Hello,

DirectAdmin 1.38.0 Release Candidate #2 is now ready for testing (March 8th, 2011)
There are many significant changes to the DA code, such as:
- DA listening on IPv6 (on port 2222)
- Admin Backup/Transfer supporting backup options (choice as to what is included in the backup)
- commands.allow and commands.deny, for fine-grained control of what an account can run
- minutely check of email send counts for active spam monitoring (requires exim.pl update)

and many more.

Full list of changes, features and bug fixes:
http://www.directadmin.com/versions.php?version=1.380000

To get the RC2 package in pre-release form, login to your Clients Section (https://www.directadmin.com/clients)
Click your license ID, and follow the pre-release download instructions.

Manual action is required in order to update the exim.pl file in order to use the minutely check of the email send count.

Note that the version in the RC2 binaries will remain "1.37.0".
You can tell you've got the new binaries by running directadmin with the "o" option to check the build date.
It should be somewhere around March 8th, or newer:
[root@server directadmin]# ./directadmin o
Compiled on 'Redhat CentOS 4.0'
Compile time: Mar 8 2011 at 02:14:21
Compiled with IPv6
[root@server directadmin]#John

i dont have a client login any chance i can still get it? i get my license via my VPS Provider

- Nice touch to have a version number in exim.pl
- IPv6s are not added properly on FreeBSD (addip fails), so maybe a fix could make it into this version?
- Is ipv6_ipv4mapping really necessary? You mentioned Apache using tricks, but Proftpd is also able to use a tcp46 socket to accept connections of both types. All other services work by using both tcp4 and tcp6 sockets.
- It's great that users can now see both the number of sent and received emails separately, because spam was making the total number very large and users were confused.
- Process Monitor still doesn't return anything useful when doing a search
- Great news about the admin backup improvements. It will make it easier to sync data and save bandwidth and space while making sure all the settings can be restored.
- I wish we could add our custom file to the admin backups. There is an option for forwarders, but maybe we have dkim keys to include, etc.
- The unified password length management is great
- I'm happy that local FTP transfers are no longer counted in the users' bandwidth usage :).
- domain_create_post_confirmed.sh has been droped. Does that mean that domain_create_post.sh is now able to write to domain.conf? That was the main problem with the old binaries.

Edit:
There is still a problem with the password generator. The Javascript version doesn't include special characters, but those can be enabled in the PHP version. Maybe the settings page should include a tick box for that, just like the one for the password length.

Hello,

Send us an email if you don't have a login.
Include your client ID and license ID from:
Admin Level -> Licenses/Updates

@interfasys: I'll be going through your list later.

John

The "what" in existing admin backups cannot be modified.
I untick boxes and hit save and it still shows "All Data".

Hello,

There is also a radio box that must be selected:
"Selected Data"

If the "All Data" radio box remains selected, then the checkboxes will have no effect.

I wasn't able to duplicate the issue (it seems to work ok, even for old backups).
Anyone else noticing anything?

John

You're right, I expected "Selected data" to be automatically selected and didn't check. So it works, but maybe it would be worth adding a bit of JS to switch to "Selected data" when an user clicks on the custom settings?

Added the JS for auto "Selected Data" selection onClick of checkboxes.

John

i've actually sent an email to sales@da recently with a problem with my license! please reposnd to it asap!

Hello,

@Martyn Day: I'm sure Mark will reply to your email shortly, if not already. Also, if you're ever unsure if we're getting your emails, use the Safe Submit (https://www.directadmin.com/clients/safesubmit.php) form. Requesting license help on the forum isn't quite the correct place, since it's a public forum which isn't roamed by the sales department.

@interfasys:

I've just found out why many table searches were not working correctly. Much of the data in the tables is html encoded, but the comparision was done using the plaintext search value. I've added into the table class double comparisions for both plaintext and html encoded values, so the results will likely be correct now.

For adding custom files into a user tar.gz backup, I've quickly added that in (http://www.directadmin.com/features.php?id=1183).

