Summary

I created a TXT record in Froxlors DNS Editor for DKIM. The 2048bit key is longer than 255 characters.
The zone-file that the DNS Editor creates causes a syntax error and thus bind will not serve the zone anymore.

Long TXT records need to be split into multiple lines like this:

a9d04665528b593d263a6e5256648c99._domainkey IN  1800 TXT (
     "k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2/ZfhxSI/A"
     "bqgh0amM8ylrlosirWeKShUhq7fg12aYmRwOqq9hIzO0Fcz1BzfgHVu6HU++rC5"
     "QoUK0JQK/nk4jwkDgvG2di2ZYmAvEbY/VeiK1x/TG0p1Iczr2k6Bj0gEAb/YGD2"
     "YbwrwAi4bDXwoPsYuuNn9TB3jjyWKu/dvOsqhff1/4Wc+FkOi0ClvgrXiklN28X"
     "TLjyjSyU794ntIoegXxrfwcwkhfPMvuqcnhfIC0Z8L71M4WR4SoHyNHVfBtNlUv"
     "VNROiXlMxtxnNQvfViSwz6LC8bYIxeAba3hSXPTChKu3qZtfR0o3jFwEWAfLQdg"
     "Ixler0jMEoAyJmfQIDAQAB")

Source of this example

System information

• Froxlor version: 0.9.38.7-1+wheezy1
• Web server: apache2
• DNS server: Bind
• POP/IMAP server: Courier
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Debian Wheezy

Steps to reproduce

1. Enable Nameserver for some domain
2. Open the DNS Editor
3. Create a new TXT record with more than 255 characters

Expected behavior

1. A zone file with correct syntax should be created
2. Bind should reload without problem
3. The zone should still be served by bind

Actual behavior

1. A zone file with syntax error is created
2. Bind reloads, detects syntax error
3. Bind stops serving the zone

Log files/log entries

syslog:

Aug 25 11:02:31 host3 named[17684]: dns_rdata_fromtext: /etc/bind/domains/myzone.de.zone:5: syntax error
Aug 25 11:02:31 host3 named[17684]: zone myzone.de/IN: loading from master file /etc/bind/domains/myzone.de.zone failed: syntax error
Aug 25 11:02:31 host3 named[17684]: zone myzone.de/IN: not loaded due to errors.
Aug 25 11:02:31 host3 named[17684]: reloading zones succeeded

Proposed solution

1. Froxlor should split long records as explained above
2. Froxlor could check the generated zone file with named-checkzone to make sure no faulty zone gets loaded

Hey,

i've just installed the latest version from your debian repository. after follwing the debian install guide, and following the tar guide later, i was not able to access it (404). the problem is, dpkg unpacks it to /var/www which is not the default www-root for debians apache 2.4 (its /var/www/html). so i had to write my own config and put it in /etc/apache/site-enabled (see below).

i think you should mention that in the docs

Alias /froxlor /var/www/froxlor
<Directory /var/www/froxlor>
    Options FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_php5.c>
        <IfModule mod_mime.c>
            AddType application/x-httpd-php .php
        </IfModule>
        <FilesMatch ".+\.php$">
            SetHandler application/x-httpd-php
        </FilesMatch>
    </IfModule>
</Directory>

When I try to add a subdomain in the customer's panel, all I get is:
A database error occurred
SQLSTATE[HY000]: General error: 1364 Field 'dkim_id' doesn't have a default value

What can I do about it?

Froxlor Version: 0.9.38.7
OS Version: Ubuntu 16.04

Problem

It is not possible to create a concise CNAME record like

ssl     IN      CNAME   www

Steps to reproduce

• Create a customer and domain
• Activate nameserver management for domain
• Fill form row with values Record: 'ssl', Type: 'CNAME', Content: 'www'

Expected result

A valid record as above should be generated.

What happens instead

Error
Invalid domain-name for CNAME record

Workaround is to enter www.domain.tld as content, which will then be expanded to a FQDN with a trailing dot. But IMHO it should also be possible to use non-FQDN as content (or @), since those are also perfectly valid records.

