90] days.
Where you can specify any valid numeric value for the days.
0 is valid, meaning it will delete all archive files.
/etc/virtual/domain.com/majordomo/lists/listname-digest.archive
[root@mail all-digest.archive]# ls -la
total 3928880
-rw-rw---- 1 majordomo daemon 19642005 Mar 12 2010 v01.n001
-rw-rw---- 1 majordomo daemon 17564517 Mar 18 2010 v01.n002
-rw-rw---- 1 majordomo daemon 28688123 Mar 25 2010 v01.n003
-rw-rw---- 1 majordomo daemon 22741996 Mar 29 2010 v01.n004
-rw-rw---- 1 majordomo daemon 19922727 Mar 30 2010 v01.n005
-rw-rw---- 1 majordomo daemon 19292494 Mar 30 2010 v01.n006
-rw-rw---- 1 majordomo daemon 14449228 Mar 31 2010 v01.n007
new
Per-user count_pop_usage user.conf settingRelated to this feature:
option to disable quota counting for pop accounts page
You can now add:
count_pop_usage=0
to the user.conf file for an account to disable the option on a per-User basis.
new
Ability to set an IPv6 IP in the spf/txt records by default (TEMPLATES)New directadmin.conf option, disabled by default.
If exim is sending email from your IPv6 IP instead of your server IP, then you'll want to use this option.
The internal default is "null", so if you're not using the option, ensure you've not added it in the directadmin.conf at all.
To use it, add the following option to your directadmin.conf:
extra_spf_value= ip6:1080::8:800:200C:417A
(just as an example IP)
** Note the space after the = character **
This is required, else the text you insert here will end up being appended to the server IP.
DA isn't adding a space for you to allow for the use of the token in other creative manners, like netmasks, or like if-then-else statements on it or other template/tokenizer things.
TEMPLATE changes:
dns_txt.conf and dns_spf.conf:
|DOMAIN|.="v=spf1 a mx ip4:|SERVER_IP||EXTRA_SPF| ~all"
where the |EXTRA_SPF| is added, right after the |SERVER_IP| field.
new
Allow domain exceptions to the check_subdomain_ownerIf you create the file:
/usr/local/directadmin/data/admin/allowed_sub_domains.list
and add a list of one or more domains in it, you can then override the:
check_subdomain_owner=1
for this domain, in case you want to use this domain for subdomain hosting (as full domains)
Ensure you chown the file to diradmin:diradmin.
If there is a match (starting from the top domain.com down, to sub.domain.com), then DA will check the subdomain.list file for domain.com (under the true owner, if that's on the box) and if a subdomain already matches that name, the creation will abort.
The true domain's subdomains have priority if they already exists.
new
Ability to skip backup paths from the home.tar.gzYou can now create one or both of the following files:
Per User:
/usr/local/directadmin/data/users/username/skip_backup_home_files.list
Global:
/usr/local/directadmin/data/admin/skip_backup_home_files.list
Where the Global file is used if the Per User is used file doesn't exist.
If the Per User file exists, it will be used (the files are not merged)
In these files you can list files or folders below the given User's /home/username path, such that they are skipped, and not added into the home.tar.gz file in the backup.
Note, that this list will remove the values from a directory listing that DA has of /home/user, so this means you cannot add sub/paths.
Sample valid values:
Maildir
application_backups
And these are invalid values that won't be skipped:
some/specific/path.txt
This doesn't work because it won't be in the /home/user is... only "some" would be in the list.. so you can only skip complete folders, starting from /home/username.
Using "some" in the list, would be vaild, but of course, it would skip everything in that folder, not just the specific path.txt file.
new
Bypass dns for Multi Server Setup clustering (SKINS)If clustering is turned on, enable these options at the Admin Level:
- When Deleting a User through "Show All Users", extra checkbox to leave the dns zone.
This will leave the local copy in place, but will also prevent any removal of remote dns zones.
This will be handy if you're moving a User between 2 servers, the data exists on both, but only want to remove the User data, and not the dns data.
Would imply that the zone most likely points to the other server already.
** DNNSEC issues? domain.com.signed possibly needs to be swapped to domain.com.db on future writes from external source.
- When adding a User via Restore by an Admin at:
Admin Level -> Admin Backup/Transfer
new checkbox to bypass a dns check, knowing that the zone alerady exists.
