function ParseLastEvents() { $timefile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time"; $timeF = file_time_min($timefile); if ($timeF < 240) { if ($GLOBALS["VERBOSE"]) { echo "{$timeF} minutes, need to wait 240\n"; } return; } @file_put_contents($timefile, "#"); $unix = new unix(); $iptables = $unix->find_program("iptables"); if ($GLOBALS["VERBOSE"]) { echo "Loading Whitelist\n"; } $whitelist = load_whitelist(); if ($GLOBALS["VERBOSE"]) { echo "Loading Whitelist " . count($whitelist) . " items\n"; } $sock = new sockets(); $PostfixInstantIptablesLastDays = $sock->GET_INFO("PostfixInstantIptablesLastDays"); $PostfixInstantIptablesMaxEvents = $sock->GET_INFO("PostfixInstantIptablesMaxEvents"); if (!is_numeric($PostfixInstantIptablesLastDays)) { $PostfixInstantIptablesLastDays = 7; } if (!is_numeric($PostfixInstantIptablesMaxEvents)) { $PostfixInstantIptablesMaxEvents = 50; } $sql = "SELECT COUNT(ipaddr) as tcount,ipaddr,smtp_err,hostname \n\tFROM mail_con_err_stats WHERE zDate<DATE_SUB(NOW(),INTERVAL 1 DAY) \n\tAND zDate>=DATE_SUB(NOW(),INTERVAL {$PostfixInstantIptablesLastDays} DAY) \n\tGROUP BY ipaddr,smtp_err,hostname ORDER BY COUNT(ipaddr) DESC"; $q = new mysql(); $results = $q->QUERY_SQL($sql, "artica_events"); $newarray = array(); while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) { $count_events = $ligne["tcount"]; if ($count_events < 3) { break; } $ipaddr = $ligne["ipaddr"]; $error = $ligne["smtp_err"]; $server_name = $ligne["hostname"]; if ($whitelist[$server_name]) { echo "Whitelisted {$server_name}\n"; continue; } if ($whitelist[$ipaddr]) { echo "Whitelisted {$ipaddr}\n"; continue; } $newarray[$ipaddr]["HOST"] = $server_name; $newarray[$ipaddr]["EVENTS_TEXT"][] = "{$server_name} [{$ipaddr}] - {$count_events} {$error}"; if (isset($newarray[$ipaddr])) { $newarray[$ipaddr]["EVENTS"] = $newarray[$ipaddr]["EVENTS"] + $count_events; } else { $newarray[$ipaddr]["EVENTS"] = $newarray[$ipaddr]["EVENTS"]; } } if (!is_array($newarray)) { return; } $newarray2 = $newarray; while (list($ipaddr, $ligne) = each($newarray)) { $count = $ligne["EVENTS"]; if ($count < $PostfixInstantIptablesMaxEvents) { unset($newarray2[$ipaddr]); //if($GLOBALS["VERBOSE"]){echo "skipping $ipaddr {$ligne["HOST"]} $count events\n";} continue; } } if ($GLOBALS["VERBOSE"]) { echo count($newarray2) . " items -> Array:newarray2\n"; } if (count($newarray2) == 0) { return; } $ipCount = 0; while (list($ipaddr, $ipaddrARR) = each($newarray2)) { $sql = "SELECT rulemd5 FROM iptables WHERE serverip='{$ipaddr}' AND local_port='25'"; $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); if ($ligne["rulemd5"] != null) { if ($GLOBALS["VERBOSE"]) { echo "Skip {$ipaddr} already added\n"; } continue; } $EVENTS = "{$ipaddrARR["EVENTS"]} refused connexions:\n" . @implode("\n", $ipaddrARR["EVENTS_TEXT"]); $cmd = "{$iptables} -A INPUT -s {$ipaddr} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\""; $iptablesClass = new iptables_chains(); $iptablesClass->serverip = $ipaddr; $iptablesClass->servername = $server_name; $iptablesClass->rule_string = $cmd; $iptablesClass->EventsToAdd = $EVENTS; if (!$iptablesClass->addPostfix_chain()) { $FAILED = "FAILED TO add {$ipaddr} "; } $notifs[] = $EVENTS; shell_exec($cmd); if ($GLOBALS["VERBOSE"]) { echo $cmd . "\n"; } $ipCount++; } if ($ipCount > 0) { $unix->send_email_events("Instant Iptables {$ipCount} addresse(s) added", "Calculation since {$PostfixInstantIptablesLastDays} days and for {$PostfixInstantIptablesMaxEvents} minimal blocks events\n" . @implode("\n", $notifs), "postfix"); } }
