Version 1.48.0
Released: 2015-05-03
ssl_redirect_host to allow port new
Relating to:
option to specify the redirect host value when http is used on an https protocol
The setting now supports an optional port at the end, eg:
ssl_redirect_host=server.host.com:443
in case you wanted to redirect the http connections to https somewhere else, to give them more explanation.
Note, that the redirect value must be using an https port, as "https" will still be part of the Location redirect.
Maintain previous named.conf permission and ownership new
When deleting a zone from the named.conf, DA will now read the uid/gid and mode from the old named.conf.
The fd will be set to the old uid/gid/mode, after the file is open, but before data is written to it (so it's created as desired).
This means you can set:
chmod 640 /etc/named.conf
chgrp named /etc/named.conf
if you desire.Maintain previous named.conf permission and ownership
Wildcard for domainips with SpamBlocker 4.3.x new
DA will now set:
*:1.2.3.4
where 1.2.3.4 is the server IP, in your file:
/etc/virtual/domainips
if the feature is enabled:
DA to manage domain IPS file for exim outbound IP/interfaces
This lets you add a * character after the lsearch in the "interface" section, so it has a fallback IP.
If you want to specify a different fallback IP, other than your server IP, you can set in the directadmin.conf with the variable:
domainips_default_ip=1.2.3.4
can be an IPv6, if you wish, and if exim supports it.
Both should also work:
domainips_default_ip=1.2.3.4 ; 2001:0db8:85a3::8a2e:0370:7334
Future SpamBlocker updates should have the lsearch* set by default.
For now, just add the *
If you're on LAN, and you've set the lan_ip= variable, DA will use this instead of the server IP.
If you don't like this value, then use the domainips_default_ip= option to set what you need.
TASK.QUEUE
you can force a rewrite of the /etc/virtual/domainips file with:
echo "action=rewrite&value=domainips" >> /usr/local/directadmin/data/task.queue
Note: this does not include:
*.domain.com:1.2.3.4
for that, you'd have to replace lsearch with nwildlsearch in the exim.conf, where the interface is set with the domainips file.
log format combined set to COMBINED_LOG token in (TEMPLATES) new
New global token:
APACHELOGDIR=/var/log/httpd/domains
as set by the apcahelogdir setting in the directadmin.conf.
Changes in:
virtual_host2.conf
virtual_host2_secure.conf
virtual_host2_sub.conf
virtual_host2_secure_sub.conf
added to top section:
|?COMBINED_LOG=combined|
and change the format from:
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
to:
CustomLog |APACHELOGDIR|/|DOMAIN|.log |COMBINED_LOG|
Purpose for the COMBINED_LOG token is so you can do things like:
SetEnvIf Request_URI "^/favicon.ico" dontlog
|?COMBINED_LOG=combined env=!dontlog|
In the |CUSTOM| token in Custom Httpd Config, to prevent logging of things you really don't need to be logging.
Login Key logs new
The "Login Keys" feature will now be logged.
You can view the logs for a given Login Key from:
User Level -> Login Keys
in the Log column, click "View" next to key.
There is also a "Tail" button, so just view the last 10 lines.
The logs will be in:
/usr/local/directadmin/data/users/username/login_keys/keyname/key.log
Rotation of the log will adhere to the "Number of apache logs to keep" option, and will be rotated daily.
Tickets and Message pages are now far easier to read (SKINS) new
The large string to fill the token:
|TICKETMESSAGES|
in user/ticket/view.html
will fill the tables differently.
The subject will only be shown one at the top, since it never changes.
Below that will be a list2 (slightly darker grey) with the date and from.
Below that will be list, with the message, and rounded corners at the bottom of each message.
The old Message/Tickets were hard to read due to the excessive blue headers stealing the eye's attention.
Now the messages themselves will draw the eye, for faster scanning.
