spamexperts / directadmin-addon Goto Github PK

It looks like the recent changes still haven't been made available on your download page. Is there any particular reason for that? It currently means we have to make a release ourselves and I prefer not to.

Version information

Latest versions.

Steps to replicate

1. Install Directadmin custombuild 2 on any centos like OS
2. Create domain, remove domain. anything that fires off the hooks.

Example:
Domain_create_post.sh is triggered but cannot succesfully run.
We need to add a 'hack' to make this work.

This only works when we add this into the file.
php -d disable_functions="" after the echo

Actual result

Script does not run. Not enough permission to do so because of disabled function.
It does not seem to care what functions i enable or disable on the server for hosted PHP versions.
(There is also no information given what it needs and what server PHP version is used).

Expected result

Plugin should work without this.
We run more plugins and never seen this before. There simply should be enough permissions present to make this work.

Other notes

I don't know how others do this or are able to run this without this hack. It has been like this for us since i can remember. I created ticket multiple times for this but no real solution was given. Hoping with some plugin changes this would not be needed anymore since it's just unsafe.

Our directadmin addon currently requires plain text passwords in the configuration file. We should add support for login keys for more secure access control.

Acceptance criteria

• We should also still support passwords in the configuration file as not to break backwards compatibility
• Everything else should work the same as before

Other notes

• We might consider deprecating the support for passwords at some point.

Version information

4.0.1508925016

We are testing on our server new Directadmin skin - evolution, that is in beta now, but will be released very soon. This is new default directadmin skin.

And there is some problem with your plugin in new skin.
When we try use check status link at any users
https://mail1.tuthost.com:2222/CMD_PLUGINS/spamexperts

we got error in console:
VM767:1 Uncaught SyntaxError: Unexpected token < in JSON at position 0
at JSON.parse ()
at Function.parseJSON (spamexperts?iframe=yes:5)
at parseAjaxResponse (spamexperts?iframe=yes:13)
at Object.success (spamexperts?iframe=yes:178)
at c (spamexperts?iframe=yes:5)
at Object.fireWith [as resolveWith] (spamexperts?iframe=yes:5)
at k (spamexperts?iframe=yes:7)
at XMLHttpRequest.r (spamexperts?iframe=yes:7)

And check button does not work. Maybe you could check your plugin work with new directadmin skin?

PHP Warning: Missing argument 2 for DirectAdmin_API::getDomainsMxRecords(), 
called in /usr/local/directadmin/plugins/spamexperts/lib/SpamExperts_API.php on line 177 
and defined in /usr/local/directadmin/plugins/spamexperts/lib/DirectAdmin_API.php on line 50

This was introduced in b76bf7b by myself. I'll submit a merge request hopefully later today.

Version information

Controlpanel DirectAdmin (Custombuild) 1.53.4
PHP version 7.2.9
Addon version 4.0.1508925016

Actual result

There are errors when deleting or creating a domainname. DNS records are not changed due to this error.
This is on a freshly installed Centos 7 server with Directadmin Custombuild.
I did not have these issues with older servers. These older servers all use PHP-FPM 5.6 as main PHP version insead of 7.2.
Installing older addon versions onto this new server gives the same errors.
I installed a 2nd Centos server with Directadmin and got the same results. Exactly the same errors.

Steps to replicate

• What i did:

1. New installation of Centos 7 + Directadmin Custombuild with PHP-FPM 7.2 + 5.6 with Nginx as proxy. Exim, Dovecot.
2. Installation and configuration of SpamExperts Spamfilter Directadmin-addon
3. Add new domain in any user. Error occurs here. Domain is not added to SpamExperts Spampanel. MX records are not changed to SpamExperts records which set in SpamExperts directadmin-addon.
4. Go to SpamExperts directadmin-addon as admin. Toggle protection for the newly added domain. Gives success and domain is added to SpamExperts Spampanel but MX records are not changed.
5. Delete domainname created in user. Error occurs here.

Errors on domain creation:
PHP Notice:
Undefined variable: output in /usr/local/directadmin/plugins/spamexperts/lib/Configuration.php on line 55

PHP Notice:
Undefined variable: return in /usr/local/directadmin/plugins/spamexperts/lib/Configuration.php on line 55

PHP Warning:
exec() has been disabled for security reasons in /usr/local/directadmin/plugins/spamexperts/lib/Configuration.php on line 55

PHP Notice:
Undefined variable: output in /usr/local/directadmin/plugins/spamexperts/lib/Configuration.php on line 57

PHP Warning:
implode(): Invalid arguments passed in /usr/local/directadmin/plugins/spamexperts/lib/Configuration.php on line 57

Other notes

I enabled debug.
Only a prospamfilter_admin.log was created. Containing nothing generated when deleting or creating a domain name.
It did contain rules generated when protection is enabled for domain as Directadmin admin.

prospamfilter_admin.log below:

2018-09-26 23:08:23
Request login.antispamcloud.com/api/domain/exists/domain/xxxxx.com/format/json
HTTP 200
{"messages":{"error":["The domain 'xxxxx.com' does not belong to the admin '[email protected]'."]},"result":null}

2018-09-26 23:08:28
Request login.antispamcloud.com/api/domain/add/domain/xxxxx.com/destinations/["mail.xxxxx.com","relay.xxxxx.nl"]/format/json/
HTTP 200
{"messages":{"success":["'Email archiving' has been disabled for the domain 'xxxxx.com'","Email notifications for the domain 'xxxxx.com' changed to be sent from '[email protected]'","Domain timezone updated successfully","Administrator's contact email for the domain 'xxxxx.com' is changed to ''","Domain 'xxxxx.com' added"]},"result":null}

I hope this can be tested en solved, i gladly help where possible.
To me the issue seems related to PHP 7.2 and currently just not compatible.

Currently the Direct Admin addon only supports one PHP instance. Sometimes there are setups that use multiple PHP versions. We should be able to handle system setups that have 2 of these. The current setup uses /usr/local/bin/php, however we should also support custom locations like /usr/local/php55

Hello,

Since DA release 1.62 our SpamExperts plugin does not work properly.
I see that in f576d6b this is fixed by @LaurentiuTeodorescu - we tried this manually and it works.

However, normally we have an "Update" button in the DA plugin interface, but the new version is not yet available there.
Can we expect it to be available soon?

Thanks!

Let's be honest, this plugin hasn't really gotten any real attention for years.

It's insecure (#22) and apart from a new logo, it's hardly maintained. Although there is an issue about verifying PHP 7 compatibility, this was never addressed. On recent versions we get deprecation errors (#19).

I would argue that this plugin needs to be rebuild from the ground up. Preferably not by ModulesGarden. Their code is often riddled with bugs and the quality of their code is low.

@dbistriceanu @LaurentiuTeodorescu @tonyandrewmeyer

Some points of attention:

• Use a supported version of PHP and keep this up to date.
• Use a modern approach to use the API (or keep the DirectAdmin class update, even though this class isn't great).
• Do not use jQuery (especially not 1.10.2.. it's 8 years (!!!) old. Use native JavaScript and AlpineJS for dynamic things.
• Write tests for all PHP code (with PEST or PHPUnit).
• Include documentation within the repository or keep it maintained elsewhere.

It appears when 2 users have the same beginning part of the username, the domain list shows the domain from the other user with the same first part of their username. This is a data/privacy issue.

Version information

# cat available_version.txt 
4.0.1490694693

Steps to replicate

1. install addon
2. Create reseller
3. Create user bob and add domain example.com
4. Create user bobsfriend and add domain example.net
5. Login as bob
6. Click Professional Spam Filter
7. Click domain list

Actual result

Result shows the domain from bob and bobsfriend

Expected result

Only the domains from that user should be shown.

Other notes

Version information

I must say I feel reluctant to open an issue here because it feels like SpamExperts has dropped the ball and doesn't do any development on this anymore.

This module is using __autoload which is deprecated for a while. It needs to be replaced with spl_autoload_register. This function has been deprecated for 3 (!!) years.

Steps to replicate

Use the module.

Actual result

Get a deprecation notice.

Expected result

No notice.

Other notes

If you check a domain for protection it may return the following error message:

The domain 'domain.com' does not belong to the admin 'adminuser'

That gives away the admin user you're connecting with. It shouldn't.

Would be good to tests and adjust anything in the direct admin addon against php7. Any issues found should be fixed here.

This should still work with both php5 and php7.

Version information

DirectAdmin v.1.50.1
PHP version: 5.5.38

Steps to replicate

1.The client installed DA, with API enabled with SSL. He set public IP address of server and admin credentials in file directadminapi.conf.new, packaged file as tar.gz and installed.

Actual result

He's getting an error: No Connection. Please, setup connection details in "directadminapi.conf". SSL certificate is self-signed -

Expected result

Other notes

When he disables SSL ssl=0 in directadminapi.conf.new then it still doesn't work and error message is the same.

whmcs #526813

Version information

4.0.1490694693

Steps to replicate

1. Login as a user at user level
2. Go to domain setup
3. Click Change a Domain Name
4. Enter new value and save

Actual result

Domain is not being changed in SpamExperts, old domain stays

Expected result

Domain being changed to new value

Other notes

Basing a decision on whether or not a dot is set at the end of a record and if it includes $domain is extremely sensitive to false positives. If a user has decided to move their e-mail and only change the A records, not the MX records, this plugin will happily destroy it all. If the e-mail is hosted elsewhere there's only one setting that matters and that can be found in CMD_API_DNS_MX?domain=.

If internal is set to yes all e-mail is handled by the server the domain is also hosted on. If it's set to no then you can be sure it's hosted elsewhere.

Unfortunately though DirectAdmin has only made this setting available to a user. As an admin user you don't have direct permissions to run this API call. The only way to get around that is to connect as the user who owns the domain and run the call as that user. You would have to create a different socket that uses set_login('admin|username', 'password'). That way you do have access to CMD_API_DNS_MX.