Checking the domain creation code, the domain.com.conf file is written before the domain_create_post.sh is called.
I did find out the previous issue though. There was a 2nd write of the conf files, thus the domain_create_post.sh was in the middle of 2 writes. The 2nd write wasn't needed, so I've just removed it (not yet in the pre-release bianries, but later today)

The ipv6_ipv4mapping on FreeBSD is required or else we'd have to do an overhaul to the socket system, and add a significant of complexity to the code, when it's not really needed. The other services that use "tricks" need them because they have very fine-grained control of the IPs (each IP does something different). With DA, all IPs are the same, so this level of control isn't needed. Also, to enable it, it's just one setting which is very simple. I also discovered that dovecot requires this setting to be enabled, if IPv6 is to be used. By default, our dovecot.conf only sets IPv4, but if IPv6 is turned on.. without the ipv6_ipv4mapping, then IPv4 won't work at all. The main reason is that all other OS's use ipv6_ipv4mapping already, so this brings FreeBSD to the same level.

John

Thank you for this update John.

Good news regarding the table searches, custom files and domain.conf :).

When doing a custom backup I've unticked the following:
- E-Mail Accounts. I'm archiving the folders via another mean
- Autoresponders. Not in use
- Vacation Messages. Not in use
- Mailing Lists. Not in use

In the archive, I can find:
email.conf
aliases

that's it.

I'm missing:
- quota
- passwd

So, is "E-Mail Accounts" a mix of configuration and data folders?

Regarding that rc.conf variable, I'm fine with it if it makes the DA code less complex ;), but in my experience Dovecot runs fine without it. I just did a netstat and can see a mix of IPv4 and IPv6 connected to it.

Note the passwd and quota files related to "E-Mail accounts", so if you unticked it.. you're not going to see those files, which is correct.

aliases is related to "Forwarders", thus it will be there with that enabled.

The email.conf related to /etc/virtual/domain.com/filter.conf (E-Mail Settings), which has settings for spam filters, email spam redirects, and some basic parts of the Spamassassin options (mainly for writing the /etc/virtual/domain.com/filter file)

------

For dovecot with IPv6, ensure you're testing with this dovecot.conf option:
listen = *, ::

as the default is just:
listen = *

and test with:
telnet 127.0.0.1 110
telnet ::1 110

When I ran:
telnet localhost 110

the 127.0.0.1 connect would fail, and it would immediately fallback to using ::1, so IPv4 wasn't working without the mapping enabled.
It still worked because of the fallback 2nd try on IPv6 (added a slight delay), but only out of luck with a redundant definition of localhost to both 4 and 6 in the /etc/hosts file.

Also, this only applies to FreeBSD.
Check to see what your mapping is currently set to:
/sbin/sysctl net.inet6.ip6.v6only

if it shows 0, then the mapping is on, which is what we want. If it's set to 1, then we'll have issues.

John

OK regarding the backups. Since I don't want any email data in the backup, I'm glad you've introduced the custom option, so that we can include all these files :).

Regarding the IPv6 issue. It's strange, because it works perfectly here.

listen = *,[::]
I have no problem telneting using both protocols

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot iS-edition ready.
quit
+OK Logging out
Connection closed by foreign host.

# telnet ::1 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot iS-edition ready.
quit
+OK Logging out
Connection closed by foreign host.


The entries in the log confirm it:

Mar 07 08:21:22 pop3-login: Info: Aborted login (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Mar 07 08:21:31 pop3-login: Info: Aborted login (no auth attempts): rip=::1, lip=::1, secured

The mapping is disabled on my box:

# /sbin/sysctl net.inet6.ip6.v6only
net.inet6.ip6.v6only: 1

Hmm, strange. I'm not going to complain that it's working though ;)
But curious what your output is:
sockstat -l | grep direct | head -n1

Unfortunately, DA only listens on tcp4 without that setting ;) and it seems to be the only service that doesn't accept a connection on tcp6.

nobody directadmi 36380 0 tcp4 1.2.3.4:2222 *:*

I thought it was because you were doing some checks that would prevent it from opening a tcp6 socket.