This will fallback to check /etc/virtual/domainowners to ensure the domain isn't added twice.
But.. will allow for a User to be added to a box where a zone from a remote box already exists.
SKINS:
admin/admin_backup.html
Bottom section, restore settings:
|*if CLUSTER_ENABLED="1"|
<tr>
<td class=list align=center>
<input type=checkbox name=confirm_with_domainowners value="yes" |CONFIRM_WITH_DOMAINOWNERS|>
</td>
<td class=list>
On restore, check for domain conflict in domainowners, rather than the named.conf, or remote named.conf files.
</td>
</tr>
|*endif|
new
Custom Stats PathNew directadmin.conf option, this is the internal default:
custom_stats_path=(NULL)
where it's completely unset.
If you add the following to your directadmin.conf:
custom_stats_path=/some/path/%s/index.html
then DA will swap the href="value" with your custom_stats_path value on the CMD_USER_STATS page (webalizer and awstats table, left column)
For example:
custom_stats_path=/CMD_FILE_MANAGER/domains/%s/stats/index.html
Would essentially do the exact same thing the normal webalizer link.
NOTE you must provide exactly one instance of %s else DA will fill the href with:
javascript:alert('check custom_stats_path setting');
so when clicked, Users will see a popup.
If this option is set, it will override any webalizer/awstats setting, enabled or not.
Related bugfix:
webalizer=0
awstats=0
will remove any a href link, and will show just the domain.
Previously, if both were 0, then the webalizer URL was still shown.
Thread:
https://forum.directadmin.com/threads/48304
new
Alternate email for high-volume messagesYou can now manually add a field to your user.conf (possibly interface later), eg:
alternate_email=attacks@domain.com
such that the brute force monitor notices will go to that email, if the field exists.
The file can support multiple values too, eg:
alternate_email=attacks@domain.com,other@email.com
This will free up your inbox from getting flooded, while still being able to get notified with a different email of the attacks.
Note, if you're satisfied that the BFM is working correctly, you could completely suppress the emails:
Ability to suppress BFM messages
Or inversely, you can disable the messages from the Message System, and make them email-only (can be used with the altnernate_email)
BFM: Option to only send an email notification
new
max_read_to_memory_size to limit big filesIn some cases, DA uses a function to read the contents of a file to memory so it can be worked on.
This change imposes an upper limit as to the max size that this file can be.
The internal default is 500Meg (the function is usually mainly only used on small files)
The value will be in bytes, so will look like:
max_read_to_memory_size=524288000
If you want to change it, add the value to your directadmin.conf with a new size.
new
ajax for password check and username check (SKINS)When creating a DA User, a valid username, domain and password is required.
Currently, javascript is used for this, but if the "difficult password" option is enabled, and the options are changed, then without this feature, the javascript also needs to be changed.
The feature will use ajax to ask DA if the password is valid, rather than relying on just javascript.
The same idea can be used for a username check.. although the validity never really changes, the existence of a value that already exists can.
The domain value will be checked as well.
Note that these checks are more than just validity checks; they will also check for the existence of values on other boxes if the multi-server setup is used, or values already exist on the box. As such, they could be tools used to determine if a value exists on the server, but it's nothing different than actually submitting the form.. would give the same error anyway.
The "Random" buttons, for new passwords, will also fetch a new value from ajax. This is handy, because DA will internally try the new password against the diffiult password script (if enabled) up to 20 times, to try and satisfy whatever creative rules you may have added. If it fails after 20 tries, you can still type in a value to try and satisfy it by hand.
Also, the output from the difficult password script is dumped directly into the error div, so if you have a custom rule, you can tell the User exactly what they're typing wrong, causing less confusion.
Requires:
ajax=1
to be set in the directadmin.conf.
The internal default is:
ajax=0
may be turned on by default for a future version.
Related:
note: enabling ajax for these form checks also enables the username auto-fill in the "change password" page for Admin/Resellers.
CMD_AJAX_CHECK_USERNAME?username=fred
CMD_AJAX_CHECK_PASSWORD?passwd=pass
CMD_AJAX_CHECK_PASSWORD?action=get
CMD_AJAX_CHECK_DOMAIN?domain=domain.com
SKINS:
new file:
creation_check.js
files_user.conf:
JS_CREATION_CHECK=creation_check.js
Account creation (Admin/Reseller/User), but not in the "customize" areas.
admin/create_admin.html
admin/create_reseller.html
reseller/create_user.html
user/add_domain.html
The username, domain, passwd, and passwd2 files need id values with the same name, eg:
id=username name=username, etc..
