Configuration differences Debian Jessie between the releases 0.9.34 and 0.9.35-rc1


[lighttpd] /etc/lighttpd/lighttpd.conf

OldNewDifferences
44 "mod_compress",
55 "mod_redirect",
66 "mod_rewrite",
7+ "mod_setenv",
78)
89
910server.document-root = "/var/www"
2223compress.cache-dir = "/var/cache/lighttpd/compress/"
2324compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
2425
26+alias.url += ("/.well-known/acme-challenge/" => "/.well-known/acme-challenge/")
27+
2528# default listening port for IPv6 falls back to the IPv4 port
2629include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
2730include_shell "/usr/share/lighttpd/create-mime.assign.pl"

[nginx] /etc/nginx/nginx.conf

OldNewDifferences
6060 ##
6161 # Uncomment it if you installed nginx-passenger
6262 ##
63-
63+
6464 #passenger_root /usr;
6565 #passenger_ruby /usr/bin/ruby;
6666
7676#mail {
7777# # See sample authentication script at:
7878# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
79-#
79+#
8080# # auth_http localhost/auth.php;
8181# # pop3_capabilities "TOP" "USER";
8282# # imap_capabilities "IMAP4rev1" "UIDPLUS";
83-#
83+#
8484# server {
8585# listen localhost:110;
8686# protocol pop3;
8787# proxy on;
8888# }
89-#
89+#
9090# server {
9191# listen localhost:143;
9292# protocol imap;

[nginx] /etc/nginx/fastcgi_params

OldNewDifferences
1-fastcgi_index index.php;
2-
31fastcgi_connect_timeout 65;
42fastcgi_send_timeout 180;
53fastcgi_read_timeout 180;

