diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index 1c0a9919a36fddc25c92fdeb334ff500f480cc90..c5cecf5b571172d8afba078d8a5bd43512fc9fc0 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -282,6 +282,37 @@ class page_action extends tform_actions { unset($tmp_domain); } } // endif spamfilter policy + + //* create dns-record with dkim-values if the zone exists + if ( (isset($this->dataRecord['dkim']) && $this->dataRecord['dkim'] == 'y') && (isset($this->dataRecord['active']) && $this->dataRecord['active'] == 'y') ) { + $soa_rec = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $this->dataRecord['domain'].'.'); + if ( isset($soa_rec) ) { + //* check for a dkim-record in the dns + $dns_data = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ? AND sys_groupid = ?", $this->dataRecord['dkim_selector'].'._domainkey.'.$this->dataRecord['domain'].'.', $_SESSION["s"]["user"]['sys_groupid']); + if ( isset($dns_data) ) { + $dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $this->dataRecord['dkim_public']); + $dns_data['active'] = 'Y'; + $dns_data['stamp'] = date('Y-m-d H:i:s'); + $dns_data['serial'] = $app->validate_dns->increase_serial($dns_data['serial']); + $app->db->datalogUpdate('dns_rr', $dns_data, 'id', $dns_data['id']); + $zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $dns_data['zone']); + $new_serial = $app->validate_dns->increase_serial($zone['serial']); + $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']); + } else { //* no dkim-record found - create new record + $dns_data = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $this->dataRecord['domain'].'.'); + $dns_data['name'] = $this->dataRecord['dkim_selector'].'._domainkey.'.$this->dataRecord['domain'].'.'; + $dns_data['type'] = 'TXT'; + $dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $this->dataRecord['dkim_public']); + $dns_data['aux'] = 0; + $dns_data['active'] = 'Y'; + $dns_data['stamp'] = date('Y-m-d H:i:s'); + $dns_data['serial'] = $app->validate_dns->increase_serial($dns_data['serial']); + $app->db->datalogInsert('dns_rr', $dns_data, 'id', $dns_data['zone']); + $new_serial = $app->validate_dns->increase_serial($soa_rec['serial']); + $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $soa_rec['zone']); + } + } + } //* endif add dns-record } function onBeforeUpdate() { @@ -308,6 +339,69 @@ class page_action extends tform_actions { } unset($rec); } + + //* update dns-record when the dkim record was changed + // NOTE: only if the domain-name was not changed + + //* get domain-data from the db + $mail_data = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $this->dataRecord['domain']); + + if ( isset($mail_data) ) { + $post_data = $mail_data; + $post_data['dkim_selector'] = $this->dataRecord['dkim_selector']; + $post_data['dkim_public'] = $this->dataRecord['dkim_public']; + $post_data['dkim_private'] = $this->dataRecord['dkim_private']; + if ( isset($this->dataRecord['dkim']) ) $post_data['dkim'] = 'y'; else $post_data['dkim'] = 'n'; + if ( isset($this->dataRecord['active']) ) $post_data['active'] = 'y'; else $post_data['active'] = 'n'; + } + + //* dkim-value changed + if ( $mail_data != $post_data ) { + //* get the dns-record for the public from the db + $dns_data = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE name = ? AND sys_groupid = ?'", $mail_data['dkim_selector'].'._domainkey.'.$mail_data['domain'].'.', $mail_data['sys_groupid']); + + //* we modify dkim dns-values for active mail-domains only + if ( $post_data['active'] == 'y' ) { + if ( $post_data['dkim'] == 'n' ) { + $new_dns_data['active'] = 'N'; + } else { + if ( $post_data['dkim_selector'] != $mail_data['dkim_selector'] ) + $new_dns_data['name'] = $post_data['dkim_selector'].'._domainkey.'.$post_data['domain'].'.'; + if ( $post_data['dkim'] != $mail_data['dkim'] ) + $new_dns_data['active'] = 'Y'; + if ( $post_data['active'] != $mail_data['active'] && $post_data['active'] == 'y' ) + $new_dns_data['active'] = 'Y'; + if ( $post_data['dkim_public'] != $mail_data['dkim_public'] ) + $new_dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $post_data['dkim_public']); + } + } else $new_dns_data['active'] = 'N'; + + if ( isset($dns_data) && isset($new_dns_data) ) { + //* update dns-record + $new_dns_data['serial'] = $app->validate_dns->increase_serial($dns_data['serial']); + $app->db->datalogUpdate('dns_rr', $new_dns_data, 'id', $dns_data['id']); + $zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $dns_data['zone']); + $new_serial = $app->validate_dns->increase_serial($zone['serial']); + $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']); + } else { + //* create a new dns-record + $new_dns_data = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $mail_data['domain'].'.'); + //* create a new record only if the dns-zone exists + if ( isset($new_dns_data) && $post_data['dkim'] == 'y' ) { + $new_dns_data['name'] = $post_data['dkim_selector'].'._domainkey.'.$post_data['domain'].'.'; + $new_dns_data['type'] = 'TXT'; + $new_dns_data['data'] = 'v=DKIM1; t=s; p='.str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"), '', $post_data['dkim_public']); + $new_dns_data['aux'] = 0; + $new_dns_data['active'] = 'Y'; + $new_dns_data['stamp'] = date('Y-m-d H:i:s'); + $new_dns_data['serial'] = $app->validate_dns->increase_serial($new_dns_data['serial']); + $app->db->datalogInsert('dns_rr', $new_dns_data, 'id', $new_dns_data['zone']); + $zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_dns_data['zone']); + $new_serial = $app->validate_dns->increase_serial($zone['serial']); + $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']); + } + } + } //* endif $mail_data != $post_data } function onAfterUpdate() { diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php index a74c4b8ed463b85dce3610448b34dff473b16f73..f53b1087f39e42979b2a0ea5f310344b96503dd6 100644 --- a/server/plugins-available/mail_plugin_dkim.inc.php +++ b/server/plugins-available/mail_plugin_dkim.inc.php @@ -119,8 +119,12 @@ class mail_plugin_dkim { } /* dir for dkim-keys writeable? */ $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); - if (isset($mail_config['dkim_path']) && (!empty($mail_config['dkim_path'])) && isset($data['new']['dkim_private']) && !empty($data['new']['dkim_private'])) { - + if ( isset($mail_config['dkim_path']) && + !empty($mail_config['dkim_path']) && + isset($data['new']['dkim_private']) && + !empty($data['new']['dkim_private']) && + $mail_config['dkim_path'] != '/' + ) { if (!is_dir($mail_config['dkim_path'])) { $app->log('DKIM Path '.$mail_config['dkim_path'].' not found - (re)created.', LOGLEVEL_DEBUG); if($app->system->is_user('amavis')) { @@ -133,10 +137,12 @@ class mail_plugin_dkim { } if(!empty($amavis_user)) { mkdir($mail_config['dkim_path'], 0750, true); - exec('chown '.$amavis_user.' /var/lib/amavis/dkim'); + exec('chown '.$amavis_user.' '.escapeshellarg($mail_config['dkim_path'])); unset($amavis_user); } else { mkdir($mail_config['dkim_path'], 0755, true); + $app->log('No user amavis or vscan found - using root for '.$mail_config['dkim_path'] +, LOGLEVEL_WARNING); } } @@ -194,6 +200,8 @@ class mail_plugin_dkim { if (!file_put_contents($key_file.'.public', $public_key) === false) $app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG); else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG); + } else { + $app->log('Unable to save DKIM Privte-key to '.$key_file.'.private', LOGLEVEL_ERROR); } return $success; }