Also, to the right of the file, for username, domain, and passwd, a div is added, eg:
<div id=username_result class=warning></div>
and for id=domain_result, id=passwd_result.
As well, anywhere there is a "Random" button, similar to above, the password bits are there as well.
user/db/db_create.html
user/db/db_user_create.html
user/db/db_user_modify.html
user/ftp/ftp_create.html
user/ftp/ftp_show.html
admin/change_user_password.html
Example changes for create_reseller.html (has username, domain, passwd, passwd2)
|?CHECK_NAME=checkName()|
|?CHECK_PASS=|
|?RANDOM_PASS=randomPass()|
|?CHECK_DOMAIN=checkDomain()|
|*if AJAX="1"|
|?CHECK_NAME=ajax_checkName()|
|?CHECK_PASS=onChange="ajax_checkPass()"|
|?RANDOM_PASS=ajax_randomPass('')|
|?CHECK_DOMAIN=ajax_checkDomain()|
<script type="text/javascript" src="JS_CREATION_CHECK"></script>
|*endif|
<input type=text id=username name=username size=32 maxlength=|MAX_USERNAME_LENGTH| onChange="|CHECK_NAME|"><div id=username_result class=warning></div>
<input type=password id=passwd name=passwd size=32 |CHECK_PASS|> <input type=button value="|LANG_RANDOM|" onClick="|RANDOM_PASS|"><div id=passwd_result class=warning></div>
<input type=password id=passwd2 name=passwd2 size=32 onChange="checkPass()">
<input type=text id=domain name=domain size=32 onChange="|CHECK_DOMAIN|"><div id=domain_result class=warning>
new
Email a notice to email account if email limit reachedSend an email to an email account if their per-email limit is reached. (not referring to the per-DA-User limit)
Of course, the per-email limit must be turned on, see tip #3 to turn it on to have a limit in the first place:
https://help.directadmin.com/item.php?id=514
internal directadmin.conf default:
notify_email_on_per_email_limit=1
New template:
/usr/local/directadmin/data/templates/per_email_limit_email_message.txt
like other templates, if you want to change it, copy it to:
/usr/local/directadmin/data/templates/custom/per_email_limit_email_message.txt
to make changes.
This email template uses <html>
for a more friendly experience when they get the notice.
There will also be a new token:
NOTICE_SENT_TO_EMAIL=1|0
included in the per_email_limit_message.txt template, so it can add a note about a notice having been sent to the email account.
Lastly, if email_ftp_password_change=1 is set (as it is by default), there will be a link to:
CMD_CHANGE_EMAIL_PASSWORD
where the DOMAIN token will be filled with the email of the domain.
If force_hostname is set to some value, then this will be present instead.
Keep in mind that your Users may be suspect of the email, as it does mention to login to a strange link, but that's likely beyond our control.
If you were to create a custom template, be sure to make mention of your hosting company, so they recognize it.
Contents of the template:
<html>
|?SUBJECT=Warning: Your E-Mail account has just sent \`COUNT\` E-Mails|
<center><table width=600 cellspacing=20px><tr><td id=main_text><h1>
|EMAIL| has just finished sending |COUNT| E-Mails.</h1>
There could be a spammer, your account could be compromised, or you're just sending more E-Mails than usual.<br><br>
This warning was generated because the daily threshold of |LIMIT| E-Mails was hit.<br>
Either wait until tomorrow for the count to be reset, or contact your domain manager.<br><br>
The IP that sent the last email was:<br>
|HOST|<br><br>
|*if CAN_CHANGE_PASS="1"|
If this is not your IP, or you did not send these emails, please change your password immediately:<br>
<a target=_blank href="|HTTP|://|DOMAIN|:|PORT|/CMD_CHANGE_EMAIL_PASSWORD">|HTTP|://|DOMAIN|:|PORT|/CMD_CHANGE_EMAIL_PASSWORD</a><br><br>
|*endif|
<span id=footer>================================<br>
Automated Message Generated by DirectAdmin
</span>
</td></tr></table>
</center>
<style>
* { font-family: verdana; font-size: 10pt; COLOR: gray; }
b { font-weight: bold; }
table {
border-radius:10px;
box-shadow: 10px 10px 50px #000000;
background: #28619c;
}
#main_text {
background: #eef6ff;
text-align: left;
padding: 25;
border-radius:5px;
box-shadow: 2px 2px 15px #000000;
}
html {
background: #ffffff;
}
h1 {
font-size: 12pt;
font-wight: bold;
COLOR: #594842;
}
#footer {
COLOR: #cad4e0;
}
</style>
</html>
new
Ability to specify a dynamic dated append value in backup paths (SKINS)Dynamic backup paths allowing for multiple rotating/overwriting backup repositories with only 1 cronjob.