Problem

On a new Froxlor installation (Debian stretch), I've encountered error messages:

A database error occurred
SQLSTATE[HY000]: General error: 1364 Field 'destination' doesn't have a default value

Steps to reproduce

• Set up a pristine host based on a recent Debian or Ubuntu distribution
• Verify that MySQL is running in strict mode
• Create a customer and domain
• As customer, try to create a new email address

Possible cause

MySQL is operating in strict mode by default (in Debian jessie or newer), which causes errors if a text type column declared NOT NULL is omitted in an INSERT operation. See https://dev.mysql.com/doc/refman/5.7/en/data-type-defaults.html.

Suggestions

• Declare text type columns without NOT NULL constraint, or
• Use sufficiently large varchar type columns instead of text, or
• Supply empty string values for the affected columns when inserting

RFC. I'll supply a pull request once it is decided which solution should be applied.

Best regards, willydee

Thanks for all the effort and work put into this project.

Please, consider maintaining a Changelog file with the list of changes on every version.

Thanks again!

hi,
adding another dir to settings | php-fpm | global pear dirs is not possible -> Error The value for the field "system_phpfpm_peardir" is not in the expected format. even If I change it to only /usr/share/php (which ist possible), but then again put in the default /usr/share/php:/usr/share/php5

I guess the ":" is causing the error.

System information

• Froxlor version: 0.9.38.7-1 (DB: 201612110)
• Web server: apache2.4
• DNS server: Bind
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: debian jessie

System information

• Froxlor version: 0.9.38.7-1
• Web server: apache2
• PHP-Version: | 7.2.0RC3

Steps to reproduce

Use PHP 7.2, open home page

A warning appears:

#8192 The each() function is deprecated. This message will be suppressed on further calls
/var/www/froxlor/lib/functions/phphelpers/function.array_trim.php:34

Hi,

letsencrypt would be even more useful if froxlor saves the fullchain.pem at least for the panel certificate. Then the certificated could be used directly in dovecot and postfix.
The request was in the forum last year but I saw no feature request so far:
https://forum.froxlor.org/index.php?/topic/13344-lets-encrypt-fullchain-abspeichern/

Most of WordPress static caching plugins require modifications of try_files for root location.
It seems at present there is no possibility to achieve this in Froxlor.
Perhaps just a switch "do not generate default try_files", and then merging custom try_files directive from domain specialsettings will be sufficient.
Sample configurations:
Cache Enabler -
https://www.keycdn.com/support/wordpress-cache-enabler-plugin/
WP Super Cache -
https://codex.wordpress.org/Nginx#WP_Super_Cache_Rules
W3TC -
https://codex.wordpress.org/Nginx#W3_Total_Cache_Rules

Summary

Stored Cross-site Scripting (XSS) in page name allowing a user to get arbitrary JS execution. This isn't really a big issue as the website already has all session tokens using HTTPOnly, and you need to be an administrator (if using as the default) to post. It is quite reasonable for organisations to make other roles for contributors/authors, hence being worth the patch. I'm not too sure if this is still an issue in v3, as I couldn't get the server set up for it yet.

System information

• Froxlor version: v2.3.1-17-g6f82e6c
• Web server: apache2
• DNS server: Bind
• POP/IMAP server: Courier
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Ubuntu 16.04

Steps to reproduce

1. Log into the website
2. Create a new page
3. Set the page's name to <img src=x onerror=alert(1)
4. Visit the page list section of the admin panel and observe an alert box pop up.

Expected behavior

1. <img src=x onerror=alert(1) is HTML Encoded

Actual behavior

1. JS code is arbitrarily executed

https://github.com/Froxlor/Froxlor/blob/a2e0de23e1ed19a8c174b09edcdf559d98b1b5d0/install/froxlor.sql#L774

Reads

\r\nnoutput_buffering

Instead of

\r\noutput_buffering

While configuring for Ubuntu Trusty (14.04) » Mailserver (IMAP/POP3) » Courier:

I gave the mysql-Password in the given field and let it "set" inside the files.
For /etc/courier/authmysqlrc, this fails, as the password is written BEFORE the MYSQL_PASSWORD information:

MYSQL_USERNAME froxlor
passwordformysqlgiven MYSQL_PASSWORD 
MYSQL_PORT 3306
MYSQL_DATABASE froxlor
MYSQL_USER_TABLE mail_users
MYSQL_CRYPT_PWFIELD password_enc
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD (quota*1024*1024)
MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)

Bug report vs. support request

If you're unsure of whether your problem is a bug or a configuration error

• contact us via IRC in #froxlor on freenode
• or post a thread in our forum at https://forum.froxlor.org

As a rule of thumb: before reporting an issue

• see if it hasn't been reported (and possibly already been fixed) first
• try with the git master

Summary

Please provide a concise summary of the problem you're experiencing...

