{{settings.system.apacheconf_vhost}} {{settings.system.apacheconf_vhost}} {{settings.system.apacheconf_diroptions}} {{settings.system.apacheconf_diroptions}} {{settings.system.deactivateddocroot}} //service[@type='http']/general/commands {{settings.phpfpm.enabled}} FastCgiIpcDir Order Deny,Allow Deny from All # Prevent accessing this path directly Allow from env=REDIRECT_STATUS ]]> //service[@type='http']/daemon[@name='apache'][@version='2.2'] " server.port = 80 server.bind = "" url.access-deny = ("~", ".inc") include "mime-types.conf" #include "mod_cgi.conf" fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/tmp/lighttpd-fcgi-sock-lighttpd", "broken-scriptfilename" => "enable", "bin-path" => "/usr/bin/php-cgi", "min-procs" => 1, "max-procs" => 1, "max-load-per-proc" => 4, "idle-timeout" => 60, "bin-environment" => ( "UID" => "lighttpd", "GID" => "lighttpd", "PHP_FCGI_CHILDREN" => "0", "PHP_FCGI_MAX_REQUESTS" => "10000" ), "bin-copy-environment" => ( "" ) ) ) ) ]]> //service[@type='http']/general/commands {{settings.system.apacheconf_vhost}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.apacheconf_vhost}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.apacheconf_diroptions}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.apacheconf_diroptions}} > /etc/lighttpd/lighttpd.conf]]> {{settings.phpfpm.enabled}} {{settings.system.mod_fcgid}} //service[@type='http']/general/commands IN MX 10 mail * IN A IN MX 10 mail ns IN A mail IN A IN MX 10 mail ]]> > /etc/bind/named.conf]]> {{settings.system.vmail_gid}} {{settings.system.vmail_uid}} password = dbname = hosts = query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> '' ]]> password = dbname = hosts = query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' ]]> password = dbname = expansion_limit = 1 hosts = query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s' ]]> password = dbname = hosts = query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM mail_virtual WHERE mail_virtual.email = '%s')); ]]> password = dbname = expansion_limit = 1 hosts = query = SELECT uid FROM mail_users WHERE email = '%s' ]]> password = dbname = expansion_limit = 1 hosts = query = SELECT gid FROM mail_users WHERE email = '%s' ]]> ]]> //service[@type='smtp']/general/commands[@index=1] > /etc/portage/package.use]]> //service[@type='smtp']/general/installs[@index=1] //service[@type='smtp']/general/commands[@index=2] # should be different from $mydomain eg. "mail.$mydomain" myhostname = mail.$mydomain mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all append_dot_mydomain = no biff = no # Postfix performance settings default_destination_concurrency_limit = 20 local_destination_concurrency_limit = 2 # SMTPD Settings smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination # Maximum size of Message in bytes (512MB) message_size_limit = 536870912 ## SASL Auth Settings smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes ## Dovecot Settings for deliver, SASL Auth and virtual transport mailbox_command = /usr/libexec/dovecot/deliver smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # Virtual delivery settings virtual_mailbox_base = / virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uid_maps.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gid_maps.cf # Local delivery settings local_transport = local alias_database = hash:/etc/mail/aliases alias_maps = $alias_database # Default Mailbox size, is set to 0 which means unlimited! mailbox_size_limit = 0 virtual_mailbox_limit = 0 ### TLS settings ### ## TLS for outgoing mails from the server to another server #smtp_use_tls = yes #smtp_tls_note_starttls_offer = yes ## TLS for email client #smtpd_tls_cert_file = /etc/ssl/server/server.pem #smtpd_tls_key_file = /etc/ssl/server/server.key #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt #smtpd_tls_CAfile = /etc/ssl/cacert.class3.crt # Just an example for CACert.org #smtpd_tls_auth_only = no #smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes #smtpd_tls_session_cache_timeout = 3600s #tls_random_source = dev:/dev/urandom ### Quota Settings with vda useflag ## I use only virtual as localdelivery... This permits me to have full ## virtual domain hosting without using a lot of maps #virtual_transport = virtual ## Generate maildirsize files or not #virtual_create_maildirsize = yes ## I use Courier IMAP compatibles files. #virtual_mailbox_extended = yes ## Limits only INBOX part (useful when ## using when you have IMAP users) #virtual_mailbox_limit_inbox = yes ## maps of soft disk quotas #virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf #virtual_mailbox_limit_override = yes #virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later. #virtual_overquota_bounce = yes debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 ]]> //service[@type='smtp']/general/files[@index=0] //service[@type='smtp']/general/commands[@index=3] //service[@type='smtp']/general/commands[@index=1] > /etc/portage/package.use]]> //service[@type='smtp']/general/installs[@index=1] //service[@type='smtp']/general/commands[@index=2] # should be different from $mydomain eg. "mail.$mydomain" myhostname = mail.$mydomain mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all append_dot_mydomain = no biff = no # Postfix performance settings default_destination_concurrency_limit = 20 local_destination_concurrency_limit = 2 # SMTPD Settings smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_hostname smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination # Maximum size of Message in bytes (512MB) message_size_limit = 536870912 ## SASL Auth Settings smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes # Virtual delivery settings virtual_mailbox_base = / virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uid_maps.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gid_maps.cf # Local delivery settings local_transport = local alias_database = hash:/etc/mail/aliases alias_maps = $alias_database # Default Mailbox size, is set to 0 which means unlimited! mailbox_size_limit = 0 virtual_mailbox_limit = 0 ### TLS settings ### ## TLS for outgoing mails from the server to another server #smtp_tls_security_level = may #smtp_tls_note_starttls_offer = yes ## TLS for email client #smtpd_tls_security_level = may #smtpd_tls_cert_file = /etc/ssl/postfix/server.pem #smtpd_tls_key_file = /etc/ssl/postfix/server.key #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt #smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 ]]> //service[@type='smtp']/general/files[@index=0] sql_user: sql_passwd: sql_database: sql_select: SELECT password_enc FROM mail_users WHERE username='%u@%r' OR email='%u@%r' ]]> //service[@type='smtp']/general/commands[@index=3] > /etc/portage/package.use]]> .pem #ssl_key = .key passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = maildir:User Quota # Sieve-Configuration sieve = ~/sieve/.dovecot.sieve sieve_dir = ~/sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol imap { mail_plugins = quota imap_quota # IMAP logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client imap_logout_format = in=%i out=%o } protocol pop3 { mail_plugins = quota pop3_uidl_format = UID%u-%v # POP3 logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client # %t - number of TOP commands # %p - number of bytes sent to client as a result of TOP command # %r - number of RETR commands # %b - number of bytes sent to client as a result of RETR command # %d - number of deleted messages # %m - number of messages (before deletion) # %s - mailbox size in bytes (before deletion) # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly pop3_logout_format = in=%i out=%o top=%t/%p retr=%r/%b del=%d/%m size=%s } protocol sieve { } lda_mailbox_autocreate = yes protocol lda { auth_socket_path = /var/run/dovecot/auth-master mail_plugins = quota sieve # postmaster is the one in charge of the mail system. MUST be set to a valid address! postmaster_address = postmaster@ sendmail_path = /usr/sbin/sendmail lda_mailbox_autocreate = 1 } ]]> dbname= user= password= default_pass_scheme = CRYPT password_query = "SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota,'M') AS userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')" user_query = "SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota,'M') AS quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')" iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)" ]]> MYSQL_USERNAME MYSQL_PASSWORD MYSQL_PORT 0 MYSQL_DATABASE MYSQL_USER_TABLE mail_users MYSQL_CRYPT_PWFIELD password_enc MYSQL_UID_FIELD uid MYSQL_GID_FIELD gid MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD homedir MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD (quota*1024*1024) MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3) ]]> > /etc/portage/package.use]]> FTP Server" ServerType standalone ServerIdent off DefaultServer on Port 21 MaxInstances 50 # General settings DeferWelcome on MultilineRFC2228 on ShowSymlinks on AllowOverwrite on AllowStoreRestart on AllowRetrieveRestart on ListOptions "-al" DisplayChdir .message UseIPv6 off # Modules settings #DelayEngine off # Timeout settings TimeoutLogin 120 TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 600 # Security settings RootLogin off RequireValidShell off User nobody Group nogroup Umask 133 022 DefaultRoot ~ DenyFilter \*.