Confixx Professional 3.3 **************** Table of contents *********************************** (00) Purposes (01) Build Info (02) Requirements and Constraints (03) Whats New (04) Packaging (05) Location (06) Installation instructions (07) Upgrade instructions (08) Contact Information ********************************************************************** (00) Purposes ********************************************************************** Bugfix for Confixx Professional 3.3 ********************************************************************** (01) Build Info ********************************************************************** Build Date: 20070406.13 ********************************************************************** (02) Requirements and Constraints ********************************************************************** System Requirements: Linux OS MySQL >= 3.2 Perl >= 5.6.1 PHP >= 4.1.2 PHP memory limit >= 16 MB Apache >= 1.3.4 mod_rewrite mod_php FTP servers vsftp >= 1.1.0 wu-ftp >= 2.4.2 proftpd>= 1.2.0 MTA qmail >= 1.0.3 sendmail >= 8.9.3 postfix >= 1.0 Browsers Internet Explorer >= 5 Mozilla 1.x ********************************************************************** (03) Whats New in Confixx 3.3 Professional ********************************************************************** + Httpd options(Httpd special improvement) - named pieces of apache configuration. Predefined options - "PHP safe_mode", "PHP open_basedir", "PHP memory limit", "PHP register_globals" , "PHP debug" , "PHP upload file size" , "mod_rewrite", "mod_rewrite debug" "error log" + CA certificates - now you can specify CA certificate in addition to private key and certificate + Shared domains - Reseller can sell one domain to several users allowing to create subdomains and emails on that domain * fixed - memory leak in confixx_updatescript.pl * fixed - ftplogin/index.php may be deleted from WebFTP * fixed - added "name" column to Reseller list * fixed - check domain name not to be "http://domain.com" * fixed - mailbox password can have trailing "/" symbol * fixed - unsupported charsets in WebMail ignored * fixed - mail loop in autoresponder total ~90 bugs fixed changes between 3.2.1 and 3.3 + support of suPHP compiled with --paranoid or --force options based on confixx_main.conf setting $suphp_paranoid Confixx adds suPHP_UserGroup to vhosts + Mailquota is a limit. Now a reseller can specify amount of mailspace user can setup for his/her mailboxes. 0 - means user can not manage mailquota but default quota settings ( setup by admin) are used. + 'items per page' are determined dynamically based on count of elements. You can view all elements of a list. Minimum number of elements is 10 ( comparing to 5 in old versions). * fixed - Confixx distribution files have web0:web0 ownership after unpacking * fixed - AWstats window does not have scrolling * fixed - Confixx AWstats vulnerability * fixed - en language is always used on AWstats page * fixed - can not update PEAR modules used in Confixx * fixed - wrong paging in WebMail changes between 3.1.2 and 3.2 + IMAP support in WebMail. By turning on "IMAP" via admin.pl mail users can take advantage of IMAP folders - create/delete/move messages. Sent , Drafts and Trash folders are available by default. Note: you have to setup IMAP server before using this feature. Most IMAP servers uses Maildir format for mailboxes thus you have to setup MTA to deliver mail to Maildir. There is an utility convert_mb2md.pl in admin/contrib. It will help you to configure Confixx to use Maildir and convert existing mailboxes from mbox to Maildir format. + suPHP - secure way to run php scripts. By turning it on in admin.pl Confixx Web Panel and users webspaces will use suPHP instead of mod_php. Note: @-domains does not work with suPHP. + More SpamAssassin options. User can manage SpamAssassin options of pop3 boxes from its interface. Using "Advanced mode" you can set up ANY parameters for SpamAssassin for a certain pop3 box. + Add domains in textarea. On user creation reseller can put domain list into textarea. This is useful if a user has really many domains and it is hard to add them one by one. + AWstats. Another Web Log ananlyzer like Webalizer. + custom mail quota. If user has service "mail quota" turned on then it can set custom soft and hard quota for every pop3 box it has. + minor WebMail improvements. Better