Commit 0d8f89bb authored by Marius Burkard's avatar Marius Burkard
Browse files

- added rspamd conditionals for mail dkim plugin

parent 7b5d9451
......@@ -1458,6 +1458,12 @@ class installer_base {
exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
}
if(is_user('_rspamd') && is_group('amavis')) {
exec("usermod -G amavis _rspamd");
} elseif(is_user('rspamd') && is_group('amavis')) {
exec("usermod -G amavis rspamd");
}
if(!is_dir('/etc/rspamd/local.d/')){
mkdir('/etc/rspamd/local.d/', 0755, true);
}
......
......@@ -29,6 +29,7 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@author Florian Schaal, info@schaal-24.de
@author Marius Burkard, m.burkard@ispconfig.org (modified for rspamd)
@copyright Florian Schaal, info@schaal-24.de
*/
......@@ -59,8 +60,8 @@ class mail_plugin_dkim {
/**
* This function is called when the plugin is loaded
*/
function onLoad() {
global $app, $conf;
public function onLoad() {
global $app;
/*
Register for the events
*/
......@@ -73,7 +74,7 @@ class mail_plugin_dkim {
* This function gets the amavisd-config file
* @return string path to the amavisd-config for dkim-keys
*/
function get_amavis_config() {
private function get_amavis_config() {
$pos_config=array(
'/etc/amavisd.conf/50-user',
'/etc/amavis/conf.d/50-user',
......@@ -101,45 +102,59 @@ class mail_plugin_dkim {
* @param array $data mail-settings
* @return boolean - true when the amavis-config and the dkim-dir are writeable
*/
function check_system($data) {
global $app, $mail_config;
private function check_system() {
global $app, $conf, $mail_config;
/** TODO: FIX IF ONLY RSPAMD IS INSTALLED AND NO AMAVIS! **/
/** TODO: FIX DKIM FOR RSPAMD, RSPAMD CANNOT READ FILES OF amavis:root **/
$app->uses('getconf');
$check=true;
/* check for amavis-config */
$amavis_configfile = $this->get_amavis_config();
$check = true;
//* Create the file if it does not exists.
if (substr_compare($amavis_configfile, '60-dkim', -7) === 0 && !file_exists($amavis_configfile))
$app->system->touch($amavis_configfile);
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if($mail_config['content_filter'] != 'rspamd') {
/* check for amavis-config */
$amavis_configfile = $this->get_amavis_config();
if ( $amavis_configfile == '' || !is_writeable($amavis_configfile) ) {
$app->log('Amavis-config not found or not writeable.', LOGLEVEL_ERROR);
$check=false;
//* Create the file if it does not exists.
if (substr_compare($amavis_configfile, '60-dkim', -7) === 0 && !file_exists($amavis_configfile)) {
$app->system->touch($amavis_configfile);
}
if ( $amavis_configfile == '' || !is_writeable($amavis_configfile) ) {
$app->log('Amavis-config not found or not writeable.', LOGLEVEL_ERROR);
$check = false;
}
}
/* dir for dkim-keys writeable? */
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if (isset($mail_config['dkim_path']) && !empty($mail_config['dkim_path']) && $mail_config['dkim_path'] != '/') {
if (!is_dir($mail_config['dkim_path'])) {
$app->log('DKIM Path '.$mail_config['dkim_path'].' not found - (re)created.', LOGLEVEL_DEBUG);
if($app->system->is_user('amavis')) {
$amavis_user='amavis';
} elseif($app->system->is_user('_rspamd')) {
$amavis_user = '_rspamd';
} elseif($app->system->is_user('rspamd')) {
$amavis_user = 'rspamd';
} elseif ($app->system->is_user('vscan')) {
$amavis_user='vscan';
$amavis_user = 'vscan';
} else {
$amavis_user = '';
}
else {
$amavis_user='';
if($app->system->is_user('amavis')) {
$amavis_group='amavis';
} elseif($app->system->is_user('_rspamd')) {
$amavis_group = '_rspamd';
} elseif($app->system->is_user('rspamd')) {
$amavis_group = 'rspamd';
} elseif ($app->system->is_user('vscan')) {
$amavis_group = 'vscan';
} else {
$amavis_group = '';
}
if(!empty($amavis_user)) {
mkdir($mail_config['dkim_path'], 0750, true);
$app->system->chown($mail_config['dkim_path'], $amavis_user);
$app->system->mkdirpath($mail_config['dkim_path'], 0750, $amavis_user, $amavis_group);
} else {
mkdir($mail_config['dkim_path'], 0755, true);
$app->system->mkdirpath($mail_config['dkim_path'], 0755);
$app->log('No user amavis or vscan found - using root for '.$mail_config['dkim_path'], LOGLEVEL_WARNING);
}
} else {
