Ubuntu 6.10, 7.04, 7.10, 8.04, 8.10 and 9.04 Debian Sarge, Etch and Lenny Fedora 9 Centos 5 RHEL 5 Installation Guide here
Priority Level:medium
ChangeLog
* Fixing some functions in sql_mail and mail_functions to deal with some wrong results on Vacation configurations when KyaPanel was used with SQL databeses. Many thanks to Leandro <
> that identify and fixed the problem.
* Fixing a sed separato to deal with "/" paths substitution in kp2z.sh. Thanks to Thiago <
>
* Many thanks to Thiago <
> that figures that misc.ldif file was missing on 2.2~5 Version. Without this file Zimbra integration just don't work at all. So this fix is highly recomended! * Fixing install script to don't use "localhost" anymore instead of it, use localhost IP address "127.0.0.1". This fix an error message in 64bits systems.
* A lot of fixes in Zimbra interaction and integration
* Vacation resend protection. Now a vacation message is only sent once for each sender. This protection takes 24 hours to be disabled. So each sender only will recieve one message per day.
* New POP/IMAP policie has been added. From now on all users can be forbidden to access thheir messages trought POP or IMAP protocol or both.
* Content filter, kya-filter.sh now have a new debug option. All you you need to do is set two variables in kya.conf file: DEBUG_KYAFILTER and DEBUG_KYAFILTER_FILE A lot of informations will be loged on the log file.
* A little change on bin/kya and index.php to test if Database and xinetd KyaPanel port are activated.
* A small fix to remove the html2txt command thatr is no longer used by KyaPanel. Thanks to Hugo Cisneiros <
>
* test_mail.sh script has been developed to test all Mail Module functions is all the five distributions supported with allthe three databases: OpenLDAP, MySQL and PostgreSQL. Because of that a lot of small bugs has been fixed, specially on SQL functions.
* Thanks to Carlos Greco an Eder (his rhigte arm)
* Changing the clamdscan test to work correctly.
* Now all mail functions return 1 when they abort. This allow anyone to know if that action has been done correctly seeing the "$?" value.
* kpr_sqlite_search function fixed to domain users. Now it's working.
* Functions add and quotauserchange reviewed to work properly in it's interaction with Zimbra.
* Domains quota is now working. If you try to add a user with more quota than is available to a domains, this user is not added.
* srd_control_action function in kya-filter.sh fixed to treat correctlymessages sent by e-mail clients like Thunderbird and messages sent by shell commands like nail equally.
* Now KyaPanel install is ready to deal with OpenLDAP cn=config configuration method.
* From now on KyaPanel will not ask for "bind V2" anymore. So this test in the installation has been removed and new options to use V3 has been added on the postfix options.
* Fixing myEscapeShellArg to don't treat strigs tha begin with " thats prevent messages between quotas to work as espected.
* Swaping vacation and forward control to let both work as espected when both are enabled.
* Fixing kp_clean_spam to get correct values from .Spam/new directory.
* Fixing suuserd del) function to remove users mailbox directory when KyaPanel is integrated with Zimbra.
