{{settings.system.apacheconf_vhost}} {{settings.system.apacheconf_vhost}} {{settings.system.apacheconf_diroptions}} {{settings.system.apacheconf_diroptions}} {{settings.system.deactivateddocroot}} //service[@type='http']/general/commands {{settings.phpfpm.enabled}} FastCgiIpcDir Require all granted Require env REDIRECT_STATUS ]]> {{settings.system.leenabled}} Require all granted ]]> " server.port = 80 server.bind = "" url.access-deny = ("~", ".inc") include "mime-types.conf" #include "mod_cgi.conf" fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/tmp/lighttpd-fcgi-sock-lighttpd", "broken-scriptfilename" => "enable", "bin-path" => "/usr/bin/php-cgi", "min-procs" => 1, "max-procs" => 1, "max-load-per-proc" => 4, "idle-timeout" => 60, "bin-environment" => ( "UID" => "lighttpd", "GID" => "lighttpd", "PHP_FCGI_CHILDREN" => "0", "PHP_FCGI_MAX_REQUESTS" => "10000" ), "bin-copy-environment" => ( "" ) ) ) ) alias.url += ("/.well-known/acme-challenge/" => "{{settings.system.letsencryptchallengepath}}/.well-known/acme-challenge/") ]]> //service[@type='http']/general/commands {{settings.system.apacheconf_vhost}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.apacheconf_vhost}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.apacheconf_diroptions}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.apacheconf_diroptions}} > /etc/lighttpd/lighttpd.conf]]> {{settings.system.leenabled}} {{settings.phpfpm.enabled}} {{settings.system.mod_fcgid}} //service[@type='http']/general/commands {{settings.phpfpm.enabled}} {{settings.system.mod_fcgid}} {{settings.phpfpm.enabled}} {{settings.system.mod_fcgid}} IN MX 10 mail * IN A IN MX 10 mail ns IN A mail IN A IN MX 10 mail ]]> > /etc/bind/named.conf]]> ################################# # allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. # # allow-dnsupdate-from=127.0.0.0/8,::1 ################################# # also-notify When notifying a domain, also notify these nameservers # # also-notify= ################################# # any-to-tcp Answer ANY queries with tc=1, shunting to TCP # # any-to-tcp=no ################################# # cache-ttl Seconds to store packets in the PacketCache # # cache-ttl=20 ################################# # carbon-interval Number of seconds between carbon (graphite) updates # # carbon-interval=30 ################################# # carbon-ourname If set, overrides our reported hostname for carbon stats # # carbon-ourname= ################################# # carbon-server If set, send metrics in carbon (graphite) format to this server # # carbon-server= ################################# # chroot If set, chroot to this directory for more security # # chroot= ################################# # config-dir Location of configuration directory (pdns.conf) # config-dir=/etc/powerdns ################################# # config-name Name of this virtual configuration - will rename the binary image # # config-name= ################################# # control-console Debugging switch - don't use # # control-console=no ################################# # daemon Operate as a daemon # daemon=yes ################################# # default-ksk-algorithms Default KSK algorithms # # default-ksk-algorithms=rsasha256 ################################# # default-ksk-size Default KSK size (0 means default) # # default-ksk-size=0 ################################# # default-soa-mail mail address to insert in the SOA record if none set in the backend # # default-soa-mail= ################################# # default-soa-name name to insert in the SOA record if none set in the backend # # default-soa-name=a.misconfigured.powerdns.server ################################# # default-ttl Seconds a result is valid if not set otherwise # # default-ttl=3600 ################################# # default-zsk-algorithms Default ZSK algorithms # # default-zsk-algorithms=rsasha256 ################################# # default-zsk-size Default ZSK size (0 means default) # # default-zsk-size=0 ################################# # direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis # # direct-dnskey=no ################################# # disable-axfr Disable zonetransfers but do allow TCP queries # # disable-axfr=no ################################# # disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. # # disable-axfr-rectify=no ################################# # disable-tcp Do not listen to TCP queries # # disable-tcp=no ################################# # distributor-threads Default number of Distributor (backend) threads to start # # distributor-threads=3 ################################# # do-ipv6-additional-processing Do AAAA additional processing # # do-ipv6-additional-processing=yes ################################# # edns-subnet-processing If we should act on EDNS Subnet options # # edns-subnet-processing=no ################################# # entropy-source If set, read entropy from this file # # entropy-source=/dev/urandom ################################# # experimental-api-key REST API Static authentication key (required for API use) # # experimental-api-key= ################################# # experimental-api-readonly If the JSON API should disallow data modification # # experimental-api-readonly=no ################################# # experimental-dname-processing If we should support DNAME records # # experimental-dname-processing=no ################################# # experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. # # experimental-dnsupdate=no ################################# # experimental-json-interface If the webserver should serve JSON data # # experimental-json-interface=no ################################# # experimental-logfile Filename of the log file for JSON parser # # experimental-logfile=/var/log/pdns.log ################################# # forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. # # forward-dnsupdate=yes ################################# # guardian Run within a guardian process # guardian=yes ################################# # include-dir