work with Attachments, unsubscribe button for maillists, bigger compose message area read/unread messages status if IMAP is used, better work with charsets. + many ftp users per one directory. + httpd specials with perl regular expressions. Now you can completely control the way Confixx write apache virtual hosts for users. + MySQL 5 support * users with exclusive ip can access their sites with this ip. They can choose which domain would catch all requests resolved to this ip. * default user domain is available via https if ssl is turned on for the user. changes between 3.1.1 and 3.1.2 * fixed updatescript failed with (mlf||scripts_grep_user||#1028||root||/opt/confixx/safe/shadow.tmp) on SuSE 10 * fixed [mysql 4.1] Incompatible change of TIMESTAMP type * fixed wildcard domains overtake effect of some domains now if $separate_wildcards = 1 variable of confixx_main.conf then confixx_updatescript.pl writes all wildcard domains to the end of confixx_vhost.conf after all users vhosts after changing $separate_wildcards do not forget to run confixx_updatescript.pl --force-httpd * fixed can't turn on scponly for already created user - files aren't copied * fixed ftptraffik print: Undefined subroutine &main::soft_error during restore * fixed incorrect SOA record for domain - hostname is always used. Thus dnr feature does not work. Now #ns1# of reseller is used instead. * fixed Unknown modifier 'f' in /srv/www/confixx/html/user/tools_ftp.php on line 129 * fixed missed 'Autoresponders' & 'SpamAssassin' submenu in WebMail if modern skin is used * fixed can't open domain on shared ip without SSL by https * fixed webalizer.conf isn't recreated after lauching of update_script with "-fa" * fixed reseller without backup can create user with backup * fixed "Definable fields" are not saved after creation of user + fixed show used tarffik and assigned/used webspace on General::Overview * fixed check permissions of perl modules ... down. Now we show ... finished. * fixed backup service is unavialable after upgrade from 3.0 * fixed Undefined subroutine &main::existsPID * fixed can not access user web pages via exclusive ip. Now in case of exclusive ip we try to determine which domain has path "/" and redirect automatically to this domain * fixed upgrade hangs up on gentoo. Because of different options supported by su on gentoo we have created a wrapper based on sudo (contrib/su.pl) before upgrade copy it from tarball to contrib folder, edit confixx_main.conf and set $bin_su = "/root/confixx/contrib/su.pl" * fixed when open domain without ssl by https:// see that domain is unavialaible. Now we show that this domain is not available by https + added "Reset to default" button for index pages for administrator and reseller. * fixed "show" must be "Anzeigen" in de locale * fixed Undefined subroutine &Modules::ConfixxLog::shortmess * fixed "Can't login to server '127.0.0.1' in user interface on Backup/Restore page. To show available backup files Confixx tries to login by ftp and it uses password stored in session. So if you are logged in as admin or a reseller to a user web panel then admin's or reseller's password is used therefore you can not login by ftp and you'll see the message. Also if you have changed password for a user and it is not yet changed in the system you also see the message. * fixed trying some ips by http follows to apache default page Now Confixx manage vhosts only those ips which are registered in Confixx. * fixed updatescript always try to use frontpage * fixed Return-Path is incorrect for emails sended by WebMail * fixed missed icons in WebMail + added webalizer lock files. Now you can create .lock file for a certain user webalizer config file and Confixx will not rewrite the file. + added borders to information tables in web interface total ~50 bugfixes changes between 3.1 and 3.1.1 * fixed users DBs can not be created if one db connection is used to confixx and users databases * fixed reseller without backup service can create an user with backup * fixed showing GB instead of MB when changing a reseller's services * fixed php fatal errors in Confixx webinterface when using php5 * fixed backend failed to execute on SuSE 8.2? * fixed failed installation of Confixx::Filter module on Gentoo Linux * fixed missed icons in Confixx 3.0 Design skins * fixed number of wildcards subdomains in template takes no effect when creating an user * fixed confixx_updatescript.pl failed if using frontpage and $fpfake variable in confixx_main.conf * fixed wrong image links on gesperrt page if Confixx 3.1 beta was updated to Confixx 3.1 release * fixed sql errors if "?" is used in email setup page. * fixed can not log to Webmail with email-address. NOTE: you can login only if an email forwards to ONE pop3 box * fixed debug output on Reseller->Users->Frontpage in Confixx 2.0 Design skins * fixed confixx_updatescript.pl is not upgraded. Now we check if source and destination script has the same md5 sum after copy. total bugfixes ~80 changes between 3.1 and 3.0.9 read new_features_manual.txt to find how to use the new features. Features included: [+] 1. Retooled interface [+] 2. An e-mail account and a pop3 box can be created for a user account with one click [+] 3. Passwords for resellers, users, and pop3 boxes are specified during their creation [+] 4. Users can move back and forward through wizard steps when creating reseller and user accounts (data is saved on each step) [+] 5. Users can see the entire list of users and resellers [+] 6. Users can search for forms and “items per page” in the lists of e-mails, pop3 boxes, domains, users, and resellers [+] 7. Users can see instantly if the autoresponder is enabled for an e-mail in the general list of e-mails [+] 8. ##username## can be inserted in the Customizable menu URL, which will be substituted with resN or webN in the reseller and user interfaces [+] 9. Users can see the statuses of a user, an e-mail account, and a pop3 box. The status of an object shows whether this object has been created or deleted or scheduled for future actions [+] 10. User can login using one of the owned domains [+] 11. Backup and restore is implemented as a service; therefore, a reseller can turn it on and off for a user. [+] 12. Backup and restore is implemented as a separate process from confixx_updatescript.pl. (no hangups of confixx_updatescript.pl) [+] 13. Users can upload backups to a specified ftp location. The backups are then retrieved directly from the ftp server. [+] 14. The dates and sizes of available backups are now displayed. [+] 15. Users who do not have an exclusive IP-address can make their web sites available via https [+] 16. Maildir support [*] 17. 64 bit platform support [*] 18. Confixx distribution size ~7mb [*] 19. It is not important which MySQL version is installed (MySQL 3, 4, or or 4.1) because Confixx is distributed as a single file Changes between 3.0.8 and 3.0.9 * fixed all places in the Web Interface where SQL injections could be performed. * removed "prototype mismatch" warnings in backend scripts Changes between 3.0.8 and 3.0.7 * Confixx drops using suidperl + CPAN modules installation redesign * Much of code cleanup * locale bug fixes Notes: * Since 3.0.8 Confixx does not use suidperl to manage skins. It caused too many bugs. Changes between 3.0.7 and 3.0.6 + Fedora Core 3 support Confixx has been tested in Fedora Core 3 environment. Note: - Because perl is compiled by a special way. Skins will not work! it will be fixed in next patches. - There is selinux mode enabled in Fedora Core 3. MOST probably Confixx WILL NOT WORK unless it is disabled. To disable selinux you should edit /etc/selinux/config file and set SELINUX=disabled then reboot. + Debian 3.1 support + MySQL 4.1 support there are some mistakes in confixx database definition which cause Confixx not to be installed on mysql 4.1 servers Now they are fixed. + User backup can use backup dumps from ~/backup directory. i.e. it is not nessesary to copy dumps from ~/backup to ~/restore. * code completion of connection to databases. There are several bugs related to databases - external access to user databases, access to Confixx database and Users' database when they are on different boxes. Complete set of mysql connection parameters is introduced in confixx_main.conf. Look there for more comments. * fixed statistics of update intervals. Now time of confixx_updatescript.pl launches and web/ftp traffic counting is correctly shown on Admin::Overview page. * fixed suidperl issue. Confixx installation/upgrade tries to fix some issues related to suidperl 1. /usr/bin/suidperl and /usr/bin/sperlX.X.X must be the same file 2. /usr/bin/sperl must have owner suid bit BUT for new perls ( Debian 3.1, SuSE 9.2 ) there are some