When creating a backup at:
Admin Level -> Admin Backup/Transfer
a new select-box called "Append to path" in the "Step 3: Where" section, that lets you select a dynamic value for DA to append to the end of the backup path.
It applies to both local and remote ftp paths.
The dropdown options are:
Nothing
Day of Week: /Tuesday
Day of Month: /4
Week of Month: /week-2
Month: /Mar (this will be only the 3 letter abbreviation)
Full Date: 2014-03-04 (this doesn't rotate, it will keep the backups forever)
Custom: strftime for advanced usage. See https://help.directadmin.com/item.php?id=539
It's important to use the correct append value for your cron frequency.. else it may not give you expected results.
If you run a cronjob every day, and select "Month", then it will overwrite the same backup everyday for that entire month.
You'd usually pick a value that matches your cron frequency.. eg: daily backup, you'd use either Day of Week or Day of Month.
A weekly backup, use the Week of Month value, and Monthly use use the Month.
The full Date value is for cases where you never want to delete your backups, but this would eventually lead to a full disk, so a custom cleanup cron would be needed.
The ftp backup pre-check will only do so on the ftp path, it doesn't check if /Wednesday exists.
But we rely on the ncftpput -m option to create the /Wednesday folder in the ftp path... so ncftpput will create the /Wednesday folder, if it's missing.
Example usage for daily backups, in 7 repositories, Sunday to Saturday.
Local Path: /home/admin/admin_backups
And set Append to path: Day of Week
If this backup is created "now", then it will create the bacukps in the path:
/home/admin/admin_backups/Tuesday
but if you create a cronjob with the same values, and the cronjob runs tomorrow, when the cron runs, it backs up to the path for that day, eg:
/home/admin/admin_backups/Wednesday
/home/admin/admin_backups/Thursday
This lets you create only 1 cronjob, when you previously needed to create 7, each with a different path. (for this particular scenario)
Old way: https://help.directadmin.com/item.php?id=146
Of course, the above example is if you'd create a cron that runs every day, where you'd want
SKINS:
admin/admin_backup.html
admin/admin_backup_modify.html
Added this info, just below the ftp backup information:
<tr><td class=listtitle> </td>
<td class=listtitle>
- Append to path |PATH_APPEND|
</td>
</tr>
<tr class="|CUSTOM_PATH_CLASS|" id="custom_path"><td></td>
<td class=list>
Append: /<input type=text name="custom_append" value="|CUSTOM_APPEND_VALUE|" size=21>
<a target=_blank href="https://help.directadmin.com/item.php?id=539">(?)</a>
</td>
</tr>
Also, a new javascript function is added near the top:
function set_custom_path()
{
if (document.getElementById('append_path').value == 'custom')
document.getElementById('custom_path').className = 'path_visible';
else
document.getElementById('custom_path').className = 'path_hidden';
}
Lastly, the style.css page needs 2 new classes:
.path_hidden
{
visibility: hidden;
}
.path_visible
{
visibility: visible;
}
new
Minor CSS tweaks to Enhanced and power_user (SKINS)Made a few changes to both the Enhanced and power_user skins.
You might need to clear your browser cache with an F5 or ctrl-F5.
Enhanced:
the td.list and td.list2 now use a linear gradient for a more interesting look.
Removed the left and right shadow images, replaced with css linear gradient
remove the blue listtitle image, replaced with a gradient.
These changes should speed up the loading of the page by a fraction of a section, as it will require 3 fewer image loads.
power_user:
similar td.list and td.list2 as to enhanced
forced left menus to use nowrap, to maintain the proper look
added gradients in the header/footer bars, and listtitles
rounded td corders and shadows for a depth look
fixed
Limit the tracking of message IDsWith this fix in 1.44.1:
It required a more precise level of tracking of message IDs.