Include *.conf files from this directory # # include-dir= ################################# # launch Which backends to launch and order to query them in # # launch= ################################# # load-modules Load this module - supply absolute or relative path # # load-modules= ################################# # local-address Local IP addresses to which we bind # local-address=,127.0.0.1 ################################# # local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server # # local-address-nonexist-fail=yes ################################# # local-ipv6 Local IP address to which we bind # # local-ipv6= ################################# # local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server # # local-ipv6-nonexist-fail=yes ################################# # local-port The port on which we listen # local-port=53 ################################# # log-dns-details If PDNS should log DNS non-erroneous details # log-dns-details=yes ################################# # log-dns-queries If PDNS should log all incoming DNS queries # # log-dns-queries=no ################################# # logging-facility Log under a specific facility # # logging-facility= ################################# # loglevel Amount of logging. Higher is more. Do not set below 3 # # loglevel=4 ################################# # lua-prequery-script Lua script with prequery handler # # lua-prequery-script= ################################# # master Act as a master # master=yes ################################# # max-cache-entries Maximum number of cache entries # # max-cache-entries=1000000 ################################# # max-ent-entries Maximum number of empty non-terminals in a zone # # max-ent-entries=100000 ################################# # max-nsec3-iterations Limit the number of NSEC3 hash iterations # # max-nsec3-iterations=500 ################################# # max-queue-length Maximum queuelength before considering situation lost # # max-queue-length=5000 ################################# # max-signature-cache-entries Maximum number of signatures cache entries # # max-signature-cache-entries= ################################# # max-tcp-connections Maximum number of TCP connections # # max-tcp-connections=10 ################################# # module-dir Default directory for modules # module-dir=/usr/lib/powerdns/pdns/ ################################# # negquery-cache-ttl Seconds to store negative query results in the QueryCache # # negquery-cache-ttl=60 ################################# # no-shuffle Set this to prevent random shuffling of answers - for regression testing # # no-shuffle=off ################################# # only-notify Only send AXFR NOTIFY to these IP addresses or netmasks # # only-notify=0.0.0.0/0,::/0 ################################# # out-of-zone-additional-processing Do out of zone additional processing # # out-of-zone-additional-processing=yes ################################# # overload-queue-length Maximum queuelength moving to packetcache only # # overload-queue-length=0 ################################# # pipebackend-abi-version Version of the pipe backend ABI # # pipebackend-abi-version=1 ################################# # prevent-self-notification Don't send notifications to what we think is ourself # # prevent-self-notification=yes ################################# # query-cache-ttl Seconds to store query results in the QueryCache # # query-cache-ttl=20 ################################# # query-local-address Source IP address for sending queries # # query-local-address=0.0.0.0 ################################# # query-local-address6 Source IPv6 address for sending queries # # query-local-address6=:: ################################# # query-logging Hint backends that queries should be logged # # query-logging=no ################################# # queue-limit Maximum number of milliseconds to queue a query # # queue-limit=1500 ################################# # receiver-threads Default number of receiver threads to start # # receiver-threads=1 ################################# # retrieval-threads Number of AXFR-retrieval threads for slave operation # # retrieval-threads=2 ################################# # reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket # # reuseport=no ################################# # security-poll-suffix Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. ################################# # send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority # # send-root-referral=no ################################# # server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom # # server-id= ################################# # setgid If set, change group id to this gid for more security # setgid=pdns ################################# # setuid If set, change user id to this uid for more security # setuid=pdns ################################# # signing-threads Default number of signer threads to start # # signing-threads=3 ################################# # slave Act as a slave # # slave=no ################################# # slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds # # slave-cycle-interval=60 ################################# # slave-renotify If we should send out notifications for slaved updates # # slave-renotify=no ################################# # soa-expire-default Default SOA expire # # soa-expire-default=604800 ################################# # soa-minimum-ttl Default SOA minimum ttl # # soa-minimum-ttl=3600 ################################# # soa-refresh-default Default SOA refresh # # soa-refresh-default=10800 ################################# # soa-retry-default Default SOA retry # # soa-retry-default=3600 ################################# # socket-dir Where the controlsocket will live # socket-dir=/var/run ################################# # tcp-control-address If set, PowerDNS can be controlled over TCP on this address # # tcp-control-address= ################################# # tcp-control-port If set, PowerDNS can be