Grigory Morozov

@gilleslamiral still see them with --noabletosearch

All Laravel projects need this too, and currently running with open_basedir disabled

Customer homedir as an option is better than nothing but will expose other sites of that customer.

By exposed I mean if one site is compromised, it will be trivial for attacker to compromise other sites on that account. I have a few Froxlor servers where clients...

I don't think it's a good idea to do it this way. Many sites are deployed from git, and document root is a subdirectory of the whole project. Can't be...

I think the solution that will cover 99% of use cases is 3 options for open_basedir: 1) document_root 2) 1 level above document_root 3) off

It will be easier to have a hook to run a script on (sub)domain creation - there we can create DKIM keys for OpenDKIM, Rspamd etc. etc.

I don't think any other integration is needed IF DNS is not managed on the server. At the moment I just run the script that pulls domains from Froxlor DB...

I think I've not seen dkim-milter in production for quite a while... Can assist with OpenDKIM config if necessary

/etc/opendkim.conf: > AutoRestart Yes > AutoRestartRate 10/1h > UMask 002 > Syslog yes > SyslogSuccess Yes > LogWhy Yes > ReportAddress [email protected] > Canonicalization relaxed/simple > ExternalIgnoreList refile:/etc/opendkim/TrustedHosts > InternalHosts...