As such, this needs far more lookups and far more indexing.
One report where ~250,000 emails were sent in one day caused this tracking to become slow.
The solution is to limit the size of the ID/recipient tracking pool to 2000.
This change can cause a message to be counted multiple times, in some cases... but if you have the newer exim.pl version 15, it will prevent duplicates from being logged in the first place, nulling the issue.
fixed
Add rewrite inherit for cli when use_hostname_for_alias is used. (TEMPLATES)All 4 virtual_host2*.conf templates have changed.
New variable:
USE_HOSTNAME_FOR_ALIAS=1|0
(if yes_hostname_for_alias=auto is set in the options.conf, then it's set to 1 in the template if fastcgi is used)
At the bottom of the 4 virtual_host2*.conf files, it now looks like this (sorry the logic isn't shorter):
================
|?ADD_REWRITE_INHERIT=no|
|*if HAVE_PHP_FCGI="1"|
|?ADD_REWRITE_INHERIT=yes|
|*endif|
|?ADD_CLI_INHERIT=yes|
|*if CLI!="1"|
|?ADD_CLI_INHERIT=no|
|*endif|
|*if USE_HOSTNAME_FOR_ALIAS!="1"|
|?ADD_CLI_INHERIT=no|
|*endif|
|*if ADD_CLI_INHERIT="yes"|
|?ADD_REWRITE_INHERIT=yes|
|*endif|
|*if ADD_REWRITE_INHERIT="yes"|
RewriteEngine on
RewriteOptions inherit
|*endif|
fixed
Disable SSL Renegotiations (SECURITY)Prevent SSL renegotiations after the SSL handshake has already completed.
Addresses CVE-2009-3555.
This will also help with PCI compliance.
Forum thread:
https://forum.directadmin.com/threads/48255
You can test your instance of DA (must already be using SSL=1 in the directadmin.conf for this to have any point)
openssl s_client -port 2222 -host 127.0.0.1
Once connected, you'll see info about your certificate and connection, and most likely this:
Secure Renegotiation IS supported
Press shift-R, and press enter.
You'll get one of two outputs:
- This is what you don't want to see, as it mean post-handshake ssl renegotiation is allowed:
R
RENEGOTIATING
depth=0 /C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd
verify return:1
closed
- This is what you do want to see:
R
RENEGOTIATING
31686:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
You can change 127.0.0.1 to any host you want, and even test Apache (port 443 instead of 2222).
Also, seeing "Secure Renegotiation IS supported" is ok, as long as the renegotiation fails with the "R" command.
A server/client connection is allowed to renegotiate as long as it's done before the handshake is completed.
Basically, once the request comes in, or DA sends data out, no more negotiation should be done.
As for the usefulness with DA... DA itself doesn't really need renegotiation as it does not support persistent connections. (pre-handshake aside)
fixed
High dataskq load for tally on accounts with many email sendsexim.pl version 15 tracks more info about each email being sent, including each sender address, which can be multiple, per message ID.
The internal tracking of this data requires an array.
The bug was using the old sorting mechanism, which adds a new entry to the end, then sorts the whole array.
For huge arrays (eg: many email sends), this would mean one sort per email, which will slow down the server.
The change is to use the newer/fasert insert method, which inserts an entry to it's correct spot, and shifts the array as needed.
No sorting is done, making it much quicker.
fixed
Enforce disabled CMD_LOGIN for commands.allow/deny (SECURITY)Related to the commands.allow and commmands.deny feature:
commands.allow and commands.deny for per-user control
If you've told these files not to allow CMD_LOGIN, the "Login As" feature in DA still worked because CMD_LOGIN is a public command, and doesn't fall under those same checks.
Fix is to load in the commands.allow and commands.deny for all "Login As" requests.
This will affect any existing scripts or clients that may be using the "Login As" feature, but have failed to allow CMD_LOGIN in the commands.allow, or have denied it in the commands.deny.
If you are a using the commands.allow/deny files, and if you do not allow CMD_LOGIN, you cannot use the "Login As" feature.
Thanks to inten.pl for the report.
fixed
Error in memory re-sizng (SECURITY)Segfault during memory re-sizing. Changes need more live testing before release.
Will add more info about the issue once people have the opportunity to get the update.
fixed
Added extra IPs to updates listWhen DA gets a new license or update, there are now more IP options for this update, should any of the update servers be down or blocked.