[postfix_dovecot] /etc/postfix/main.cf

OldNewDifferences
6666#default_privs = nobody
6767
6868# INTERNET HOST AND DOMAIN NAMES
69-#
69+#
7070# The myhostname parameter specifies the internet hostname of this
7171# mail system. The default is to use the fully-qualified domain name
7272# from gethostname(). $myhostname is used as a default value for many
8383mydomain = <SERVERNAME>
8484
8585# SENDING MAIL
86-#
86+#
8787# The myorigin parameter specifies the domain that locally-posted
8888# mail appears to come from. The default is to append $myhostname,
8989# which is fine for small sites. If you run a domain with multiple
185185#
186186# - You define $mydestination domain recipients in files other than
187187# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
188-# For example, you define $mydestination domain recipients in
188+# For example, you define $mydestination domain recipients in
189189# the $virtual_mailbox_maps files.
190190#
191191# - You redefine the local delivery agent in master.cf.
205205# The right-hand side of the lookup tables is conveniently ignored.
206206# In the left-hand side, specify a bare username, an @domain.tld
207207# wild-card, or specify a user@domain.tld address.
208-#
208+#
209209#local_recipient_maps = unix:passwd.byname $alias_maps
210210#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
211211#local_recipient_maps =
237237# clients in the same IP subnetworks as the local machine.
238238# On Linux, this does works correctly only with interfaces specified
239239# with the "ifconfig" command.
240-#
240+#
241241# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
242242# clients in the same IP class A/B/C networks as the local machine.
243243# Don't do this with a dialup site - it would cause Postfix to "trust"
244244# your entire provider's network. Instead, specify an explicit
245245# mynetworks list by hand, as described below.
246-#
246+#
247247# Specify "mynetworks_style = host" when Postfix should "trust"
248248# only the local machine.
249-#
249+#
250250#mynetworks_style = class
251251#mynetworks_style = subnet
252252#mynetworks_style = host
276276# - from "untrusted" clients to destinations that match $relay_domains or
277277# subdomains thereof, except addresses with sender-specified routing.
278278# The default relay_domains value is $mydestination.
279-#
279+#
280280# In addition to the above, the Postfix SMTP server by default accepts mail
281281# that Postfix is final destination for:
282282# - destinations that match $inet_interfaces or $proxy_interfaces,
284284# - destinations that match $virtual_alias_domains,
285285# - destinations that match $virtual_mailbox_domains.
286286# These destinations do not need to be listed in $relay_domains.
287-#
287+#
288288# Specify a list of hosts or domains, /file/name patterns or type:name
289289# lookup tables, separated by commas and/or whitespace. Continue
290290# long lines by starting the next line with whitespace. A file name
329329# The right-hand side of the lookup tables is conveniently ignored.
330330# In the left-hand side, specify an @domain.tld wild-card, or specify
331331# a user@domain.tld address.
332-#
332+#
333333#relay_recipient_maps = hash:/etc/postfix/relay_recipients
334334
335335# INPUT RATE CONTROL
338338# flow control. This feature is turned on by default, although it
339339# still needs further development (it's disabled on SCO UNIX due
340340# to an SCO bug).
341-#
341+#
342342# A Postfix process will pause for $in_flow_delay seconds before
343343# accepting a new message, when the message arrival rate exceeds the
344344# message delivery rate. With the default 100 SMTP server process
345345# limit, this limits the mail inflow to 100 messages a second more
346346# than the number of messages delivered per second.
347-#
347+#
348348# Specify 0 to disable the feature. Valid delays are 0..10.
349-#
349+#
350350#in_flow_delay = 1s
351351
352352# ADDRESS REWRITING
376376# On systems with NIS, the default is to search the local alias
377377# database, then the NIS alias database. See aliases(5) for syntax
378378# details.
379-#
379+#
380380# If you change the alias database, run "postalias /etc/aliases" (or
381381# wherever your system stores the mail alias file), or simply run
382382# "newaliases" to build the necessary DBM or DB file.
419419#
420420#home_mailbox = Mailbox
421421#home_mailbox = Maildir/
422-
422+
423423# The mail_spool_directory parameter specifies the directory where
424424# UNIX-style mailboxes are kept. The default setting depends on the
425425# system type.
461461#
462462# NOTE: if you use this feature for accounts not in the UNIX password
463463# file, then you must update the "local_recipient_maps" setting in
464-# the main.cf file, otherwise the SMTP server will reject mail for
464+# the main.cf file, otherwise the SMTP server will reject mail for
465465# non-UNIX accounts with "User unknown in local recipient table".
466466#
467467# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
483483#
484484# NOTE: if you use this feature for accounts not in the UNIX password
485485# file, then you must update the "local_recipient_maps" setting in
486-# the main.cf file, otherwise the SMTP server will reject mail for
486+# the main.cf file, otherwise the SMTP server will reject mail for
487487# non-UNIX accounts with "User unknown in local recipient table".
488488#
489489#fallback_transport = lmtp:unix:/file/name
506506#
507507# NOTE: if you use this feature for accounts not in the UNIX password
508508# file, then you must specify "local_recipient_maps =" (i.e. empty) in
509-# the main.cf file, otherwise the SMTP server will reject mail for
509+# the main.cf file, otherwise the SMTP server will reject mail for
510510# non-UNIX accounts with "User unknown in local recipient table".
511511#
512512#luser_relay = $user@other.host
513513#luser_relay = $local@other.host
514514#luser_relay = admin+$local
515-
515+
516516# JUNK MAIL CONTROLS
517-#
517+#
518518# The controls listed here are only a very small subset. The file
519519# SMTPD_ACCESS_README provides an overview.
520520
536536# deferred mail, so that mail can be flushed quickly with the SMTP
537537# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
538538# See the ETRN_README document for a detailed description.
539-#
539+#
540540# The fast_flush_domains parameter controls what destinations are
541541# eligible for this service. By default, they are all domains that
542542# this server is willing to relay mail to.
543-#
543+#
544544#fast_flush_domains = $relay_domains
545545
546546# SHOW SOFTWARE VERSION OR NOT
566566# too many are run at the same time. With SMTP deliveries, 10
567567# simultaneous connections to the same domain could be sufficient to
568568# raise eyebrows.
569-#
569+#
570570# Each message delivery transport has its XXX_destination_concurrency_limit
571571# parameter. The default is $default_destination_concurrency_limit for
572572# most delivery transports. For the local delivery agent the default is 2.
624624# INSTALL-TIME CONFIGURATION INFORMATION
625625#
626626# The following parameters are used when installing a new Postfix version.
627-#
627+#
628628# sendmail_path: The full pathname of the Postfix sendmail command.
629629# This is the Sendmail-compatible mail posting interface.
630-#
631-sendmail_path =
630+#
631+sendmail_path = /usr/sbin/sendmail
632632
633633# newaliases_path: The full pathname of the Postfix newaliases command.
634634# This is the Sendmail-compatible command to build alias databases.
635635#
636-newaliases_path =
636+newaliases_path = /usr/bin/newaliases
637637
638638# mailq_path: The full pathname of the Postfix mailq command. This
639639# is the Sendmail-compatible mail queue listing command.
640-#
641-mailq_path =
640+#
641+mailq_path = /usr/bin/mailq
642642
643643# setgid_group: The group for mail submission and queue management
644644# commands. This must be a group name with a numerical group ID that
645645# is not shared with other accounts, not even with the Postfix account.
646646#
647-setgid_group =
647+setgid_group = postdrop
648648
649649# html_directory: The location of the Postfix HTML documentation.
650650#
651-html_directory =
651+html_directory = no
652652
653653# manpage_directory: The location of the Postfix on-line manual pages.
654654#
655-manpage_directory =
655+manpage_directory = /usr/share/man
656656
657657# sample_directory: The location of the Postfix sample configuration files.
658658# This parameter is obsolete as of Postfix 2.1.
659659#
660-sample_directory =
660+sample_directory = /usr/share/doc/postfix
661661
662662# readme_directory: The location of the Postfix README files.
663663#
664-readme_directory =
664+readme_directory = /usr/share/doc/postfix
665665inet_protocols = ipv4
666666
667667append_dot_mydomain = no
674674 reject_non_fqdn_recipient
675675smtpd_sender_restrictions = permit_mynetworks,
676676 reject_sender_login_mismatch,
677- permit_sasl_authenticated,
678- reject_unknown_helo_hostname,
679- reject_unknown_recipient_domain,
677+ permit_sasl_authenticated,
678+ reject_unknown_helo_hostname,
679+ reject_unknown_recipient_domain,
680680 reject_unknown_sender_domain
681681smtpd_client_restrictions = permit_mynetworks,
682682 permit_sasl_authenticated,
684684
685685# Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
686686# The option is intentionally left empty.
687-smtpd_relay_restrictions =
687+smtpd_relay_restrictions =
688688
689689# Maximum size of Message in bytes (50MB)
690690message_size_limit = 52428800
700700smtpd_sasl_path = private/auth
701701
702702# Virtual delivery settings
703-virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
703+virtual_mailbox_base = /
704704virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
705705virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
706706virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf

[dovecot_postfix2] /etc/dovecot/dovecot.conf

OldNewDifferences
2323# Enable installed protocols
2424!include_try /usr/share/dovecot/protocols.d/*.protocol
2525
26-# A comma separated list of IPs or hosts where to listen in for connections.
26+# A comma separated list of IPs or hosts where to listen in for connections.
2727# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
2828# If you want to specify non-default ports or anything more complex,
2929# edit conf.d/master.conf.
4848#login_trusted_networks =
4949
5050# Space separated list of login access check sockets (e.g. tcpwrap)
51-#login_access_sockets =
51+#login_access_sockets =
5252
5353# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
5454# proxying. This isn't necessary normally, but may be useful if the destination

[dovecot_postfix2] /etc/dovecot/dovecot-sql.conf.ext

OldNewDifferences
2929# );
3030
3131# Database driver: mysql, pgsql, sqlite
32-driver = mysql
32+driver = mysql
3333
3434# Database connection string. This is driver-specific setting.
3535#
5656# option_file - Read options from the given file instead of
5757# the default my.cnf location
5858# option_group - Read options from the given group (default: client)
59-#
59+#
6060# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
6161# Note that currently you can't use spaces in parameters.
6262#
9595# %u = entire user@domain
9696# %n = user part of user@domain
9797# %d = domain part of user@domain
98-#
98+#
9999# Note that these can be used only as input to SQL query. If the query outputs
100100# any of these substitutions, they're not touched. Otherwise it would be
101101# difficult to have eg. usernames containing '%' characters.
127127#user_query = \
128128# SELECT home, uid, gid \
129129# FROM users WHERE username = '%n' AND domain = '%d'
130-user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
130+user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota, 'M') as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
131131
132132# If you wish to avoid two SQL lookups (passdb + userdb), you can use
133133# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
137137# SELECT userid AS user, password, \
138138# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
139139# FROM users WHERE userid = '%u'
140-password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
140+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
141141
142142# Query to get a list of all usernames.
143143#iterate_query = SELECT username AS user FROM users