* Minor fix on text encoding in send_vacation_local_message() function in kya-filter.sh
* New replace options in all return messages. Now the options below are
available:
# Replace =FROM= by $FROM # Replace =TO= by $TO # Replace =SUBJECT= by $SUBJ # Replace =SIZE= by $SIZE # Replace =FUSER= by $SR_USER # Replace =FILE= by $A_FILE # Replace =FORBIDDEN_EXTENSIONS= by $ALL_FORBIDDEN
* Minor change in all interface .php files to change textarea cols value from 76 to 70. This prevent table to break the background image. * Attachment control fix in kya-filter.sh when SQL database is used. * Domain user level fix on remove users permission when SQL database is used. * New conditional to know if a message are or are not infected. The way it was before doesn't work all times. This one do. * Header and Body regexp to prevent incoming messages has been reviewed and fixed. * New Backup/Restore tool to Zimbra and KyaPanel in it's alpha version. * Fixes on user change information interface on "User Language", Recipients Limit and Send Control. Thanks to Carlos Miranda <
> for pointing and fixing them. * Important fix on quota_calc function on kya-filter.sh script. A forgeted IFS make all calcs go wron on new Debian and Ubuntu versions. Fixed. Thanks to Rubens Alonso Filho <
> for pointing the issue. * A minor error on the attachment control function on kya-filter.sh. On the total control that dont allow any kind of attachment an old LDAP attribute has been use so it's dont work well. Fixed to use DomainAttachmentReturnMessSubject and DomainAttachmentReturnMess. Thanks to Carlos Miranda <
> for pointing the issue. A important fix on attachment control. The issue permit unauthorized attachments to be recieved by recipients when the sender has permition to sent them. The fix was easy: change teh value of SR_USER variable on the RCPT's check. Thanks to Thiago Antonio <
> for pointing the issue. * quota_used_space function wasn't reading quota used space from the correct place when Zimbra support was enabled. Thanks to Marcos Guireli <
> * An error on check_spf_main and check_greylist_main functions when KyaPan el is integrated with Zimbra. TEST1 and TEST2 wasn't with ${POSTCOMM} to give the correct postconf command. Thanks to Marcos Guireli <
> An error in html/mail/config/config_spamass.php file on MailCheckPostgrey() function. By Ronaldo Araujo <
>
* New logo on interface. But now only a new logo, a new layout and color schema to get it more beautiful.
* New "powered by" logo.
* Zimbra integration and support. From now on KyaPanel can interact with Zimbra. So you can use Zimbra just as a Webmail. This work makes us develop some scripts to make it work. All users from Zimbra are imported to KyaPanel and vice-versa. Then KyaPanel suggest some modifications on Zimbra's postfix to get kya-filter.sh working well.
* Added new 5 content type on attachment control. More than this, control on attachments made by Outlook Express on it's strange ".dat" files now works. By Ronaldo Araújo <
>
* A little but important fix on "Add users by list" interface. The password given on the form never works. We change the variable name.
* A fix in quota definitions to recalculate used space on user Maildir. Thanks to William Marques <
> for pointing the problem.
* phpgwaccount.schema fixed to get DomainASscore attribute Thanks to Ronaldo Araújo <
> for pointing the problem.
* Some fixes on SQL instalations: install interface fixed to give the correct value to $distro to installation. * New Courier checking for CentOS, RHEL and Fedora. On this distributions authmodulelist option on authdaemonrc can have only one and the correct option. So from now on KyaPanel Courier check it correctly.
* Fixing kp_mysql.sql and kp_pgsql.sql files to prevent "Access denied" on login screen.
* A minor fix on jp2kp_ldap.sh script to prevent a empty LDAP_PORT variable. In some old JeguePanel versions LDAP_PORT variable is not set and this provoke a malfunctioning on the jp2kp_ldap.sh script.
* A minor fix on menu_j.php file to dont show to Home links in the interfacemenu bar. * The function quotauserchange in Mail Module has been changed to fix some errors when a Domain user set a user with unlimited quota. * Little fix on the users_change.php file to prevent a division by zero error.
* A minor fix in mail binary in some "exists domain" tests, adding the -s option to prevent recursive searches.
* Little fix on kp_mysql.sql to prevent the erros message "ERROR 1136 (21S01) at line 98: Column count doesn't match value count at row 1"
* A review on the Postfix setup and anti-spam configurations. Before this KyaPanel only offers integration with SpamAssassin in one-way: bypassing messages through it. Now a lot of new stuff has been added. See below: * Postfix setup gives the hint to new "restrictions" configuration. It's added smtpd_client_restrictions, smtpd_sender_restrictions and smtpd_data_restrictions to the default setup. This increase a lot the combat efficiency against the Spam. * From now on add and remove a virtual domain don't touch /etc/main.cf file anymore. Thats why a new ldap query configuration has been added to the mydestination postfix variable. * SpamAssassin configuration has been replaced by "Anti-spam" configuration. On this one KyaPanel helps on the SPF and GreyList setup to. So now KyaPanel offer three anti-spam methods. * On "Domain options" the new "Anti-spam options" has been added to give much more anti-spam management flexibility. Now managers can setup: - SpamAssassin score: to qualify a message as spam; - What to do with Spam?: messages qualified as spam can be removed or forwarded to some other e-mail address; - Automatically clean spam?: this is a new script that runs on the cron checking by spam messages in the ".Spam" folder to be removed and teach SpamAssassin. This can be activated or not; - IP address reverse check: this kind of anti-spam checking can be disabled for this domain; - Greylist check: this kind of anti-spam checking can be disabled for this domain; - SPF check: this kind of anti-spam checking can be disabled for this domain; - Header content check: to search in the messages header for forbidden words or phrases; - Body content check: to search in the messages body for forbidden words or phrases; * Finally this two las options "Header content check" and "Body content check", has been delivered to the regular uses too. So, they can have their own blacklist to.
