Version 1.676

Released: 2025-04-??

• Dovecot 2.4.x custombuild new
• New hook: setquota_post.sh new
• dns_raw_save_post.sh to include variables remote_username, remote_hostname, filename, sign_zone new
• Usage history pages display non-sensical data evolutionfixed
• Removed crypt_method configuration option from directadmin.conf removed
• New variable: admin_ssl_cert_on_create=1 to prevent new AutoSSL certificates on creation new
• CSF: Adjusted SMTP_PORTS for SMTP_BLOCK to block 25 port only improved
• Templates: user_limit.txt and reseller_limit.txt now support token scripts, plus new tokens new
• API change for custom_domain_items fixed

Dovecot 2.4.x custombuild new

Starting with this release, the new Dovecot 2.4.x releases will be used by default.

Older Dovecot versions (2.3.x) are still supported but will only be used if the Dovecot version is explicitly customized.

Note: There are significant changes in Dovecot 2.4.x configuration. To support both versions, CustomBuild uses different configuration files depending on the Dovecot version. If the old Dovecot configuration files were customized, these customizations will not be used when building Dovecot 2.4.x. To apply the same customizations to Dovecot 2.4.x, new configuration files need to be customized as well.

New hook: setquota_post.sh new

Hook to be called after any call by DirectAdmin to the setquota or xfs_quota binaries, when setting quota limits for Users. See the setquota_post.sh hooks documentation for more information.

dns_raw_save_post.sh to include variables remote_username, remote_hostname, filename, sign_zone new

Calls to CMD_API_DNS_ADMIN?action=rawsave&username=remote_username&hostname=remote_hostname, usually called by a master DirectAdmin dns server, will now pass the remote_username, remote_hostname, filename, and sign_zone variables down to the dns_raw_save_post.sh hook script.

Usage history pages display non-sensical data evolutionfixed

User, reseller and admin level usage history pages display garbage data if there is no prior data collected (which is collected once a month). With the added fix, for example, if a newly created user were to go to System Info & Files -> Site Summary / Statistics/ Logs -> User History, they will now instead see a message letting them know why no proper data could be displayed.

Removed crypt_method configuration option from directadmin.conf removed

The password hash functions used to hash passwords for passwd-style files will no longer be configurable. The default value (SHA-512 method, also known as $6$) will always be used.

This change will help old servers that are still stuck with weak hashing algorithms ($1$ or $5$) to migrate to stronger hashes.

New variable: admin_ssl_cert_on_create=1 to prevent new AutoSSL certificates on creation new

If you do not wish to have DirectAdmin automatically create certificates when a new domain, subdomain, or domain pointer are created, set this new value to 0. They can still be created manually and managed normally. Existing certificates are not affected. Only the automatic trigger would be disabled when set to 0. Documentation for the admin_ssl_cert_on_create variable

CSF: Adjusted SMTP_PORTS for SMTP_BLOCK to block 25 port only improved

The primary purpose of enabling SMTP_BLOCK was to prevent hacked websites from making direct SMTP connections to other servers for email delivery, as these were difficult to track and resolve. However, the inclusion of ports 465 and 587 in the block list often led users to disable SMTP_BLOCK when whitelisting specific users was not an option. Reducing the blocked ports list to only port 25 should eliminate the need to fully disable the feature for the most of the users.

Templates: user_limit.txt and reseller_limit.txt now support token scripts, plus new tokens new

The user_limit.txt and reseller_limit.txt template files now support the |$/bin/sh ... DONE| method of scripting. Scripts run as root. This should allow greater control of the content of the messages send to Users/Resellers.

This change also includes new tokens for the user_limit.txt, based on the directadmin variable hard_quota_multiplier=1.1:

• QUOTALIMITGIG_HARD
• QUOTALIMITMEG_HARD
• INODELIMIT_HARD

API change for custom_domain_items fixed

Important change notice for anyone making API calls to either:

CMD_ADDITIONAL_DOMAINS?json=yes&action=view&domain=domain.com
CMD_API_ADDITIONAL_DOMAINS?json=yes&action=view&domain=domain.com

and who are using the custom_domain_items feature.

Previuosly, the json output has this url-encoded format, which was not correct, it should have been fully json-encoded:

	"custom_domain_items":
	{
		"testsetting": "type=checkbox&string=Just a test&desc=Testing at 5%25&checked=no"
	},

This change will json-encode the custom domain item's data, eg:

	"custom_domain_items":
	{
		"testsetting":
		{
			"api_only": "no",
			"checked": "no",
			"custom": "",
			"desc": "Testing at 5%",
			"name": "testsetting",
			"string": "Just a test",
			"type": "checkbox"
		}
	},

Non-json, and non-API requests will not be affected. The changes to the evolution skin will be merged at the same time as the back-end fix. This fix might not make it into this release, but we're providing as much notice as possible for everyone to make adjustments. We recommend making the required changes to your API now, simply checking the testsetting's data (as in the example), if it's either a string (url-encoded) or a json array, and handle both possible cases. You can test this change before it's merged into the alpha channel with this commit: da update dc45cf1f08e9be0ac2d6579131eaad94f423877e