SKINS
style.css
Now requires:
.message
{
padding: 15px;
}
.message, td.message_info
{
box-shadow: 1px 1px 3px #727272;
}
td.message_info_round_top
{
border-top-right-radius: 10px;
border-top-left-radius: 10px;
}
td.message_info_round_bottom, .message_round
{
border-bottom-right-radius: 10px;
border-bottom-left-radius: 10px;
}
td.message_info
{
padding: 5px;
}
.message_info
{
COLOR: #777777;
}
Ability to change random password characters new
New directadmin.conf option, enabled by default:
ambiguous_characters_in_random_passwords=1
will include characters that could look like other characters, depending on the font.
These characters are:
oO0Ii1lL|
If you don't want DA to include those values in the random passwords, you can add:
ambiguous_characters_in_random_passwords=0
and the above won't be included.
Relating to Ability to include special characters in random password generation (SKINS)
special_characters_in_random_passwords=1
in some cases, you want want a reduced set of these characters.
To do this, you'd simply set:
special_characters_in_random_passwords=2
which will offer a greatly reduced list of special characters:
#$@-!=?
Email Disk Usage opion to show true bytes rather than block usage new
By default, the E-Mail accounts page will show you the usage of each account, in terms of how much disk space the account is using up: how many blocks are used.
This may cause confusion because quota reporting for dovecot uses the file's size, rather than block usage, so the two numbers could vary by a large degree.
New option, added to DA (default)
pop_disk_usage_true_bytes=0
Where you can set it to 1:
pop_disk_usage_true_bytes=1
and the E-Mail usage page will instead show the sum of the file sizes, rather than the block usage.
The "hover-over" popup will show the "other" size, that isn't displayed for both 0 and 1, as:
Block Usage:
Apparent Size:
where Block Usage represents the block usage of the account, and Apparent Size represents the sum of the file sizes.
User ability to skip paths from their tar.gz backup files new
New optional file:
/home/username/.backup_exclude_paths
where User can add paths to this file that they wish to have skipped from their backup.
The format of the file must be relative to /home/user and should not include a "/home/user" prefix.
New default internal directadmin.conf setting:
allow_backup_exclude_path=1
can be disabled by setting it to 0 and restarting DA.
A sample line in the .backup_exclude_paths would look like:
domains/domain.com/awstats
so that the path:
/home/username/domains/domain.com/awstats
is skipped from the backup.
This will add:
--exclude-from=/home/username/.backup_exclude_paths
just after the -C /home/username option in the creation of BOTH the home.tar.gz and the user's backup tar.gz.
So using the feature will truly exclude the path, regardless of if it's in /home/user/domains, or /home/user/*.
As you may have noticed, the option uses tar's exclude-file option.
This supports patterns, eg:
*.gz
so you have skip those types of files, regardless of what path they're under.
FreeBSD:
Reported that a directory name isn't sufficient, and would need to explicitly define the /path/to/files/*.gz instead of just /path/to/files
https://forum.directadmin.com/posts/266834
CMD_API_ADDITIONAL_DOMAINS to include php selector information new
Relating to:
The command:
CMD_API_ADDITIONAL_DOMAINS?action=view&domain=domain.com
will now have extra info:
has_php_selector=yes|no
if yes, then additional info will be added:
php1_ver=5.5
php2_ver=5.4
php1_info=PHP 5.5 fastcgi
php2_info=PHP 5.4 fastcgi
where the version and "fastcgi" info will change in a similar fashion to the select box text in the GUI.
These php1/2 values are the currently active values.
The other related values are:
php1_select=1
php2_select=2
but these "select" values will not always line up with the phpX_ver/info above, if they're flipped.
The "select" values are the domain.conf conversion instructions from the CB options.conf to the displayed value.
The ver/info values are the final/post converted values, so are truly what will be used.
NOTE:
if the User has not saved anything yet, the phpX_select values won't be present.
if "has_php_selector=no", then the php version information won't be available, but a disk "/usr/local/bin/php -v" can be relied on for the version.
Example:
The above example is in the unchanged state where php1/2 matches the CB options.conf.
