From cda177a2484843a20ff013728b856ee1f4e5008c Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Sat, 19 Jan 2019 21:47:04 +0100 Subject: [PATCH] - fixed vhost settings for nginx - fixed rspamd settings - fixed errors in webserver plugin - fixed error in dkim domain handling --- install/tpl/nginx_ispconfig.vhost.master | 2 +- install/tpl/rspamd_users.conf.master | 6 +-- interface/web/mail/mail_domain_edit.php | 4 +- server/conf/nginx_vhost.conf.master | 2 +- .../lib/classes/plugin_webserver_base.inc.php | 2 +- .../classes/plugin_webserver_nginx.inc.php | 2 +- .../mail_plugin_dkim.inc.php | 2 + server/plugins-available/nginx_plugin.inc.php | 2 +- .../plugins-available/rspamd_plugin.inc.php | 41 ++++++++++++------- 9 files changed, 39 insertions(+), 24 deletions(-) diff --git a/install/tpl/nginx_ispconfig.vhost.master b/install/tpl/nginx_ispconfig.vhost.master index edd9471d3..cd9bb1852 100644 --- a/install/tpl/nginx_ispconfig.vhost.master +++ b/install/tpl/nginx_ispconfig.vhost.master @@ -2,7 +2,7 @@ server { listen {vhost_port}{ssl_on}; listen [::]:{vhost_port} ipv6only=on{ssl_on}; - {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + {ssl_comment}ssl_protocols TLSv1 TLSv1.1 TLSv1.2; {ssl_comment}ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; {ssl_comment}ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; {ssl_comment}ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; diff --git a/install/tpl/rspamd_users.conf.master b/install/tpl/rspamd_users.conf.master index bf7ad2830..73d437d6c 100644 --- a/install/tpl/rspamd_users.conf.master +++ b/install/tpl/rspamd_users.conf.master @@ -4,10 +4,10 @@ settings { authenticated = yes; #apply "default" { groups_disabled = ["rbl", "spf"]; } apply "default" { - symbols_enabled = []; + #symbols_enabled = []; symbols_disabled = []; - groups_enabled = []; - groups_disabled = []; + #groups_enabled = []; + groups_disabled = ["rbl"]; } } whitelist { diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php index 3b1a5794d..5839d0b5d 100644 --- a/interface/web/mail/mail_domain_edit.php +++ b/interface/web/mail/mail_domain_edit.php @@ -318,7 +318,7 @@ class page_action extends tform_actions { $soaDomain = $this->dataRecord['domain'].'.'; while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) { $soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain); - $soaDomain = preg_replace("/^\w+\./","",$soaDomain); + $soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain); } if ( isset($soa) && !empty($soa) ) $this->update_dns($this->dataRecord, $soa); } @@ -444,7 +444,7 @@ class page_action extends tform_actions { $soaDomain = $this->dataRecord['domain'].'.'; while ((!isset($soa) && (substr_count($soaDomain,'.') > 1))) { $soa = $app->db->queryOneRecord("SELECT id AS zone, sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id, ttl, serial FROM dns_soa WHERE active = 'Y' AND origin = ?", $soaDomain); - $soaDomain = preg_replace("/^\w+\./","",$soaDomain); + $soaDomain = preg_replace("/^[^\.]+\./","",$soaDomain); } if ( ($selector || $dkim_private || $dkim_active) && $dkim_active ) diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master index c072d0ae3..bc09c4293 100644 --- a/server/conf/nginx_vhost.conf.master +++ b/server/conf/nginx_vhost.conf.master @@ -28,7 +28,7 @@ server { listen : ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if}; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; # ssl_prefer_server_ciphers on; diff --git a/server/lib/classes/plugin_webserver_base.inc.php b/server/lib/classes/plugin_webserver_base.inc.php index ea9ab8aa5..0ce6cc5d9 100644 --- a/server/lib/classes/plugin_webserver_base.inc.php +++ b/server/lib/classes/plugin_webserver_base.inc.php @@ -1719,7 +1719,7 @@ class plugin_webserver_base { $this->action = 'update'; $this->update_letsencrypt = true; // just run the update function - $this->update($event_name, $data); + $this->eventUpdate($event_name, $data, 'update', $server_type); } else { $conf_prefix = ''; diff --git a/server/lib/classes/plugin_webserver_nginx.inc.php b/server/lib/classes/plugin_webserver_nginx.inc.php index 3002f4b0f..377c05fd4 100644 --- a/server/lib/classes/plugin_webserver_nginx.inc.php +++ b/server/lib/classes/plugin_webserver_nginx.inc.php @@ -632,7 +632,7 @@ class plugin_webserver_nginx { if(count($server_alias) > 0) { $server_alias_str = ''; foreach($server_alias as $tmp_alias) { - $server_alias_str .= $tmp_alias; + $server_alias_str .= ' ' . $tmp_alias; } unset($tmp_alias); diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php index 26de6ca4a..cf9d713b9 100755 --- a/server/plugins-available/mail_plugin_dkim.inc.php +++ b/server/plugins-available/mail_plugin_dkim.inc.php @@ -104,6 +104,8 @@ class mail_plugin_dkim { function check_system($data) { global $app, $mail_config; + /** TODO: FIX IF ONLY RSPAMD IS INSTALLED AND NO AMAVIS! **/ + $app->uses('getconf'); $check=true; diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index 3a7f569c2..614437852 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -98,7 +98,7 @@ class nginx_plugin { if($this->action != 'insert') $this->action = 'update'; - $app->plugins_webserver_base->eventUpdate($event_name, $data, 'nginx'); + $app->plugin_webserver_base->eventUpdate($event_name, $data, $this->action, 'nginx'); //* Unset action to clean it for next processed vhost. $this->action = ''; diff --git a/server/plugins-available/rspamd_plugin.inc.php b/server/plugins-available/rspamd_plugin.inc.php index 4b60b11ea..c9af1be00 100644 --- a/server/plugins-available/rspamd_plugin.inc.php +++ b/server/plugins-available/rspamd_plugin.inc.php @@ -88,7 +88,7 @@ class rspamd_plugin { $app->uses('getconf,system,functions'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); - if($mail_config['content_filter'] == 'rspamd'){ + if(is_dir('/etc/rspamd')) { $policy = $app->db->queryOneRecord("SELECT * FROM spamfilter_policy WHERE id = ?", intval($data['new']['policy_id'])); //* Create the config file @@ -129,10 +129,14 @@ class rspamd_plugin { $app->system->file_put_contents($user_file, $tpl->grab()); } else { - if(is_file($user_file)) unlink($user_file); + if(is_file($user_file)) { + unlink($user_file); + } + } + + if($mail_config['content_filter'] == 'rspamd'){ + if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); } - //if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null'); - if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); } } @@ -143,11 +147,14 @@ class rspamd_plugin { $app->uses('getconf'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); - if($mail_config['content_filter'] == 'rspamd'){ + if(is_dir('/etc/rspamd')) { //* delete the config file $user_file = $this->users_config_dir.'spamfilter_user_'.intval($data['old']['id']).'.conf'; if(is_file($user_file)) unlink($user_file); - //if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null'); + + } + + if($mail_config['content_filter'] == 'rspamd') { if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); } } @@ -166,7 +173,7 @@ class rspamd_plugin { $app->uses('getconf,system,functions'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); - if($mail_config['content_filter'] == 'rspamd'){ + if(is_dir('/etc/rspamd')) { $recipient = $app->db->queryOneRecord("SELECT email FROM spamfilter_users WHERE id = ?", intval($data['new']['rid'])); //* Create the config file $wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['new']['wblist_id']).'.conf'; @@ -191,8 +198,10 @@ class rspamd_plugin { } else { if(is_file($wblist_file)) unlink($wblist_file); } - //if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null'); - if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); + + if($mail_config['content_filter'] == 'rspamd'){ + if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); + } } } @@ -202,12 +211,14 @@ class rspamd_plugin { $app->uses('getconf'); $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); - if($mail_config['content_filter'] == 'rspamd'){ + if(is_dir('/etc/rspamd')) { //* delete the config file $wblist_file = $this->users_config_dir.'spamfilter_wblist_'.intval($data['old']['wblist_id']).'.conf'; if(is_file($wblist_file)) unlink($wblist_file); - //if(is_file('/etc/init.d/rspamd')) exec('/etc/init.d/rspamd reload &> /dev/null'); - if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); + + if($mail_config['content_filter'] == 'rspamd'){ + if(is_file('/etc/init.d/rspamd')) $app->services->restartServiceDelayed('rspamd', 'reload'); + } } } @@ -220,7 +231,7 @@ class rspamd_plugin { $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail'); - if($mail_config['content_filter'] == 'rspamd'){ + if(is_dir('/etc/rspamd')) { $tpl = new tpl(); $tpl->newTemplate('rspamd_users.conf.master'); @@ -234,7 +245,9 @@ class rspamd_plugin { $tpl->setLoop('whitelist_ips', $whitelist_ips); $app->system->file_put_contents('/etc/rspamd/local.d/users.conf', $tpl->grab()); - $app->services->restartServiceDelayed('rspamd', 'reload'); + if($mail_config['content_filter'] == 'rspamd'){ + $app->services->restartServiceDelayed('rspamd', 'reload'); + } } } -- GitLab