I'm hoping that somebody else can provide some feedback. I'm wondering if there isn't another setting that allows it to work...

Hello,

1.38.0 Release Candidate 2 is available.
Fixed several bugs and added a few more features into the mix.
If you are testing things out, please ensure you have RC2 (compile date of March 8 or newer)

Main items for testing:
- IPv6: Connecting to DA, and ensuring IP addresses are showing up correctly in the logs (were previously showing up as 0.0.0.0)
- Backups/Restores with the new backup options, as well as the "skip if suspended" option.
- Saving of DNS zones in different situations, to ensure the named-zonecheck is working correctly.
- Advanced searches/filtering, and sorting in all tables.
- Adding IPv6 IPs into FreeBSD
- Subdomain Awstats
- commands.allow and commmands.deny
- the per-minute email send checker (new exim.pl required)

John

the per-minute email send checker (new exim.pl required)
I just did a test:
Sent one email from bob@domain1 to steve@domain1
Sent one email from bob@domain1 to roger@domain2

Hit refresh on the stats page: Nothing
I expected to see +1 since the internal message shouldn't count.

I'm using exim.pl v6 from last week.

Email stats are confusing.
If I'm not mistaken, "Received Emails" and "Sent Emails" are calculated monthly, but the limit is a daily one.

It would make more sense if "Sent Emails" could show the daily usage and if the limit could read 200/{translate: day}

The stats shown within DA are only updated within the tally. They're not real-time. The minutely checker is only scanning for /etc/virtutal/mail_task.queue, and that's only created if the usage goes over the limit (/etc/virtual/limit and /etc/virtual/usage/user).

I'll add in /day into the "max usage" column.
Note, the Bandwidth "Details" shows a daily breakdown of the email deliveries.

John

Added support for outbound DKIM (requires editing of exim.conf):
http://www.directadmin.com/features.php?id=1189

This would also be something in need of testing (seems to work).
Ensure build date of March 9th or newer.

John

Ive a question about this nice feature of DKIM.

On the feature information i see this:

./dkim_create.sh domain.com

This will add an entry into dns, but, my question is, if a dkim dns entry already exist will delete the old one or just add a new line?

Regards

Ive added my own domain and made proper change to exim.conf

Sent an email and in Header i can see the DKIM Signature


DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crazynetwork.it; s=x;
h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date:Message-ID; bh=QX1UypwZgghYCIlUBbzQDyR8EOD0Rnavh7nQUn18Cac=;
b=dOksnqJCStI3Ntnx2BN0xhSHkB3kQ+hbtPi3Za2tQocxsz1R0EqPi8mkundcGGRxaawCovY0MPATU5uQNjX13DPImCm4Vd5BY6fwiEBX9rQoOFSKzzNfwrV3RMxD4gFg;


But if i check DNS of the domain crazynetwork.it i cannot see any new entry for the DKIM (after 5mins from ./dkim_create.sh crazynetwork.it)

What i should check?

EDIT: FOUND THE PROBLEM I DIDNT ENABLE DKIM IN DIRECTAMIN CONFIGURATION.

Regards

Another "issue" not really important on working condition

Adding all domain to use DKIM using:

echo "action=rewrite&value=dkim" >> /usr/local/directadmin/data/task.queue

Generate this error:


TTL Override: Unable to read ./data/users/mhorpheox/domains/psplandia.it.conf : Unable to open ./data/users/mhorpheox/domains/psplandia.it.conf for reading.<br>


For each Domain pointer cause have no .conf file in user data /domains folder

That seems to dont compromize the funcionality, but, if a domain pointer become domain this will be automatic solved cause the funciont will be called again for the new domain



2) DA will call the script for newly created domains like this:

Regards

Noticed also that the script dkim_create.sh check if dkim keys already exist and if dont, will add keys and dns entry.

If keys files exist this script will not execute any command.

Very nice!