......@@ -169,12 +184,15 @@ class mail_plugin_dkim {
/**
* This function restarts amavis
*/
function restart_amavis() {
private function restart_amavis() {
global $app;
$output = null;
$initcommand = $app->system->getinitcommand(array('amavis', 'amavisd'), 'restart');
$app->log('Restarting amavis: '.$initcommand.'.', LOGLEVEL_DEBUG);
exec($initcommand, $output);
foreach($output as $logline) $app->log($logline, LOGLEVEL_DEBUG);
foreach($output as $logline) {
$app->log($logline, LOGLEVEL_DEBUG);
}
}
/**
......@@ -184,8 +202,8 @@ class mail_plugin_dkim {
* @param string $key_domain mail-domain
* @return bool - true when the private key was written to disk
*/
function write_dkim_key($key_file, $key_value, $key_domain) {
global $app, $mailconfig;
private function write_dkim_key($key_file, $key_value, $key_domain) {
global $app;
$success=false;
if ($key_file == '' || $key_value == '' || $key_domain == '') {
$app->log('DKIM internal error for domain '.$key_domain, LOGLEVEL_ERROR);
......@@ -194,14 +212,20 @@ class mail_plugin_dkim {
if ( $app->system->file_put_contents($key_file.'.private', $key_value) ) {
$app->log('Saved DKIM Private-key to '.$key_file.'.private', LOGLEVEL_DEBUG);
$success=true;
$pubkey = null;
$result = 0;
/* now we get the DKIM Public-key */
exec('cat '.escapeshellarg($key_file.'.private').'|openssl rsa -pubout 2> /dev/null', $pubkey, $result);
$public_key='';
foreach($pubkey as $values) $public_key=$public_key.$values."\n";
foreach($pubkey as $values) {
$public_key = $public_key . $values . "\n";
}
/* save the DKIM Public-key in dkim-dir */
if ( $app->system->file_put_contents($key_file.'.public', $public_key) )
if($app->system->file_put_contents($key_file.'.public', $public_key)) {
$app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
} else {
$app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
}
} else {
$app->log('Unable to save DKIM Private-key to '.$key_file.'.private', LOGLEVEL_ERROR);
}
......@@ -213,26 +237,32 @@ class mail_plugin_dkim {
* @param string $key_file full path to the key-file
* @param string $key_domain mail-domain
*/
function remove_dkim_key($key_file, $key_domain) {
private function remove_dkim_key($key_file, $key_domain) {
global $app;
if (file_exists($key_file.'.private')) {
$app->system->unlink($key_file.'.private');
$app->log('Deleted the DKIM Private-key for '.$key_domain.'.', LOGLEVEL_DEBUG);
} else $app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
} else {
$app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
}
if (file_exists($key_file.'.public')) {
$app->system->unlink($key_file.'.public');
$app->log('Deleted the DKIM Public-key for '.$key_domain.'.', LOGLEVEL_DEBUG);
} else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
} else {
$app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
}
}
/**
* This function adds the entry to the amavisd-config
* @param string $key_domain mail-domain
*/
function add_to_amavis($key_domain, $selector, $old_selector) {
private function add_to_amavis($key_domain, $selector, $old_selector) {
global $app, $mail_config;
if (empty($selector)) $selector = 'default';
if (empty($selector)) {
$selector = 'default';
}
$restart = false;
$amavis_configfile = $this->get_amavis_config();
......@@ -270,7 +300,7 @@ class mail_plugin_dkim {
* This function removes the entry from the amavisd-config
* @param string $key_domain mail-domain
*/
function remove_from_amavis($key_domain) {
private function remove_from_amavis($key_domain) {
global $app;
$restart = false;
......@@ -308,14 +338,17 @@ class mail_plugin_dkim {
* This function controlls new key-files and amavisd-entries
* @param array $data mail-settings
*/
function add_dkim($data) {
global $app;
private function add_dkim($data) {
global $app, $conf;
if ($data['new']['active'] == 'y') {
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' )
if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
}
if ($this->write_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'], $data['new']['dkim_private'], $data['new']['domain'])) {
if ($this->add_to_amavis($data['new']['domain'], $data['new']['dkim_selector'], $data['old']['dkim_selector'] )) {