[dovecot_postfix2] /etc/dovecot/conf.d/10-auth.conf

OldNewDifferences
3030
3131# Default realm/domain to use if none was specified. This is used for both
3232# SASL realms and appending @domain to username in plaintext logins.
33-#auth_default_realm =
33+#auth_default_realm =
3434
3535# List of allowed characters in username. If the user-given username contains
3636# a character not listed in here, the login automatically fails. This is just
7373# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
7474# default (usually /etc/krb5.keytab) if not specified. You may need to change
7575# the auth service to run as root to be able to read this file.
76-#auth_krb5_keytab =
76+#auth_krb5_keytab =
7777
7878# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
7979# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
8888# Require a valid SSL client certificate or the authentication fails.
8989#auth_ssl_require_client_cert = no
9090
91-# Take the username from client's SSL certificate, using
91+# Take the username from client's SSL certificate, using
9292# X509_NAME_get_text_by_NID() which returns the subject's DN's
93-# CommonName.
93+# CommonName.
9494#auth_ssl_username_from_cert = no
9595
9696# Space separated list of wanted authentication mechanisms:

[dovecot_postfix2] /etc/dovecot/conf.d/10-mail.conf

OldNewDifferences
4646 # Hierarchy separator to use. You should use the same separator for all
4747 # namespaces or some clients get confused. '/' is usually a good one.
4848 # The default however depends on the underlying mail storage format.
49- #separator =
49+ #separator =
5050
5151 # Prefix required to access this namespace. This needs to be different for
5252 # all namespaces. For example "Public/".
53- #prefix =
53+ #prefix =
5454
5555 # Physical location of the mailbox. This is in same format as
5656 # mail_location, which is also the default for it.
179179# WARNING: Never add directories here which local users can modify, that
180180# may lead to root exploit. Usually this should be done only if you don't
181181# allow shell access for users. <doc/wiki/Chrooting.txt>
182-#valid_chroot_dirs =
182+#valid_chroot_dirs =
183183
184184# Default chroot directory for mail processes. This can be overridden for
185185# specific users in user database by giving /./ in user's home directory
187187# need to do chrooting, Dovecot doesn't allow users to access files outside
188188# their mail directory anyway. If your home directories are prefixed with
189189# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
190-#mail_chroot =
190+#mail_chroot =
191191
192192# UNIX socket path to master authentication server to find users.
193193# This is used by imap (for shared users) and lda.
198198
199199# Space separated list of plugins to load for all services. Plugins specific to
200200# IMAP, LDA, etc. are added to this list in their own .conf files.
201-#mail_plugins =
201+#mail_plugins =
202202
203203##
204204## Mailbox handling optimizations
304304# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
305305# how it's expected to be. The only real downside to this setting is that if
306306# some other MUA changes message flags, Dovecot doesn't notice it immediately.
307-# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
307+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
308308# commands.
309309#mbox_dirty_syncs = yes
310310

[dovecot_postfix2] /etc/dovecot/conf.d/10-master.conf

OldNewDifferences
5454 #inet_listener lmtp {
5555 # Avoid making LMTP visible for the entire internet
5656 #address =
57- #port =
57+ #port =
5858 #}
5959}
6060
8888 # permissions (e.g. 0777 allows everyone full permissions).
8989 unix_listener auth-userdb {
9090 #mode = 0666
91- #user =
92- #group =
91+ #user =
92+ #group =
9393 }
9494
9595 # Postfix smtp-auth
122122 # For example: mode=0660, group=vmail and global mail_access_groups=vmail
123123 unix_listener dict {
124124 #mode = 0600
125- #user =
126- #group =
125+ #user =
126+ #group =
127127 }
128128}
129129

[dovecot_postfix2] /etc/dovecot/conf.d/15-lda.conf

OldNewDifferences
88
99# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
1010# in LMTP replies. Default is the system's real hostname@domain.
11-#hostname =
11+#hostname =
1212
1313# If user is over quota, return with temporary failure instead of
1414# bouncing the mail.
3232#recipient_delimiter = +
3333
3434# Header where the original recipient address (SMTP's RCPT TO: address) is taken
35-# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
35+# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
3636# A commonly used header for this is X-Original-To.
3737#lda_original_recipient_header =
3838

[dovecot_postfix2] /etc/dovecot/conf.d/20-imap.conf

OldNewDifferences
1414
1515# Override the IMAP CAPABILITY response. If the value begins with '+',
1616# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
17-#imap_capability =
17+#imap_capability =
1818
1919# How long to wait between "OK Still here" notifications when client is
2020# IDLEing.
2323# ID field names and values to send to clients. Using * as the value makes
2424# Dovecot use the default value. The following fields have default values
2525# currently: name, version, os, os-version, support-url, support-email.
26-#imap_id_send =
26+#imap_id_send =
2727
2828# ID fields sent by client to log. * means everything.
2929#imap_id_log =
4646# greyed out, instead of only later giving "not selectable" popup error.
4747#
4848# The list is space-separated.
49-#imap_client_workarounds =
49+#imap_client_workarounds =
5050
5151# Host allowed in URLAUTH URLs sent by client. "*" allows all.
5252#imap_urlauth_host =

[dovecot_postfix2] /etc/dovecot/conf.d/20-pop3.conf

OldNewDifferences
8686# Outlook Express and Netscape Mail breaks if end of headers-line is
8787# missing. This option simply sends it if it's missing.
8888# The list is space-separated.
89-#pop3_client_workarounds =
89+#pop3_client_workarounds =
9090
9191protocol pop3 {
9292 # Space separated list of plugins to load (default is global mail_plugins).

[dovecot_exim42] /etc/dovecot/dovecot.conf

OldNewDifferences
2323# Enable installed protocols
2424!include_try /usr/share/dovecot/protocols.d/*.protocol
2525
26-# A comma separated list of IPs or hosts where to listen in for connections.
26+# A comma separated list of IPs or hosts where to listen in for connections.
2727# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
2828# If you want to specify non-default ports or anything more complex,
2929# edit conf.d/master.conf.
4848#login_trusted_networks =
4949
5050# Space separated list of login access check sockets (e.g. tcpwrap)
51-#login_access_sockets =
51+#login_access_sockets =
5252
5353# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
5454# proxying. This isn't necessary normally, but may be useful if the destination

[dovecot_exim42] /etc/dovecot/dovecot-sql.conf.ext

OldNewDifferences
2929# );
3030
3131# Database driver: mysql, pgsql, sqlite
32-driver = mysql
32+driver = mysql
3333
3434# Database connection string. This is driver-specific setting.
3535#
5656# option_file - Read options from the given file instead of
5757# the default my.cnf location
5858# option_group - Read options from the given group (default: client)
59-#
59+#
6060# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
6161# Note that currently you can't use spaces in parameters.
6262#
9595# %u = entire user@domain
9696# %n = user part of user@domain
9797# %d = domain part of user@domain
98-#
98+#
9999# Note that these can be used only as input to SQL query. If the query outputs
100100# any of these substitutions, they're not touched. Otherwise it would be
101101# difficult to have eg. usernames containing '%' characters.
127127#user_query = \
128128# SELECT home, uid, gid \
129129# FROM users WHERE username = '%n' AND domain = '%d'
130-user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', (quota*1024)) as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
130+user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('*:storage=', quota, 'M') as quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')
131131
132132# If you wish to avoid two SQL lookups (passdb + userdb), you can use
133133# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
137137# SELECT userid AS user, password, \
138138# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
139139# FROM users WHERE userid = '%u'
140-password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
140+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('*:storage=', quota, 'M') as userdb_quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
141141
142142# Query to get a list of all usernames.
143143#iterate_query = SELECT username AS user FROM users

[dovecot_exim42] /etc/dovecot/conf.d/10-auth.conf

OldNewDifferences
3030
3131# Default realm/domain to use if none was specified. This is used for both
3232# SASL realms and appending @domain to username in plaintext logins.
33-#auth_default_realm =
33+#auth_default_realm =
3434
3535# List of allowed characters in username. If the user-given username contains
3636# a character not listed in here, the login automatically fails. This is just
7373# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
7474# default (usually /etc/krb5.keytab) if not specified. You may need to change
7575# the auth service to run as root to be able to read this file.
76-#auth_krb5_keytab =
76+#auth_krb5_keytab =
7777
7878# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
7979# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
8888# Require a valid SSL client certificate or the authentication fails.
8989#auth_ssl_require_client_cert = no
9090
91-# Take the username from client's SSL certificate, using
91+# Take the username from client's SSL certificate, using
9292# X509_NAME_get_text_by_NID() which returns the subject's DN's
93-# CommonName.
93+# CommonName.
9494#auth_ssl_username_from_cert = no
9595
9696# Space separated list of wanted authentication mechanisms:

[dovecot_exim42] /etc/dovecot/conf.d/10-mail.conf

OldNewDifferences
4646 # Hierarchy separator to use. You should use the same separator for all
4747 # namespaces or some clients get confused. '/' is usually a good one.
4848 # The default however depends on the underlying mail storage format.
49- #separator =
49+ #separator =
5050
5151 # Prefix required to access this namespace. This needs to be different for
5252 # all namespaces. For example "Public/".
53- #prefix =
53+ #prefix =
5454
5555 # Physical location of the mailbox. This is in same format as
5656 # mail_location, which is also the default for it.
179179# WARNING: Never add directories here which local users can modify, that
180180# may lead to root exploit. Usually this should be done only if you don't
181181# allow shell access for users. <doc/wiki/Chrooting.txt>
182-#valid_chroot_dirs =
182+#valid_chroot_dirs =
183183
184184# Default chroot directory for mail processes. This can be overridden for
185185# specific users in user database by giving /./ in user's home directory
187187# need to do chrooting, Dovecot doesn't allow users to access files outside
188188# their mail directory anyway. If your home directories are prefixed with
189189# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
190-#mail_chroot =
190+#mail_chroot =
191191
192192# UNIX socket path to master authentication server to find users.
193193# This is used by imap (for shared users) and lda.
198198
199199# Space separated list of plugins to load for all services. Plugins specific to
200200# IMAP, LDA, etc. are added to this list in their own .conf files.
201-#mail_plugins =
201+#mail_plugins =
202202
203203##
204204## Mailbox handling optimizations
304304# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
305305# how it's expected to be. The only real downside to this setting is that if
306306# some other MUA changes message flags, Dovecot doesn't notice it immediately.
307-# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
307+# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
308308# commands.
309309#mbox_dirty_syncs = yes
310310

[dovecot_exim42] /etc/dovecot/conf.d/10-master.conf

OldNewDifferences
5454 #inet_listener lmtp {
5555 # Avoid making LMTP visible for the entire internet
5656 #address =
57- #port =
57+ #port =
5858 #}
5959}
6060
8888 # permissions (e.g. 0777 allows everyone full permissions).
8989 unix_listener auth-userdb {
9090 #mode = 0666
91- #user =
92- #group =
91+ #user =
92+ #group =
9393 }
9494
9595 # Postfix smtp-auth
122122 # For example: mode=0660, group=vmail and global mail_access_groups=vmail
123123 unix_listener dict {
124124 #mode = 0600
125- #user =
126- #group =
125+ #user =
126+ #group =
127127 }
128128}
129129

[dovecot_exim42] /etc/dovecot/conf.d/15-lda.conf

OldNewDifferences
88
99# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
1010# in LMTP replies. Default is the system's real hostname@domain.
11-#hostname =
11+#hostname =
1212
1313# If user is over quota, return with temporary failure instead of
1414# bouncing the mail.
3232#recipient_delimiter = +
3333
3434# Header where the original recipient address (SMTP's RCPT TO: address) is taken
35-# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
35+# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
3636# A commonly used header for this is X-Original-To.
3737#lda_original_recipient_header =
3838

[dovecot_exim42] /etc/dovecot/conf.d/20-imap.conf

OldNewDifferences
1414
1515# Override the IMAP CAPABILITY response. If the value begins with '+',
1616# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
17-#imap_capability =
17+#imap_capability =
1818
1919# How long to wait between "OK Still here" notifications when client is
2020# IDLEing.
2323# ID field names and values to send to clients. Using * as the value makes
2424# Dovecot use the default value. The following fields have default values
2525# currently: name, version, os, os-version, support-url, support-email.
26-#imap_id_send =
26+#imap_id_send =
2727
2828# ID fields sent by client to log. * means everything.
2929#imap_id_log =
4646# greyed out, instead of only later giving "not selectable" popup error.
4747#
4848# The list is space-separated.
49-#imap_client_workarounds =
49+#imap_client_workarounds =
5050
5151# Host allowed in URLAUTH URLs sent by client. "*" allows all.
5252#imap_urlauth_host =

[dovecot_exim42] /etc/dovecot/conf.d/20-pop3.conf

OldNewDifferences
8686# Outlook Express and Netscape Mail breaks if end of headers-line is
8787# missing. This option simply sends it if it's missing.
8888# The list is space-separated.
89-#pop3_client_workarounds =
89+#pop3_client_workarounds =
9090
9191protocol pop3 {
9292 # Space separated list of plugins to load (default is global mail_plugins).

[proftpd] /etc/proftpd/proftpd.conf

OldNewDifferences
22# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
33# To really apply changes, reload proftpd after modifications, if
44# it runs in daemon mode. It is not required in inetd/xinetd mode.
5-#
5+#
66
77# Includes DSO modules
88Include /etc/proftpd/modules.conf
3030
3131DenyFilter \*.*/
3232
33-# Use this to jail all users in their homes
33+# Use this to jail all users in their homes
3434# DefaultRoot ~
3535
3636# Users require a valid shell listed in /etc/shells to login.
109109
110110# Delay engine reduces impact of the so-called Timing Attack described in
111111# http://www.securityfocus.com/bid/11430/discuss
112-# It is on by default.
112+# It is on by default.
113113<IfModule mod_delay.c>
114114DelayEngine on
115115</IfModule>
135135#
136136# This is used for FTPS connections
137137#
138-#Include /etc/proftpd/tls.conf
138+Include /etc/proftpd/tls.conf
139139
140140#
141141# Useful to keep VirtualHost/VirtualRoot directives separated
152152# # Cosmetic changes, all files belongs to ftp user
153153# DirFakeUser on ftp
154154# DirFakeGroup on ftp
155-#
155+#
156156# RequireValidShell off
157-#
157+#
158158# # Limit the maximum number of anonymous logins
159159# MaxClients 10
160-#
160+#
161161# # We want 'welcome.msg' displayed at login, and '.message' displayed
162162# # in each newly chdired directory.
163163# DisplayLogin welcome.msg
164164# DisplayChdir .message
165-#
165+#
166166# # Limit WRITE everywhere in the anonymous chroot
167167# <Directory *>
168168# <Limit WRITE>
169169# DenyAll
170170# </Limit>
171171# </Directory>
172-#
172+#
173173# # Uncomment this if you're brave.
174174# # <Directory incoming>
175175# # # Umask 022 is a good standard umask to prevent new files and dirs
182182# # AllowAll
183183# # </Limit>
184184# # </Directory>
185-#
185+#
186186# </Anonymous>
187187
188188# Include other custom configuration files

[proftpd] /etc/proftpd/modules.conf

OldNewDifferences
2525#LoadModule mod_ldap.c
2626
2727#
28-# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
28+# 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives
2929# are required to have SQL authorization working. You can also comment out the
3030# unused module here, in alternative.
3131#
3434# mod_sql.c module to use this.
3535LoadModule mod_sql_mysql.c
3636
37-# Install proftpd-mod-pgsql and decomment the previous
37+# Install proftpd-mod-pgsql and decomment the previous
3838# mod_sql.c module to use this.
3939#LoadModule mod_sql_postgres.c
4040
4646# mod_sql.c module to use this
4747#LoadModule mod_sql_odbc.c
4848
49-# Install one of the previous SQL backends and decomment
49+# Install one of the previous SQL backends and decomment
5050# the previous mod_sql.c module to use this
5151#LoadModule mod_sql_passwd.c
5252
5757# Install proftpd-mod-ldap to use this
5858#LoadModule mod_quotatab_ldap.c
5959
60-# Install one of the previous SQL backends and decomment
60+# Install one of the previous SQL backends and decomment
6161# the previous mod_sql.c module to use this
6262LoadModule mod_quotatab_sql.c
6363LoadModule mod_quotatab_radius.c
6767LoadModule mod_ban.c
6868LoadModule mod_wrap2.c
6969LoadModule mod_wrap2_file.c
70-# Install one of the previous SQL backends and decomment
70+# Install one of the previous SQL backends and decomment
7171# the previous mod_sql.c module to use this
7272#LoadModule mod_wrap2_sql.c
7373LoadModule mod_dynmasq.c
7878
7979LoadModule mod_sftp.c
8080LoadModule mod_sftp_pam.c
81-# Install one of the previous SQL backends and decomment
81+# Install one of the previous SQL backends and decomment
8282# the previous mod_sql.c module to use this
8383#LoadModule mod_sftp_sql.c
8484

[proftpd] /etc/proftpd/sql.conf

OldNewDifferences
1212
1313#
1414# Choose a SQL backend among MySQL or PostgreSQL.
15-# Both modules are loaded in default configuration, so you have to specify the backend
15+# Both modules are loaded in default configuration, so you have to specify the backend
1616# or comment out the unused module in /etc/proftpd/modules.conf.
1717# Use 'mysql' or 'postgres' as possible values.
1818#
2121SQLEngine on
2222SQLAuthenticate on
2323#
24-# Use both a crypted or plaintext password
24+# Use both a crypted or plaintext password
2525SQLAuthTypes Crypt
2626
2727SQLAuthenticate users* groups*
2828
2929#
30-# Connection
30+# Connection
3131SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
3232#
3333# Describes both users/groups tables

[pureftpd] /etc/pure-ftpd/db/mysql.conf

OldNewDifferences
8787MYSQLGetDir SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"
8888
8989
90-# Optional : query to get the maximal number of files
90+# Optional : query to get the maximal number of files
9191# Pure-FTPd must have been compiled with virtual quotas support.
9292
9393# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\L'
122122
123123# If you're using a transactionnal storage engine, you can enable SQL
124124# transactions to avoid races. Leave this commented if you are using the
125-# traditionnal MyIsam engine.
125+# traditional MyIsam engine.
126126
127127# MySQLTransactions On
128128

[cron] /etc/cron.d/froxlor

OldNewDifferences
77#
88# Please check that all following paths are correct
99#
10-*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
10+*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q <BASE_PATH>scripts/froxlor_master_cronjob.php
1111

[libnss] /etc/libnss-mysql.cfg

OldNewDifferences
22 FROM ftp_users \
33 WHERE username='%1$s' \
44 AND login_enabled = 'Y' \
5+ ORDER BY LENGTH(username) \
56 LIMIT 1
67getpwuid SELECT username,'x',uid,gid,'Froxlor Customer',homedir,shell \
78 FROM ftp_users \
89 WHERE uid='%1$u' \
910 AND login_enabled = 'Y' \
11+ ORDER BY LENGTH(username) \
1012 LIMIT 1
1113getspnam SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
1214 FROM ftp_users \
1315 WHERE username='%1$s' \
1416 AND login_enabled = 'Y' \
17+ ORDER BY LENGTH(username) \
1518 LIMIT 1
1619getpwent SELECT username,'x',uid,gid,'Froxlor Customer',homedir,shell \
1720 FROM ftp_users

[libnss] /etc/nsswitch.conf

OldNewDifferences
1-# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
1+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
22# You should place mysql at the end, so that it is queried after the other mechanisams
33#
44passwd: compat mysql

[apache24] /etc/apache2/conf-enabled/acme.conf

OldNewDifferences
1+Alias "/.well-known/acme-challenge" "/.well-known/acme-challenge"
2+<Directory "/.well-known/acme-challenge">
3+ Require all granted
4+</Directory>
15

[nginx] /etc/nginx/acme.conf

OldNewDifferences
1+location /.well-known/acme-challenge {
2+ alias /.well-known/acme-challenge;
13
4+ location ~ /.well-known/acme-challenge/(.*) {
5+ default_type text/plain;
6+ }
7+}
8+

[proftpd] /etc/proftpd/tls.conf

OldNewDifferences
1+<IfModule mod_tls.c>
2+TLSEngine on
3+TLSLog /var/log/proftpd/tls.log
4+TLSProtocol TLSv1 TLSv1.1 TLSv1.2
5+TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
6+TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
7+TLSECCertificateFile /etc/ssl/certs/proftpd_ec.crt
8+TLSECCertificateKeyFile /etc/ssl/private/proftpd_ec.key
9+TLSOptions NoCertRequest NoSessionReuseRequired
10+TLSVerifyClient off
111
12+# Are clients required to use FTP over TLS when talking to this server?
13+#TLSRequired on
14+
15+# Allow SSL/TLS renegotiations when the client requests them, but
16+# do not force the renegotations. Some clients do not support
17+# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
18+# clients will close the data connection, or there will be a timeout
19+# on an idle data connection.
20+#
21+#TLSRenegotiate required off
22+</IfModule>
23+