System information

• Froxlor version: $version/$gitSHA1
• Web server: apache2/nginx/lighttpd
• DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
• POP/IMAP server: Courier/Dovecot
• SMTP server: postfix/exim
• FTP server: proftpd/pureftpd
• OS/Version: ...

Seitdem ich gestern auf Debian 9 geupdated habe, kann ich keine Mals mehr empfangen doer senden via thunderbird, angeblich ist der SMTP Server nicht erreichbar

Summary

On e-mails, which have a real account and a forwarding address, each e-mail is forwarded twice. E-mail addresses with only a forwarding address and no account do not show this behaviour.

System information

• Froxlor version: We use your Froxlor packages for Debian Wheezy (currently 0.9.38.7-1+wheezy1)
• Web server: Apache 2.2
• OS/Version: GNU/Linux Debian Wheezy

Steps to reproduce

1. Create a client's e-mail account in Froxlor
2. Add a forwarding address
3. Send test e-mail to the newly created account in step 1
4. Check the account from step 2, to which e-mails are forwarded

Expected behavior

1. Each e-mail to the newly created account in step 1 appears once in the account in step 2, to which e-mails are forwarded

Actual behavior

1. Each e-mail to the newly created account in step 1 appears twice in the account in step 2, to which e-mails are forwarded

We have noticed this problem already a long time ago (one or two years), but found only now the trigger (having forwarding + a real account for the original e-mail address). Back then it was not such a big issue, because we only used it temporarily during vacation times. Now we need a permanent solution with e-mail account + forwarding.

Summary

The Froxlor.sql file contains an error. As an result of this the table mail_virtual is not createt
The MySQL error is : ERROR 1101 (42000): BLOB/TEXT column 'destination' can't have a default value

DROP TABLE IF EXISTS mail_virtual;
CREATE TABLE mail_virtual (
id int(11) NOT NULL auto_increment,
email varchar(255) NOT NULL default '',
email_full varchar(255) NOT NULL default '',
destination text NOT NULL default '', <--
domainid int(11) NOT NULL default '0',
customerid int(11) NOT NULL default '0',
popaccountid int(11) NOT NULL default '0',
iscatchall tinyint(1) unsigned NOT NULL default '0',
PRIMARY KEY (id),
KEY email (email)
) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;

This can be fixed by removing the default value of the script

System information

• Froxlor version: 0.9.38.7 (DB: 201612110)
• Web server: apache2/php7
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: CentOS 7

Hello,

there are no import-fields for Let´s Encrypt and HSTS-settings within the domain import.

Regards,

Afox

Summary

On the details page of an email address (customer_email.php), which happens to have forwarders, the following error occurs and none of the forwarders are being shown:

#2 Invalid argument supplied for foreach()
/customer_email.php:327	

The issue appears to have been introduced with: 421c29c

Using the following patch (partially reverting the commit above) resolves the issue (on PHP 7.1 at least):

diff --git a/customer_email.php b/customer_email.php
index 479493d6..a31d55eb 100644
--- a/customer_email.php
+++ b/customer_email.php
@@ -324,7 +324,7 @@ if ($page == 'overview') {
                        $forwarders = '';
                        $forwarders_count = 0;

-                       foreach ($row['destination'] as $dest_id => $destination) {
+                       while (list($dest_id, $destination) = each($result['destination'])) {
                                $destination = $idna_convert->decode($destination);

System information

• Froxlor version: master 421c29c
• Web server: nginx 1.13.6, PHP 7.1.11-1+0~20171027135525.10+stretch~1.gbp2e638d
• DNS server: none
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Debian 9.2 (stretch)

Steps to reproduce

1. Create a customer with an email address
2. Add a forwarder to the newly created email address
3. Click the email address to get to the "Edit email-address" page

Expected behavior

1. Seeing a detail listing of the email address including the forwarders

Actual behavior

1. A detail listing of the email address with zero forwarders
   Forwarders (0): | Create forwarder

Log files/log entries

n/a

Summary

Currently froxlor comes with the customer_mysql.php module to manage MySQL databases only.

We need to provide an integration for CouchDB as well: http://couchdb.apache.org/

Required features

• List existing databases
• Create new databases
• Delete databases
• Open an existing database with the built-in CouchDB UI "Futon"

With libnss-mysql on Ubuntu:
Change the shell from /bin/false to /bin/bash for FTP user
Login as that user via SSH/SFTP would not be possible until nscd is restarted or it's cache is cleared manually.
Intended behavior: cron task for cache invalidation after shell change

Configuring a service such as mail or web hosting to work with a domain name is a complex and difficult task for users. This is because most services require changes to the DNS settings associated with a domain, and users don’t understand DNS. Domain Connect is a protocol that makes this easier for the user, and more consistent across providers. The protocol involves two parties. DNS Providers who run DNS for a domain, and Service Providers who provide the services and applications attached to domains.

http://domainconnect.org/
http://domainconnect.org/dns-providers/
https://github.com/Domain-Connect/spec/blob/master/Domain%20Connect%20Spec%20Draft.pdf
https://datatracker.ietf.org/doc/draft-carney-regext-domainconnect/

I am unable to log into the Froxlor Demo. It reloads the page completely on the form submission, and displays this error above the form.

Error
This account has been suspended because of too many login errors. 
Please try again in 900 seconds.

the following error is logged to the console

Unrecognized Content-Security-Policy directive 'reflected-xss'.

I have tried again after waiting the 900 seconds. I've returned to the site and tried multiple times throughout the day.

Hi!

Here at @ZIMK we recently noticed that the customizable email and file templates are admin-specific. Since we configured every template to include our contact details and links to help resources, every admin is required to use the exact same templates. Right now, we copy them via database when a new admin is created or a template has been changed.

For us, it would be beneficial to be able to configure and use these templates globally. Maybe this could be realized by introducing a 'global' flag for templates which could then be used in case no admin-specific templates are present. This wouldn't break the current functionality of admin-specific templates. Are there any plans on incorporating this and if not: What are your thoughts on this?

Thanks,
Chris

Hey,

i installed Froxlor on Ubuntu 16.04.

apt-get install apache2 libapache2-mod-php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-mcrypt php7.0-curl php7-0-intl
php7.0-xsl php7.0-mbstring php7.0-zip php7.0-bcmath php7.0-iconv mysql-server

cd /var/www/ && wget http://files.froxlor.org/releases/froxlor-latest.tar.gz
tar zxvf froxlor-latest.tar.gz
rm froxlor-latest.tar.gz
chown -R www-data:www-data /var/www/froxlor

Web-Installation and following:

Konfiguration > Distribution Ubuntu 14.04 > Service Mailserver IMAP/POP3 > Dovecot

done.

Now, when trying to access the Mail feature via a client, i get:

SQLSTATE[42S02]: Base table or view not found: 1146 Table 'froxlor.mail_virtual' doesn't exist

What's the issue here?

Steps to reproduce

• Configure Dovecot according to instructions
• Create an email address and mail account with a password containing umlauts: Müsst3_kl4ppen
• Try to log in using that password with an arbitrary IMAP client (tested with recent versions of Thunderbird and Roundcube Webmail)

Expected result

User should be logged in

What happens instead

Mail client reports authentication failure

System information

• Froxlor version: 0.9.38.7
• Web server: apache2 for Customer (froxlor runs on nginx)
• DNS server: PowerDNS (Bind-backend)
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Debian Jessie amd64

Steps to reproduce

1. Add an Entry with the Subdomain as Type: "A" with the "Record"
   "*.home"
2. save
3. Error Message: "The subdomain *.home contains invalid characters."

Summary

When setting directory security via Froxlor, the index directive is not applied. Thus, accessing a path does not automatically load index.php (or index.htm) if a filename is omitted.

System information

• Froxlor version: 0.9.38.7
• Web server: nginx

Proposed solution

I want to supply a patch for this issue, but wanted to get opinions on the preferred solution first:

1. add a new index directive for every location block created for directory security
2. add location blocks under the main location / block to enable inheritance for location settings

Solution 1 would mean minimal changes while 2 would automatically solve issues that arise from similar circumstances.

When a Domain makes a request to Let's Encrypt and errors out it blocks other requests from other Domains.

This should be caught so that the request get canceld after the 3rd error.
Each Block below is triggered 2-5 times and no, I did not changed anything on my system.

System information

• Froxlor version: $version/$gitSHA1
• Web server: nginx/
• DNS server: Bind
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Debian 8 (latest)

Log files/log entries

syslog:

Could not get Let's Encrypt certificate for xxx: Verification ended with error: {"identifier":{"type":"dns","value":"xxx"},"status":"invalid","expires":"2017-10-19T21:10:07Z","challenges":[{"type":"dns-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/zW8QIEYuAoeeUlplOQqVtyZ5poyN-mDR-qYs398mUnk\/2191075798","token":"zS2FnhcdaMGXXLtJZ4YjIosXCKpUit0JzISXh9VMQVM"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/xxx\/.well-known\/acme-challenge\/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE [2a00:f48:2000:affe:fe00::6]: 404","status":403},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/zW8QIEYuAoeeUlplOQqVtyZ5poyN-mDR-qYs398mUnk\/2191075799","token":"qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE","keyAuthorization":"qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE.3mDRa2uuPrY4ScOuWLlHF_ivCTGS60U94exiwcaibNI","validationRecord":[{"url":"http:\/\/xxx\/.well-known\/acme-challenge\/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE","hostname":"xxx","port":"80","addressesResolved":["46.4.77.233","2a00:f48:2000:affe:fe00::6","2a00:f48:2000:affe:fe00::36","2a00:f48:2000:affe:fe00::33","2a00:f48:2000:affe:fe00::24"],"addressUsed":"2a00:f48:2000:affe:fe00::6","addressesTried":[]}]},{"type":"tls-sni-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/zW8QIEYuAoeeUlplOQqVtyZ5poyN-mDR-qYs398mUnk\/2191075800","token":"HQG-jONSRusu5NUMwBKA5bbGQeUnzrPxnA07yhg-8PY"}],"combinations":[[0],[1],[2]]}

letsencrypt Please check http://xxx/.well-known/acme-challenge/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/xxx\/.well-known\/acme-challenge\/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE): failed to open stream: HTTP request failed! HTTP\/1.1 000 \r\n","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":232}

Could not get Let's Encrypt certificate for xxx: No challenges received for 3d.yannickfelix.ml. Whole response: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status":429}

I like to add an DKIM CNAME for e.g. MailChimp use like "k1.domainkey". Thats not possible because of function validateDomain in function.validateDomain.php. Its needed to add a "" to the pattern.

Summary

libnss-extrausers files are only updated after new FTP-Users created. Changes of existing FTP-User Settings (shell, passwd, path) are not published to libnss-extrausers files.

System information

• Froxlor version: c68682b
• Web server: apache2/php-fpm
• DNS server: not in use
• POP/IMAP server: not in use
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Ubuntu 16.04

Configuration with Debian 8.0 Templates

Steps to reproduce

1. System configured for libnss-extrausers and FTP-shell selection enabled
2. create a new FTP-user with shell /bin/bash
3. wait for next master cronjob
4. "cat /var/lib/extrausers/passwd | grep FTPUSERNAME" contains /bin/bash
5. change FTP-user to shell /bin/false
6. wait for next master cronjob
7. "cat /var/lib/extrausers/passwd | grep FTPUSERNAME" contains /bin/bash instead of /bin/false

Expected behavior

1. /var/lib/extrausers/* should be recreated after relevant User-Changes

Actual behavior

1. /var/lib/extrausers/* File are only updated after FTP-User-Creation

Log files/log entries

no System log entries after FTP-User-update

If PHP-FPM is activated, the FPM Articles from old redmine help wiki are pointed still in the template somewhere.

