Topics

1

Bugs / Letsencrypt cert bug

« on: March 27, 2024, 07:57:19 am »

When trying to use a letsecrypt certificate, it gets issued only for the main domain, all my subdomains remain using the self signed certificate. Here's the letsencrypt.log.

PS:
Pls register the user Andy. He waits a long time

2

Technical Help / clamAV

« on: March 11, 2024, 09:27:17 am »

If I select the additional packages in EHCP, will the whole forum be scanned with clamAV or just the emails?
I received a message that my forum had distributed the worm Muma D.

3

General / Update notification/log

« on: October 07, 2023, 09:36:38 pm »

Would it be possible to include the changes and fixes in the update notifications? Thanks

4

Technical Help / *Solved* Since Debian 12 no mail input and output

« on: August 08, 2023, 04:00:07 pm »

Hello

Probably this problem has nothing to do with EHCP. But maybe I can find postfix professionals here ^^
I have rebuilt a LXC with Debian 12.
Then restored the EHCP backup.
Now I noticed that no more mails come to the mail address webmaster@ltspiceusers.ch. But only mails from external.
Mails which are created via the contact form in the Xenforo forum arrive.

mail.log on mail reception:

Code: [Select]

023-08-08T17:38:07.777243+02:00 ltspiceusers postfix/smtpd[755]: warning: problem talking to server 127.0.0.1:10031: Connection refused
2023-08-08T17:38:08.196109+02:00 ltspiceusers postfix/smtpd[1454]: warning: unknown[187.140.90.90]: SASL login authentication failed: authentication failure
2023-08-08T17:38:08.584752+02:00 ltspiceusers postfix/smtpd[1454]: warning: connect to 127.0.0.1:10031: Connection refused
2023-08-08T17:38:08.584859+02:00 ltspiceusers postfix/smtpd[1454]: warning: problem talking to server 127.0.0.1:10031: Connection refused
2023-08-08T17:38:08.777569+02:00 ltspiceusers postfix/smtpd[755]: warning: connect to 127.0.0.1:10031: Connection refused
2023-08-08T17:38:08.777666+02:00 ltspiceusers postfix/smtpd[755]: warning: problem talking to server 127.0.0.1:10031: Connection refused
2023-08-08T17:38:08.777711+02:00 ltspiceusers postfix/smtpd[755]: NOQUEUE: reject: RCPT from vie01a-qmta-sr02-1.mx.upcmail.net[84.xxx.xx.xxx]: 451 4.3.5 <webmaster@ltspiceusers.ch>: Recipient address rejected: Server configuration problem; from=<yyy@sunrise.ch> to=<webmaster@ltspiceusers.ch> proto=ESMTP helo=<vie01a-qmta-sr02-1.mx.upcmail.net>
2023-08-08T17:38:08.777756+02:00 ltspiceusers postfix/smtpd[755]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "webmaster@ltspiceusers.ch" from client "vie01a-qmta-sr02-1.mx.upcmail.net[84.xxx.xx.xxx]"
mail.log when sending:

Code: [Select]

2023-08-08T17:51:49.733887+02:00 ltspiceusers postfix/smtpd[2058]: warning: connect to 127.0.0.1:10031: Connection refused
2023-08-08T17:51:49.733988+02:00 ltspiceusers postfix/smtpd[2058]: warning: problem talking to server 127.0.0.1:10031: Connection refused
2023-08-08T17:51:49.734033+02:00 ltspiceusers postfix/smtpd[2058]: NOQUEUE: reject: RCPT from 109.xxx.xx.xxx.ftth.as8758.net[83.xxx.xx.xxx]: 451 4.3.5 <yyy@sunrise.ch>: Recipient address rejected: Server configuration problem; from=<webmaster@ltspiceusers.ch> to=<yyy@sunrise.ch> proto=ESMTP helo=<[192.168.1.10]>
2023-08-08T17:51:49.734073+02:00 ltspiceusers postfix/smtpd[2058]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "dlu0@sunrise.ch" from client "109.xxx.xx.xxx.ftth.as8758.net[83.xxx.xx.xxx]"
main.cf:

Code: [Select]

