hMailServer web-interface redesign

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-15 09:07

mattg wrote:
2018-08-14 23:09
I downloaded the entire 1.4 zip and overwrote all existing files with the contents of the zip
I don't know why is that, sorry.
stephan123 wrote:
2018-08-15 07:50
When sorting the accounts-table by size, then it sorts alphabetically, not numeric.
I noticed that already, but it's linked to the JavaScript plugin tablesorter. If something can be done, or if alternative plugin exists, I'll fix it.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

stephan123
Normal user
Normal user
Posts: 55
Joined: 2009-10-29 13:03

Re: hMailServer web-interface redesign

Post by stephan123 » 2018-08-15 12:54

coax wrote:
2018-08-15 09:07
stephan123 wrote:
2018-08-15 07:50
When sorting the accounts-table by size, then it sorts alphabetically, not numeric.
I noticed that already, but it's linked to the JavaScript plugin tablesorter. If something can be done, or if alternative plugin exists, I'll fix it.
Easy fix yould be to left pad some zeros to the numbers (9.4 --> 09.4). Otherwise you could pass the float-numbers in another json-field and sort by them.

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-20 13:06

stephan123 wrote:
2018-08-15 12:54
Easy fix yould be to left pad some zeros to the numbers (9.4 --> 09.4). Otherwise you could pass the float-numbers in another json-field and sort by them.
Adding zeroes is not a decent solution because it would need many zeroes (not just one) due to quota in gigabytes. I'll fix it with different plugin :)
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-22 12:19

New version available. Download v1.5

Changelog:
[tweak] changes to config.php
[tweak] Server graph on dashboard displays delivery queue count
[new] DMARC reports in side navigation (thanks to @tunis)
[new] IMAP folders under Account
[tweak] replaced "tablesort" with "stupidtable" plugin
[tweak] added APIPA addresses to regex in geoIp() function
[fix] CSS fix
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2018-08-24 09:57

@coax

Something is wrong in ?page=smtp, for example chrome warns about

Code: Select all

[DOM] Found 3 elements with non-unique id #HostName: 
Changing Max message size (KB) for example does not trigger anything, nothing is saved
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2018-08-24 12:18

RvdH wrote:
2018-08-24 09:57
@coax

Something is wrong in ?page=smtp, for example chrome warns about

Code: Select all

[DOM] Found 3 elements with non-unique id #HostName: 
Changing Max message size (KB) for example does not trigger anything, nothing is saved
BTW, i think the reason i cannot save is because the 'bind to ip' is left blank, because of the non-unique id #HostName the wrong validator seems to be triggered
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-24 21:44

Thanks for the info, will fix.

Edit:
Fixed: https://github.com/coax/hmailserver-web ... m_smtp.php
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2018-08-24 22:17

Still refuses to save anything, as 'Bind to local IP address' is required...thats kinda strange as in hmailserver default settings this is not set

Image
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2018-08-24 23:15

I found the culprit, in function PrintPropertyEditRow you make anything that has a $checktype required by default, but in this case it is a optional value

Code: Select all

if (isset($checktype)) $req = 'req ';
I think you need to change this into something like: (eg: anything that has a $checktype set but with a class 'notreq', make not required)

Code: Select all

if (isset($checktype) && $class != 'notreq' ) $req = 'req ';
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-25 11:53

I've thought of that already, checktype can be null and it will not set required field. I've updated the code again :)
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: hMailServer web-interface redesign

Post by mattg » 2018-08-26 03:19

You tricked me up by adding to the bottom of 'include_versioncheck.php'

I run a custom version (RvdH's excellent vesions) , so I always need to modify this file.
Lately I've just opened in notepad++, updated all files, then saved my 'open in notepad++ version' and that has worked.

Took me a while to find what had changed...
I was getting blank page instead of a login screen, and my PHP logs weren't showing anything.

This code was added

Code: Select all

// Actual hMailAdmin version
$hmail_config['version'] = 1.5;
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

tester02
Normal user
Normal user
Posts: 33
Joined: 2016-04-09 23:28

Re: hMailServer web-interface redesign

Post by tester02 » 2018-08-26 08:12

./include/functions.php

Code: Select all

// Version check
function Version() {
	$json = file_get_contents("https://raw.githubusercontent.com/coax/hmailserver-webadmin/master/version.txt");
	$parsed = json_decode($json);
	return $parsed;
}
include_versioncheck.php

Code: Select all

// Actual hMailAdmin version
$hmail_config['version'] = 1.5;
I use the 64bit 5.7 hMailserver and therefore I have to modify the version, too.
I ran into the blank page too because github wasn't reachable for whatever reason, so I changed the version check within functions to return just "1.5" without doing the lookup.
The only page I found it relevant for was the impressumpage where you would get a notice that a new version is out.

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-26 12:02

mattg wrote:
2018-08-26 03:19
You tricked me up by adding to the bottom of 'include_versioncheck.php'

I run a custom version (RvdH's excellent vesions) , so I always need to modify this file.
Lately I've just opened in notepad++, updated all files, then saved my 'open in notepad++ version' and that has worked.

Took me a while to find what had changed...
I was getting blank page instead of a login screen, and my PHP logs weren't showing anything.

This code was added

Code: Select all

// Actual hMailAdmin version
$hmail_config['version'] = 1.5;
Github will show all the files that are modified if you click on version, like this: https://github.com/coax/hmailserver-web ... 16ec70b8ee Sorry for the confusion , it needed to be done that way, because config.php is not changed that often.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-08-26 12:07

tester02 wrote:
2018-08-26 08:12
The only page I found it relevant for was the impressumpage where you would get a notice that a new version is out.
It was added with purpose of easier maintenance:

Image

Of course, you can remove it if you manually want to check for updates.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

MrGeneration
New user
New user
Posts: 22
Joined: 2014-02-18 15:09
Location: Berlin
Contact:

Re: hMailServer web-interface redesign

Post by MrGeneration » 2018-09-17 13:41

I "just" found your thread here and must say: WOW.
Thanks for this awesome redesign!!!

I implemented it on my instance already love it! :mrgreen:
Live hmail-version: 5.6.5-B2293, with spamd and greylisting enabled

chaser
New user
New user
Posts: 2
Joined: 2018-09-28 17:04

Re: hMailServer web-interface redesign

Post by chaser » 2018-09-28 17:22

Just come across this thread, and thought I'd give hMailAdmin a try. Unfortunately I've not been able to get it working yet, and think it may be to do with my slightly unconventional setup. My hMailServer is running on a windows 2012 server, but I don't have a web server running on this machine. Instead my main web server (Apache) is running on a CentOS box, which is on the same subnet. Is it possible to run hMailAdmin from this Apache server, or does hMailAdmin need to run on the same physical machine as hMailServer?

The reason I ask is that I am just getting a HTTP Error 500 when I try to access it from my web browser.

I'm fairly happy that my Apache virtual host is set up correctly. The URL to hMailAdmin is http://mailadmin.mydomain.com, and I get a message telling me to create a config.php from config-dist.php if I haven't created a copy of the config.php file. I only get the HTTP Error 500 once I've created the config.php file. I've also set:

$hmail_config['rooturl'] = "http://mailadmin.mydomain.com/";

in the config.php file.

Any idea what I might be doing wrong???

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2018-09-29 10:05

chaser wrote:
2018-09-28 17:22
Just come across this thread, and thought I'd give hMailAdmin a try. Unfortunately I've not been able to get it working yet, and think it may be to do with my slightly unconventional setup. My hMailServer is running on a windows 2012 server, but I don't have a web server running on this machine. Instead my main web server (Apache) is running on a CentOS box, which is on the same subnet. Is it possible to run hMailAdmin from this Apache server, or does hMailAdmin need to run on the same physical machine as hMailServer?
Web admin (either PHPWebAdmin or hMailAdmin, they have the same core) uses hMailServer's COM API and needs access permissions, this might help:
https://www.hmailserver.com/documentati ... hpwebadmin
https://www.hmailserver.com/documentati ... ermissions
https://www.hmailserver.com/documentati ... hpwebadmin
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
SorenR
Senior user
Senior user
Posts: 6308
Joined: 2006-08-21 15:38
Location: Denmark

Re: hMailServer web-interface redesign

Post by SorenR » 2018-09-29 10:25

chaser wrote:
2018-09-28 17:22
...
Instead my main web server (Apache) is running on a CentOS box, which is on the same subnet. Is it possible to run hMailAdmin from this Apache server, or does hMailAdmin need to run on the same physical machine as hMailServer?
...
hMailAdmin need COM/DCOM, so unless you have some really expensive tools like "J-Integra for COM" or "EntireX DCOM", you will NOT make it run on a 'nix box.
SørenR.