changes are made e.g. /usr/bin/suidperl and /usr/bin/perl are the same file. So Confixx incorrectly processed this case. Now it is fixed. for more information look here http://faq.sw-soft.com/index.php?ToDo=view&questId=512&catId=69 Changes between 3.0.5 and 3.0.6 + SpamAssassin 3.0 support + tested in SuSE 9.2 environment + Customizable menu can be opened in the left frame or in new window depending on your choice. * fixed customizable menu overview html text is not escaped and is shown as html. * fixed changing SpamAssassin support using admin.pl utility ( in 3.0.5 it does not work) * fixed restoring permissions on user home directories while update or upgrade script are preforming. Now default permissions/ownerships are restored by these scripts depending on $restore_users_permissions variable of confixx_main.conf * fixed backing up large size ~/files ~/html ( >2GB ). Now big backup files are splitted into pieces ( like split command does ). * fixed exceeding quota for POP3 box while pop3 box size is less than quota soft limit. Now hard quota limit is set to 3x of soft limit for POP3 boxes. * fixed creating self-signed sertificate . when you see 'Notice: #1006: Unable to open file "/var/www/confixx/tmp/web0.csr" to read.' like message. * fixed bug when apache logs are not writed for a user who has wildcard domains activated but has no a wildcard domain yet. * fixed bug when $append_mail_disk_space is set to ''. Now it is set to '0'. The variable is placed in confixx_main.conf and controll weither include disk space of pop3 users to the main user disk usage. * fixed bug user locked see 'Access denied' php warnings when tries his/her domains * fixed many locale bugs. ~50 bugs are fixed in this patch. Changes between 3.0.4 and 3.0.5 + self signed SSL certificates creation via web interface. + support for packaged version of majordomo for SuSE 9.1 + ability to use template when changing user + ability to use instead of within user SSL vhosts. Former is used when $apacheDefSSL='' latter otherwise. * fixed using wrong ownerships on spamassassin config if spamd is run with unprivileged user. * fixed "mlf||scripts_grep_user||#1246||root||/etc/group" like errors when update script is run. * fixed searching of webalizer binary when turning on webalizer by admin.pl utility * fixed majordomo + sendmail's smrsh restriction * fixed adding deleted files to ftp traffic when using proftpd 1.2.9 * fixed capital letters in majordomo mail lists. Now it is lowercased. * fixed 2 include directives in named.conf after upgrade * fixed open_base_dir is changed to open_basedir in confixx_mhost.conf * fixed bug when group of ~/html and ~/files directory was root after upgrade from 2.0.13 to 3.0.4. Now it is apache's one. * fixed changing ownerships of some frontpage files within user document root when upgrading which causing frontpage not to work. * fixed "mlf||scripts_email_update||#1148||qmail" error while update script execution if your mta is qmail * fixed apache files placed within user document root is not included to user disk storage. Now they are. * fixed wrong syntax of confixx entries in /etc/group. Changes between 3.0.4 and 3.0.3: * changed Confixx permissions/ownership scheme to achieve better security * fixed exploiting of the system by using symlinks in ~user/backup/ directory * fixed exploiting of the system via subdomains editing page * other major security fixes * fixed opening mail with empty subject in WebMail * fixed system limitation (127) to MySQL databases, Wildcard sub-domains and At-domains * fixed quoting in replied email * fixed webalizer support + added HTTPS-vhost (SSL) support for Confixx Control Panel * fixed open_basedir error at Skins Editor Description of new security scheme 1. Every user has its own group with the same uid/name. 2. ftponly group is kept for compatibility reasons 3. Additional ftp user has uid of it's owner but different home directory. 