If the user were to set:
php1_select=2
this would make:
php1_ver=5.4
php1_info=PHP 5.4 fastcgi
SET VALUES with API
To change domain settings, including the php vesrion, use the call:
CMD_API_DOMAIN
method: POST
action=php_selector
domain=domain.com
php1_select=1|2
php2_select=0|1|2
where the numbers represent:
0: off
1: the php version from php1
2: the php version php2
webapps_ssl default to be reflect SSL= value new
Related to:
Ability to specify https for webapps scripts (SKINS)
By default the webapps_ssl default will match the SSL=0|1 value that's set in the directadmin.conf.
So if you enable SSL for DA, then webapps_ssl will also get enabled, automatically.
If you add webapps_ssl to your directadmin.conf, it will override this new default.
Cluster: Remote E-Mail Account sync new
Related thread:
http://forum.directadmin.com/threads/50294
Early version of the E-Mail Account cluster/sync feature.
This will simply sync the account information over to the other DA box.
It will use the API to login as this remote User (using the "login-as") and will match the commands done locally.
Currently supports:
create account
change account
delete accounts
suspend/unsuspend accounts
Currently does not support:
pop disk usage reported to main box
send count reported to main box
Optional files for fine control:
/usr/local/directadmin/data/admin/cluster_email_allow.list
/usr/local/directadmin/data/admin/cluster_email_deny.list
both of these lists can contain Users and/or domains.
If neither file exists, all Users/Domains are synced
If allow exists, no Users/Domains are synced, unless in this file. This file overrides deny.
If User and/or Domain is the deny, email will not be synced.
-> Only one of the User or Domain is required in the allow file. If either is present, email is synced.
-> If either of the User or Domain is in the deny, the email will not be synced, unless already allowed via "allow"
-> if allow exists, the deny is never checked.
SYNC
When you first turn on the feature, if A has accounts, but B does not, you can sync A to B with:
echo "action=rewrite&value=email_passwd" >> /usr/local/directadmin/data/task.queue
FAILURES
if the remote box, like the dns clustering options, DA uses a task.queue retry for all commands, as long as you set the directadmin.conf setting "remote_dns_retries" to a non-zero value.
The format of the task.queue entry is:
action=sync&type=cluster&value=email&username=fred&host=1.2.3.4&count=10&request=longrequest
where:
fred is the DA username that called the email command
host is the host that failed, so it will only retry the single failed host
count counts down from the directadmin.conf option remote_dns_retries, until 0. The default is 0, so retries are not enabled by default.
longrequest is URL encoded post from the original client request. DA basically passes it to the User in the same manner.
REQUIREMENTS
Both the DirectAdmin Username and domain must exist on both servers. This may require you shut off the MSS on both servers until the account/domain exists, then turn it back on.
the receiving server (mirror) does need DA 1.48.0+
DA will call the CMD_API_POP command on the remote server, so ensure this is allowed in your login key.
the "Login As" feature is used, so ensure this is allowed on the remote box, for the given login key.
Related changes:
CMD_API_POP now optionally accept the select0=fred&select1=bob method for deleting/suspending/unsuspending multiple email accounts.
Previously, it only accepted single accounts with "user=fred", which does still work if present.
spam_script_chmod_0_post.sh new
Relating to:
Include php script name is highest send count and ability to automatically chmod to 0 (TEMPLATES)
parse_php_mail_log_at_limit=2
When the script is chmod to 0, you can now to additional tasks, such as renaming the script.
For this, create the custom script:
/usr/local/directadmin/scripts/custom/spam_script_chmod_0_post.sh
and chmod the script to 700. (run as root)
Env variables:
script=/home/fred/path/to/spam.php
username=fred
Sample script to rename a file:
#!/bin/sh
mv ${script} ${script}.${username}.spam
RET=$?
exit $RET
BlockCracking 1.2 can automatically block specifc paths that send messages (TEMPLATES) new
Support for BlockCracking 1.2:
http://files1.directadmin.com/services/blockcracking/
Changes to DA allow the new BC type "denied_path" in the mail_task.queue.
Requires exim.pl version 20-beta2.