Woke is Marxism advancing through Maoist cultural revolution.

chaser
New user
New user
Posts: 2
Joined: 2018-09-28 17:04

Re: hMailServer web-interface redesign

Post by chaser » 2018-09-29 10:32

Ok. Thanks for the feedback. I think I'll give up with that plan, then. I might try setting IIS on the Windows server box that's also running hMailServer at some point and see if I can get it running from there.

Giuseppe_R
New user
New user
Posts: 5
Joined: 2018-12-29 18:26

Re: hMailServer web-interface redesign

Post by Giuseppe_R » 2019-01-10 13:03

Good morning,
I have a hmail server ver 5.6.8B2431 on Windows 2008R2 and Trend ServerProtect antivirus.
When the antivirus engine finds a virus, it simply delete the message, and the hmail log file contains the row "554 Rejected - No data saved"
It would be great if the graph "processed messages" would show these events as virus...
Thanks in advance.
G

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-01-10 14:16

Giuseppe_R wrote:
2019-01-10 13:03
When the antivirus engine finds a virus, it simply delete the message, and the hmail log file contains the row "554 Rejected - No data saved"
It would be great if the graph "processed messages" would show these events as virus...
This is related to hMailServer core and cannot be changed in web admin, because web is using COM API which simply reads these: https://www.hmailserver.com/documentati ... ect_status
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

Giuseppe_R
New user
New user
Posts: 5
Joined: 2018-12-29 18:26

Re: hMailServer web-interface redesign

Post by Giuseppe_R » 2019-01-10 21:34

coax wrote:
2019-01-10 14:16
Giuseppe_R wrote:
2019-01-10 13:03
When the antivirus engine finds a virus, it simply delete the message, and the hmail log file contains the row "554 Rejected - No data saved"
It would be great if the graph "processed messages" would show these events as virus...
This is related to hMailServer core and cannot be changed in web admin, because web is using COM API which simply reads these: https://www.hmailserver.com/documentati ... ect_status
Okay, thanks for your reply.
Good evening.

digim
New user
New user
Posts: 3
Joined: 2019-02-06 22:11

Re: hMailServer web-interface redesign

Post by digim » 2019-02-06 23:05

i've posted this already in main feature request thread and want to copy here (this is especially to coax cause i love your webadmin so much :) )

one more huge request:
please add ability to display active directory login next to the mail account name in the main accounts list window (it feels so empty with those two columns now)
this will significantly decrease time to search right account to work with!

will be a relief if this will be implemented in webadmin :roll:

Kriztan
Normal user
Normal user
Posts: 39
Joined: 2010-03-17 16:12
Location: Germany

Re: hMailServer web-interface redesign

Post by Kriztan » 2019-02-22 21:51

Hi coax,
thanks for your nice webinterface. I'm unsing this since some weeks and noticed, that version 1.5 creates duplicate rule actions. Can anybody confirm this?

tester02
Normal user
Normal user
Posts: 33
Joined: 2016-04-09 23:28

Re: hMailServer web-interface redesign

Post by tester02 » 2019-02-23 13:50

For me it works just fine...sorry I'm no help.

User avatar
jimimaseye
Moderator
Moderator
Posts: 10053
Joined: 2011-09-08 17:48

Re: hMailServer web-interface redesign

Post by jimimaseye » 2019-02-23 17:01

Kriztan wrote:
2019-02-22 21:51
Hi coax,
thanks for your nice webinterface. I'm unsing this since some weeks and noticed, that version 1.5 creates duplicate rule actions. Can anybody confirm this?
When you say duplicates do you mean it creates duplicate rule actions or it just displays the existing rule actions in duplicate?

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Kriztan
Normal user
Normal user
Posts: 39
Joined: 2010-03-17 16:12
Location: Germany

Re: hMailServer web-interface redesign

Post by Kriztan » 2019-02-26 21:29

Sorry for my late response. I've tested it again and created a new rule with one criteria and one action. Not only the action is created twice, also the new rule was created twice. I've checked it with hmailadmin on the server, not via the remote webadmin.
I've recognized another strange thing: the first rule, which was created by the webadmin, has no critia and no action, but the second rule has twice of them.