controlled over TCP on this address # # tcp-control-port=53000 ################################# # tcp-control-range If set, remote control of PowerDNS is possible over these networks only # # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 ################################# # tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret # # tcp-control-secret= ################################# # traceback-handler Enable the traceback handler (Linux only) # # traceback-handler=yes ################################# # trusted-notification-proxy IP address of incoming notification proxy # # trusted-notification-proxy= ################################# # udp-truncation-threshold Maximum UDP response size before we truncate # # udp-truncation-threshold=1680 ################################# # version-string PowerDNS version in packets - full, anonymous, powerdns or custom # version-string=powerdns ################################# # webserver Start a webserver for monitoring # # webserver=no ################################# # webserver-address IP Address of webserver to listen on # # webserver-address=127.0.0.1 ################################# # webserver-allow-from Webserver access is only allowed from these subnets # # webserver-allow-from=0.0.0.0/0,::/0 ################################# # webserver-password Password required for accessing the webserver # # webserver-password= ################################# # webserver-port Port of webserver to listen on # # webserver-port=8081 ################################# # webserver-print-arguments If the webserver should print arguments # # webserver-print-arguments=no # include froxlor-specific config include-dir=/etc/powerdns/froxlor/ ]]> ################################# # allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. # # allow-dnsupdate-from=127.0.0.0/8,::1 ################################# # also-notify When notifying a domain, also notify these nameservers # # also-notify= ################################# # any-to-tcp Answer ANY queries with tc=1, shunting to TCP # # any-to-tcp=no ################################# # cache-ttl Seconds to store packets in the PacketCache # # cache-ttl=20 ################################# # carbon-interval Number of seconds between carbon (graphite) updates # # carbon-interval=30 ################################# # carbon-ourname If set, overrides our reported hostname for carbon stats # # carbon-ourname= ################################# # carbon-server If set, send metrics in carbon (graphite) format to this server # # carbon-server= ################################# # chroot If set, chroot to this directory for more security # # chroot= ################################# # config-dir Location of configuration directory (pdns.conf) # config-dir=/etc/powerdns ################################# # config-name Name of this virtual configuration - will rename the binary image # # config-name= ################################# # control-console Debugging switch - don't use # # control-console=no ################################# # daemon Operate as a daemon # daemon=yes ################################# # default-ksk-algorithms Default KSK algorithms # # default-ksk-algorithms=rsasha256 ################################# # default-ksk-size Default KSK size (0 means default) # # default-ksk-size=0 ################################# # default-soa-mail mail address to insert in the SOA record if none set in the backend # # default-soa-mail= ################################# # default-soa-name name to insert in the SOA record if none set in the backend # # default-soa-name=a.misconfigured.powerdns.server ################################# # default-ttl Seconds a result is valid if not set otherwise # # default-ttl=3600 ################################# # default-zsk-algorithms Default ZSK algorithms # # default-zsk-algorithms=rsasha256 ################################# # default-zsk-size Default ZSK size (0 means default) # # default-zsk-size=0 ################################# # direct-dnskey Fetch DNSKEY RRs from backend during DNSKEY synthesis # # direct-dnskey=no ################################# # disable-axfr Disable zonetransfers but do allow TCP queries # disable-axfr=yes ################################# # disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. # # disable-axfr-rectify=no ################################# # disable-tcp Do not listen to TCP queries # # disable-tcp=no ################################# # distributor-threads Default number of Distributor (backend) threads to start # # distributor-threads=3 ################################# # do-ipv6-additional-processing Do AAAA additional processing # # do-ipv6-additional-processing=yes ################################# # edns-subnet-processing If we should act on EDNS Subnet options # # edns-subnet-processing=no ################################# # entropy-source If set, read entropy from this file # # entropy-source=/dev/urandom ################################# # experimental-api-key REST API Static authentication key (required for API use) # # experimental-api-key= ################################# # experimental-api-readonly If the JSON API should disallow data modification # # experimental-api-readonly=no ################################# # experimental-dname-processing If we should support DNAME records # # experimental-dname-processing=no ################################# # experimental-dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. # # experimental-dnsupdate=no ################################# # experimental-json-interface If the webserver should serve JSON data # # experimental-json-interface=no ################################# # experimental-logfile Filename of the log file for JSON parser # # experimental-logfile=/var/log/pdns.log ################################# # forward-dnsupdate A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master. # # forward-dnsupdate=yes ################################# # guardian Run within a guardian process # guardian=yes ################################# # include-dir Include *.conf files from this directory # # include-dir= ################################# # launch Which backends to launch and order to query them in # launch=bind ################################# # load-modules Load this module - supply absolute or relative path # # load-modules= ################################# # local-address Local IP addresses to which we bind # local-address=,127.0.0.1 ################################# # local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server # # local-address-nonexist-fail=yes ################################# # local-ipv6 Local IP address to which we bind # # local-ipv6= ################################# # local-ipv6-nonexist-fail Fail to start if one or more of the local-ipv6 addresses do not exist on this server # # local-ipv6-nonexist-fail=yes ################################# # local-port The port on which we listen # local-port=53 ################################# # log-dns-details If PDNS should log DNS non-erroneous details # log-dns-details=yes ################################# # log-dns-queries If PDNS should log all incoming DNS queries # # log-dns-queries=no ################################# # logging-facility Log under a specific facility # # logging-facility= ################################# # loglevel Amount of logging. Higher is more. Do not set below 3 # # loglevel=4 ################################# # lua-prequery-script Lua script with prequery handler # # lua-prequery-script= ################################# # master Act as a master # master=yes ################################# # max-cache-entries Maximum number of cache entries # # max-cache-entries=1000000 ################################# # max-ent-entries Maximum number of empty non-terminals in a zone # # max-ent-entries=100000 ################################# # max-nsec3-iterations Limit the number of NSEC3 hash iterations # # max-nsec3-iterations=500 ################################# # max-queue-length Maximum queuelength before considering situation lost # # max-queue-length=5000 ################################# # max-signature-cache-entries Maximum number of signatures cache entries # # max-signature-cache-entries= ################################# # max-tcp-connections Maximum number of TCP connections # # max-tcp-connections=10 ################################# # module-dir Default directory for modules # module-dir=/usr/lib/powerdns/pdns/ ################################# # negquery-cache-ttl Seconds to store negative query results in the QueryCache # # negquery-cache-ttl=60 ################################# # no-shuffle Set this to prevent random shuffling of answers - for regression testing # # no-shuffle=off ################################# # only-notify Only send AXFR NOTIFY to these IP addresses or netmasks # # only-notify=0.0.0.0/0,::/0 ################################# # out-of-zone-additional-processing Do out of zone additional processing # # out-of-zone-additional-processing=yes ################################# # overload-queue-length Maximum queuelength moving to packetcache only # # overload-queue-length=0 ################################# # pipebackend-abi-version Version of the pipe backend ABI # # pipebackend-abi-version=1 ################################# # prevent-self-notification Don't send notifications to what we think is ourself # # prevent-self-notification=yes ################################# # query-cache-ttl Seconds to store query results in the QueryCache # # query-cache-ttl=20 ################################# # query-local-address Source IP address for sending queries # # query-local-address=0.0.0.0 ################################# # query-local-address6 Source IPv6 address for sending queries # # query-local-address6=:: ################################# # query-logging Hint backends that queries should be logged # # query-logging=no ################################# # queue-limit Maximum number of milliseconds to queue a query # # queue-limit=1500 ################################# # receiver-threads Default number of receiver threads to start # # receiver-threads=1 ################################# # retrieval-threads Number of AXFR-retrieval threads for slave operation # # retrieval-threads=2 ################################# # reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket # # reuseport=no ################################# # security-poll-suffix Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. ################################# # send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority # # send-root-referral=no ################################# # server-id Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom # # server-id= ################################# # setgid If set, change group id to this gid for more security # setgid=pdns ################################# # setuid If set, change user id to this uid for more security # setuid=pdns ################################# # signing-threads Default number of signer threads to start # # signing-threads=3 ################################# # slave Act as a slave # # slave=no ################################# # slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds # # slave-cycle-interval=60 ################################# # slave-renotify If we should send out notifications for slaved updates # # slave-renotify=no ################################# # soa-expire-default Default SOA expire # # soa-expire-default=604800 ################################# # soa-minimum-ttl Default SOA minimum ttl # # soa-minimum-ttl=3600 ################################# # soa-refresh-default Default SOA refresh # # soa-refresh-default=10800 ################################# # soa-retry-default Default SOA retry # # soa-retry-default=3600 ################################# # socket-dir Where the controlsocket will live # socket-dir=/var/run ################################# # tcp-control-address If set, PowerDNS can be controlled over TCP on this address # # tcp-control-address= ################################# # tcp-control-port If set, PowerDNS can be controlled over TCP on this address # # tcp-control-port=53000 ################################# # tcp-control-range If set, remote control of PowerDNS is possible over these networks only # # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 ################################# # tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret # # tcp-control-secret= ################################# # traceback-handler Enable the traceback handler (Linux only) # # traceback-handler=yes ################################# # trusted-notification-proxy IP address of incoming notification proxy # # trusted-notification-proxy= ################################# # udp-truncation-threshold Maximum UDP response size before we truncate # # udp-truncation-threshold=1680 ################################# # version-string PowerDNS version in packets - full, anonymous, powerdns or custom # version-string=powerdns ################################# # webserver Start a webserver for monitoring # # webserver=no ################################# # webserver-address IP Address of webserver to listen on # # webserver-address=127.0.0.1 ################################# # webserver-allow-from Webserver access is only allowed from these subnets # # webserver-allow-from=0.0.0.0/0,::/0 ################################# # webserver-password Password required for accessing the webserver # # webserver-password= ################################# # webserver-port Port of webserver to listen on # # webserver-port=8081 ################################# # webserver-print-arguments If the webserver should print arguments # # webserver-print-arguments=no # include froxlor-bind-specific config include-dir=/etc/powerdns/froxlor/ ]]> named.conf bind-check-interval=180 ]]> {{settings.system.vmail_gid}} {{settings.system.vmail_uid}} password = dbname = hosts = query = SELECT destination FROM mail_virtual AS v, panel_customers AS c WHERE c.customerid = v.customerid AND c.deactivated = 0 AND v.email = '%s' AND trim(v.destination) <> '' ]]> password = dbname = hosts = query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' ]]> password = dbname = expansion_limit = 1 hosts = query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s' ]]> password = dbname = hosts = query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM mail_virtual WHERE mail_virtual.email = '%s')); ]]> password = dbname = expansion_limit = 1 hosts = query = SELECT uid FROM mail_users WHERE email = '%s' ]]> password = dbname = expansion_limit = 1 hosts = query = SELECT gid FROM mail_users WHERE email = '%s' ]]> ]]> //service[@type='smtp']/general/commands[@index=1] > /etc/portage/package.use/froxlor]]> //service[@type='smtp']/general/installs[@index=1] //service[@type='smtp']/general/commands[@index=2] # set myhostname to $mydomain because Froxlor already uses a FQDN myhostname = $mydomain mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all append_dot_mydomain = no biff = no # Postfix performance settings default_destination_concurrency_limit = 20 local_destination_concurrency_limit = 2 # SMTPD Settings smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination # Maximum size of Message in bytes (512MB) message_size_limit = 536870912 ## SASL Auth Settings smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes ## Dovecot Settings for deliver, SASL Auth and virtual transport mailbox_command = /usr/libexec/dovecot/deliver smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # Virtual delivery settings virtual_mailbox_base = / virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_permissions.cf virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uid_maps.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gid_maps.cf # Local delivery settings local_transport = local alias_database = hash:/etc/mail/aliases alias_maps = $alias_database # Default Mailbox size, is set to 0 which means unlimited! mailbox_size_limit = 0 virtual_mailbox_limit = 0 ### TLS settings ### ## TLS for outgoing mails from the server to another server smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes ## TLS for incoming connections (clients or other mail servers) smtpd_tls_security_level = may smtpd_tls_cert_file = smtpd_tls_key_file = #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtp_use_tls = yes smtpd_use_tls = yes smtpd_tls_session_cache_timeout = 3600s #tls_random_source = dev:/dev/urandom ### Quota Settings with vda useflag ## I use only virtual as localdelivery... This permits me to have full ## virtual domain hosting without using a lot of maps #virtual_transport = virtual ## Generate maildirsize files or not #virtual_create_maildirsize = yes ## I use Courier IMAP compatibles files. #virtual_mailbox_extended = yes ## Limits only INBOX part (useful when ## using when you have IMAP users) #virtual_mailbox_limit_inbox = yes ## maps of soft disk quotas #virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf #virtual_mailbox_limit_override = yes #virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later. #virtual_overquota_bounce = yes debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 ]]> //service[@type='smtp']/general/files[@index=0] //service[@type='smtp']/general/commands[@index=3] //service[@type='smtp']/general/commands[@index=1] > /etc/portage/package.use/froxlor]]> //service[@type='smtp']/general/installs[@index=1] //service[@type='smtp']/general/commands[@index=2] # should be different from $mydomain eg. "mail.$mydomain" myhostname = mail.$mydomain mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all append_dot_mydomain = no biff = no # Postfix performance settings default_destination_concurrency_limit = 20 local_destination_concurrency_limit = 2 # SMTPD Settings smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination # Maximum size of Message in bytes (512MB) message_size_limit = 536870912 ## SASL Auth Settings smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes ## Dovecot Settings for deliver, SASL Auth and virtual transport mailbox_command = /usr/libexec/dovecot/deliver smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # Virtual delivery settings virtual_mailbox_base = / virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_permissions.cf virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uid_maps.