BC 1.2 uses a new file:
/etc/exim.blockcracking/script.denied_paths.txt
which contains a list of exim nwildlsearch regex path values, for example:
^./wp-content/uploads.
and compares the sending path against it.
If it matches, this path is dumped into the BC script block file:
/var/spool/exim/blocked_script_paths
just like bad sending scripts get for sending to too many bad recipients.
The regex doesn't use a trailing / after the final path, eg, we cannot use:
^.*/wp-content/uploads/.*
(this won't work)
because the cwd that exim see doesn't end with "uploads/", it just ends in "uploads".
This will run the logical risk of blocking something like:
wp-contents/uploads-from-yesterday
but... I can't really seeing this as being a major issue.
Regardless, you should keep this in mind when selecting your regex.
DA is notified via the exim.pl, and a message is sent out to notify everyone, in the same manner as before (same rules for script unblocking)
INSTALLATION:
Use CustomBuild 2.0 to install BC 1.2 for you:
http://help.directadmin.com/item.php?id=576
Requires:
DirectAdmin 1.48.0 (or pre-release binaries April 24, 2015+)
exim.conf 4.3.3+
exim.pl 20-beta2+
TEMPLATES:
block_cracking_notice_denied_path.txt
RELATED:
exim.pl 19 and exim.conf 4.2.3 (Manual changes) - BC 1.0 (nothing too useful here)
BlockCracking notices and unblocking (TEMPLATES) (SKINS) - directadmin.conf variables to control unblocking
BlockCrack notify admin - directadmin.conf variables to control who gets notified
Plugins area to use lan_ip option fixed
Previously, the "Admin Level -> Plugins" section did not use the lan_ip option.
Code has been added to properly bind to this IP for all outbound DA plugin calls.
-> version update and installs/updates.
Security: Various Security improvements fixed
DA-0284/0948 - safer password changing
DA-1537 - domain creation
DA-2238 - change all templates to write using mkstemp
DA-1968 - email creation and data restore
DA-1290/1797 - backup copy
DA-2483 - pointer link created as User.
DA-1104 - skin uploads
DA-1812 - subdomain creation
Templates Diff to html encode characters fixed
Html Encoded the diff output for CMD_TEMPLATE_DIFF.
Also swapped spaces with
and tabs with 4x
Thread:
http://forum.directadmin.com/threads/50827
delete_messages_days was deleting all tickets fixed
Relating to:
Message System: Clear Messages (SKINS)(LANG)
The option:
delete_messages_days=1234
when set to a value greater than 0 would delete all tickets from the tickets.list files because the "newest file" from the tickets directory was not correctly being read in.
Fixed the read to get the accurate date of the newest message, so the comparison is accurate, and the tickets are not deleted when they shouldn't be.
File Manager URLs to use location encoding, rather than html fixed
Previously the href value in the filemanager were html encoded with Ӓ.
I've chagned the href values to use the %20 encoding, and left the actual html display as the html encoding.
FileManager not correctly showing long paths fixed
If a request path (directory or file) in the CMD_FILE_MANAGER was too long, DirectAdmin was not able to correctly send the file.
DKIM wasn't being added to domain pointers fixed
Creation of a domain pointer will not add the DKIM dns records to the pointer's zone.
It will use the existing /etc/virtual/domain.com/dkim.*.key file.
If they don't exist, they will be created.
NOTE: this also means that if you have dkim=1 but a domain does not have any dkim keys, when a pointer is created, the main domain will obtain the DKIM keys.
So you'll need to ensure you add the DNS records for the domain domain too.
For most cases, the main domain should already have the DKIM keys created, so this shouldn't be an issue.
check_subdomain_owner to allow bypass on User restore creation fixed
A Reseller is already allowed to create a User with a sub.resellerdomain.com value:
check_subdomain_owner to allow owner to create users with subdomains
However, the restore did not allow it.
This change allows an override to allow sub.resellerdomain.com to be created under a Reseller's User, but only when it's in the same process when the User is being created.
A restore for an existing User should already have the domain anyway, so won't hit that point, so not as issue. (and where the Reseller owns resellerdomain.com, of course)
It will be an issue if a Reseller is restoring a User, where the User already exists prior to triggering the restore, and the tar.gz has a new domain not already in their account, but this would be a rare case. (it's essentially a merge)
For that case, just shut off the check:
check_subdomain_owner=0
or add the mentioned resellerdomain.com to the override list:
Allow domain exceptions to the check_subdomain_owner
plugin .raw downloads uses too much ram on large files fixed
Related:
Direct plugin access to connecting socket
plugin index.raw to send in chunks
The process was saving all data into ram, as it was sending.
This causes a large amount of memory usage for large files.
Since DA really doesn't need to know what the data is, the design for the .raw method has been changed to not save the data as it goes out, using much less ram.
/etc/virtual/domain.com/limit/* to backup/restore fixed
/etc/virtual/domain.com/limit/* to backup/restore
If restore with Admin Level, direct files are set, regardless of global limits.
If restore is done with Reseller or User Level, then the standard limit setting function is used, where limits/values are checked and enforced.
FONT-SIZE: 8.5pt fixed
After a recent chrome update to 41.0.2272.89, the previous 8pt value used everywhere for over a decade has now lost a pixel in height, causing the font to be small and hard to read.
It's entirely possible that the Chrome change actually "fixed" a previous issue.. or could be a newly introduced bug.
After some testing, we've changed the 8pt size to 8.5pt (roughly 11px) which seems to restore the previous look.
Firefox looks fine with either. IE looks small with both (always has), but won't put much weight on IE.
If if it a Chrome bug, we'll revert to 8pt after it's fixed.
If it's actually a fix for Chrome to make the font look as it's actually intended, then we'll leave the changed value of 8.5pt in place.
Possibly related threads:
https://code.google.com/p/chromium/issues/detail?id=464784
https://code.google.com/p/chromium/issues/detail?id=464784&q=font&colspec=ID%20Pri%20M%20Week%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified
https://productforums.google.com/forum/#!category-topic/chrome/give-feature-feedback-and-suggestions/y0dBAL2zJRY
https://productforums.google.com/forum/?utm_medium=email&utm_source=footer#!msg/chrome/TLA408iuLdc/GPIi_yQIAR8J
Forum thread:
http://forum.directadmin.com/threads/51098
CentOS 7: /etc/logrotate.d/exim to be set to 644 fixed
Default exim logrotate file on CentOS 7 was appearing with 755, which logrotate didn't like.
exim.sh will now set it to 644, after the rpm is installed.
Likely 755 on other CentOS boxes, but logrotate may not have had this check.
The exim.sh change applies to all CentOS boxes, but only CentOS 7 complained of the issue.
CMD_API_DU_BREAKDOWN wasn\'t implemented fixed
Related to the addition of CMD_DU_BREAKDOWN, the API version (CMD_API_DU_BREAKDOWN) was missed.
Disk Usage Breakdown - CMD_DU_BREAKDOWN (SKINS)
fix, add the check for CMD_API_DU_BREAKDOWN, and call to same function.
Change handshake_timeout default to 12 seconds fixed
Relating to:
directadmin.conf option: request_timeout replaces connect_timeout, new handshake_timeout
Previous default was:
handshake_timeout=3
but it looks like Chrome doesn't send any SSL handshake during it's pre-connect, so the request timeout never applies.
Default now changed to:
handshake_timeout=12
as Chrome seems to disconnect after about 10 seconds of preconnect.
An Admin can set any per-User send limit fixed
Relating to:
Per-DA-User email send limit in interface (SKINS)
If you're logged in as an Admin, no restrictions will be in place for the value set.
0 and any high number will be accepted.
Previously, they were enforced to the same Reseller rules, where the limit could not exceed the value in /etc/virtual/limit, assuming:
max_user_send_limit=-1
was set.
The max_user_send_limit value applies to the Reseller limit,
but now admin's are exempt from this variable's value, and can always set anything.
MySQL IPv6 access hosts to use condensed format fixed
The access host check that MySQL does is only on the condensed IP.