* phpgwcontact.schema file fixed, adding the autoForwardMailsStore attribute * All the jp2kp scripts hass been appended with some options to kill jpr, mailgraph and couriergraph processess that remains from the old JeguePanel installation.
* bin/kya main core has its logon function fixed. To allow compatibility to Fedora and CentOS distributions teh errorlevel exit "2>$1" has changed position and this changed teh validation system based on the ldapsearch errorlevel. In the new way it will, always, return sucess to login. * kya install script fixed in line 194. The error was a quote missing in the end of TEST2 variable definition. So this fix solve the error message below: ./kya: line 884: unexpected EOF while looking for matching ``' ./kya: line 1251: syntax error: unexpected end of file * Now the Spamassassin integration will consider spam any message that returns 4 as level. This will increase the restriction level and will be more efficient against spam messages. * Now the forward message option has the feature to keep a message copy in the local recipient too. So messages are forwarded and, if the user wish, keep a copy. * Recipients number control added. From now on KyaPanel allows controls to how many recipients each message can have, by domain and by user. * Now administrators and super users can setup user vacation message. This feature was only available to the regular users to setup its own vacation message. To do so some new interface files and adminusers functions has to be added to KyaPanel. * From now on the users mailbox quota is no longer controlled by the script check_quota and enable_user. This two use to be executed by cron service and restrictions only got effect after an our. From now on the quota control, is done on-the-fly when message arrives in the user mailbox. To do that a new function called quota_control has been developed in the kya-filter.sh file.
* Project change name from JeguePanel to KyaPanel. So all code and images that contains the words JEGUE, Jegue or jegue has been replaced by KYA, Kya and kya. This means a lot of files with this change. * This version has been modified to work prefectly in Fedora, CentOS and RHEL. Some new files has been developed to help KyaPanel installation in this dristros. * All the <> chars has been replaced by == to prevent some strange error with base64 encryption
* New daemon command added in jegue-daemon to run independent "ad commands"; * Some rearrangements in mail_functions.php to group the AD Plugin functions; * Some unecessary code removed from the mail binary
The check_quota script has been fixed to use the same functions as jegue-filter.sh to retrieve messages from the LDAP. The logic to calc the percentage of mailbox was reviewd as well. Some fixes to make the BCC work well: 1) Add the SenderBccUser and RecipientBccUser in the phpgwaccount.schema file; 2) Change the value of senderbcc_search_base and recipientbcc_search_base from ou=aliases to ou=mail to make the Postfix search found something. Thanks to Paulo <
> for pointing the needed changes.
All the functions to add and modify warnings messages for all the domains controls was cutting out the last two frases. This was been fixed.
* Problem with some procedures to read parameters from smb.conf fixed. * Function to write parameters in smb.conf file are wrong, deleting the file when exists duplicated option (with ; or #)
* Language configurations for regular users has been fixed. The problem was that the default language, something like "pt_BR" don't match the real system language thats usually is something like pt_BR.UTF-8. So what we do now is test if any part of the "default" language is part of the defined language on the JEGUELANG variable. If it was, we just use it's value. * Attachment control fixed in jegue-filter.sh file. Now doesn't matter the files attachment order or if the filenames has accents or not. * Postlog fixed. 2>/dev/null has been removed from all the postlog commands in jegue-filter.sh file. * The Attachment control now loks for "filename" and "name" to get the attachemtns names.
