Directadmin Docs

Version 1.674

Released: 2025-03-01

Dovecot 2.4.0 support custombuild new

CustomBuild is now capable of installing and configuring Dovecot 2.4.0. The new version brings new FTS plugin that should improve greatly improve the email search over IMAP.

The default Dovecot version that gets installed automatically is still 2.3.21.1. We expect to start using Dovecot 2.4.0 in the next DirectAdmin release.

The Dovecot 2.4.0 can be installed by setting a custom version for the dovecot component in the custombuild/custom_versions.txt or via GUI.

Note: If Dovecot 2.4.0 is installed and DirectAdmin is downgraded to a version without Dovecot 2.4.0 support (1.673 or older). It will not work correctly until Dovecot is downgraded to the 2.3.x version.

Database service settings page evolution new

A new section in the Administrator Settings page is added that allows server administrator to control the DirectAdmin integration with the database service. This page controls the /usr/local/directadmin/conf/mysql.conf file, which used to be managed manually in earlier DirectAdmin versions.

This makes it easier to manage non-standard DB deployment (for example, remote DB server).

Database Service Settings

Protected directory creation details evolution improved

Previously after protecting a directory the page immediately redirected to the index page. Now instead of immediate redirection, a box is shown which displays protected directory prompt and the password used to protect the directory.

Catch-All E-mail page redesign evolution improved

The Catch-All E-mail page (located under admin level -> Advanced Features category) was redesigned to provide clearer indication of what each option does. Note that the functionality is the same as before. The page has been updated only from a visual standpoint.

Redesigned path selector input evolution improved

In this release, we've completely redesigned the path selector input. The new design includes a new API endpoint, more user-friendly navigation between folders, a folder search feature, and an updated interface. This improved input is now used in several places, including the FTP account creation and edit pages (Custom tab), and the move files dialog in the file manager. In the near future, all old path selector inputs will be replaced with the new one.

Redesigned the file upload dialog in File Manager evolution improved

The file upload dialog in the File Manager has been improved. Key changes:

  • A new API for file upload is being used. The file upload operation is handled more efficiently by streaming file data directly into a temporary file on the destination directory and doing a rename after a successful data transfer.
  • File overwrite detection is more accurate. It will not silently overwrite the file if a file with the same name was created by another process while data transfer is still in progress.
  • Maximum file upload size is no longer limited by the maxfilesize option in the directadmin.conf file.
  • The file upload dialog now works on mobile devices.

Improved error log message for ClamAV rejected emails custombuild improved

The Exim log message for emails rejected because ClamAV found a virus is updated.

The original message contained the remote mail server IP address twice. New message shows the recipients of a virus instead.

Example of an old error message in the Exim mainlog:

2025-02-01 00:00:00 1tmV30-0000000DEUJ-1u8w H=mail.example.com [192.168.0.1] F=< evil@example.com > rejected after DATA: Message from 192.168.0.1 denied - virus of harmful content (Eicar-Signature)

With the new configuration, it will look like this:

2025-02-01 00:00:00 1tmV9S-0000000DF1T-0mWk H=mail.example.com [192.168.0.1] F=< evil@example.com > rejected after DATA: Message for victim@mydomain.com denied - virus of harmful content (Eicar-Signature)

Unified authenticated email handling on submission ports in Exim configuration custombuild improved

The Exim configuration is updated to unify how authenticated email sending is processed. Key changes:

  • Connections to submission ports (both 587 and 465) will refuse mail sending without authentication. Old configuration blocked non-authenticated users on port 587 but allowed MTA-to-MTA style delivery on port 465.
  • Connections on submission ports (both 587 and 465) will skip HELO checks. This used to cause unexpected email refusal from MUA if the client computer happened to use the same host name as the DirectAdmin server.
  • Authenticated email will be marked with a control = submission directive in the exim.conf. This change makes Exim add missing headers and treat the email as coming from MUA instead of MTA.
  • Exim will not try to validate DKIM headers in emails delivered over authenticated connections. This helps to simplify the DKIM checking ACL. The old configuration used to skip DKIM validation only for email received on the 587 port. The new configuration unifies this for authenticated mail over any port.

