function ParseLastEvents()
{
    $timefile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".time";
    $timeF = file_time_min($timefile);
    if ($timeF < 240) {
        if ($GLOBALS["VERBOSE"]) {
            echo "{$timeF} minutes, need to wait 240\n";
        }
        return;
    }
    @file_put_contents($timefile, "#");
    $unix = new unix();
    $iptables = $unix->find_program("iptables");
    if ($GLOBALS["VERBOSE"]) {
        echo "Loading Whitelist\n";
    }
    $whitelist = load_whitelist();
    if ($GLOBALS["VERBOSE"]) {
        echo "Loading Whitelist " . count($whitelist) . " items\n";
    }
    $sock = new sockets();
    $PostfixInstantIptablesLastDays = $sock->GET_INFO("PostfixInstantIptablesLastDays");
    $PostfixInstantIptablesMaxEvents = $sock->GET_INFO("PostfixInstantIptablesMaxEvents");
    if (!is_numeric($PostfixInstantIptablesLastDays)) {
        $PostfixInstantIptablesLastDays = 7;
    }
    if (!is_numeric($PostfixInstantIptablesMaxEvents)) {
        $PostfixInstantIptablesMaxEvents = 50;
    }
    $sql = "SELECT COUNT(ipaddr) as tcount,ipaddr,smtp_err,hostname \n\tFROM mail_con_err_stats WHERE zDate<DATE_SUB(NOW(),INTERVAL 1 DAY) \n\tAND zDate>=DATE_SUB(NOW(),INTERVAL {$PostfixInstantIptablesLastDays} DAY) \n\tGROUP BY ipaddr,smtp_err,hostname ORDER BY COUNT(ipaddr) DESC";
    $q = new mysql();
    $results = $q->QUERY_SQL($sql, "artica_events");
    $newarray = array();
    while ($ligne = @mysql_fetch_array($results, MYSQL_ASSOC)) {
        $count_events = $ligne["tcount"];
        if ($count_events < 3) {
            break;
        }
        $ipaddr = $ligne["ipaddr"];
        $error = $ligne["smtp_err"];
        $server_name = $ligne["hostname"];
        if ($whitelist[$server_name]) {
            echo "Whitelisted {$server_name}\n";
            continue;
        }
        if ($whitelist[$ipaddr]) {
            echo "Whitelisted {$ipaddr}\n";
            continue;
        }
        $newarray[$ipaddr]["HOST"] = $server_name;
        $newarray[$ipaddr]["EVENTS_TEXT"][] = "{$server_name} [{$ipaddr}] - {$count_events} {$error}";
        if (isset($newarray[$ipaddr])) {
            $newarray[$ipaddr]["EVENTS"] = $newarray[$ipaddr]["EVENTS"] + $count_events;
        } else {
            $newarray[$ipaddr]["EVENTS"] = $newarray[$ipaddr]["EVENTS"];
        }
    }
    if (!is_array($newarray)) {
        return;
    }
    $newarray2 = $newarray;
    while (list($ipaddr, $ligne) = each($newarray)) {
        $count = $ligne["EVENTS"];
        if ($count < $PostfixInstantIptablesMaxEvents) {
            unset($newarray2[$ipaddr]);
            //if($GLOBALS["VERBOSE"]){echo "skipping $ipaddr {$ligne["HOST"]} $count events\n";}
            continue;
        }
    }
    if ($GLOBALS["VERBOSE"]) {
        echo count($newarray2) . " items -> Array:newarray2\n";
    }
    if (count($newarray2) == 0) {
        return;
    }
    $ipCount = 0;
    while (list($ipaddr, $ipaddrARR) = each($newarray2)) {
        $sql = "SELECT rulemd5 FROM iptables WHERE serverip='{$ipaddr}' AND local_port='25'";
        $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup"));
        if ($ligne["rulemd5"] != null) {
            if ($GLOBALS["VERBOSE"]) {
                echo "Skip {$ipaddr} already added\n";
            }
            continue;
        }
        $EVENTS = "{$ipaddrARR["EVENTS"]} refused connexions:\n" . @implode("\n", $ipaddrARR["EVENTS_TEXT"]);
        $cmd = "{$iptables} -A INPUT -s {$ipaddr} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
        $iptablesClass = new iptables_chains();
        $iptablesClass->serverip = $ipaddr;
        $iptablesClass->servername = $server_name;
        $iptablesClass->rule_string = $cmd;
        $iptablesClass->EventsToAdd = $EVENTS;
        if (!$iptablesClass->addPostfix_chain()) {
            $FAILED = "FAILED TO add {$ipaddr} ";
        }
        $notifs[] = $EVENTS;
        shell_exec($cmd);
        if ($GLOBALS["VERBOSE"]) {
            echo $cmd . "\n";
        }
        $ipCount++;
    }
    if ($ipCount > 0) {
        $unix->send_email_events("Instant Iptables {$ipCount} addresse(s) added", "Calculation since {$PostfixInstantIptablesLastDays} days and for {$PostfixInstantIptablesMaxEvents} minimal blocks events\n" . @implode("\n", $notifs), "postfix");
    }
}
function parsequeue()
{
    $q = new mysql();
    $q->Check_iptables_table();
    $ini = new Bs_IniHandler();
    $ini->loadFile('/etc/artica-postfix/settings/Daemons/PostfixAutoBlockResults');
    foreach (glob("/var/log/artica-postfix/smtp-hack/*.hack") as $filename) {
        $basename = basename($filename);
        $array = unserialize(@file_get_contents($filename));
        $IP = $array["IP"];
        if ($IP == "127.0.0.1") {
            @unlink($filename);
            continue;
        }
        $server_name = gethostbyaddr($IP);
        $matches = $array["MATCHES"];
        $EVENTS = $array["EVENTS"];
        $date = $array["DATE"];
        if ($GLOBALS["VERBOSE"]) {
            echo "{$basename}: servername:{$server_name} IP=[{$IP}]\n";
        }
        $cmd = "iptables -A INPUT -s {$IP} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
        $iptables = new iptables_chains();
        $iptables->serverip = $IP;
        $iptables->servername = $server_name;
        $iptables->rule_string = $cmd;
        $iptables->EventsToAdd = $EVENTS;
        if ($iptables->addPostfix_chain()) {
            if ($GLOBALS["VERBOSE"]) {
                echo "Add IP:Addr=<{$IP}>, servername=<{$server_name}> to mysql\n";
            }
            $ini->set($IP, "events", $matches);
            $ini->set($IP, "iptablerule", $cmd);
            $ini->set($IP, "hostname", $server_name);
            if ($GLOBALS["VERBOSE"]) {
                echo "delete {$filename}\n";
            }
            @unlink($filename);
        }
    }
    $filestr = $ini->toString();
    file_put_contents("/etc/artica-postfix/settings/Daemons/PostfixAutoBlockResults", $filestr);
}
Example #3
0
function ban_servers_save()
{
    $ipchain = new iptables_chains();
    $tb = explode("\n", $_POST["ban-servers-add"]);
    if (!is_array($tb)) {
        echo "No data";
        return;
    }
    while (list($num, $ipaddressData) = each($tb)) {
        if (!preg_match("#[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+#", $ipaddressData)) {
            $ip = gethostbyname($ipaddressData);
            $servername = $ipaddressData;
        } else {
            $ip = $ipaddressData;
            $servername = gethostbyaddr($ipaddressData);
        }
        $ipchain = new iptables_chains();
        $ipchain->servername = $servername;
        $ipchain->serverip = $ip;
        $ipchain->EventsToAdd = "Manual rule";
        $ipchain->rule_string = "iptables -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
        if (!$ipchain->addPostfix_chain()) {
            echo "Failed {$ip} {$servername}\n";
            return;
        }
    }
    $sock = new sockets();
    $sock->getFrameWork("cmd.php?postfix-iptables-compile=yes");
}
Example #4
0
function blocked_ip_identity_ban()
{
    include_once 'ressources/class.iptables-chains.inc';
    $tpl = new templates();
    $ipchain = new iptables_chains();
    $IPSRC = $_GET["identity-ban"];
    if (trim($IPSRC) == null) {
        echo "NULL!";
        return;
    }
    if (!preg_match("#[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+#", $IPSRC)) {
        $ip = gethostbyname($IPSRC);
        $servername = $IPSRC;
    } else {
        $ip = $IPSRC;
        $servername = gethostbyaddr($IPSRC);
    }
    $ipchain = new iptables_chains();
    $ipchain->servername = $servername;
    $ipchain->serverip = $ip;
    $ipchain->EventsToAdd = "Manual rule";
    $ipchain->rule_string = "iptables -A INPUT -s {$ip} -p tcp --destination-port 25 -j DROP -m comment --comment \"ArticaInstantPostfix\"";
    if (!$ipchain->addPostfix_chain()) {
        echo $tpl->javascript_parse_text("{failed} {$ip} {$servername} ");
        return;
    } else {
        echo $tpl->javascript_parse_text("{success} {$ip} {$servername} ");
    }
    $sock = new sockets();
    $sock->getFrameWork("cmd.php?postfix-iptables-compile=yes");
}