4. An user's home directory listing looks like this: drwxr-xr-x 10 root root 240 Aug 21 04:22 . drwxr-xr-x 9 root root 272 Aug 21 22:41 .. drwx------ 2 root root 80 Aug 21 04:22 .configs drwxr-x--- 2 root apache 48 Aug 21 04:22 atd drwxr-x--- 2 root web0 48 Aug 21 04:22 backup drwxr-x--- 2 web0 apache 48 Aug 21 04:22 files drwxr-x--- 3 web0 apache 104 Aug 21 04:27 html drwxr-x--- 2 root web0 80 Aug 21 04:22 log drwxrwx--- 2 web0 apache 48 Aug 21 04:22 phptmp drwxrwx--- 2 root web0 48 Aug 21 04:22 restore backup directory: drwxr-x--- 2 root web0 144 Aug 22 01:50 . drwxr-xr-x 10 root root 240 Aug 21 04:30 .. -rw-r----- 1 root web0 115 Aug 22 01:50 files.tar.gz -rw-r----- 1 root web0 343 Aug 22 01:50 html.tar.gz -rw-r----- 1 root web0 106 Aug 22 01:50 mysql.tar.gz This scheme does not allow an user to change/move/delete/link essential directories within home thus it disables all known security holes. Changes between 3.0.3 and 3.0.2: + Danish language pack * major security fixes Changes between 3.0.2 and 3.0.1: * fixed removing user data when user is removed * fixed problem with error 404 when accessing domains of locked users + added sorting of directory listing in Perl Debugger tool + added correct processing of html output in Perl Debugger tool * fixed problem with mailing list passwords * fixed setting of webalizer password. not it is synced with user password. * fixed problem when user could use custom error pages even if the feature was disabled for him * fixed working of Majordomo with Qmail * fixed problem with sequential deletion and creation of new FTP/POP3 accounts * fixed problem with removing crontab of removed user * fixed problem with SSL redirects * fixed reloading of ProFTPd * fixed problem of secondary server when 2 users got one and the same UID * WebMail now can work with secondary server * fixed changing password of POP3-account on secondary server * fixed problem with password changing dialog after logging in WebFTP * fixed showing files which names are started with dot (e.g. '.htaccess') in WebFTP * fixed problem when locked user could login using "remind password" feature * fixed restoration of file permissions in server restore routine * fixed restoration of passwords for mysql users in server restore routine * fixed restoration of index files in server restore routine * fixed restoration of mysql external access in server restore routine + added saving of user backups in server backup routine * fixed restoration of files starting with dot (e.g. '.htaccess') in server restore routine * fixed restoration of POP3-boxes content in server restore routine * fixed restoration of additional ftp user's permissions in server restore routine * fixed restoration of files which names contained special symbols (server restore routine) + added restoration of domain black list in server restore routine * installation of secondary server made more troubleless * removed many unnecessary operations from secondary server + added sorting of users in users list * fixed removing of protected directories * fixed showing files owned by users with dash in their name (e.g. 'www-data') Changes between 3.0.1 and 3.0.0: * fixed problem with mod_python in Apache 2.0 * fixed locking cronjobs for locked end-users * fixed some problems with creation of wildcard subdomains * fixed initial spamassassin configuration for newly created end-users * fixed problem with not reloading spamassassin * fixed deletion of DNS zones * fixed creation of default user domains on non-stadard IPs * improved and updated localizations * added Spanish, French and Russian locales * safe_mode now is moved out of end-users vhosts * fixed modification of httpd.conf while upgrade * fixed problem when some PHP versions bark on open_basedir * several security fixes * many fixes in exernal dns-/mail- servers * many other fixes and improvements ... Known issues =============== 1) Uploading the skin requires proper skin archive packed to .tgz format or .zip (if unzip software is installed and chosen to be supported). Pack the skin so that folders "css/" and "images/" were not inside any other directory. 2) Showing national names of IDN-encoded domains (see "IDN support" chapter in new_features.txt file) works only for creating/editing user's domains (Reseller area). 3) It is strongly recommended to use server restore routines (restore.pl) on a clean REGISTERED Confixx installation (without users/resellers/domains created). Otherwise you may need to resolve some possible conflicts manually by editing generated map-file. You may use "--clean" option when restoring confixx dump via restore.pl utility (you must use it as on mapping stage, so on restoring stage). It will prevent you from resolving conflict with any existing server content. Remember, the previous server content will be removed in this case. That is why we recommend to restore dumped server content/settings on clean installation only (no resellers/users/domains). 