Migrate access_host from mysql.conf to db_default_access_hosts in directadmin.conf improved

Move access_host... field values to directadmin.conf field db_default_access_hosts as comma separated values. The field defines a list of default access hosts to use. This migration cleans up conf/mysql.conf file responsibily to solely contain connection details.

Example:

da config-set db_default_access_hosts 'localhost,123.123.123.%'

dns_create_post extra variables for restores/dnssec improved

The dns_create_post hook is triggered by the adding of a zone to the named.conf file. During a restore, a plain domain is first created (domain.com.db), but if it was signed in the backup, it's swapped to the signed variant, domain.com.db.signed, which triggers a 2nd call to the hook. This change adds 2 extra variables to the hook:

zone_existed=0|1  : if the line was already present or not
skip_template=0|1 : if the call is being triggered by a restore, this will be 1.

All hooks now use isolated set of environmental variables improved

The hook scripts system has been updated to set all environmental variables after the fork, in a cleaner, more isolated manner. Global variables in DA will still be passed as before.

Add redis_enabled flag to user.conf improved

This flag is used to enable user redis service after user reactivation after suspend or migration.

Rspamd Whitelist/Blacklist *@domain.com: block both MAIL FROM and From: header improved

The per-User Rspamd Whitelist/Blacklist previously used a check on the from Rspamd value, which checks the MAIL FROM smtp-time value. This hostname might not be from the @domain.com sender, but perhaps a 3rd party sending server, possibly @sender.domain.com, thus the *@domain.com wildcard blacklist might not match. This change is to duplicate the fred_whitelist and fred_blacklist sections in /etc/rspamd/users.d/fred.conf, to also have fred_mime_whitelist and fred_mime_blacklist, where these new sections will check the from_mime value, representing a check on the From: header. Checking both the smtp and mime values will be more likely to match the blacklist/whitelist checks, avoiding confusion as to which value should be checked.

Template change: rspamd_setttins.conf, with new tokens: blacklist_from_mime_list and whitelist_from_mime_list. The existing tokens: |CUSTOM10|,|CUSTOM11|,|CUSTOM12|,|CUSTOM13| are used twice, used again in the duplicated BL/WL sections.

Config changes will take effect the next time a User makes a change to these filters. If needed, you can rewrite all User rspamd configs with either of these commands:

da taskq --run='action=rewrite&value=rspamd'
da taskq --run='action=rewrite&value=rspamd&user=fred'

Startips is now called after a network change improved

Historically startips script was called once during the system startup. If network gets restarted - server looses all the IP addresses that are not defined in a system configuration. This change adds a script as a post hook to the network interface up action. Script executes the startips script only if startips.service is enabled.

Updated unit-http packge install location improved

Nodejs unit-http package is now installed into /opt/custombuild/unit/lib/node_modules instead of npm specified location (/usr/lib/node_modules/ or /usr/local/lib/node_module). This helps with nodejs applications failing to start on some systems.

Currently running node applications should get automatically updated to use new location.

The installer asks for CustomBuild configuration upfront improved

When the DirectAdmin installer is started without any arguments, it will interactively ask for a license key and standard CustomBuild configuration parameters.

Starting this release, the CustomBuild configuration questions will be asked before DirectAdmin is installed on the system. This improves the general install flow by collecting all required user input at the beginning of the install process. The administrator no longer needs to wait until DirectAdmin is installed to finish up answering the CustomBuild configuration-related questions.

The installer environment variable DA_INTERACTIVE_CUSTOMBUILD is no longer used, it will run in interactive mode only when started without any arguments.

Move admin.conf fields to directadmin.conf improved

Move and rename a set of fields from data/admin/admin.conf to conf/directadmin.conf.

