function smtpd_client_restrictions() { exec("{$GLOBALS["postconf"]} -h smtpd_client_restrictions", $datas); $tbl = explode(",", implode(" ", $datas)); if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack"); $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter"); $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF'); $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon'); $amavis_internal = null; if (is_array($tbl)) { while (list($num, $ligne) = each($tbl)) { $ligne = trim($ligne); if (trim($ligne) == null) { continue; } if ($ligne == "Array") { continue; } $newHash[$ligne] = $ligne; } } $hashToDelete[] = "check_client_access hash:/etc/postfix/check_client_access"; $hashToDelete[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\""; $hashToDelete[] = "check_client_access hash:/etc/postfix/postfix_allowed_connections"; $hashToDelete[] = "reject_non_fqdn_hostname"; $hashToDelete[] = "reject_unknown_sender_domain"; $hashToDelete[] = "reject_non_fqdn_sender"; $hashToDelete[] = "reject_unauth_pipelining"; $hashToDelete[] = "reject_invalid_hostname"; $hashToDelete[] = "reject_unknown_client_hostname"; $hashToDelete[] = "reject_unknown_reverse_client_hostname"; $hashToDelete[] = "reject_invalid_hostname"; $hashToDelete[] = "reject_rbl_client zen.spamhaus.org"; $hashToDelete[] = "reject_rbl_client sbl.spamhaus.org"; $hashToDelete[] = "reject_rbl_client cbl.abuseat.org"; $hashToDelete[] = "reject_unauth_pipelining"; $hashToDelete[] = "reject_unauth_pipelining"; $hashToDelete[] = "reject_rbl_client=zen.spamhaus.org"; $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org"; $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org"; $hashToDelete[] = "check_client_access hash:/etc/postfix/amavis_internal"; while (list($num, $ligne) = each($hashToDelete)) { if (isset($newHash[$ligne])) { unset($newHash[$ligne]); } } if ($GLOBALS["VERBOSE"]) { echo "Starting......: smtpd_client_restrictions: origin:" . @implode(",", $newHash) . "\n"; } $main = new maincf_multi("master", "master"); $check_client_access = $main->check_client_access(); if ($check_client_access != null) { $newHash[$check_client_access] = $check_client_access; } $smtpd_client_restrictions = array(); if (isset($newHash)) { if (is_array($newHash)) { while (list($num, $ligne) = each($newHash)) { if (preg_match("#hash:(.+)\$#", $ligne, $re)) { $path = trim($re[1]); if (!is_file($path)) { echo "Starting......: smtpd_client_restrictions: bungled \"{$ligne}\"\n"; continue; } } if (preg_match("#reject_rbl_client=(.+?)\$#", $ligne, $re)) { $rbl = trim($re[1]); echo "Starting......: reject_rbl_client: bungled \"{$ligne}\" fix it\n"; $num = "reject_rbl_client {$rbl}"; continue; } } $smtpd_client_restrictions[] = $num; } } if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } $reject_unknown_client_hostname = $sock->GET_INFO('reject_unknown_client_hostname'); $reject_unknown_reverse_client_hostname = $sock->GET_INFO('reject_unknown_reverse_client_hostname'); $reject_invalid_hostname = $sock->GET_INFO('reject_invalid_hostname'); if ($reject_unknown_client_hostname == 1) { $smtpd_client_restrictions[] = "reject_unknown_client_hostname"; } if ($reject_unknown_reverse_client_hostname == 1) { $smtpd_client_restrictions[] = "reject_unknown_reverse_client_hostname"; } if ($reject_invalid_hostname == 1) { $smtpd_client_restrictions[] = "reject_invalid_hostname"; } if ($EnablePostfixAntispamPack == 1) { echo "Starting......: smtpd_client_restrictions:Anti-spam Pack is enabled\n"; if (!is_file("/etc/postfix/postfix_allowed_connections")) { @file_put_contents("/etc/postfix/postfix_allowed_connections", "#"); } $smtpd_client_restrictions[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\""; $smtpd_client_restrictions[] = "reject_non_fqdn_hostname"; $smtpd_client_restrictions[] = "reject_invalid_hostname"; $smtpd_client_restrictions[] = "reject_rbl_client zen.spamhaus.org"; $smtpd_client_restrictions[] = "reject_rbl_client sbl.spamhaus.org"; $smtpd_client_restrictions[] = "reject_rbl_client cbl.abuseat.org"; } if ($EnableArticaPolicyFilter == 1) { array_unshift($smtpd_client_restrictions, "check_policy_service inet:127.0.0.1:54423"); } echo "Starting......: smtpd_client_restrictions: " . count($smtpd_client_restrictions) . " rule(s)\n"; if ($EnableAmavisInMasterCF == 1) { if ($EnableAmavisDaemon == 1) { $count = amavis_internal(); if ($count > 0) { echo "Starting......: {$count} addresses bypassing amavisd new\n"; $amavis_internal = "check_client_access hash:/etc/postfix/amavis_internal,"; } } } if (is_array($smtpd_client_restrictions)) { //CLEAN engine --------------------------------------------------------------------------------------- while (list($num, $ligne) = each($smtpd_client_restrictions)) { $array_cleaned[trim($ligne)] = trim($ligne); } if (isset($array_cleaned["permit_mynetworks"])) { unset($array_cleaned["permit_mynetworks"]); } if (isset($array_cleaned["permit_sasl_authenticated"])) { unset($array_cleaned["permit_sasl_authenticated"]); } unset($smtpd_client_restrictions); $smtpd_client_restrictions = array(); if (is_array($smtpd_client_restrictions)) { while (list($num, $ligne) = each($smtpd_client_restrictions)) { echo "Starting......: smtpd_client_restrictions : {$ligne}\n"; $smtpd_client_restrictions[] = trim($ligne); } } //CLEAN engine --------------------------------------------------------------------------------------- } else { echo "Starting......: smtpd_client_restrictions: Not an array\n"; } $newval = null; if (count($smtpd_client_restrictions) > 1) { $newval = implode(",", $smtpd_client_restrictions); $newval = "{$amavis_internal}permit_mynetworks,permit_sasl_authenticated,reject_unauth_pipelining,{$newval}"; } else { if ($amavis_internal != null) { echo "Starting......: smtpd_client_restrictions: adding amavis internal\n"; $newval = "check_client_access hash:/etc/postfix/amavis_internal"; } } postconf("smtpd_client_restrictions", $newval); }
function smtpd_client_restrictions() { if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } exec("{$GLOBALS["postconf"]} -h smtpd_client_restrictions", $datas); $tbl = explode(",", implode(" ", $datas)); echo "Old values = {$datas}\n"; $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack"); $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter"); $EnableArticaPolicyFilter = 0; $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF'); $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon'); $amavis_internal = null; $newHash = array(); smtpd_client_restrictions_progress("{cleaning_data}", 10); if (is_array($tbl)) { while (list($num, $ligne) = each($tbl)) { $ligne = trim($ligne); if (trim($ligne) == null) { continue; } if ($ligne == "Array") { continue; } $newHash[$ligne] = $ligne; } } $hashToDelete[] = "check_client_access hash:/etc/postfix/check_client_access"; $hashToDelete[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\""; $hashToDelete[] = "check_client_access hash:/etc/postfix/postfix_allowed_connections"; $hashToDelete[] = "check_client_access