4) phpMyAdmin Confixx supports phpMyAdmin. However, phpMyAdmin2.5.5-pl1 and prior versions have security hole. You can read the problem description on http://neworder.box.sk/explread.php?newsid=10586 http://www.securityfocus.com/archive/1/354151 We have added some code to make the hole less dangerous for your host, but we can not completely protect your host from within Confixx. We recommend you to upgrade phpMyAdmin, use this link to get newest version of phpMyAdmin: http://www.phpmyadmin.net/home_page/ Or, if you definitely need to use older version of phpMyAdmin, then you should add the following lines to your Apache configuration file: php_admin_flag safe_mode On php_admin_value open_basedir /path/to/phpMyAdmin ********************************************************************** (04) Packaging ********************************************************************** Confixx 3.3 is shipped in the form of tarball: confixx_pro_3.3.0_install.tgz confixx_pro_3.3.0_update.tgz And if form of rpm (virtuozzo templates) confixx-debian-3.1-x86-ez-3.0.0-1.swsoft.noarch.rpm confixx-suse-10.0-x86-ez-3.0.0-1.swsoft.noarch.rpm confixx-pro-deb31-template-20061023-1.0-1.i386.rpm confixx-pro-suse10-template-20061023-1.0-1.i386.rpm confixx-pro-suse93-template-20061023-1.0-1.i386.rpm ********************************************************************** (05) Location ********************************************************************** ftp://download1.swsoft.com/Confixx/ConfixxPro3.3/ ftp://download1.swsoft.com/Confixx/ConfixxPro3.3/vz ********************************************************************** (06) Installation instructions ********************************************************************** Read Debian (Sarge/Woody) or SuSE 9.x setup guides to setup your linux box to be ready for installation. download Confixx. #~: wget ftp://download1.swsoft.com/Confixx/ConfixxPro3.3/confixx_pro_3.3.0_install.tgz Unpack the distribution #~: tar xzf confixx_pro_3.3.0_install.tgz #~: cd confixx-install Launch the configure script and answer its questions in accordance with the configuration of your system #~: ./configure.pl Now you can launch the installation script: #~: ./install.pl Register the script in crontab #~: echo "*/1 * * * * /root/confixx/confixx_counterscript.pl" >> tmp.cron #~: crontab -u root tmp.cron Enter the registration interface by accessing the url like: http:///reg or by entering the "Licensing information" menu item in the admin interface. Enter the "Unlock license" menu item there and click "Next." Specify your serial number and activation key and click "Next." The registration routines will be done automatically. ********************************************************************** (07) Upgrade instructions ********************************************************************** WARNING: It is strongly recommented to make full system backup before upgrade! Deactivate the confixx_counterscript entry in the Cron file e.g. #*/1 * * * * /root/confixx/confixx_counterscript.pl Download Confixx #~: wget ftp://download1.swsoft.com/Confixx/ConfixxPro3.3/confixx_pro_3.3.0_update.tgz Go to the confixx installation directory #~: cd /root/confixx/ Delete the existing admin directory #~: rm -rf ./admin Decompress the Confixx update archive #~: tar xfvz confixx_pro_3.3.0_update.tgz -C /root/confixx/ install the update: /root/confixx/admin/updates/update_3.x.pl (.pl, not .sh) ********************************************************************** (08) Contact Information ********************************************************************** SWsoft Headquarters 13800 Coppermine Drive Suite 112 Herndon, VA 20171 USA Phone: +1.703.815.5670, Fax: +1.703.815.5675 World Wide Web: http://www.swsoft.com E-mail: For billing information, email accounting@swsoft.com For purchasing or partnering information, email sales@swsoft.com For technical support, use our Online Support Form. For information on career opportunities with SWsoft, email careers@swsoft.com For press contact information, email press@swsoft.com For information about becoming a Partner, email partners@swsoft.com For general product information, email info@swsoft.com Copyright 2002, 2003, 2004 SWsoft, Inc. All rights reserved. EOF