Fix in DA is to only give the condensed for to MySQL when adding an IPv6 access host.
Existing values are unaffected, so if you use IPv6 values be sure to re-add them, where DA will swap them for the short form.
Related error:
mysql says:
ERROR 1045 (28000): Access denied for user 'db_user'@'1a43:3d02:a0d2:146::4303' (using password: YES)
Delete subdomain webalizer stats with "remove directory contents" fixed
When deleting a subdomain, with the "remove directoryt contents" checked, only awstats data was removed.
Fixed to properly delete the webalizer data as well.
addip script to depracate IPv6 IPs upon adding fixed
When an IPv6 IP is added to a device, the system sometimes likes to use it as the default IP, because it was added last.
This fix will change the script:
/usr/local/directadmin/scripts/addip
to have the addIPv6() function to include the /sbin/ip command, below.
The "preferred_lft 0" changes the state of the IPv6 IP.
You can view the current state of your IPs like this:
ip -6 addr show dev eth0
where you know it's depracated, if you see this beside the IP you dont want exim to bind to:
inet6 fe80::230:42ff:fd57:16b2/64 scope link deprecated
if it looks like this, then it didn't work:
inet6 fe80::230:42ff:fd57:16b2/64 scope link
Forum thread:
http://forum.directadmin.com/threads/48912
addIPv6()
{
MASK=/64
MCOUNT=`echo $2 | grep -c /`
if [ "$MCOUNT" -gt 0 ]; then
MASK=$2
fi
/sbin/ifconfig $ETH_DEV inet6 add ${1}${MASK}
/sbin/ip -6 addr change ${1}${MASK} dev $ETH_DEV preferred_lft 0 >/dev/null 2>&1
exit 0;
}
Note: CentOS 5 and likely other older OSs may not support the "change" option with the ip command.
This is why I've piped everything to /dev/null.
Adding domain pointer is missing additional IPs for subdomains fixed
If a domain uses multiple IPs, subdomains records in a domain pointer zone did not receive the additional IPs.
Also found a bug in regards to linked IPs for those additional IPs (which wouldn't be very common, but a bug regardless)
SERVER_IP token wasn't present at dns_*.conf template parse time fixed
The |SERVER_IP| always worked before, but it was relying on the write-time parse of the named.db template.
If you set webmail=|SERVER_IP| in the dns_a.conf, for example, it would have returned that text, without being swapped with the correct value.
No real harm done, until you start playing with multi-IPs.
If you add a 2nd IP, webmail=1.2.3.4 would have already been present, but because "1.2.3.4"!="|SERVER_IP|", DA allowed it to be added.
Upon the named.db write, the |SERVER_IP| is tokenized, giving you duplicate A records for webmail, with the same IP.
The fix is to make the SERVER_IP token available to all of the dns_*.conf templates, as they're tokenized.
Deleting a domain did not clear it from php_safe_mode.cache fixed
The cache rebuild for the php_safe_mode.cache file was previously given the User to update.
For each domain that the User had, it would update the php_safe_mode.cache for those domains.
However, when a domain is deleted, the remove value is no in the list, so it would linger.
Fix was to use a domain list to pass to the cache rebuild, and it will notice the domain is missing, and remove it from the list.
Similarly, deleting a User was not correctly clearing domains from the file.
A new domain_cache_list will be passed through all User deletion functions, and will update the cache in a similar manner.
Consideration was also added for the deletion of a Reseller.. the domains of the sub-Users should also be included the domain_cache_list.
Lost Password "from" email should be from creator fixed
When email are sent out for the "Lost Password" feature, previously the "from" header was the same as the "to" email, logically because it's an email from yourself, for yourself.
As many systems don't accept matching from/to headers, the from has been changed to be the email address of the creator of the account (Reseller's user.conf email value).
BlockCrack notify admin fixed
Similar to this previous bug:
notify_admins_on_mass_emailings
the BlockCracking notices were using the per-email limit setting:
notify_admins_on_per_email_mass_emailings=1
Fix is to change it to use:
notify_admins_on_mass_emailings=1