postfix_server_plugin.inc.php 10.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?php

/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

class postfix_server_plugin {
32

33 34
	var $plugin_name = 'postfix_server_plugin';
	var $class_name = 'postfix_server_plugin';
35 36


37
	var $postfix_config_dir = '/etc/postfix';
38

39 40 41 42
	//* This function is called during ispconfig installation to determine
	//  if a symlink shall be created for this plugin.
	function onInstall() {
		global $conf;
43

44 45 46 47 48
		if($conf['services']['mail'] == true) {
			return true;
		} else {
			return false;
		}
49

50
	}
51

52 53 54
	/*
	 	This function is called when the plugin is loaded
	*/
55

56 57
	function onLoad() {
		global $app;
58

59 60 61
		/*
		Register for the events
		*/
62

Marius Burkard's avatar
Marius Burkard committed
63 64
		$app->plugins->registerEvent('server_insert', $this->plugin_name, 'insert');
		$app->plugins->registerEvent('server_update', $this->plugin_name, 'update');
65
	}
66 67 68 69 70

	function insert($event_name, $data) {

		$this->update($event_name, $data);

71
	}
72

73
	// The purpose of this plugin is to rewrite the main.cf file
74
	function update($event_name, $data) {
75
		global $app, $conf;
76

77
		// get the config
78
		$app->uses("getconf,system");
79
		$old_ini_data = $app->ini_parser->parse_ini_string($data['old']['config']);
80
		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
81 82

		copy('/etc/postfix/main.cf', '/etc/postfix/main.cf~');
83
		
84 85 86 87
		if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) {
			$content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : '';
			$content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content);

88
			if (!empty($mail_config['relayhost_user']) || !empty($mail_config['relayhost_password'])) {
89 90 91 92
				$content .= "\n".$mail_config['relayhost'].'   '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password'];
			}
			
			if (preg_replace('/^(#[^\n]*|\s+)(:?\n+|)/m','',$content) != '') {
93 94 95 96
				exec("postconf -e 'smtp_sasl_auth_enable = yes'");
			} else {
				exec("postconf -e 'smtp_sasl_auth_enable = no'");
			}
97
			
98
			$app->system->exec_safe("postconf -e ?", 'relayhost = '.$mail_config['relayhost']);
99
			file_put_contents('/etc/postfix/sasl_passwd', $content);
100 101 102
			chmod('/etc/postfix/sasl_passwd', 0600);
			chown('/etc/postfix/sasl_passwd', 'root');
			chgrp('/etc/postfix/sasl_passwd', 'root');
103 104
			exec("postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'");
			exec("postconf -e 'smtp_sasl_security_options ='");
105 106
			exec('postmap /etc/postfix/sasl_passwd');
			exec($conf['init_scripts'] . '/' . 'postfix restart');
107
		}
marknl's avatar
marknl committed
108

109
		if($mail_config['realtime_blackhole_list'] != $old_ini_data['mail']['realtime_blackhole_list']) {
110
			$rbl_updated = false;
111 112 113 114
			$rbl_hosts = trim(preg_replace('/\s+/', '', $mail_config['realtime_blackhole_list']));
			if($rbl_hosts != ''){
				$rbl_hosts = explode(",", $rbl_hosts);
			}
Marius Burkard's avatar
Marius Burkard committed
115
			$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
Dominik's avatar
Dominik committed
116
			$new_options = array();
marknl's avatar
marknl committed
117 118 119
			foreach ($options as $key => $value) {
				if (!preg_match('/reject_rbl_client/', $value)) {
					$new_options[] = $value;
120 121 122 123 124 125 126 127
				} else {
					if(is_array($rbl_hosts) && !empty($rbl_hosts) && !$rbl_updated){
						$rbl_updated = true;
						foreach ($rbl_hosts as $key => $value) {
							$value = trim($value);
							if($value != '') $new_options[] = "reject_rbl_client ".$value;
						}
					}
marknl's avatar
marknl committed
128 129
				}
			}
130 131
			//* first time add rbl-list
			if (!$rbl_updated && is_array($rbl_hosts) && !empty($rbl_hosts)) {
132 133 134 135
				foreach ($rbl_hosts as $key => $value) {
					$value = trim($value);
					if($value != '') $new_options[] = "reject_rbl_client ".$value;
				}
marknl's avatar
marknl committed
136
			}
137
			$app->system->exec_safe("postconf -e ?", 'smtpd_recipient_restrictions = '.implode(", ", $new_options));
Florian Schaal's avatar
Florian Schaal committed
138
			exec('postfix reload');
marknl's avatar
marknl committed
139
		}
140
		
141 142
		if($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) {
			$options = explode(", ", exec("postconf -h smtpd_sender_restrictions"));
Dominik's avatar
Dominik committed
143
			$new_options = array();
144
			foreach ($options as $key => $value) {
Dominik's avatar
Dominik committed
145
				if (!preg_match('/reject_authenticated_sender_login_mismatch/', $value)) {
146 147 148 149 150 151 152 153
					$new_options[] = $value;
				}
			}
				
			if ($mail_config['reject_sender_login_mismatch'] == 'y') {
				reset($new_options); $i = 0;
				// insert after check_sender_access but before permit_...
				while (isset($new_options[$i]) && substr($new_options[$i], 0, 19) == 'check_sender_access') ++$i;
Dominik's avatar
Dominik committed
154
				array_splice($new_options, $i, 0, array('reject_authenticated_sender_login_mismatch'));
155
			}
156
			$app->system->exec_safe("postconf -e ?", 'smtpd_sender_restrictions = '.implode(", ", $new_options));
Florian Schaal's avatar
Florian Schaal committed
157
			exec('postfix reload');
158 159
		}		
		
160
		if($app->system->is_installed('dovecot')) {
Marius Burkard's avatar
Marius Burkard committed
161 162
			$out = null;
			exec("postconf -n virtual_transport", $out);
163 164
			if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
				// If dovecot switch to lmtp
Florian Schaal's avatar
Florian Schaal committed
165
				if($out[0] != "virtual_transport = lmtp:unix:private/dovecot-lmtp") {
166 167 168 169 170 171 172
					exec("postconf -e 'virtual_transport = lmtp:unix:private/dovecot-lmtp'");
					exec('postfix reload');
					$app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3", "protocols = imap pop3 lmtp");
					exec($conf['init_scripts'] . '/' . 'dovecot restart');
				}
			} else {
				// If dovecot switch to dovecot
Florian Schaal's avatar
Florian Schaal committed
173
				if($out[0] != "virtual_transport = dovecot") {
174 175 176 177
					exec("postconf -e 'virtual_transport = dovecot'");
					exec('postfix reload');
					$app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3 lmtp", "protocols = imap pop3");
					exec($conf['init_scripts'] . '/' . 'dovecot restart');
Florian Schaal's avatar
Florian Schaal committed
178
				}
179 180
			}
		}
marknl's avatar
marknl committed
181

Marius Burkard's avatar
Marius Burkard committed
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202
		if($mail_config['content_filter'] != $old_ini_data['mail']['content_filter']) {
			if($mail_config['content_filter'] == 'rspamd'){
				exec("postconf -X 'receive_override_options'");
				exec("postconf -X 'content_filter'");
				
				exec("postconf -e 'smtpd_milters = inet:localhost:11332'");
				exec("postconf -e 'non_smtpd_milters = inet:localhost:11332'");
				exec("postconf -e 'milter_protocol = 6'");
				exec("postconf -e 'milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}'");
				exec("postconf -e 'milter_default_action = accept'");
				
				exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'");
				
				$new_options = array();
				$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
				foreach ($options as $key => $value) {
					if (!preg_match('/check_policy_service\s+inet:127.0.0.1:10023/', $value)) {
						$new_options[] = $value;
					}
				}
				exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
203 204 205 206 207 208 209 210 211 212
				
				// get all domains that have dkim enabled
				if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
					$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
				}
				$dkim_domains = $app->db->queryAllRecords('SELECT `dkim_selector`, `domain` FROM `mail_domain` WHERE `dkim` = ? ORDER BY `domain` ASC', 'y');
				$fpp = fopen('/etc/rspamd/local.d/dkim_domains.map', 'w');
				$fps = fopen('/etc/rspamd/local.d/dkim_selectors.map', 'w');
				foreach($dkim_domains as $dkim_domain) {
					fwrite($fpp, $dkim_domain['domain'] . ' ' . $mail_config['dkim_path'] . '/' . $dkim_domain['domain'] . '.private' . "\n");
213
					fwrite($fps, $dkim_domain['domain'] . ' ' . $dkim_domain['dkim_selector'] . "\n");
214 215 216 217
				}
				fclose($fpp);
				fclose($fps);
				unset($dkim_domains);
Marius Burkard's avatar
Marius Burkard committed
218 219 220 221 222 223 224 225 226 227 228 229 230
			}	
			if($mail_config['content_filter'] == 'amavisd'){
				exec("postconf -X 'smtpd_milters'");
				exec("postconf -X 'milter_protocol'");
				exec("postconf -X 'milter_mail_macros'");
				exec("postconf -X 'milter_default_action'");
				
				exec("postconf -e 'receive_override_options = no_address_mappings'");
				exec("postconf -e 'content_filter = amavis:[127.0.0.1]:10024'");
				
				exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re'");
			}
		}
231
		
Marius Burkard's avatar
Marius Burkard committed
232
		if($mail_config['content_filter'] == 'rspamd' && ($mail_config['rspamd_password'] != $old_ini_data['mail']['rspamd_password'] || $mail_config['content_filter'] != $old_ini_data['mail']['content_filter'])) {
233 234
			$app->load('tpl');

235 236 237 238 239 240
			$rspamd_password = $mail_config['rspamd_password'];
			$crypted_password = trim(exec('rspamadm pw -p ' . escapeshellarg($rspamd_password)));
			if($crypted_password) {
				$rspamd_password = $crypted_password;
			}
			
Marius Burkard's avatar
Marius Burkard committed
241 242
			$tpl = new tpl();
			$tpl->newTemplate('rspamd_worker-controller.inc.master');
243
			$tpl->setVar('rspamd_password', $rspamd_password);
Marius Burkard's avatar
Marius Burkard committed
244
			$app->system->file_put_contents('/etc/rspamd/local.d/worker-controller.inc', $tpl->grab());
245
			chmod('/etc/rspamd/local.d/worker-controller.inc', 0644);
Marius Burkard's avatar
Marius Burkard committed
246 247
			$app->services->restartServiceDelayed('rspamd', 'reload');
		}
248

Marius Burkard's avatar
Marius Burkard committed
249 250 251
		exec("postconf -e 'mailbox_size_limit = ".intval($mail_config['mailbox_size_limit']*1024*1024)."'");
		exec("postconf -e 'message_size_limit = ".intval($mail_config['message_size_limit']*1024*1024)."'");
		$app->services->restartServiceDelayed('postfix', 'reload');
252 253
	}
} // end class