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gid_maps.cf # Local delivery settings local_transport = local alias_database = hash:/etc/mail/aliases alias_maps = $alias_database # Default Mailbox size, is set to 0 which means unlimited! mailbox_size_limit = 0 virtual_mailbox_limit = 0 ### TLS settings ### ## TLS for outgoing mails from the server to another server #smtp_use_tls = yes #smtp_tls_note_starttls_offer = yes ## TLS for email client #smtpd_tls_cert_file = /etc/ssl/server/server.pem #smtpd_tls_key_file = /etc/ssl/server/server.key #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt #smtpd_tls_CAfile = /etc/ssl/cacert.class3.crt # Just an example for CACert.org #smtpd_tls_auth_only = no #smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes #smtpd_tls_session_cache_timeout = 3600s #tls_random_source = dev:/dev/urandom ### Quota Settings with vda useflag ## I use only virtual as localdelivery... This permits me to have full ## virtual domain hosting without using a lot of maps #virtual_transport = virtual ## Generate maildirsize files or not #virtual_create_maildirsize = yes ## I use Courier IMAP compatibles files. #virtual_mailbox_extended = yes ## Limits only INBOX part (useful when ## using when you have IMAP users) #virtual_mailbox_limit_inbox = yes ## maps of soft disk quotas #virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf #virtual_mailbox_limit_override = yes #virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later. #virtual_overquota_bounce = yes debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 ]]> //service[@type='smtp']/general/files[@index=0] //service[@type='smtp']/general/commands[@index=3] //service[@type='smtp']/general/commands[@index=1] > /etc/portage/package.use/froxlor]]> //service[@type='smtp']/general/installs[@index=1] //service[@type='smtp']/general/commands[@index=2] # should be different from $mydomain eg. "mail.$mydomain" myhostname = mail.$mydomain mydestination = $myhostname, $mydomain, localhost.$myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all append_dot_mydomain = no biff = no # Postfix performance settings default_destination_concurrency_limit = 20 local_destination_concurrency_limit = 2 # SMTPD Settings smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_non_fqdn_recipient smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unknown_hostname, reject_unknown_recipient_domain, reject_unknown_sender_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_hostname smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination # Maximum size of Message in bytes (512MB) message_size_limit = 536870912 ## SASL Auth Settings smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes # Virtual delivery settings virtual_mailbox_base = / virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_permissions.cf virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uid_maps.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gid_maps.cf # Local delivery settings local_transport = local alias_database = hash:/etc/mail/aliases alias_maps = $alias_database # Default Mailbox size, is set to 0 which means unlimited! mailbox_size_limit = 0 virtual_mailbox_limit = 0 ### TLS settings ### ## TLS for outgoing mails from the server to another server #smtp_tls_security_level = may #smtp_tls_note_starttls_offer = yes ## TLS for email client #smtpd_tls_security_level = may #smtpd_tls_cert_file = /etc/ssl/postfix/server.pem #smtpd_tls_key_file = /etc/ssl/postfix/server.key #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt #smtpd_tls_loglevel = 1 #smtpd_tls_received_header = yes debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 ]]> //service[@type='smtp']/general/files[@index=0] sql_user: sql_passwd: sql_database: sql_select: SELECT password_enc FROM mail_users WHERE username='%u@%r' OR email='%u@%r' ]]> //service[@type='smtp']/general/commands[@index=3] > /etc/portage/package.use/froxlor]]> ssl_key = < ssl_dh = sendmail_path = /usr/sbin/sendmail lda_mailbox_autocreate = 1 } ]]> dbname= user= password=" #default_pass_scheme = CRYPT password_query = "SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota,'M') AS userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR ((postfix = 'Y' AND '%Ls' = 'smtp') OR (postfix = 'Y' AND '%Ls' = 'sieve')))" user_query = "SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota,'M') AS quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')" iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)" ]]> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = 64M } #service managesieve { # Max. number of ManageSieve processes (connections) #process_limit = 1024 #} # Service configuration protocol sieve { # Maximum ManageSieve command line length in bytes. ManageSieve usually does # not involve overly long command lines, so this setting will not normally # need adjustment #managesieve_max_line_length = 65536 # Maximum number of ManageSieve connections allowed for a user from each IP # address. # NOTE: The username is compared case-sensitively. #mail_max_userip_connections = 10 # Space separated list of plugins to load (none known to be useful so far). # Do NOT try to load IMAP plugins here. #mail_plugins = # MANAGESIEVE logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client #managesieve_logout_format = bytes=%i/%o # To fool ManageSieve clients that are focused on CMU's timesieved you can # specify the IMPLEMENTATION capability that Dovecot reports to clients. # For example: 'Cyrus timsieved v2.2.13' #managesieve_implementation_string = Dovecot Pigeonhole # Explicitly specify the SIEVE and NOTIFY capability reported by the server # before login. If left unassigned these will be reported dynamically # according