if($mail_config['content_filter'] == 'rspamd') {
$app->services->restartServiceDelayed('rspamd', 'reload');
} elseif ($this->add_to_amavis($data['new']['domain'], $data['new']['dkim_selector'], $data['old']['dkim_selector'] )) {
$this->restart_amavis();
} else {
$this->remove_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'], $data['new']['domain']);
......@@ -329,86 +362,89 @@ class mail_plugin_dkim {
/**
* This function controlls the removement of keyfiles (public and private)
* and the entry in the amavisd-config
* @param array $data mail-settings
* @param array $_data mail-settings
*/
function remove_dkim($_data) {
global $app;
private function remove_dkim($_data) {
global $app, $conf;
$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' )
if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
}
$this->remove_dkim_key($mail_config['dkim_path']."/".$_data['domain'], $_data['domain']);
if ($this->remove_from_amavis($_data['domain']))
if($mail_config['content_filter'] == 'rspamd') {
$app->services->restartServiceDelayed('rspamd', 'reload');
} elseif ($this->remove_from_amavis($_data['domain'])) {
$this->restart_amavis();
}
}
/**
* Function called by onLoad
* deletes dkim-keys
*/
function domain_dkim_delete($event_name, $data) {
if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y')
public function domain_dkim_delete($event_name, $data) {
if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y') {
$this->remove_dkim($data['old']);
}
}
/**
* Function called by onLoad
* insert dkim-keys
*/
function domain_dkim_insert($event_name, $data) {
if (isset($data['new']['dkim']) && $data['new']['dkim']=='y' && $this->check_system($data))
public function domain_dkim_insert($event_name, $data) {
if (isset($data['new']['dkim']) && $data['new']['dkim']=='y' && $this->check_system()) {
$this->add_dkim($data);
}
}
/**
* Function called by onLoad
* chang dkim-settings
*/
function domain_dkim_update($event_name, $data) {
public function domain_dkim_update($event_name, $data) {
global $app;
if($data['new']['dkim'] == 'y' || $data['old']['dkim'] == 'y'){
if ($this->check_system($data)) {
if ($this->check_system()) {
/* maildomain disabled */
if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y' && $data['new']['dkim']=='y') {
$app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
$this->remove_dkim($data['new']);
}
/* maildomain re-enabled */
if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n' && $data['new']['dkim']=='y')
if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n' && $data['new']['dkim']=='y') {
$this->add_dkim($data);
}
/* maildomain active - only dkim changes */
if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
/* dkim disabled */
if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
$this->remove_dkim($data['new']);
}
/* dkim enabled */
elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
$this->add_dkim($data);
}
/* new private-key */
if ($data['new']['dkim_private'] != $data['old']['dkim_private'] && $data['new']['dkim'] == 'y') {
$this->add_dkim($data);
}
/* new selector */
if ($data['new']['dkim_selector'] != $data['old']['dkim_selector'] && $data['new']['dkim'] == 'y') {
/* dkim enabled
* or new private-key
* or new selector
* or new domain-name
*/
elseif (
($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y')
|| ($data['new']['dkim_private'] != $data['old']['dkim_private'] && $data['new']['dkim'] == 'y')
|| ($data['new']['dkim_selector'] != $data['old']['dkim_selector'] && $data['new']['dkim'] == 'y')
|| ($data['new']['domain'] != $data['old']['domain'])
) {
if ($data['new']['domain'] != $data['old']['domain']) {
$this->remove_dkim($data['old']);
}
$this->add_dkim($data);
}
/* new domain-name */
if ($data['new']['domain'] != $data['old']['domain']) {
$this->remove_dkim($data['old']);
/* resync */
elseif($data['new'] == $data['old'] && $data['new']['dkim']=='y') {
$this->add_dkim($data);
}
}
/* resync */
if ($data['new']['active'] == 'y' && $data['new'] == $data['old'] && $data['new']['dkim']=='y') {
$this->add_dkim($data);
}
}
}
}
}
?>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment