Search results

Hi All, Right now it is not clear (to me) if the DirectAdmin Exim configuration is actually vulnerable for this RCE. More info here: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115

These rules accept all outgoing udp/tcp packets from uid=0 (root), see the ALLOWOUT chain in iptables: Chain ALLOWOUT (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0...

The license check issues seems to occur after a server reboot. We had some contact with support and they pointed us to CSF. We added and tested with these two rules in csf.allow: tcp|out|u=0 # Added by DirectAdmin udp|out|u=0 # Added by DirectAdmin I have not figured out why these rules work...

@fln I wouldn't mind to switch to update_channel=stable for some of our hosts, as long as we can be sure that the stable release still gets critical bug and security updates for all custombuild software. However, there may be situations where I need to pin specific releases in...

I'm aware what it does. It was an accepted risk for legacy clients/devices which were (or are) unable to use SMTP authentication. Anyway, I suppose it is time to move on and remove it finally.

I have another issue related to exim.variables.conf.custom. Some hosts we manage still have pophosts enabled in exim.variables.conf.custom: hostlist relay_hosts=net-lsearch;/etc/virtual/pophosts After the update this file no longer exists: ls -la /etc/virtual/pophosts ls: cannot access...

I can confirm that the update fixed the issue. Thanks!

I believe /etc/exim.variables.conf.custom is still in use but (some) settings are now added for a second time. The custombuild/build script still contains code to merge /etc/exim.variables.conf.custom and /etc/exim.variables.conf.default in a temporary /etc/exim.variables.conf.merged file.

Since DirectAdmin version 1.646 we have issues on servers with exim.variables.conf.custom. We have many servers with custom openssl_options, tls_require_ciphers, tls_certificate or other settings. For example: /usr/local/directadmin/custombuild/build exim_conf 2023-01-05 14:41:20 Exim...

Same demo mode error here. When creating a new user the user config below contains a demo=no line: /usr/local/directadmin/data/users/<username>/user.conf Because of that line installatron fails to install the application. If you check /var/installatron/logs/install_error_log it contains this...

We also had a few servers where pure-ftpd-1.0.51 failed to start after the update because pure-ftpd.pem was missing: Oct 18 12:58:20 server pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/pure-ftpd.pem] I also see that versions.txt on files.directadmin.com still lists...

Custombuild build checks if the PHP1_RELEASE_OPT release is 7.3 or lower but, according the Roundcube release notes it is < 7.3. So 7.3 and greater should be supported? if [ "`version_cmp ${ROUNDCUBE_VER} 1.6.0 'RC 1.6.0 php 7.3 check'`" -ge 0 ]; then #RC 1.6.0+ will not run on php...

We noticed that Apache was hanging because the OCSP responders from Let's Encrypt are or were unreachable. On our DirectAdmin servers with Apache, we use the following OCSP stapling settings: SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache...

Indeed, build update was needed before running build_versions. That works as expected: ./build update ./build update_versions Updating exim.conf Selecting exim.conf 4.5.35 automatically, as older versions are not supported with exim 4.95 and newer.

I did ./build update_versions Is a ./build update still needed to update all packages/configs?

Exim message_linelength_limit has been fixed in exim.conf 4.5.36: https://files.directadmin.com/services/SpamBlocker/4.5.36/exim.conf-SpamBlockerTechnology-v4.5.35-to-v4.5.36.diff

I just noticed a new exim.conf version with message_linelength_limit was released today. If you currently have Exim 4.94.2 pinned in custom_versions.txt, remove it first: sed '/exim:4.94.2:/d' -i /usr/local/directadmin/custombuild/custom_versions.txt Then upgrade to Exim 4.95...

Thanks!

Roundcube 1.4.12 (LTS) is not available on files.directadmin.com. Is it possible to update the version on the file servers? It has some security fixes.

It seems that build does not check the Roundcube version, only the MySQL version: if ${OLD_MYSQL}; then echo "${boldon}RoundCube ${ROUNDCUBE_VER} requires newer version of ${MYSQLNAME} than ${MYSQLV}, alternatively, the following my.cnf configuration can be set:${bold$ echo...