function parsequeue() { $q = new mysql(); $q->Check_iptables_table(); $ini = new Bs_IniHandler(); $ini->loadFile('/etc/artica-postfix/settings/Daemons/PostfixAutoBlockResults'); foreach (glob("/var/log/artica-postfix/smtp-hack/*.hack") as $filename) { $basename = basename($filename); $array = unserialize(@file_get_contents($filename)); $IP = $array["IP"]; if ($IP == "127.0.0.1") { @unlink($filename); continue; } $server_name = gethostbyaddr($IP); $matches = $array["MATCHES"]; $EVENTS = $array["EVENTS"]; $date = $array["DATE"]; if ($GLOBALS["VERBOSE"]) { echo "{$basename}: servername:{$server_name} IP=[{$IP}]\n"; } $cmd = "iptables -A INPUT -s {$IP} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\""; $iptables = new iptables_chains(); $iptables->serverip = $IP; $iptables->servername = $server_name; $iptables->rule_string = $cmd; $iptables->EventsToAdd = $EVENTS; if ($iptables->addPostfix_chain()) { if ($GLOBALS["VERBOSE"]) { echo "Add IP:Addr=<{$IP}>, servername=<{$server_name}> to mysql\n"; } $ini->set($IP, "events", $matches); $ini->set($IP, "iptablerule", $cmd); $ini->set($IP, "hostname", $server_name); if ($GLOBALS["VERBOSE"]) { echo "delete {$filename}\n"; } @unlink($filename); } } $filestr = $ini->toString(); file_put_contents("/etc/artica-postfix/settings/Daemons/PostfixAutoBlockResults", $filestr); }
function ban_servers_save() { $ipchain = new iptables_chains(); $tb = explode("\n", $_POST["ban-servers-add"]); if (!is_array($tb)) { echo "No data"; return; } while (list($num, $ipaddressData) = each($tb)) { if (!preg_match("#[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+#", $ipaddressData)) { $ip = gethostbyname($ipaddressData); $servername = $ipaddressData; } else { $ip = $ipaddressData; $servername = gethostbyaddr($ipaddressData); } $ipchain = new iptables_chains(); $ipchain->servername = $servername; $ipchain->serverip = $ip; $ipchain->EventsToAdd = "Manual rule"; $ipchain->rule_string = "iptables -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\""; if (!$ipchain->addPostfix_chain()) { echo "Failed {$ip} {$servername}\n"; return; } } $sock = new sockets(); $sock->getFrameWork("cmd.php?postfix-iptables-compile=yes"); }
function blocked_ip_identity_ban() { include_once 'ressources/class.iptables-chains.inc'; $tpl = new templates(); $ipchain = new iptables_chains(); $IPSRC = $_GET["identity-ban"]; if (trim($IPSRC) == null) { echo "NULL!"; return; } if (!preg_match("#[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+#", $IPSRC)) { $ip = gethostbyname($IPSRC); $servername = $IPSRC; } else { $ip = $IPSRC; $servername = gethostbyaddr($IPSRC); } $ipchain = new iptables_chains(); $ipchain->servername = $servername; $ipchain->serverip = $ip; $ipchain->EventsToAdd = "Manual rule"; $ipchain->rule_string = "iptables -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\""; if (!$ipchain->addPostfix_chain()) { echo $tpl->javascript_parse_text("{failed} {$ip} {$servername} "); return; } else { echo $tpl->javascript_parse_text("{success} {$ip} {$servername} "); } $sock = new sockets(); $sock->getFrameWork("cmd.php?postfix-iptables-compile=yes"); }