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name powered by Easy Hosting Control Panel (ehcp) on Ubuntu, www.ehcp.net
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, 148.xxx.xxx.xxx
relayhost =
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16, 10.0.0.0/8, 148.xxx.xxx.0/24, 148.xxx.xxx.xxx, [::1]/128
inet_interfaces = all
recipient_delimiter = +

compatibility_level = 2

myhostname = ltspiceusers.ch
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031,permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/var/lib/pop-before-smtp/hosts,reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client bl.spamcop.net
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/ltspiceusers.ch/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/ltspiceusers.ch/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtp_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
#Changes to SSL Ciphers
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384


tls_random_source = dev:/dev/urandom
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = "The user you are trying to reach is over quota."
#virtual_overquota_bounce = yes
debug_peer_list =
sender_canonical_maps =
debug_peer_level = 1
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks $virtual_mailbox_limit_maps $transport_maps
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
master.cf:

Code: [Select]

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  user=vmail
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
# ehcp: autoresponder code:
ehcp_autoreply unix - n n - - pipe
  user=vmail
  argv=/var/www/new/ehcp/misc/autoreply.php $sender $recipient

submission inet n       -       y       -       -       smtpd

smtp-amavis     unix    -       -       -       -       2       smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
As I said, this configuration worked before under the old Debian installation.
I will gladly provide further details if desired/necessary. I have practiced yesterday over 12h, without success

Does anyone have advice?

5

Bugs / vsftpd not works after latest EHCP update

« on: August 08, 2023, 09:32:11 am »

Since the latest update, the FTP can no longer log in.

Filezilla output:

Code: [Select]

Antwort: 331 Please specify the password.
Befehl: PASS **************
Antwort: 530 Login incorrect.
Fehler: Kritischer Fehler: Herstellen der Verbindung zum Server fehlgeschlagen
vsftpd.log

Code: [Select]

Tue Aug  8 17:20:42 2023 [pid 22647] CONNECT: Client "xx.xxx.xx.xxx"
Tue Aug  8 17:20:42 2023 [pid 22646] [domain.ch] FAIL LOGIN: Client "xx.xxx.xx.xxx"
OS:
Debian 12 (LXC container)

6

Feature Requests / Include more directories/files in backup

« on: July 22, 2023, 08:25:18 pm »

It would be handy if more directories/files could be included in the EHCP backup.
E.g:
- crontabs
- postfix configuration
- home directory
- root directory
- vsftpd.conf
- /var/www/new/ehcp/.htaccess

7

General / Debian Bookworm

« on: July 13, 2023, 09:03:16 am »

Is EHCP Debian Bookworm ready?

8

Technical Help / *Solved* Since upgrade to Debian 11

« on: November 05, 2022, 10:08:26 pm »

The following error comes every 2 days:

Code: [Select]

PHP Warning:  PHP Startup: Unable to load dynamic library 'mysql.so' (tried: /usr/lib/php/20190902/mysql.so (/usr/lib/php/20190902/mysql.so: cannot open shared object file: No such file or directory), /usr/lib/php/20190902/mysql.so.so (/usr/lib/php/20190902/mysql.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
Why?
Pls no the answer: "New installation"

9

Technical Help / I can't login via FTP & ImportError: No module named passlib.hash

« on: October 13, 2022, 04:37:18 pm »

During the installation appears:

Code: [Select]

Requirement already satisfied: requests in /usr/lib/python3/dist-packages (2.25.1)
Requirement already satisfied: chardet in /usr/lib/python3/dist-packages (4.0.0)
Collecting hashlib
  Using cached hashlib-20081119.zip (42 kB)
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-yu10gzky/hashlib_bebca6200e3a4f668e442af52a70740d/setup.py'"'"'; __file__='"'"'/tmp/pip-install-yu10gzky/hashlib_bebca6200e3a4f668e442af52a70740d/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-3rf8e70u
         cwd: /tmp/pip-install-yu10gzky/hashlib_bebca6200e3a4f668e442af52a70740d/
    Complete output (6 lines):
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-install-yu10gzky/hashlib_bebca6200e3a4f668e442af52a70740d/setup.py", line 68
        print "unknown OS, please update setup.py"
              ^
    SyntaxError: Missing parentheses in call to 'print'. Did you mean print("unknown OS, please update setup.py")?
    ----------------------------------------
WARNING: Discarding https://files.pythonhosted.org/packages/74/bb/9003d081345e9f0451884146e9ea2cff6e4cc4deac9ffd4a9ee98b318a49/hashlib-20081119.zip#sha256=419de2fd10ae71ed9c6adcb55903f116abd1d8acc8c814dfd5f839b4d5013e38 (from https://pypi.org/simple/hashlib/). Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
ERROR: Could not find a version that satisfies the requirement hashlib
ERROR: No matching distribution found for hashlib

I can't login via FTP. "530 Login incorrect."