to what the Sieve interpreter supports by default (after login # this may differ depending on the user). #managesieve_sieve_capability = #managesieve_notify_capability = # The maximum number of compile errors that are returned to the client upon # script upload or script verification. #managesieve_max_compile_errors = 5 # Refer to 90-sieve.conf for script quota configuration and configuration of # Sieve execution limits. } ]]> :]path[;[=][;...]] # # If the type prefix is omitted, the script location type is 'file' and the # location is interpreted as a local filesystem path pointing to a Sieve script # file or directory. Refer to Pigeonhole wiki or INSTALL file for more # information. plugin { # The location of the user's main Sieve script or script storage. The LDA # Sieve plugin uses this to find the active script for Sieve filtering at # delivery. The "include" extension uses this location for retrieving # :personal" scripts. This is also where the ManageSieve service will store # the user's scripts, if supported. # # Currently only the 'file:' location type supports ManageSieve operation. # Other location types like 'dict:' and 'ldap:' can currently only # be used as a read-only script source (). # # For the 'file:' type: use the ';active=' parameter to specify where the # active script symlink is located. # For other types: use the ';name=' parameter to specify the name of the # default/active script. sieve = file:~/sieve;active=~/sieve/.dovecot.sieve # The default Sieve script when the user has none. This is the location of a # global sieve script file, which gets executed ONLY if user's personal Sieve # script doesn't exist. Be sure to pre-compile this script manually using the # sievec command line tool if the binary is not stored in a global location. # --> See sieve_before for executing scripts before the user's personal # script. #sieve_default = /var/lib/dovecot/sieve/default.sieve # The name by which the default Sieve script (as configured by the # sieve_default setting) is visible to the user through ManageSieve. #sieve_default_name = # Location for ":global" include scripts as used by the "include" extension. #sieve_global = # Location Sieve of scripts that need to be executed before the user's # personal script. If a 'file' location path points to a directory, all the # Sieve scripts contained therein (with the proper `.sieve' extension) are # executed. The order of execution within that directory is determined by the # file names, using a normal 8bit per-character comparison. # # Multiple script locations can be specified by appending an increasing number # to the setting name. The Sieve scripts found from these locations are added # to the script execution sequence in the specified order. Reading the # numbered sieve_before settings stops at the first missing setting, so no # numbers may be skipped. #sieve_before = /var/lib/dovecot/sieve.d/ #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain #sieve_before3 = (etc...) # Identical to sieve_before, only the specified scripts are executed after the # user's script (only when keep is still in effect!). Multiple script # locations can be specified by appending an increasing number. #sieve_after = #sieve_after2 = #sieve_after2 = (etc...) # Which Sieve language extensions are available to users. By default, all # supported extensions are available, except for deprecated extensions or # those that are still under development. Some system administrators may want # to disable certain Sieve extensions or enable those that are not available # by default. This setting can use '+' and '-' to specify differences relative # to the default. For example `sieve_extensions = +imapflags' will enable the # deprecated imapflags extension in addition to all extensions were already # enabled by default. #sieve_extensions = +notify +imapflags # Which Sieve language extensions are ONLY available in global scripts. This # can be used to restrict the use of certain Sieve extensions to administrator # control, for instance when these extensions can cause security concerns. # This setting has higher precedence than the `sieve_extensions' setting # (above), meaning that the extensions enabled with this setting are never # available to the user's personal script no matter what is specified for the # `sieve_extensions' setting. The syntax of this setting is similar to the # `sieve_extensions' setting, with the difference that extensions are # enabled or disabled for exclusive use in global scripts. Currently, no # extensions are marked as such by default. #sieve_global_extensions = # The Pigeonhole Sieve interpreter can have plugins of its own. Using this # setting, the used plugins can be specified. Check the Dovecot wiki # (wiki2.dovecot.org) or the pigeonhole website # (http://pigeonhole.dovecot.org) for available plugins. # The sieve_extprograms plugin is included in this release. #sieve_plugins = # The separator that is expected between the :user and :detail # address parts introduced by the subaddress extension. This may # also be a sequence of characters (e.g. '--'). The current # implementation looks for the separator from the left of the # localpart and uses the first one encountered. The :user part is # left of the separator and the :detail part is right. This setting # is also used by Dovecot's LMTP service. #recipient_delimiter = + # The maximum size of a Sieve script. The compiler will refuse to compile any # script larger than this limit. If set to 0, no limit on the script size is # enforced. #sieve_max_script_size = 1M # The maximum number of actions that can be performed during a single script # execution. If set to 0, no limit on the total number of actions is enforced. #sieve_max_actions = 32 # The maximum number of redirect actions that can be performed during a single # script execution. If set to 0, no redirect actions are allowed. #sieve_max_redirects = 4 # The maximum number of personal Sieve scripts a single user can have. If set # to 0, no limit on the number of scripts is