* Function check_courier fixed to search and detect Courier configurations problems to the options LDAP_BINDDN and LDAP_BINDPW
* Fixed wrong behavior in the config_jegue_dom_srd.php and
config_jegue_dom_attach.php files. The fix was in the
MailAdReplaceDomainOption function in mail_functions.php file.
* Trouble with long domain names fixed. To do that all the ldapsearch commands has to pass in a pipe with sed to prevent it's truncated output. The sed syntax was: sed -e :a -e '$!N;s/\n //;ta' -e 'P;D'.
Thanks to Beraldo Leal <
> for discover the correct sed syntax.
* Function MailSuAlwaysBccAdd in mail_functions.php file fixed to avoid the incorrect value "jegue" when the "Users" field is empty.
* Function passwd fixed in mail/bin/mail file to allow the correct password change for the "jegue" user.
* Remove "exit 0" command from the "vacation_control" function in
jegue-filter.sh file. This command was a bug that don't allow messages to arrive in the users mailbox when they was vacation enabled.
* Some fixes in the Courier config setup. The mos relevant was the adition of the Courier LDAP_AUTHBIND option that must be defined to 1 and the las version just dont look for it.
* Some text fixes to pt_BR internacionalization. * Fixes in functions.php to fix this wranings:
Warning: htmlspecialchars() expects parameter 1 to be string, array given in /usr/share/jeguepanel/html/includes/functions.php on line 17 Warning: htmlspecialchars() expects parameter 1 to be string, array given in /usr/share/jeguepanel/html/includes/functions.php on line 22 Warning: Cannot modify header information - headers already sent by (output started at /usr/share/jeguepanel/html/includes/functions.php:17) in /usr/share/jeguepanel/html/includes/functions.php on line 48
* Some interface files was vulnerable to commands injections by include() PHP function when PHP has register_global = on and allow_url_include = on. This has been fixed adding this: if ( count( get_included_files() ) == 1 ) die( '---' ); in the first line of the needed files. * KyaPanel Interface was vulnerable to XSS attacks. Now we filter all inputs from $_REQUEST, $_POST and $_GET with htmlspecialchars() function to prevent this. Thanks to Fernando Muñoz <
> for alert us and point the bug.
All functions files in the KyaPanel interface has been modified to fix a bash commands injection vulnerability. So all the PHP functions that calls exec() function has been treated with the escapeshellarg() function to avoid this vulnerability.
Thanks to Fernando Muñoz <
> for alert us and point the bug.
Change on the function jpr_sqlite_all for adminusers and suusers to return only sent messages in the last hour. This is to improve the return and make the interface be showed faster.
Change on the jpr.pl daemon to don't test if a register exists or not. The point is: it's only collects new messages so this can be removed. This little change make it even more lightweight.
Functions jpr_sqlite_search, for all users level, was been fixed. Search filter wasn't working well.
By Anahuac de Paula Gil <
>
Function check_courier fixed to display correct message when JP is installed with SLQ.
* phpgwaccount.schema fixed to get DomainASscore attribute Thanks to Ronaldo Araújo <
> for pointing the problem.
* Some fixes on SQL instalations: install interface fixed to give the correct value to $distro to installation. * New Courier checking for CentOS, RHEL and Fedora. On this distributions authmodulelist option on authdaemonrc can have only one and the correct option. So from now on KyaPanel Courier check it correctly.
* Fixing kp_mysql.sql and kp_pgsql.sql files to prevent "Access denied" on login screen.
* A minor fix on jp2kp_ldap.sh script to prevent a empty LDAP_PORT variable. In some old JeguePanel versions LDAP_PORT variable is not set and this provoke a malfunctioning on the jp2kp_ldap.sh script.
* A minor fix on menu_j.php file to dont show to Home links in the interfacemenu bar. * The function quotauserchange in Mail Module has been changed to fix some errors when a Domain user set a user with unlimited quota. * Little fix on the users_change.php file to prevent a division by zero error.
* A minor fix in mail binary in some "exists domain" tests, adding the -s option to prevent recursive searches.
* Little fix on kp_mysql.sql to prevent the erros message "ERROR 1136 (21S01) at line 98: Column count doesn't match value count at row 1"
* A review on the Postfix setup and anti-spam configurations. Before this KyaPanel only offers integration with SpamAssassin in one-way: bypassing messages through it. Now a lot of new stuff has been added. See below: * Postfix setup gives the hint to new "restrictions" configuration. It's added smtpd_client_restrictions, smtpd_sender_restrictions and smtpd_data_restrictions to the default setup. This increase a lot the combat efficiency against the Spam. * From now on add and remove a virtual domain don't touch /etc/main.cf file anymore. Thats why a new ldap query configuration has been added to the mydestination postfix variable. * SpamAssassin configuration has been replaced by "Anti-spam" configuration. On this one KyaPanel helps on the SPF and GreyList setup to. So now KyaPanel offer three anti-spam methods. * On "Domain options" the new "Anti-spam options" has been added to give much more anti-spam management flexibility. Now managers can setup: - SpamAssassin score: to qualify a message as spam; - What to do with Spam?: messages qualified as spam can be removed or forwarded to some other e-mail address; - Automatically clean spam?: this is a new script that runs on the cron checking by spam messages in the ".Spam" folder to be removed and teach SpamAssassin. This can be activated or not; - IP address reverse check: this kind of anti-spam checking can be disabled for this domain; - Greylist check: this kind of anti-spam checking can be disabled for this domain; - SPF check: this kind of anti-spam checking can be disabled for this domain; - Header content check: to search in the messages header for forbidden words or phrases; - Body content check: to search in the messages body for forbidden words or phrases; * Finally this two las options "Header content check" and "Body content check", has been delivered to the regular uses too. So, they can have their own blacklist to.
* phpgwcontact.schema file fixed, adding the autoForwardMailsStore attribute * All the jp2kp scripts hass been appended with some options to kill jpr, mailgraph and couriergraph processess that remains from the old JeguePanel installation.
* bin/kya main core has its logon function fixed. To allow compatibility to Fedora and CentOS distributions teh errorlevel exit "2>$1" has changed position and this changed teh validation system based on the ldapsearch errorlevel. In the new way it will, always, return sucess to login. * kya install script fixed in line 194. The error was a quote missing in the end of TEST2 variable definition. So this fix solve the error message below: ./kya: line 884: unexpected EOF while looking for matching ``' ./kya: line 1251: syntax error: unexpected end of file * Now the Spamassassin integration will consider spam any message that returns 4 as level. This will increase the restriction level and will be more efficient against spam messages. * Now the forward message option has the feature to keep a message copy in the local recipient too. So messages are forwarded and, if the user wish, keep a copy. * Recipients number control added. From now on KyaPanel allows controls to how many recipients each message can have, by domain and by user. * Now administrators and super users can setup user vacation message. This feature was only available to the regular users to setup its own vacation message. To do so some new interface files and adminusers functions has to be added to KyaPanel. * From now on the users mailbox quota is no longer controlled by the script check_quota and enable_user. This two use to be executed by cron service and restrictions only got effect after an our. From now on the quota control, is done on-the-fly when message arrives in the user mailbox. To do that a new function called quota_control has been developed in the kya-filter.sh file.
* Project change name from JeguePanel to KyaPanel. So all code and images that contains the words JEGUE, Jegue or jegue has been replaced by KYA, Kya and kya. This means a lot of files with this change. * This version has been modified to work prefectly in Fedora, CentOS and RHEL. Some new files has been developed to help KyaPanel installation in this dristros. * All the <> chars has been replaced by == to prevent some strange error with base64 encryption
* New daemon command added in jegue-daemon to run independent "ad commands"; * Some rearrangements in mail_functions.php to group the AD Plugin functions; * Some unecessary code removed from the mail binary
The check_quota script has been fixed to use the same functions as jegue-filter.sh to retrieve messages from the LDAP. The logic to calc the percentage of mailbox was reviewd as well. Some fixes to make the BCC work well: 1) Add the SenderBccUser and RecipientBccUser in the phpgwaccount.schema file; 2) Change the value of senderbcc_search_base and recipientbcc_search_base from ou=aliases to ou=mail to make the Postfix search found something. Thanks to Paulo <
> for pointing the needed changes.
