d00p

das ist auch immernoch relevant...wenn ich mir den plugin code anschaue setzt er die prefixe genau wie froxlor wenn entsprechender Algorithmus angegeben ist...

nicht roundcube log, mail.log von deinem OS...dovecot/postfix ...

When setting passwords via froxlor ,they should be prefixed with the hash-algorithm, e.g. {ARGON2ID}$argon2id$v=19$m=65536,t=4,p=1$..... or {SHA256-CRYPT}$5$jUc6fv4qb..... or similar

logs vom dovecot/postfix? Welches OS?

dann hast du sicher die template config von uns 1:1 komplett kopiert. Roundcube hat da wohl einiges mehr angepasst. Nimm am besten immer die config.inc.php.dist und passe nur das nötigste an, siehe https://github.com/Froxlor/Froxlor/blob/extras/roundcube_plugins/password/README.md

welche hash methode hast du denn in der config für $config['password_algorithm'] angegeben?

Looks like they've changed the replacers. // The SQL query used to change the password. // The query can contain the following macros that will be expanded as follows: // %p is replaced with the plaintext new password // %P is replaced with the crypted/hashed new password // according to configured password_algorithm // %o is replaced with the old (current) password // %O is replaced with the crypted/hashed old (current) password // according to configured password_algorithm // %h is replaced with the imap host (from the session info) // %u is replaced with the username (from the session info) // %l is replaced with the local part of the username // (in case the username is an email address) // %d is replaced with the domain part of the username // (in case the username is an email address) So you'd have to use %P instead of %c

Log-Einträge von roundcube? Irgendwas hilfreiches?

And it doesnt have to - as long as you are using the system-hostname or an alias specified in the settings

Same question

maybe then dont blindly/automatically update - or possibly just dont use the froxlor apt-package and update manually after checking the changelog. I'm open for ideas if you have any... These were gone since 2.0 already, looks like we've missed these files in the updater to remove them...

Fix: UPDATE `panel_settings` SET `value` = 'bullseye' WHERE `settinggroup` = 'system' AND `varname` = 'distribution';

Your host squeakyhost.com redirects to www.squeakyhost.com, froxlor does not do a www-redirect itself. Must be something custom on your side. If www.squeakyhost.com is a configured froxlor-alias (Settings -> froxlor vhost settings -> Domain aliases for froxlor vhost) then you would still see the froxlor login and not an empty page with just a background-color being set. From the looks of the content of your vhost it seems that the "ServerAlias"-directive has possibly been added via "own vhost settings"

@llucps see - also, froxlor manages its own vhost just fine, also with your own wildcard-certificate if required...

This is a CUSTOMER vhost ...the froxlor vhost starts with 10_froxlor_*. This is definetly not the way froxlor should be accessible (as php process is running as 'customer' not the froxlor user...owner-mismatch, etc. - not good). Please use the correct setting in: Settings -> System settings -> Hostname And be sure at least one if your ip/port combinations has the 'Create vHost-Container' flag enabled

99% misconfiguration. Are you sure you are using the domain that is specified in either system.hostname or froxlor-aliases settings?

Dear froxlor community, we are pleased to announce the release of froxlor 2.1! Notable new features, improvements and also breaking changes are listed below: Duplicate domains: You can now easily duplicate domains as admin user. With just one click, specify the new domain-name and select the target-customer and all the compatible settings from the source domain will be used for the new domain. Via the new API call Domains.duplicate(), you can even overwrite any domain-value you like by passing them to the request, just like you would for Domains.add(). Deactivate single domains: It is now possible to deactivate and re-activate single domains. This also deactivates any email-address/account created with that domain. Deactivate single ftp-accounts: As well as domains, users can now enable or disable a specific ftp-account. One-Time Login links: Admin users are now able to generate a one-time login-link for customers via CLI or API, which start a customer session automatically without the customer entering any login credentials. This comes in handy especially when using third-party interfaces / portals to integrate a link to the customers froxlor dashboard. You can also specify the validity time for the link (from 10 up to 120 seconds) and a comma-separated list of IP addresses to restrict the request-source. The corresponding added API call is Froxlor.generateLoginLink(). CustomerBackup is now DataDump: The CustomerBackup API calls and its integration in the UI has been renamed to DataDump to clarify the difference between a one-time data-extraction/dump and backups. This also paves the path for a possible Backup-feature in the future. Additionally, if the php-gnupg extension is present, you have the ability to encrypt your data-exports with your pgp-key. OTP for critical settings: We've added an OTP requirement for some of the critical/system-related settings in order to enhance security. To change these specific settings, 2FA/OTP has to be enabled system-wide and activated for the current admin user. More details see https://docs.froxlor.org/v2.1/admin-guide/settings/#_1-3-settings-that-require-otp-validation Custom page for unmanaged/unknown domains: In case a domain is pointing to your server but is not yet added to froxlor a customizable notice is now displayed instead of the froxlor login page. You can specify your own content for the file as admin in "Email- & File-templates". New update channel 'nightly': We now create nightly-builds for every successful push to the git-repository. If you want to participate in testing the current development state, you are now able to do so without the need to have composer/npm and all the dev-tools requirements but just use a pre-built nightly. These packages are only available through the updater of froxlor (either CLI or Web-Update, if enabled). To activate, just select the update-channel 'nightly' (only available in settings-mode 'advanced'). Keep in mind that downgrades are not supported. You can always switch back to the stable or beta channel but you will have to wait until corresponding releases catch up to the nightly-version you have. Changes in 2.1: New features: [API] new Domains.duplicate() command to copy domains [API] One-Click One-Time-Login-Link (remote-login) via newFroxlor.generateLoginLink() [API] Domains.add()/update() -> added parameter `deactivated` [API] Ftps.add()/update() -> added parameter `login_enabled` [UI] OTP requirement for specific/system-relevant settings [UI] markdown syntax in custom_notes field [UI] change password/theme/language is now combined in profile [Settings] New update-channel "nightly" (development-versions only, every signed commit to 'main' will be build) [CLI] new froxlor:config-diff command [other] In order to encrypt data-exports using pgp you need to have the php-gnupg extension installed and activated. [other] Domains pointing to the server but are unmanaged by froxlor will now display a corresponding message. Breaking changes: [API] CustomerBackups renamed to DataDump [Services] support for lighttpd webserver will be dropped in future 2.1 releases due to no active maintainer and no significant user-base [Distros] Debian 10 buster & Ubuntu 18.04 bionic were deprecated as of 2.0.x and are now removed in froxlor-2.1 [Distros] Gentoo is deprecated due to no active maintainer [Config] postfix needs reconfiguration in the file `/etc/postfix/mysql-virtual_mailbox_domains.cf` in order for deactivated domain flag to be recognized Alternatively, simply search for the line: query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' and replace it with: query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1' AND deactivated = 0 Changes in 2.1.1: [DNS] fix wrong result in Domain::getMainSubdomainIds(); #1202 [Install] fix wrong version being set Changes in 2.1.2: [general] fixed compatibility with older installations [DNS] fixed wrong type when dns zone for system-hostname is active [UI] fixed non-empty value for file-input fields when using uploaded logos [UI] fixed 2fa login when using email validation [UI] fixed wrong size-unit for mailquota-dashboard-info [UI] fixed possibility to have empty name/surname and empty company [Installation] allow more complex passwords to be set (skip escaping) Changes in 2.1.3: [CLI] Add manual_config parameter to install json; #1208 [API] use panel.password_min_length setting for Froxlor.generatePassword() default length parameter [general] allow '::1' as valid mysql localhost value [UI] fixed bug that lead to select-box values not being changed [UI] fixed bug that lead to an error when using custom.css Changes in 2.1.4: [UI] Don't show stats-icon for domains with redirect [Cron] hide goaccess output in traffic cron and keepalive database connection for long-running log-analysis [Cron/Apache] use same certificate-file if child-domain inherits the parentdomain's certificate data (avoid possible http 421 Misdirected Request) [UI] use different language string for password-placeholder when adding a new customer; fixes #1216 [Install] don't use deprecated 'mysql_native_password' for mysql8; fixes #1214 [Install] possibility to specify sender address for froxlor as the admin-email address, custom or empty for system-default; fixes #1217 [general] don't output ipv6 in brackets for system.ipaddress setting as the brackets will be added to the value resulting in an invalid mysql-access-host; fixes #1215 [settings] use correct validation for dnscheck-resolver; fixes #1220 Changes in 2.1.5: [Config] disable pam auth in dovecot for debian bookworm [general] Check for argon2 support before using constant PASSWORD_ARGON2X; #1228 [UI] fix incorrect top-5 customers in traffic overview for admins [UI] show manual update command if webupdate is disabled [Cron] create empty dns-server config if no (dns-enabled) domain is determined; fixes #1230 [general] set correct channel for update-check if switching from apt-installed stable/testing to nightly [API] fix check for allowed_phpconfigs if using mod_php when adding/editing a customer Changes in 2.1.6: [general] fix regression bug from "Check for argon2 support before using constant PASSWORD_ARGON2X; #1228" Changes in 2.1.7: [UI] backport UI/Callback fixes from 2.2-dev (main); fixes #1235 [UI] fix regression bug in 'incorrect top-5 customers' sorting in traffic-overview which leads to incorrect customer-links due to wrong indexing in the array; fixes #1236 [UI] fix adding/editing domains as customer when php is not enabled for the domain [Cron] don't add custom-vhost-content to deactivated domain-vhosts [Cron] correctly save pass_authorizationheader flag for php-configs if FCGID is used; correctly add 'FcgidPassHeader' for froxlor-vhost itself if set [Cron] wrap SetHandler to php-fpm in file-exists check, as we do for customer-domains already [API] correctly disabled ssl-related settings when domain update sets ssl-enabled flag to false; fixes #1241 [general] correctly validate if a symlink is within the customers home-directory if it's not an absolute path; fixes #1242 Changes in 2.1.8: [settings] fix "session expires" option, #1246 [UI] fix missing csrf tokens for some ajax requests [Cron] also add logfiles to virtual-host if it's a redirect See also our Migration Guide for more information. We hope you enjoy froxlor 2.1 and look forward to your feedback. Download: froxlor-2.1 Documentation at https://docs.froxlor.org/. Visit https://www.froxlor.org and join our Discord channel (https://discord.froxlor.org) for support, help, participation or just to chat Thank you, the froxlor team

well, there you go...

well, that's not where your froxlor installation should be ... and if its not, why show us this vhost?!?!? Maybe give a bit more information alltogether? How are we supposed to work with this little information? If possible, please join our discord at https://discord.froxlor.org to discuss further...this is taken ages here

so wait...you are NOT using the ACTUAL setting that is meant to define the domain used for froxlor itself?!?!?

Also, as we were about to release, maybe first test the LATEST nightly (or at least the possible relevant changes, see https://github.com/Froxlor/Froxlor/compare/2.1.0-rc3...main#diff-eff9c92c6df530de32ef7996bdd32fd8de756338cc3ef91e049254658ede14c8)

Well then please provide information about this vhost/config. Froxlor itself handles this, which means, the subdomain you are talking about is handled by froxlors own vhost config (which in most cases is the first and hence the default)

Why post this and also DM'ing me at the same time? Please take a look at our documentation as I mentioned before: https://docs.froxlor.org/latest/

well you have to...it wont work otherwise

and also: you have to use the fqdn you've specified in the installation or else the webserver will not use the correct virtual-host config and will not use the froxlor generated configs for php-fpm