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-03-31 14:50

Kriztan wrote:
2019-02-26 21:29
Sorry for my late response. I've tested it again and created a new rule with one criteria and one action. Not only the action is created twice, also the new rule was created twice. I've checked it with hmailadmin on the server, not via the remote webadmin.
I've recognized another strange thing: the first rule, which was created by the webadmin, has no critia and no action, but the second rule has twice of them.
I've tried to reproduce your issue but I couldn't, it might be something wrong with your installation. Also, you mention "hmailadmin on the server" and "remote webadmin" - which is which? There is "hMailServer Administrator" (GUI executable on server), there is "PHPWebAdmin" (stock web admin) and "hMailAdmin" (this project).
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Re: hMailServer web-interface redesign

Post by mibyge » 2019-04-03 19:18

Hello.

I've been using your fantastic redesign for a long time, but I've been unable to use it for a while now because I get an "Invalid CSRF token." error when I try to log in.

I've tried multiple browsers from multiple devices (including the server), but it's the same error every time.

I suspect that it might have started after a PHP upgrade at one point, but I'm not sure.

The server is a Windows Server 2016 with PHP Version 7.2.16, hMailServer 5.6.7 - Build 2425 and version 1.5 of hMailAdmin.

Any suggestions?

Thanks in advance.

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-04-03 20:22

Check rooturl in your config and make sure you're logging in from the same URL (double check for missing www or https in your URL where you try to log in).
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Re: hMailServer web-interface redesign

Post by mibyge » 2019-04-05 22:25

coax wrote:
2019-04-03 20:22
Check rooturl in your config and make sure you're logging in from the same URL (double check for missing www or https in your URL where you try to log in).
They match. I've even tried to copy/paste the URL from the config file directly into the browser to be completely sure.

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-04-06 11:27

In hMailAdmin we left all the core coding (including CSRF validation) same as PHPWebAdmin, so try to log in to PHPWebAdmin to see if you get the same error.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

mibyge
New user
New user
Posts: 16
Joined: 2016-09-07 20:28

Re: hMailServer web-interface redesign

Post by mibyge » 2019-04-07 18:48

coax wrote:
2019-04-06 11:27
In hMailAdmin we left all the core coding (including CSRF validation) same as PHPWebAdmin, so try to log in to PHPWebAdmin to see if you get the same error.
I get the same error with the default PHPWebAdmin.

I'll try asking the question in the general forum then.

Thanks.

Kriztan
Normal user
Normal user
Posts: 39
Joined: 2010-03-17 16:12
Location: Germany

Re: hMailServer web-interface redesign

Post by Kriztan » 2019-04-08 21:29

coax wrote:
2019-03-31 14:50
I've tried to reproduce your issue but I couldn't, it might be something wrong with your installation. Also, you mention "hmailadmin on the server" and "remote webadmin" - which is which? There is "hMailServer Administrator" (GUI executable on server), there is "PHPWebAdmin" (stock web admin) and "hMailAdmin" (this project).
Thanks for your reply, I've replaced all local from your hMailAdmin with that one from github and the "bug" is gone.

hmbaer
New user
New user
Posts: 20
Joined: 2019-05-01 14:29

Re: hMailServer web-interface redesign

Post by hmbaer » 2019-05-01 14:41

Great interface!

But i can type in the wrong password as many times as i want and there is no lock (if i do NOT have an active directory link for the user). Are there any solutions?

Thank you.

hmbaer
New user
New user
Posts: 20
Joined: 2019-05-01 14:29

Re: hMailServer web-interface redesign

Post by hmbaer » 2019-05-11 11:36

No idea? :-)

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-05-11 11:47

hmbaer wrote:
2019-05-01 14:41
Great interface!

But i can type in the wrong password as many times as i want and there is no lock (if i do NOT have an active directory link for the user). Are there any solutions?

Thank you.
Has nothing to do with this redesign. Try asking in different sub.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

hmbaer
New user
New user
Posts: 20
Joined: 2019-05-01 14:29

Re: hMailServer web-interface redesign

Post by hmbaer » 2019-05-11 11:55

Your new design is nice.
But i think it should be in your interest that the login is secure, too. But i got your point.