*/ # Per-Directory settings Umask 133 022 AllowOverwrite on # SQL settings SQLAuthTypes Crypt SQLAuthenticate users* groups* SQLConnectInfo @ SQLUserInfo ftp_users username password uid gid homedir shell SQLGroupInfo ftp_groups groupname gid members SQLUserWhereClause "login_enabled = 'y'" SQLLog PASS login SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users SQLLog RETR download SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users SQLLog STOR upload SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users # Quota settings QuotaEngine on QuotaShowQuotas on QuotaDisplayUnits Mb QuotaLock /var/lock/ftpd.quotatab.lock QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'" SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies # TLS settings # #TLSEngine on #TLSLog /var/log/proftpd-tls.log #TLSProtocol SSLv23 #TLSTimeoutHandshake 120 # Really important for WinClients #TLSOptions NoCertRequest #TLSRSACertificateFile /etc/ssl/server/.crt #TLSRSACertificateKeyFile /etc/ssl/server/.key # Authenticate client that want to use FTP over TLS? #TLSVerifyClient off # Uncomment the following line to force tls login #TLSRequired off # # LOG settings # Logging Formats LogFormat default "%h %1 %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" # Activate Logging # all logins ExtendedLog /var/log/proftpd-auth.log AUTH auth # file/dir access ExtendedLog /var/log/proftpd-access.log WRITE,READ write # everything (be careful, generates_ very_ big logfiles) #ExtendedLog /var/log/proftpd-all.log ALL default # make proftpd faster / do not perform ident and reverse dns lookup UseReverseDNS off ]]> > /etc/portage/package.use]]> #MYSQLPort 3306 MYSQLSocket /var/run/mysqld/mysqld.sock MYSQLUser MYSQLPassword MYSQLDatabase MYSQLCrypt Crypt MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y" MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y" MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y" MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y" MySQLGetQTASZ SELECT panel_customers.diskspace/1024 AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1) ]]> > /etc/portage/package.use]]> FTP service. #deny_email_enable=YES #banned_email_file=/etc/vsftpd.banned_emails # chroot_list_enable below. chroot_local_user=YES chroot_list_enable=YES allow_writeable_chroot=YES #chroot_list_file=/etc/vsftpd.chroot_list #ls_recurse_enable=YES secure_chroot_dir=/run/vsftpd/empty pam_service_name=vsftpd #rsa_cert_file=/etc/vsftpd/ssl/.pem #rsa_private_key_file=/etc/vsftpd/ssl/.pem #ssl_enable=YES #ssl_tlsv1=YES #ssl_sslv2=NO #ssl_sslv3=NO force_local_data_ssl=NO force_local_logins_ssl=NO allow_anon_ssl=NO require_ssl_reuse=NO ssl_ciphers=HIGH ]]> passwd= host= db= table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 account required pam_mysql.so user= passwd= host= db= table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 #auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so. # Standard pam includes #@include common-account #@include common-session #@include common-auth #auth required pam_shells.so ]]> scripts/froxlor_master_cronjob.php ]]> database username password socket /var/run/mysqld/mysqld.sock ]]> password ]]> *.log { missingok weekly rotate 4 compress delaycompress notifempty create sharedscripts postrotate > /dev/null 2>&1 || true endscript } ]]> > /etc/portage/package.use]]> {{settings.system.webserver}} > /etc/portage/package.use]]> {{settings.system.webserver}} {{settings.system.webserver}} {{settings.system.mod_fcgid_ownvhost}} {{settings.system.webserver}} > /etc/portage/package.use]]> {{settings.system.webserver}} > /etc/portage/package.use]]> {{settings.system.webserver}} {{settings.system.webserver}} {{settings.phpfpm.enabled_ownvhost}} {{settings.phpfpm.vhost_httpuser}} {{settings.system.webserver}} {{settings.phpfpm.enabled_ownvhost}}