Screenshot:

Apache2 Link: http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_phpfpm
Nginx Link: http://redmine.froxlor.org/projects/froxlor/wiki/HandbookNginx_phpfpm

Should point to this githubs wiki.

System information

• Froxlor version: 0.9.38.7
  (others dont matter)

Steps to reproduce

1. Login as admin in froxlor backend
2. (Have PHP-FPM activated)
3. Check links in PHP-FPM settings

Expected behavior

1. Login as admin in froxlor backend
2. (Have PHP-FPM activated)
3. Check links in PHP-FPM settings
4. PHP-FPM handbooks should be hotlinked to githubs wiki

Actual behavior

1. Login as admin in froxlor backend
2. (Have PHP-FPM activated)
3. Check links in PHP-FPM settings
4. You'll see wrong links to the handbooks at the top of the page (still pointing to redmine.froxlor.org)

Hello,
How I can upgrade mysql 5.5 to mysql 5.6

I'm on Debian 8

Thanks

Hello,

after an import of domains, froxlor does not use the new domains within its cronjobs (config and LE) so that I had to manually open and save all imported domains again.

I am not sure if this was my fault because I also edited the domains after the import via SQL.

Regards,

Af0x

Hi,

when looking at the traffic graphs the mouseover box for the single points always show one unit higher than it should. E.g. when the value is MB the mouseover shows GB. The unit in the header of the graphs is correct, wherefore I assume it's just a rendering bug in the frontend.

Setup:
Froxlor 0.9.38.7
Nginx 1.10.3
PHP 7.0.17
Debian Jessie

When changing Apply specialsettings to all subdomains (*.example.com): in the domain settings and save.
It seems to be saved to the database but when i do "edit domain" again it will still show as enabled instead of corrently disabled.

My environment:

• ubuntu 16.04.2 LTS
• mysql 5.7.18
• froxlor 0.9.37 upgrading to 0.9.38.7

In addition to the issue in #433, after hacking around it you will hit this error:

A database error occurred
SQLSTATE[22007]: Invalid datetime format: 1292 Incorrect date value: '0000-00-00' for column 'termination_date' at row 1

The update steps for database version 201609240 will not work against a database with strict mode compatibility enabled. In particular, the 'alter table' steps for panel_domains may fail if any of the values for that column are invalid under the new data type. Specifically, the text string '0000-00-00' is not a valid date representation.

A more convoluted upgrade process is required to change the data type of this column. The column must be updated to a text data type, then the invalid entries ('0000-00-00') must be converted to valid entries (NULL), and finally the column can be changed to date data type.

Below are the steps I used to migrate the panel_domains table.

-- Step 1: change affected columns from date to 'varchar(10) null default null'
alter table panel_domains change registration_date registration_date varchar(10) null default null, change termination_date termination_date varchar(10) null default null;

-- Step 2: change '0000-00-00' dates to NULL
update panel_domains set registration_date = null where registration_date = '0000-00-00';
update panel_domains set termination_date = null where termination_date = '0000-00-00';

-- Step 3: change affected columns from 'varchar' to 'date null default null'
alter table panel_domains change registration_date registration_date date null default null;
alter table panel_domains change termination_date termination_date date null default null;

Hey,

when do you provide a new release? I'm waiting for the deployment of the PHP subdomain fix (2d59e56)... Would be really useful ;) Thanks in advance!

Best regards
Matthias

Summary

When using libnss-extrausers, the herein added users are not able to login (either ssh or su) due to too restrictive file permissions.

The permissions of the directory /var/lib/extrausers/ are currently set to 0700 (See class.Extrausers.php#L45) but should be 0755.
Permissions of the contained files turn out to be 0644, however this should only apply to /var/lib/extrausers/passwd and /var/lib/extrausers/group, the file /var/lib/extrausers/shadow should be 0640. To make a long story short, the files permissions should be the same as for the files in /etc

System information

• Froxlor version: 0.9.38.7-1 + extrausers patches
• OS/Version: Debian stretch

Steps to reproduce

1. Configure System with libnss-extrausers and let Froxlor generate the files.
2. On any root shell try su web1 -s /bin/bash

Expected behavior

1. The user should be logged in.

Actual behavior

The login is rejected.

Log files/log entries

In /var/log/auth you will get:

su[10068]: No passwd entry for user 'web2'
su[10068]: FAILED su for web2 by root

as per the instructions for debian installation the key can't be added :(

apt-key adv --keyserver p80.pool.sks-keyservers.net --recv-key FD88018B6F2D5390D051343FF6B4A8704F9E9BBC
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.qyeW78AWF4 --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver p80.pool.sks-keyservers.net --recv-key FD88018B6F2D5390D051343FF6B4A8704F9E9BBC
gpg: requesting key 4F9E9BBC from hkp server p80.pool.sks-keyservers.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

Hi,

I know that LE is still in beta mode. I've just batch-enabled LE for a couple of customers and ran into a few edge cases of the current implementation:

• each customer has a le account. There's a rate-limit of adding 10 accounts per three hours.
  Proposal: Only use one LE account per Froxlor site. The one for the Froxlor domain should be used. (This is also the suggestion from LE.)

• each "domain" in froxlor gets an own certificate. With many sub-domains this easily does not work with the current limits. Proposal: Aggregate domains per customer, ie, create *.domain.tld certificates.

• all standard subdomains should also be aggregated to a single certificate.

I anticipate the following changes for this:

• Update cron job to use system LE account always
• Remove per customer LE accounts from db
• Update DB structure to map froxlor domains to certificates

Comments?

Hello,

I want to suggest adding Stretch to the configuration settings.

Regards,

Af0x

System information

• Froxlor version: 0.9.38.7
• Web server: apache2 for Customer (froxlor runs on nginx)
• DNS server: PowerDNS (Bind-backend)
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: Debian Jessie amd64

Steps to reproduce

Record: _test._tcp
Type: SRV
Prior: 5
Content: 0 41144 test.domain.eu.
TTL: 3200

2. Save
3. Entry in DB of "Content" is now "0 41144 test.domain.eu.."

Expected behavior

Steps 1 and 2 of "Steps to reproduce"
3. "0 41144 test.domain.eu."

i've created an crontask which fixed entries like that.

For Recreation.

• libnss-mysql-bg on one Server
• Mysql Server on another Server
• assign ipv6 addresses to both Servers
• edit the libnss-mysql.config host string
  to the dns name or ipv6 address of the Mysql Server
  libnss-mysql: _nss_mysql_is_same_sockaddr: Unhandled sin_family <<<- Error

Solution:

• Add an alternative in the Switch Case from line 70 to 88
  Their is no option for IPv6 so default case screws whole program.
  Link to source code found on Sourceforge

Hi there,

we've been using Froxlor since many years in an environment, where we have separated the db, web and mail servers to different machines. This is not only good in terms of performance in larger environments, but also enables us to implement better security and isolation between different services. Since it works pretty well and could be pretty easily integrated into Froxlor stable, I thought I might drop some lines here for those interested.

The multi-server limitations in Froxlor are mainly caused by it's current mda/mta implementation, therefore the following things currently have to be adjusted:

• by default, froxlor creates the maildirs locally via cron and mkdir. this is not required and could be deprecated, as both exim/dovecot are able to automatically create the full maildir path upon first login or when receiving the first email for a new domain/mailbox

• statistics for mail usage (maildir size, traffic) can be populated and stored within the mboxsize row in the mail_users table directly from exim/dovecot. the cron-script ./scripts/jobs/cron_mailboxsize.php could be replaced

• removing the mailbox data of deleted mailboxes from the filesystem is a bit trickier, as the webserver has no local access to the maildir anymore. this could be achieved with a simple script which periodically runs on the mailserver via cron and checks the db for removed mailboxes or domains. if detected, the script simply removes the maildir from the local maildir on the mail vm.

I will share updated scripts and config files if required. Of course some other minor things like mysql-client, libnss and nscd have to be installed and configured on every machine equally. Also all VMs need to be able to connect to the MySQL/MariaDB instance, which means they have to be in the same subnet or proper firewall rulesets are required to be in place.

The current config generation module and templates could be easily adapted to support config generation for services on different nodes.

Thanks

Jungs: debian ist euer distribution channel. syscp anfänge mit erlebt, dann upgrade via debian und ich war glücklich. so erreicht ihr einfach mehr leute. das netz ist einfach zu voll mit vielerlei dingen und im linux bereich ist debian oder ubuntu das none plus ultra um software zu bekommen. go for it :)

Summary

Feature: "User create sub domain" fails
Error Message:
A database error occurred
SQLSTATE[HY000]: General error: 1364 Field 'dkim_id' doesn't have a default value

System information

• Froxlor version: 0.9.38.7 (DB: 201612110)
• mysql version: Ver 14.14 Distrib 5.7.19, for Linux (x86_64)
• Web server: apache2
• DNS server: -
• POP/IMAP server: -
• SMTP server: -
• FTP server: -
• OS/Version: ...

Steps to reproduce

1. Login as customer
2. Goto: Domains->Settings->Create SubDomain
3. Fill in name and press save

Expected behavior

1. Login successfully
2. Form appears
3. Domain->Settings page appears

Actual behavior

1. Login successfully
2. Form appears
3. MySql error message apperars

Log files/log entries

syslog:

n/a

Temporary solution

Check selected sql_mode via "SELECT @@sql_mode"
Do not configure sql strict mode (STRICT_TRANS_TABLES) permanently.
E.g.: /etc/mysql/mysql.cnf

[mysqld]
sql_mode=ONLY_FULL_GROUP_BY,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Summary

In FreeBSD, the latest version of sysutils/logrotate (3.13.0) is defaulting to using "/bin/gzip" (hard-coded into the binary) which, in turn, produces an error and does not compress the rotated log file.

FreeBSD's "gzip" executable is located in "/usr/bin". So, the "froxlor" logrotate config file that is provided needs to have the "compresscmd /usr/bin/gzip" added to it in order to override the default "gzip" location.

System information

• Froxlor version: 0.9.38.7 (DB: 201612110)
• Web server: apache2
• DNS server: Bind
• POP/IMAP server: Dovecot
• SMTP server: postfix
• FTP server: proftpd
• OS/Version: FreeBSD 11.0-RELEASE-p10 (amd64)

Steps to reproduce

1. Get Froxlor configurated with logrotate to handle HTTP logs.
2. Add suggested logrotate command to crontab (or run manually).
3. Notice compression error when attempting to rotate and compress old logs.

Expected behavior

1. Logs would rotate and be compressed using "gzip".

Actual behavior

1. Logs are not compressed due to location of "gzip" being non-existent.

Log files/log entries

syslog:

rotating log /var/customers/logs/domain.tld-access.log, log->rotateCount is 4                                                                                                                                                                                                                                                 
dateext suffix '-20171019'                                                                                                                                                                                                                                                                                                   
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'                                                                                                                                                                                                                                                                     
compressing log with: /bin/gzip                                                                                                                                                                                                                                                                                              
error: failed to compress log /var/customers/logs/domain.tld-access.log.1                                                                                                                                                                                                                                                     
log /var/customers/logs/domain.tld-access.log.5.gz doesn't exist -- won't try to dispose of it

Hi all,

I have a feature request.
Could you create the possibility to send a test mail from /froxlor/admin_settings.php?page=overview&part=system to any mail address
I wish to have there a place to write any mail address in and than to send a test mail. This would help me to verify my mail settings by example SMTP.

I'm planning to update from Precise Ubuntu (which has already reached End Of Life support).
I guess I'll need to update Froxlor first since there are no scripts available for Zesty Zapus.

I'm running Froxlor 0.9.31.2.

I'd like to make sure which Ubuntu versions are supported on newer Froxlor versions before updating. However, I cannot find any list of changes or supported versions anywhere in the Wiki or the main Website.

• Do you guys have that list of supported OSS per Froxlor verision?
• Do you have a list of changes per release so that we can make sure everything will go smooth before updating?
• Also, is it there a guide or anything that we need to take into account before updating a Linux Distribution (Ubuntu Precise -> Zesty Zapus, for example)?

Thanks for all the work in this wonderful project!

hi,

on following step I get an error on Debian Stretch:
/usr/bin/nano /etc/nsswitch.conf

It says "file not found". Before it was moved to .bak-extension. I changed the command to
"nano /etc/nsswitch.conf" and it worked.

Regards,

Af0x