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-05-11 22:14

hmbaer wrote:
2019-05-11 11:55
Your new design is nice.
But i think it should be in your interest that the login is secure, too. But i got your point.
We left all the original coding of PHPWebAdmin + some modifications which were possible. This would probably need changes to COM API therefore impossible to implement.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

hmbaer
New user
New user
Posts: 20
Joined: 2019-05-01 14:29

Re: hMailServer web-interface redesign

Post by hmbaer » 2019-05-13 06:22

Ok. I only wanted to tell that there is a security issue (irrespective what the technical reason is). Maybe it is possible to implement a php-based ip-check (e.g. text file based if changes to the database are not possible). But i think the best solution would be to ban failed logins by using the hMailServer-module that is used.

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: hMailServer web-interface redesign

Post by palinka » 2019-05-13 14:01

Hi. I may be using an older version and this was already addressed, but i noticed today that the geoip is broken:

Code: Select all

Country

OPERATION FAILED
Description: file_get_contents(http://geoip.nekudo.com/api/41.190.130.194): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found

Line: 339

Script: functions.php
It appears that nekudo got bought by someone and the api is no longer available. I made a change to include/functions.php and it's working.

Code: Select all

// IP 2 Country
function GeoIp($ip) {
	global $obLanguage;
	if ($ip === '0.0.0.0') return Translate('Unknown');
	$regex = '/(127\.0\.0\.1)|^(10\.)|^(192\.168\.)|^(169\.254\.)|^(172\.(1[6-9]|2[0-9]|3[0-1]))/';
	if (preg_match($regex, $ip)) return Translate('Local IP range');

	$json = file_get_contents('http://ip-api.com/json/' . $ip);
	$parsed = json_decode($json);

	if(!$parsed->countryCode) return Translate('Unknown');
	return '<p><img src="flags/' . $parsed->countryCode . '.gif" style="margin-right:5px;">' . $parsed->country . '</p>';
}

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2019-05-13 14:04

palinka wrote:
2019-05-13 14:01
Hi. I may be using an older version and this was already addressed, but i noticed today that the geoip is broken:
You're using old version. This was addressed and fixed in latest version.
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: hMailServer web-interface redesign

Post by palinka » 2019-05-13 14:12

coax wrote:
2019-05-13 14:04
palinka wrote:
2019-05-13 14:01
Hi. I may be using an older version and this was already addressed, but i noticed today that the geoip is broken:
You're using old version. This was addressed and fixed in latest version.
Ok cool. :mrgreen:

tester02
Normal user
Normal user
Posts: 33
Joined: 2016-04-09 23:28

Re: hMailServer web-interface redesign

Post by tester02 » 2019-12-14 19:26

Since this is the most active topic on the php-webadmin code I post here.

With php version 7.4.0 the function get_magic_quotes_gpc is DEPRECATED and therefore returns an error.
I found it only in --> include / functions.php / line 26
26 if (get_magic_quotes_gpc())
27 $retval = stripslashes($retval);
Deleting the line works but I'm not sure if I run now into some unwanted inputs...

Hedsteem
New user
New user
Posts: 1
Joined: 2016-12-03 20:35

Re: hMailServer web-interface redesign

Post by Hedsteem » 2020-01-16 20:39

Need to Remove the SSL3 and add TLS1.3 Under the SSL/TLS Section, It Blows errors on the Latest Beta, I removed all the SSL 3.0 Entries in the hm_ssltls.php file.

BlackJub
New user
New user
Posts: 1
Joined: 2020-01-18 08:42

Re: hMailServer web-interface redesign

Post by BlackJub » 2020-01-18 08:46

Could you please be more precise on the "SSL/TLS" section, please?
Which PHP file are you talking about? I see no SSL3 reference in the "hm_ssltls.php" file, and TLS 1.3 is already there.
(I get some SSL errors too in the bottom left pane when I log in...)
Thanks in advance!

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2020-05-09 16:59

Or even better, using a little regex

Code: Select all

<?php
if (!defined('IN_WEBADMIN'))
	exit();

if (hmailGetAdminLevel() != 2)
	hmailHackingAttemp();

$obSettings = $obBaseApp->Settings();
$action = hmailGetVar("action","");

if($action == "save") {
	$obSettings->VerifyRemoteSslCertificate= hmailGetVar("VerifyRemoteSslCertificate",0);
	$obSettings->SslCipherList = hmailGetVar("SslCipherList", "");

	if (preg_match("(5\.[^789]\.[^89])", $obBaseApp->Version)) {
		$obSettings->SslVersion30Enabled = hmailGetVar("SslVersion30Enabled", 0);
		$obSettings->TlsVersion10Enabled = hmailGetVar("TlsVersion10Enabled", 0);
		$obSettings->TlsVersion11Enabled = hmailGetVar("TlsVersion11Enabled", 0);
		$obSettings->TlsVersion12Enabled = hmailGetVar("TlsVersion12Enabled", 0);
	}
	else {
		$obSettings->TlsVersion10Enabled = hmailGetVar("TlsVersion10Enabled", 0);
		$obSettings->TlsVersion11Enabled = hmailGetVar("TlsVersion11Enabled", 0);
		$obSettings->TlsVersion12Enabled = hmailGetVar("TlsVersion12Enabled", 0);
		$obSettings->TlsVersion13Enabled = hmailGetVar("TlsVersion13Enabled", 0);
	}
}

$VerifyRemoteSslCertificate = $obSettings->VerifyRemoteSslCertificate;
$SslCipherList = $obSettings->SslCipherList;
if (preg_match("(5\.[^789]\.[^89])", $obBaseApp->Version)) {
	$SslVersion30Enabled = $obSettings->SslVersion30Enabled;
	$TlsVersion10Enabled = $obSettings->TlsVersion10Enabled;
	$TlsVersion11Enabled = $obSettings->TlsVersion11Enabled;
	$TlsVersion12Enabled = $obSettings->TlsVersion12Enabled;
}
else {
	$TlsVersion10Enabled = $obSettings->TlsVersion10Enabled;
	$TlsVersion11Enabled = $obSettings->TlsVersion11Enabled;
	$TlsVersion12Enabled = $obSettings->TlsVersion12Enabled;
	$TlsVersion13Enabled = $obSettings->TlsVersion13Enabled;
}
?>
    <div class="box medium">
      <h2><?php EchoTranslation("Security") ?></h2>
      <form action="index.php" method="post" class="form">
<?php
PrintHiddenCsrfToken();
PrintHidden("page", "ssltls");
PrintHidden("action", "save");

PrintPropertyAreaRow("SslCipherList", "SSL/TLS ciphers", $SslCipherList, 12, 80);

PrintCheckboxRow("VerifyRemoteSslCertificate", "Verify remote server SSL/TLS certificates", $VerifyRemoteSslCertificate);
?>
        <h3><?php EchoTranslation("Versions") ?></h3>
<?php
if (preg_match("(5\.[^789]\.[^89])", $obBaseApp->Version)) {
	PrintCheckboxRow("SslVersion30Enabled", "SSL v3.0", $SslVersion30Enabled);
	PrintCheckboxRow("TlsVersion10Enabled", "TLS v1.0", $TlsVersion10Enabled);
	PrintCheckboxRow("TlsVersion11Enabled", "TLS v1.1", $TlsVersion11Enabled);
	PrintCheckboxRow("TlsVersion12Enabled", "TLS v1.2", $TlsVersion12Enabled);
}
else {
	PrintCheckboxRow("TlsVersion10Enabled", "TLS v1.0", $TlsVersion10Enabled);
	PrintCheckboxRow("TlsVersion11Enabled", "TLS v1.1", $TlsVersion11Enabled);
	PrintCheckboxRow("TlsVersion12Enabled", "TLS v1.2", $TlsVersion12Enabled);
	PrintCheckboxRow("TlsVersion13Enabled", "TLS v1.3", $TlsVersion13Enabled);
}

PrintSaveButton();
?>
      </form>
    </div>
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2020-05-27 08:41

@coax, if you put in a mirror emailaddress you cannot clear it afterwards, due to it being a required field
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
coax
Normal user
Normal user
Posts: 80
Joined: 2016-12-22 16:35
Location: Croatia
Contact:

Re: hMailServer web-interface redesign

Post by coax » 2020-05-27 10:39

RvdH wrote:
2020-05-27 08:41
@coax, if you put in a mirror emailaddress you cannot clear it afterwards, due to it being a required field
Which page?
hMailServer web-interface redesign: https://www.hmailserver.com/forum/viewtopic.php?t=30713
Get alert when queue has 100+ messages: https://www.hmailserver.com/forum/viewtopic.php?t=31345

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2020-05-27 11:02

coax wrote:
2020-05-27 10:39
RvdH wrote:
2020-05-27 08:41
@coax, if you put in a mirror emailaddress you cannot clear it afterwards, due to it being a required field
Which page?
hm_mirror.php (this is a issue in official webadmin as well)

Tricky one, you like to check for a valid email if one is inserted, maybe clear/disable using checkbox?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2021-04-24 01:06

Don't know if this is reported before, but if you, for example enable plus addressing for a domain and that specific domain uses DKIM signing the path get stripped from it slashes after saving, eg:

this:

Code: Select all

C:\Program Files\hMailServer\DKIM\dkim.domain.com.mail.key
becomes:

Code: Select all

C:Program FileshMailServerDKIMdkim.domain.com.mail.key
Similar happens to External VirusScan and/or ClamWin path names (also note the limited maxlength="60" here that might be troublesome)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
EduardoFoltran
Normal user
Normal user
Posts: 63
Joined: 2016-08-12 15:04

Re: hMailServer web-interface redesign

Post by EduardoFoltran » 2023-07-01 14:24

Hi All

Is this project still active? I have been trying to contact Coax for a while unsuccessfully. The interface is great, but I found some minor issues that I can correct myself, but I would wish to make those changes on a branch from the github repository, so they could be integrated to all afterwords. Unfortunately, I can't create a branch from that repository, only a fork. Some people are already doing that in order to improve the interface.

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2023-07-01 14:47

Duh... Of course you can't make a branch on a project that isn't yours
Simply fork it, make your changes and then create pull request(s)
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2023-07-22 00:02

core.js wrap exe variable with encodeURIComponent, otherwise it will give a error on passed variable, eg: External scanner path slashes/quotes and "%file%" parameter

Code: Select all

// test antivirus/antispam
function TestScanner(check) {
	switch (check) {
        ...
		case 'External':
			result = $('#ExternalTestResult');
			result.html('');
			csrftoken = $('[name=csrftoken]').val();
			exe = $('#customscannerexecutable').val();
			val = $('#customscannerreturnvalue').val();
			url = 'index.php?page=background_ajax_virustest&TestType=External&csrftoken=' + csrftoken + '&Executable=' + encodeURIComponent(exe) + '&ReturnValue=' + val;
			CallAjax(url, result);
			break;
        ...
}
https://github.com/coax/hmailserver-web ... 1d5127a338
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

alexmari
New user
New user
Posts: 3
Joined: 2012-06-18 14:11

Re: hMailServer web-interface redesign

Post by alexmari » 2024-01-03 13:20

RvdH wrote:
2021-04-24 01:06
Don't know if this is reported before, but if you, for example enable plus addressing for a domain and that specific domain uses DKIM signing the path get stripped from it slashes after saving, eg:

this:

Code: Select all

C:\Program Files\hMailServer\DKIM\dkim.domain.com.mail.key
becomes:

Code: Select all

C:Program FileshMailServerDKIMdkim.domain.com.mail.key
Similar happens to External VirusScan and/or ClamWin path names (also note the limited maxlength="60" here that might be troublesome)
I have the same problem you noted.
Does anyone know a solution or workaround?

User avatar
RvdH
Senior user
Senior user
Posts: 3231
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: hMailServer web-interface redesign

Post by RvdH » 2024-01-03 13:57

/hMailAdmin/include/functions.php

comment line 26/27
/*if (get_magic_quotes_gpc())
$retval = stripslashes($retval);*/
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

alexmari
New user
New user
Posts: 3
Joined: 2012-06-18 14:11

Re: hMailServer web-interface redesign

Post by alexmari » 2024-01-03 14:42

RvdH wrote:
2024-01-03 13:57
/hMailAdmin/include/functions.php

comment line 26/27
/*if (get_magic_quotes_gpc())
$retval = stripslashes($retval);*/
Thanks for your incredibly quick solution.
Now it works perfectly.

Alex

Post Reply