Old field in admin.confNew field in directadmin.conf
auto_updateallow_push_autoupdate
backup_thresholduser_backups_disk_threshold
oversellallow_reseller_oversell
service_email_activenotify_admins_down_services
suspendsuspend_reseller_on_overuse
user_backupallow_reseller_to_backup_users

Add dovecot_legacy flag to directadmin.conf improved

This flag is used when generating /etc/dovecot/conf/sni/{domain}.con file to select which template file will be used:

  • dovecot_legacy=1 (default): data/templates/dovecot_sni.conf
  • dovecot_legacy=0: data/templates/dovecot_sni_2.4.conf

da build dovecot will set this flag depending on dovecot version in versions.txt file.

Software version changes custombuild improved

  • composer updated from 2.8.5 to 2.8.6
  • dovecot-fts-xapian updated from 1.8.6 to 1.9.1
  • imagemagick updated from 7.1.1-43 to 7.1.1-44
  • ioncube_loaders updated from 14.0.0 to 14.4.0
  • litespeed updated from 6.3.1-8 to 6.3.1-9
  • MariaDB 10.11 updated from 10.11.10 to 10.11.11
  • MariaDB 10.5 updated from 10.5.27 to 10.5.28
  • MariaDB 10.6 updated from 10.6.20 to 10.6.21
  • MariaDB 11.4 updated from 11.4.4 to 11.4.5
  • modsecurity3 updated from 3.0.13 to 3.0.14
  • modsecurity_owasp_rules updated from 4.10.0 to 4.11.0
  • nginx updated from 1.27.3 to 1.27.4
  • openlitespeed updated from 1.8.2.1 to 1.8.3
  • PHP 8.3 updated from 8.3.16 to 8.3.17
  • PHP 8.4 updated from 8.4.3 to 8.4.4
  • roundcubemail updated from 1.6.9 to 1.6.10

Domain selector in the dashboard and plugin pages evolution fixed

All Evolution skin layouts are updated to show the domain selector on the Dashboard page and on the plugin pages.

Pages associated with disabled API endpoints appear in menu evolution fixed

When using feature sets or login keys to limit the API endpoints user has access to, some of the pages associated with the disabled commands were visible in the menu. This has been fixed.

BCC email leak in headers and Dovecot delivery bug workaround custombuild fixed

Email delivery batching over LMTP is turned off. This fixes the Dovecot bug where a single email sent for multiple users can fail to be saved (happens very rarely and only when email compression is used). And ensures email addresses in BCC are not leaked in the Envelope-to header.

Single LMTP socket in Dovecot custombuild fixed

The Dovecot service configuration is updated to create only one LMTP socket.

OpenLiteSpeed web UI on RHEL systems when missing libnsl fixed

OpenLiteSpeed has a built-in web UI running on port 7080. This interface was not working on some RHEL systems, where the libnsl package was not installed.

CustomBuild installer script for OpenLiteSpeed is updated to make sure this library is installed when installing OpenLiteSpeed.

Enforce minimum resource limit values for reseller packages fixed

When creating or editing a reseller package it was possible to set any of the resource limits values to anything. The values are now validated to be in proper format and to not be less than the minimum that a reseller is able to assign to its users.

Removed CustomBuild command da build create_options removed

The command da build create_options functionality is moved to be part of the installer script. This command will no longer work after DirectAdmin is installed.

Removed field directadmin_conf_diff from /CMD_ADMIN_SETTINGS response removed

The command CMD_ADMIN_SETTINGS will no longer have the directadmin_conf_diff field set in response data.

File directadmin.conf management can be done using the new API endpoint GET /api/server-settings/directadmin-conf/local.

The old endpoint is not reliable because it used to omit options that are set in the directadmin.conf file, but the option value matches the default value.

This option is no longer used. Session cookies will always use Lax same site cookie policy. Remember 2FA cookie will always use Strict same site cookie policy.

Removed dovecot helper functions custombuild removed

The following custombuild commands are removed:

  • da build xapian
  • da build dovecot_fts_xapian
  • da build dovecot_pigeonhole

These components will be rebuilt, if needed, when running the da build dovecot command.

Removed obsolete virtual_localdelivery transport definition in the exim.conf removed

The Exim configuration file exim.conf is updated to no longer have a definition for virtual_localdelivery transport. This transport is not used since local mail delivery switched to using LMTP.

Last Updated: