diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 43d226aab5b33a6a9614ac3f91f933d03850dabe..d6d2f50652c7b18e4ebf1ad145737e525fff0a8e 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -1897,6 +1897,9 @@ class installer_base { 'neural_group.conf', 'users.conf', 'groups.conf', + 'multimap.conf', + 'force_actions.conf', + 'whitelist.conf', ); foreach ($local_d as $f) { if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) { @@ -1934,6 +1937,143 @@ class installer_base { } } + # generated local.d/maps.d files + $filename = '/etc/rspamd/local.d/maps.d/ip_whitelist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'client' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted ip addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_whitelist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted sender addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_blacklist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted sender addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_domain_whitelist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted sender domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_domain_blacklist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted sender domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_whitelist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted recipient addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_blacklist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted recipient addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_domain_whitelist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` NOT LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted recipient domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_domain_blacklist.inc.ispc'; + @unlink($filename); + $records = $this->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` NOT LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted recipient domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $this->error("Error: cannot open $filename for writing"); + } + } + + # rename rspamd templates we no longer use if(file_exists("/etc/rspamd/local.d/greylist.conf")) { rename("/etc/rspamd/local.d/greylist.conf", "/etc/rspamd/local.d/greylist.old"); diff --git a/install/tpl/rspamd_force_actions.conf.master b/install/tpl/rspamd_force_actions.conf.master new file mode 100644 index 0000000000000000000000000000000000000000..3a1d3b1ad06e1d78ca943af8c24469afae93ecd5 --- /dev/null +++ b/install/tpl/rspamd_force_actions.conf.master @@ -0,0 +1,52 @@ +rules { + + # ISPConfig whitelist/blacklist passthrough actions + # (always combine authentication tests (dkim/spf) with sender whitelisting). + + ISPC_WHITELIST_SENDER { + expression = "(ISPC_WHITELIST_ENVFROM and (R_DKIM_ALLOW or R_SPF_ALLOW)) or (ISPC_WHITELIST_FROM and R_DKIM_ALLOW) and !CLAM_VIRUS and !JUST_EICAR"; + action = "no action"; + message = "Whitelisted sender"; + } + + ISPC_BLACKLIST_SENDER { + expression = "(ISPC_BLACKLIST_FROM or ISPC_BLACKLIST_FROM_DOMAIN or ISPC_BLACKLIST_REPLYTO or ISPC_BLACKLIST_REPLYTO_DOMAIN) and !FORCE_ACTION_ISPC_WHITELIST_SENDER and !FORCE_ACTION_ISPC_WHITELIST_SENDER_DOMAIN and !FORCE_ACTION_ISPC_WHITELIST_RECIPIENT and !FORCE_ACTION_WHITELIST_RECIPIENT_DOMAIN"; + action = "reject"; + message = "Blacklisted sender"; + } + + ISPC_WHITELIST_SENDER_DOMAIN { + expression = "(ISPC_WHITELIST_ENVFROM_DOMAIN and (ISPC_WHITELIST_DKIM or ISPC_WHITELIST_SPF)) or (ISPC_WHITELIST_FROM_DOMAIN and ISPC_WHITELIST_DKIM) and !CLAM_VIRUS and !JUST_EICAR"; + action = "no action"; + message = "Whitelisted sender domain"; + } + +# test multiple recipients, does forced action only apply to the whitelisted recipient or all? +# if all, combine this with RCPT_COUNT_ONE +# do all recipients have to be matched in whitelist for symbol to be added, or any ? + ISPC_WHITELIST_RECIPIENT { + expression = "ISPC_WHITELIST_ENVRCPT and !CLAM_VIRUS and !JUST_EICAR"; + action = "no action"; + message = "Whitelisted recipient"; + } + +# ISPC_TEST { +# #expression = "ISPC_BLACKLIST_TO"; +# expression = "ISPC_WHITELIST_ENVRCPT"; +# action = "no action"; +# message = "TEST RULE"; +# } + + ISPC_BLACKLIST_RECIPIENT { + expression = "(ISPC_BLACKLIST_TO or ISPC_BLACKLIST_TO_DOMAIN) and !FORCE_ACTION_ISPC_WHITELIST_SENDER and !FORCE_ACTION_ISPC_WHITELIST_SENDER_DOMAIN and !FORCE_ACTION_ISPC_WHITELIST_RECIPIENT and !FORCE_ACTION_WHITELIST_RECIPIENT_DOMAIN"; + action = "reject"; + message = "Blacklisted recipient"; + } + + ISPC_WHITELIST_RECIPIENT_DOMAIN { + expression = "ISPC_WHITELIST_ENVRCPT_DOMAIN and !CLAM_VIRUS and !JUST_EICAR"; + action = "no action"; + message = "Whitelisted recipient domain"; + } + +} diff --git a/install/tpl/rspamd_multimap.conf.master b/install/tpl/rspamd_multimap.conf.master new file mode 100644 index 0000000000000000000000000000000000000000..ad03ee8d3a265b278c7ec2fdd99f1716d604f9eb --- /dev/null +++ b/install/tpl/rspamd_multimap.conf.master @@ -0,0 +1,155 @@ +ISPC_WHITELIST_IP { + group = "ISPConfig"; + description = "Whitelisted ip address."; + type = "ip"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/ip_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/ip_whitelist.inc.local" ]; + prefilter = "true"; + action = "accept"; +} + +# ISPC_BLACKLIST_IP: Postfix blocks blacklisted IP's, no need to configure those here. + +ISPC_WHITELIST_ENVFROM { + group = "ISPConfig"; + description = "Whitelisted sender address."; + type = "selector"; + selector = "from('smtp')"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ]; + score = -7.0; +} + +# ISPC_BLACKLIST_ENVFROM: Postfix blocks blacklisted senders, no need to configure those here. + +ISPC_WHITELIST_ENVFROM_DOMAIN { + group = "ISPConfig"; + description = "Whitelisted sender domain."; + type = "selector"; + selector = "from('smtp'):domain"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local" ]; + score = -7.0; +} + +# ISPC_BLACKLIST_ENVFROM_DOMAIN: Postfix blocks blacklisted sender domains, no need to configure those here. + +ISPC_WHITELIST_FROM { + group = "ISPConfig"; + description = "From: header address in sender whitelist."; + type = "selector"; + selector = "from('mime')"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_whitelist.inc.local" ]; + # trivial to spoof so primarily used via composite expression in force_actions.conf + score = -1.0; +} + +ISPC_BLACKLIST_FROM { + group = "ISPConfig"; + description = "From: header address in sender blacklist."; + type = "selector"; + selector = "from('mime')"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.local" ]; + score = 12.0; +} + +ISPC_WHITELIST_FROM_DOMAIN { + group = "ISPConfig"; + description = "From: header domain in sender whitelist."; + type = "selector"; + selector = "from('mime'):domain"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_whitelist.inc.local" ]; + # trivial to spoof so primarily used via composite expression in force_actions.conf + score = -1.0; +} + +ISPC_BLACKLIST_FROM_DOMAIN { + group = "ISPConfig"; + description = "From: header domain in sender blacklist."; + type = "selector"; + selector = "from('mime'):domain"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.local" ]; + score = 12.0; +} + +ISPC_BLACKLIST_REPLYTO { + group = "ISPConfig"; + description = "Reply-To: header address in sender blacklist."; + type = "header"; + header = "Reply-To"; + filter = "email"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_blacklist.inc.local" ]; + score = 12.0; +} + +ISPC_BLACKLIST_REPLYTO_DOMAIN { + group = "ISPConfig"; + description = "Reply-To: header domain in sender blacklist."; + type = "header"; + header = "Reply-To"; + filter = "email:domain"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/sender_domain_blacklist.inc.local" ]; + score = 12.0; +} + +# Reminder: test if whitelisted sender bypasses dkim signing for sender +# Reminder: test if whitelisted recipient address bypasses dkim signing for sender + +ISPC_WHITELIST_ENVRCPT { + group = "ISPConfig"; + description = "Whitelisted recipient address."; + type = "selector"; + selector = "rcpts('smtp')"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_whitelist.inc.local" ]; + score = -7.0; +} + +# ISPC_BLACKLIST_ENVRCPT: Postfix blocks blacklisted recipients, no need to configure those here. + +ISPC_WHITELIST_ENVRCPT_DOMAIN { + group = "ISPConfig"; + description = "Whitelisted recipient domain."; + type = "selector"; + selector = "rcpts('smtp'):domain"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_whitelist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_whitelist.inc.local" ]; + score = -7.0; +} + +# ISPC_BLACKLIST_ENVRCPT_DOMAIN: Postfix blocks blacklisted recipient domains, no need to configure those here. + +# ISPC_WHITELIST_TO: headers are trivial to forge, no whitelisting based on them + +ISPC_BLACKLIST_TO { + group = "ISPConfig"; + description = "To:/Cc: header address in recipient blacklist."; + type = "selector"; + selector = "rcpts('mime')"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_blacklist.inc.local" ]; + score = 12.0; +} + +# ISPC_WHITELIST_TO_DOMAIN: headers are trivial to forge, no whitelisting based on them + +ISPC_BLACKLIST_TO_DOMAIN { + group = "ISPConfig"; + description = "To:/Cc: header domain in recipient blacklist."; + type = "selector"; + selector = "rcpts('mime'):domain"; + map = [ "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_blacklist.inc.ispc", "$LOCAL_CONFDIR/local.d/maps.d/recipient_domain_blacklist.inc.local" ]; + score = 12.0; +} + + +# Invaluement.com Service Provider DNSBLs +# from https://rspamd.com/doc/configuration/selectors.html +INVALUEMENT_SENDGRID_ID { + type = "selector"; + selector = 'header("X-SG-EID").id;from("smtp","orig").regexp("/^plugins->registerEvent('mail_access_insert', $this->plugin_name, 'spamfilter_wblist_insert'); $app->plugins->registerEvent('mail_access_update', $this->plugin_name, 'spamfilter_wblist_update'); $app->plugins->registerEvent('mail_access_delete', $this->plugin_name, 'spamfilter_wblist_delete'); + $app->plugins->registerEvent('mail_access_insert', $this->plugin_name, 'mail_access_update'); + $app->plugins->registerEvent('mail_access_update', $this->plugin_name, 'mail_access_update'); + $app->plugins->registerEvent('mail_access_delete', $this->plugin_name, 'mail_access_update'); //* server $app->plugins->registerEvent('server_insert', $this->plugin_name, 'server_update'); @@ -498,6 +501,175 @@ class rspamd_plugin { } } + function mail_access_update($event_name, $data) { + global $app, $conf; + + if(!is_dir('/etc/rspamd')) { + return; + } + + $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); + + +/* + [new] => Array + ( + [access_id] => 5 + [sys_userid] => 1 + [sys_groupid] => 1 + [sys_perm_user] => riud + [sys_perm_group] => riud + [sys_perm_other] => + [server_id] => 1 + [source] => 1.2.3.5 + [access] => OK + [type] => client + [active] => y + ) + */ + # generated local.d/maps.d files + if ($data['old']['type'] == 'client' || $data['new']['type'] == 'client') { + $filename = '/etc/rspamd/local.d/maps.d/ip_whitelist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'client' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted ip addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + } + + if ($data['old']['type'] == 'sender' || $data['new']['type'] == 'sender') { + $filename = '/etc/rspamd/local.d/maps.d/sender_whitelist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted sender addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_blacklist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted sender addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_domain_whitelist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted sender domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/sender_domain_blacklist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'sender' AND `source` NOT LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted sender domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + } + + if ($data['old']['type'] == 'recipient' || $data['new']['type'] == 'recipient') { + $filename = '/etc/rspamd/local.d/maps.d/recipient_whitelist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted recipient addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_blacklist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted recipient addresses\n\n"); + foreach($records as $record) { + fwrite($fp, $record['source'] . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_domain_whitelist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` NOT LIKE '%@%' AND `access` = 'OK' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig whitelisted recipient domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + + $filename = '/etc/rspamd/local.d/maps.d/recipient_domain_blacklist.inc.ispc'; + @unlink($filename); + $records = $app->db->queryAllRecords("SELECT `source` FROM ?? WHERE `type` = 'recipient' AND `source` NOT LIKE '%@%' AND `access` LIKE 'REJECT%' AND `active` = 'y' AND `sys_userid` IN (SELECT `userid` FROM `sys_user` WHERE `sys_groupid` = 0) AND `server_id` = ? ORDER BY `source` ASC", $conf['mysql']['database'] . '.mail_access', $conf['server_id']); + if (count($records) > 0) { + if ($fp = fopen($filename, 'w')) { + fwrite($fp, "# ISPConfig blacklisted recipient domains\n\n"); + foreach($records as $record) { + fwrite($fp, ltrim($record['source'], '.') . "\n"); + } + fclose($fp); + } else { + $app->log("Error: cannot open $filename for writing", LOGLEVEL_WARN); + } + } + } + } + function server_update($event_name, $data) { global $app, $conf;