The auth.log shows:

Code: [Select]

Oct 14 00:32:43 xenforo /etc/security/pam_dbauth_vsftpd.py[5819]: Traceback (most recent call last):
Oct 14 00:32:43 xenforo /etc/security/pam_dbauth_vsftpd.py[5819]:   File "/etc/security/pam_dbauth_vsftpd.py", line 68, in <module>
Oct 14 00:32:43 xenforo /etc/security/pam_dbauth_vsftpd.py[5819]:     from passlib.hash import mysql41
Oct 14 00:32:43 xenforo /etc/security/pam_dbauth_vsftpd.py[5819]: ImportError: No module named passlib.hash
I think the problem is since the upgrade from Debian 10 to 11.
Why is EHCP still installing Python2.7? My OS is Debian 11 (Bullseye). There is no Python2.7 by default.

10

Bugs / Improper removal of a subdomain

« on: September 09, 2022, 04:15:25 pm »

I created a subdomain for a Letsencrypt-mail test (mail.mydomain.com).
After the test, I deleted them again in EHCP.
At the next reboot Apache2 did not come up because:

Code: [Select]

AH00112: Warning: DocumentRoot [/var/www/vhosts/mydomain.com/mydomain.com/httpdocs/subdomains/mail] does not exist
AH00526: Syntax error on line 19 of /var/www/new/ehcp/apachehcp_subdomains.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/mail.mydomain.com/fullchain.pem' does not exist or is empty
Action 'start' failed.

Then I created the path manually via FTP.

Code: [Select]

...httpdocs/subdomains/mail/logsApache2 then started.

11

Technical Help / After activate Letsencrypt on postfix connection to smtp failed

« on: September 02, 2022, 05:39:24 pm »

I install ssl for postfix with this tutorial:
https://ehcpforce.tk/faq/index.php?action=artikel&cat=2&id=12&artlang=en
Then I edit/add the following lines in /etc/postfix/main.cf

Code: [Select]

smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.com/privkey.pem
#Disable Poodle
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
#Changes to SSL Ciphers
tls_preempt_cipherlist = yes
smtpd_tls_mandatory_ciphers = high
tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
When I send a mail then in the mail.log:
NOQUEUE: reject: RCPT from xxx.xx.xxx.xx.ftth.as8758.net[xxx.xx.xxx.xx]: 454 4.7.1 <spicer@yyyy.ch>: Relay access denied;
And Roundcube webmail can not connect to the smtp.
Why?

12

Technical Help / How to completely reinstall Postfix and Roundcube?

« on: August 06, 2022, 08:27:49 pm »

Ever since I tried to set up a relay server, Roundcube reports: Cannot connect to the IMAP server
I can't connect to Thunderbird either.
I suspect that the IMAP configuration is completely destroyed.
>>> New install of EHCP solved this problem.


I worked according to this guide:
https://www.linuxhowto.net/how-to-set-up-postfix-smtp-relay-on-ubuntu-with-sendinblue/

Unfortunately, the authentication of the domain doesn't seem to work either.
After more than 12 hours still no verification.
How/where do I have to enter this information (see screenshot)?

Solved. I use now netcorecloud.com

13

Technical Help / *Solved* 503 service unavailable after LXC upgrad to Debian 11

« on: July 08, 2022, 09:34:02 am »

Hi
After upgrading the (Proxmox) LXC from Debian 10 to Debian 11, I only get "503 service unavailable" on EHCP and Xenforo.
I have no idea where the problem could be.
Has anyone a idea or had this problem themselves?
To keep up productivity, I restored the Debian 10 container again.
So the Debian 11 container is currently not running anymore.

14

General / New update works out of the box with Debian 10 still?

« on: April 26, 2022, 09:02:15 am »

https://ehcpforce.tk/forums/index.php?topic=15.msg537#msg537
Is this tested with older OS'es? Still works with Debian 10?

15

General / German language pack

« on: August 19, 2021, 01:08:41 am »

Where I can found the German language pack?