enforced. # (Currently only relevant for ManageSieve) #sieve_quota_max_scripts = 0 # The maximum amount of disk storage a single user's scripts may occupy. If # set to 0, no limit on the used amount of disk storage is enforced. # (Currently only relevant for ManageSieve) #sieve_quota_max_storage = 0 } ]]> MYSQL_USERNAME MYSQL_PASSWORD MYSQL_PORT 0 MYSQL_DATABASE MYSQL_USER_TABLE mail_users MYSQL_CRYPT_PWFIELD password_enc MYSQL_UID_FIELD uid MYSQL_GID_FIELD gid MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD homedir MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD (quota*1024*1024) MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3) ]]> > /etc/portage/package.use/froxlor]]> " [ -f /etc/ssl/certs/proftpd_ec.crt ] || openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp521r1) -keyout /etc/ssl/private/proftpd_ec.key -out /etc/ssl/certs/proftpd_ec.crt -days 3650 -subj "/C=US/ST=Some-State/O=Internet Widgits Pty Ltd/CN=" chmod 0600 /etc/ssl/private/proftpd.key /etc/ssl/private/proftpd_ec.key ]]> FTP Server" ServerType standalone ServerIdent off DefaultServer on Port 21 MaxInstances 50 # General settings DeferWelcome on MultilineRFC2228 on ShowSymlinks on AllowOverwrite on AllowStoreRestart on AllowRetrieveRestart on ListOptions "-al" DisplayChdir .message UseIPv6 off # Modules settings #DelayEngine off # Timeout settings TimeoutLogin 120 TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 600 # Security settings RootLogin off RequireValidShell off User nobody Group nogroup Umask 133 022 DefaultRoot ~ DenyFilter \*.*/ # Per-Directory settings Umask 133 022 AllowOverwrite on # SQL settings SQLAuthTypes Crypt OpenSSL SQLAuthenticate users* groups* SQLConnectInfo @ SQLUserInfo ftp_users username password uid gid homedir shell SQLGroupInfo ftp_groups groupname gid members SQLUserWhereClause "login_enabled = 'y'" SQLLog PASS login SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users SQLLog RETR download SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users SQLLog STOR upload SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users # Quota settings QuotaEngine on QuotaShowQuotas on QuotaDisplayUnits Mb QuotaLock /var/lock/ftpd.quotatab.lock QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'" SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies # TLS settings TLSEngine on TLSLog /var/log/proftpd-tls.log TLSProtocol TLSv1 TLSv1.1 TLSv1.2 #TLSTimeoutHandshake 120 # Really important for WinClients and some clients TLSOptions NoCertRequest NoSessionReuseRequired TLSRSACertificateFile /etc/ssl/certs/proftpd.crt TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key # Authenticate client that want to use FTP over TLS? TLSVerifyClient off # Uncomment the following line to force tls login #TLSRequired on # LOG settings # Logging Formats LogFormat default "%h %1 %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" # Activate Logging # all logins ExtendedLog /var/log/proftpd-auth.log AUTH auth # file/dir access ExtendedLog /var/log/proftpd-access.log WRITE,READ write # everything (be careful, generates_ very_ big logfiles) #ExtendedLog /var/log/proftpd-all.log ALL default # make proftpd faster / do not perform ident and reverse dns lookup UseReverseDNS off ]]> > /etc/portage/package.use/froxlor]]> " openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 3072 chmod 0600 /etc/ssl/private/pure-ftpd.pem /etc/ssl/private/pure-ftpd-dhparams.pem ]]> #MYSQLPort 3306 MYSQLSocket /var/run/mysqld/mysqld.sock MYSQLUser MYSQLPassword MYSQLDatabase MYSQLCrypt any MYSQLGetPW SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y" MYSQLGetUID SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y" MYSQLGetGID SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y" MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y" MySQLGetQTASZ SELECT CASE WHEN panel_customers.diskspace = 0 THEN -1 WHEN panel_customers.diskspace <= -1 THEN 0 ELSE panel_customers.diskspace/1024 END AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1) ]]> > /etc/portage/package.use/froxlor]]> FTP service. #deny_email_enable=YES #banned_email_file=/etc/vsftpd.banned_emails # chroot_list_enable below. chroot_local_user=YES chroot_list_enable=YES allow_writeable_chroot=YES #chroot_list_file=/etc/vsftpd.chroot_list #ls_recurse_enable=YES secure_chroot_dir=/run/vsftpd/empty pam_service_name=vsftpd #rsa_cert_file=/etc/vsftpd/ssl/.pem #rsa_private_key_file=/etc/vsftpd/ssl/.pem #ssl_enable=YES #ssl_tlsv1=YES #ssl_sslv2=NO #ssl_sslv3=NO force_local_data_ssl=NO force_local_logins_ssl=NO allow_anon_ssl=NO require_ssl_reuse=NO ssl_ciphers=HIGH ]]> passwd= host= db= table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 account required pam_mysql.so user= passwd= host= db= table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 #auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed # Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so. # Standard pam includes #@include common-account #@include common-session #@include common-auth #auth required pam_shells.so ]]> database username password socket /var/run/mysqld/mysqld.sock ]]> {{sql.socket}} password ]]> *.log { missingok daily rotate 7 compress delaycompress notifempty create sharedscripts postrotate > /dev/null 2>&1 || true endscript } ]]> > /etc/portage/package.use/froxlor]]> {{settings.system.webserver}} > /etc/portage/package.use/froxlor]]> {{settings.system.mod_fcgid}} > /etc/portage/package.use/froxlor]]> {{settings.system.webserver}} {{settings.system.webserver}} {{settings.system.mod_fcgid_ownvhost}} {{settings.system.webserver}} > /etc/portage/package.use/froxlor]]> {{settings.system.webserver}} > /etc/portage/package.use/froxlor]]> {{settings.system.webserver}} {{settings.phpfpm.enabled}} > /etc/portage/package.use/froxlor]]> {{settings.system.webserver}} {{settings.phpfpm.enabled_ownvhost}} {{settings.phpfpm.vhost_httpuser}} {{settings.system.webserver}} {{settings.phpfpm.enabled_ownvhost}} bin/froxlor-cli /usr/local/bin/froxlor-cli]]> bin/froxlor-cli froxlor:cron --run-task 99]]>