All the functions to add and modify warnings messages for all the domains controls was cutting out the last two frases. This was been fixed.
* Problem with some procedures to read parameters from smb.conf fixed. * Function to write parameters in smb.conf file are wrong, deleting the file when exists duplicated option (with ; or #)
* Language configurations for regular users has been fixed. The problem was that the default language, something like "pt_BR" don't match the real system language thats usually is something like pt_BR.UTF-8. So what we do now is test if any part of the "default" language is part of the defined language on the JEGUELANG variable. If it was, we just use it's value. * Attachment control fixed in jegue-filter.sh file. Now doesn't matter the files attachment order or if the filenames has accents or not. * Postlog fixed. 2>/dev/null has been removed from all the postlog commands in jegue-filter.sh file. * The Attachment control now loks for "filename" and "name" to get the attachemtns names.
* Function check_courier fixed to search and detect Courier configurations problems to the options LDAP_BINDDN and LDAP_BINDPW
* Fixed wrong behavior in the config_jegue_dom_srd.php and
config_jegue_dom_attach.php files. The fix was in the
MailAdReplaceDomainOption function in mail_functions.php file.
* Trouble with long domain names fixed. To do that all the ldapsearch commands has to pass in a pipe with sed to prevent it's truncated output. The sed syntax was: sed -e :a -e '$!N;s/\n //;ta' -e 'P;D'.
Thanks to Beraldo Leal <
> for discover the correct sed syntax.
* Function MailSuAlwaysBccAdd in mail_functions.php file fixed to avoid the incorrect value "jegue" when the "Users" field is empty.
* Function passwd fixed in mail/bin/mail file to allow the correct password change for the "jegue" user.
* Remove "exit 0" command from the "vacation_control" function in
jegue-filter.sh file. This command was a bug that don't allow messages to arrive in the users mailbox when they was vacation enabled.
* Some fixes in the Courier config setup. The mos relevant was the adition of the Courier LDAP_AUTHBIND option that must be defined to 1 and the las version just dont look for it.
* Some text fixes to pt_BR internacionalization. * Fixes in functions.php to fix this wranings:
Warning: htmlspecialchars() expects parameter 1 to be string, array given in /usr/share/jeguepanel/html/includes/functions.php on line 17 Warning: htmlspecialchars() expects parameter 1 to be string, array given in /usr/share/jeguepanel/html/includes/functions.php on line 22 Warning: Cannot modify header information - headers already sent by (output started at /usr/share/jeguepanel/html/includes/functions.php:17) in /usr/share/jeguepanel/html/includes/functions.php on line 48
* Some interface files was vulnerable to commands injections by include() PHP function when PHP has register_global = on and allow_url_include = on. This has been fixed adding this: if ( count( get_included_files() ) == 1 ) die( '---' ); in the first line of the needed files. * KyaPanel Interface was vulnerable to XSS attacks. Now we filter all inputs from $_REQUEST, $_POST and $_GET with htmlspecialchars() function to prevent this. Thanks to Fernando Muñoz <
> for alert us and point the bug.
All functions files in the KyaPanel interface has been modified to fix a bash commands injection vulnerability. So all the PHP functions that calls exec() function has been treated with the escapeshellarg() function to avoid this vulnerability.
Thanks to Fernando Muñoz <
> for alert us and point the bug.
Change on the function jpr_sqlite_all for adminusers and suusers to return only sent messages in the last hour. This is to improve the return and make the interface be showed faster.
Change on the jpr.pl daemon to don't test if a register exists or not. The point is: it's only collects new messages so this can be removed. This little change make it even more lightweight.
Functions jpr_sqlite_search, for all users level, was been fixed. Search filter wasn't working well.
By Anahuac de Paula Gil <
>
Function check_courier fixed to display correct message when JP is installed with SLQ.
Download 