Hello,
if a dkim dns entry already exist will delete the old one or just add a new line?It will delete the _domainkey, _domainkey.domain.com., x._domainkey, and x._domainkey.domain.com. TXT records before adding the 2 new ones.

I've just added a check for dkim=1 in the script. It will now tell you if the option isn't enabled.

Don't worry about this message
TTL Override: Unable to read ....as it's only a debug output. It's not an actual error of significance. Nothing is aborted or changed as a result of that read failure.

I didn't consider domain pointers during the implementation, but now that you mention it, the script will use the same key as for the main domain, since the keys will already exist if the domain (or another pointer) have created the keys already.

I've been using the DKIM on a test domain for about a day now, and we are getting the "[verification succeeded]" on other exim boxes, so it looks as though it's working correctly.

John

Ive not exim box with dkim verify for check this if is correctly working but im going to build a test one today for verify dkim.

I had noticed that was just warning and didnt break anything so, thanks for confirm :)


if [ ! -e ${PRIV_KEY} ] || [ ! -e ${PUB_KEY} ]; then
openssl genrsa -out ${PRIV_KEY} 768 2>&1
openssl rsa -in ${PRIV_KEY} -out ${PUB_KEY} -pubout -outform PEM 2>&1
chmod 600 ${PRIV_KEY} ${PUB_KEY}
chown mail:mail ${PRIV_KEY} ${PUB_KEY}


Im not sure about what you sayd "It will delete the _domainkey, _domainkey.domain.com., x._domainkey, and x._domainkey.domain.com. TXT records before adding the 2 new ones."

From this part of the script seems that he check if files exist and create just if they doesn't... if they exist nothing will be executed.

Am i wrong? (im not a programmer but to me look like this :) )

Hello,

Correct. If the keys exist, new keys will not be generated.

However, lower down is the task.queue command which tells DA to add the current keys to the domain.com.db file. So if you run the script, the domain key TXT records will be reset. If they were already there, it will just reset them to the same value, so not a major issue.

John

Oh ok, perfect.

Many thanks for clarification :)

Best regards

Note that no changes are being made to SpamBlocker for DirectAdmin exim.conf Version 4 until after the feature comes out of beta. Please let us know if you're using the DKIM feature successfully with my Version 4 file.

Thanks.

Jeff

Actually yes, im using the feature with SP4, not for incoming email but just for sign the ougoing emails and seems to work correctly.

Still didnt check if receiver verify successful the email.

Ill let you know.

Regards

Yes, do let us know when you find out of it works on the receiving end.

Jeff

I would suggest sending an e-mail to gmail to test DKIM validation.

DKIM Core (http://dkimcore.org/tools/keycheck.html) has a nice lookup utility that checks your dns record for validity.

Edit: I completely forgot to mention this great utility, if you send an e-mail to check-auth@verifier.port25.com they will automatically reply back if your SPF, DKIM, and DomainKeys validate correctly. They have more information on their site: http://www.port25.com/auth/

test passed:


This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname: Orange01.CrazyNetwork.it
Source IP: 89.97.218.93
mail-from: support@crazynetwork.it

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=support@crazynetwork.it
DNS record(s):
crazynetwork.it. SPF (no records)
crazynetwork.it. 14400 IN TXT "v=spf1 a mx ip4:89.97.218.93 ~all"
crazynetwork.it. 14400 IN A 89.97.218.93

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=support@crazynetwork.it
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: support@crazynetwork.it)
ID(s) verified: header.d=crazynetwork.it
Canonicalized Headers:
content-type:multipart/related;'20'boundary="------------040204040904040305020709"'0D''0A'
subject:dkim'20'test'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
mime-version:1.0'0D''0A'
reply-to:support@crazynetwork.it'0D''0A'
from:Supporto'20'Tecnico'20'-'20'Crazy'20'Network'20'<support@crazynetwork.it>'0D''0A'
date:Sat,'20'12'20'Mar'20'2011'20'12:36:17'20'+0100'0D''0A'
message-id:<4D7B5AB1.6000100@crazynetwork.it>'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=crazynetwork.it;'20's=x;'20'h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date:Message-ID;'20'bh=Fr9lvpOaze4+zC8XaFJLrz3bQMBbRjHFTp0UR5Qfei4=;'20'b=;




DNS record(s):
x._domainkey.crazynetwork.it. 14400 IN TXT "v=DKIM1; k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMrIagucB4d1HKTjippnlBDjBMP4S2bZe1mEpSuAM40lcqUOHOakHETaEvwtyJjkUaFlj2pY1UFuRSHZY/uPBm+KWI53a9wLIrax1/rLDdr+vYM05udsildqivoJuV1PEwIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.From=support@crazynetwork.it
DNS record(s):
crazynetwork.it. SPF (no records)
crazynetwork.it. 14400 IN TXT "v=spf1 a mx ip4:89.97.218.93 ~all"
crazynetwork.it. 14400 IN A 89.97.218.93

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result: ham (3.1 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
2.5 HEAD_LONG Message headers are very long
0.0 HTML_MESSAGE BODY: HTML included in message
1.8 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]

==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
the message passed the authentication test.

"fail"
the message failed the authentication test.

"softfail"
the message failed the authentication test, and the authentication
method has either an explicit or implicit policy which doesn't require
successful authentication of all messages from that domain.

"neutral"
the authentication method completed without errors, but was unable
to reach either a positive or a negative result about the message.

"temperror"
a temporary (recoverable) error occurred attempting to authenticate
the sender; either the process couldn't be completed locally, or
there was a temporary failure retrieving data required for the
authentication. A later retry may produce a more final result.

"permerror"
a permanent (unrecoverable) error occurred attempting to
authenticate the sender; either the process couldn't be completed
locally, or there was a permanent failure retrieving data required
for the authentication.

==========================================================
Original Email
==========================================================

Return-Path: <support@crazynetwork.it>
Received: from Orange01.CrazyNetwork.it (89.97.218.93) by verifier.port25.com (PowerMTA(TM) v4.0b3) id hfddd811u9c0 for <check-auth@verifier.port25.com>; Sat, 12 Mar 2011 06:36:52 -0500 (envelope-from <support@crazynetwork.it>)
Authentication-Results: verifier.port25.com smtp.mail=support@crazynetwork.it; mfrom=pass;
Authentication-Results: verifier.port25.com header.From=support@crazynetwork.it; domainkeys=neutral (message not signed);
Authentication-Results: verifier.port25.com header.d=crazynetwork.it; dkim=pass (matches From: support@crazynetwork.it);
Authentication-Results: verifier.port25.com header.From=support@crazynetwork.it; pra=pass;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crazynetwork.it; s=x;
h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date:Message-ID; bh=Fr9lvpOaze4+zC8XaFJLrz3bQMBbRjHFTp0UR5Qfei4=;
b=D+9GdMcaRcHiMWsvwvacQkllA+nzCbuZkTfIRUc4Q/egB4RDWRfD9RLbKw3/HLItkJ8KiR9aNQdOicPvOMwtrEbil90E6/6K/3fA+zSPFP1vvfxyvfFEdKc7H1m2kTZ4;
Received: from [151.71.152.139] (helo=[192.168.1.7])
by Orange01.CrazyNetwork.it with esmtpa (Exim 4.73)
(envelope-from <support@crazynetwork.it>)
id 1PyN7m-0001cn-NP
for check-auth@verifier.port25.com; Sat, 12 Mar 2011 12:36:46 +0100
Message-ID: <4D7B5AB1.6000100@crazynetwork.it>
Date: Sat, 12 Mar 2011 12:36:17 +0100
From: Supporto Tecnico - Crazy Network <support@crazynetwork.it>
Reply-To: support@crazynetwork.it
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: check-auth@verifier.port25.com
Subject: dkim test
Content-Type: multipart/related;
boundary="------------040204040904040305020709"


Regards

Good
After the big people talk
Little people can do a software update? And how to please
Thank you :D

is still in beta. is not suggested to put in production yet.