pcre:/etc/postfix/fqrdns.pcre"; $hashToDelete[] = "check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre"; $hashToDelete[] = "reject_unknown_reverse_client_hostname"; $hashToDelete[] = "reject_unknown_client_hostname"; $hashToDelete[] = "reject_non_fqdn_hostname"; $hashToDelete[] = "reject_unknown_sender_domain"; $hashToDelete[] = "reject_non_fqdn_sender"; $hashToDelete[] = "reject_unauth_pipelining"; $hashToDelete[] = "reject_invalid_hostname"; $hashToDelete[] = "reject_unknown_client_hostname"; $hashToDelete[] = "reject_unknown_reverse_client_hostname"; $hashToDelete[] = "reject_invalid_hostname"; $hashToDelete[] = "reject_rbl_client zen.spamhaus.org"; $hashToDelete[] = "reject_rbl_client sbl.spamhaus.org"; $hashToDelete[] = "reject_rbl_client cbl.abuseat.org"; $hashToDelete[] = "reject_unauth_pipelining"; $hashToDelete[] = "reject_unauth_pipelining"; $hashToDelete[] = "reject_rbl_client=zen.spamhaus.org"; $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org"; $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org"; $hashToDelete[] = "permit_sasl_authenticated"; $hashToDelete[] = "check_client_access hash:/etc/postfix/amavis_internal"; $hashToDelete[] = "check_client_access cidr:/etc/postfix/acls.cdir.cf"; $hashToDelete[] = "check_client_access hash:/etc/postfix/blacklist.domains.cf"; $hashToDelete[] = "check_recipient_access hash:/etc/postfix/check_recipient_access_ou"; while (list($num, $ligne) = each($hashToDelete)) { if (isset($newHash[$ligne])) { unset($newHash[$ligne]); } } if (is_file("/etc/postfix/acls.cdir.cf")) { $newHash["check_client_access cidr:/etc/postfix/acls.cdir.cf"] = "check_client_access cidr:/etc/postfix/acls.cdir.cf"; } if (is_file("/etc/postfix/blacklist.domains.cf.db")) { $newHash["check_client_access hash:/etc/postfix/blacklist.domains.cf"] = "check_client_access hash:/etc/postfix/blacklist.domains.cf"; } if ($GLOBALS["VERBOSE"]) { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: origin:" . @implode(",", $newHash) . "\n"; } $main = new maincf_multi("master", "master"); $check_client_access = $main->check_client_access(); if (strpos($check_client_access, ",") > 0) { $check_client_accessEX = explode(",", $check_client_access); $check_client_access = null; while (list($num, $ligne) = each($check_client_accessEX)) { $ligne = trim($ligne); if ($ligne == null) { continue; } $newHash[$ligne] = $ligne; } } if ($check_client_access != null) { $newHash[$check_client_access] = $check_client_access; } $smtpd_client_restrictions = array(); if (count($newHash) > 0) { while (list($num, $ligne) = each($newHash)) { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: Checks \"{$ligne}\"\n"; if (preg_match("#(hash|cidr):(.+)\$#", $ligne, $re)) { $path = trim($re[2]); if (!is_file($path)) { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: bungled \"{$ligne}\"\n"; continue; } $smtpd_client_restrictions[] = $ligne; continue; } if (preg_match("#reject_rbl_client=(.+?)\$#", $ligne, $re)) { $rbl = trim($re[1]); echo "Starting......: " . date("H:i:s") . " reject_rbl_client: bungled \"{$ligne}\" fix it\n"; $num = "reject_rbl_client {$rbl}"; continue; } $smtpd_client_restrictions[] = $ligne; } } $smtpd_client_restrictions[] = "check_recipient_access hash:/etc/postfix/check_recipient_access_ou"; if (!is_file("/etc/artica-postfix/settings/Daemons/reject_unknown_client_hostname")) { @file_put_contents("/etc/artica-postfix/settings/Daemons/reject_unknown_client_hostname", 1); } if (!is_file("/etc/artica-postfix/settings/Daemons/reject_unknown_reverse_client_hostname")) { @file_put_contents("/etc/artica-postfix/settings/Daemons/reject_unknown_reverse_client_hostname", 1); } $reject_unknown_client_hostname = $sock->GET_INFO('reject_unknown_client_hostname'); $reject_unknown_reverse_client_hostname = $sock->GET_INFO('reject_unknown_reverse_client_hostname'); $reject_invalid_hostname = $sock->GET_INFO('reject_invalid_hostname'); if ($reject_unknown_client_hostname == 1) { $smtpd_client_restrictions[] = "reject_unknown_client_hostname"; } if ($reject_unknown_reverse_client_hostname == 1) { $smtpd_client_restrictions[] = "reject_unknown_reverse_client_hostname"; } if ($reject_invalid_hostname == 1) { $smtpd_client_restrictions[] = "reject_invalid_hostname"; } echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: reject_invalid_hostname...............: {$reject_invalid_hostname}\n"; echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: reject_unknown_reverse_client_hostname: {$reject_unknown_reverse_client_hostname}\n"; echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: reject_unknown_client_hostname........: {$reject_unknown_client_hostname}\n"; smtpd_client_restrictions_progress("{construct_settings}", 15); $main_dnsbl = $main->main_dnsbl(); $main_rhsbl = $main->main_rhsbl(); if ($EnablePostfixAntispamPack == 1) { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions:Anti-spam Pack is enabled\n"; if (!is_file("/etc/postfix/postfix_allowed_connections")) { @file_put_contents("/etc/postfix/postfix_allowed_connections", "#"); } $smtpd_client_restrictions[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\""; $smtpd_client_restrictions[] = "reject_non_fqdn_hostname"; $smtpd_client_restrictions[] = "reject_invalid_hostname"; $main_dnsbl["zen.spamhaus.org"] = true; $main_dnsbl["sbl.spamhaus.org"] = true; $main_dnsbl["cbl.abuseat.org"] = true; } if (!is_file("/etc/artica-postfix/settings/Daemons/EnableGenericrDNSClients")) { @file_put_contents("/etc/artica-postfix/settings/Daemons/EnableGenericrDNSClients", 1); } $EnableGenericrDNSClients = $sock->GET_INFO("EnableGenericrDNSClients"); if ($EnableGenericrDNSClients == 1) { $users = new usersMenus(); if (!$users->POSTFIX_PCRE_COMPLIANCE) { $EnableGenericrDNSClients = 0; } } if ($EnableGenericrDNSClients == 1) { echo "Starting......: " . date("H:i:s") . " Reject Public ISP reverse DNS patterns enabled\n"; $smtpd_client_restrictions[] = "check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre"; shell_exec("/bin/cp /usr/share/artica-postfix/bin/install/postfix/fqrdns.pcre /etc/postfix/fqrdns.pcre"); } else { echo "Starting......: " . date("H:i:s") . " Reject Public ISP reverse DNS patterns disabled\n"; } echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions:" . count($main_dnsbl) . " DNSBL Services\n"; if (count($main_dnsbl) > 0) { while (list($num, $ligne) = each($main_dnsbl)) { $smtpd_client_restrictions[] = "reject_rbl_client {$num}"; } } if (count($main_rhsbl) > 0) { while (list($num, $ligne) = each($main_dnsbl)) { $smtpd_client_restrictions[] = "reject_rhsbl_client {$num}"; } } smtpd_client_restrictions_progress("{construct_settings}", 20); echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: " . count($smtpd_client_restrictions) . " rule(s)\n"; if ($EnableAmavisInMasterCF == 1) { if ($EnableAmavisDaemon == 1) { $count = amavis_internal(); if ($count > 0) { echo "Starting......: " . date("H:i:s") . " {$count} addresses bypassing amavisd new\n"; $amavis_internal = "check_client_access hash:/etc/postfix/amavis_internal,"; } } } smtpd_client_restrictions_progress("{construct_settings}", 25); if (is_array($smtpd_client_restrictions)) { //CLEAN engine --------------------------------------------------------------------------------------- while (list($num, $ligne) = each($smtpd_client_restrictions)) { $ligne = trim($ligne); if ($ligne == null) { continue; } echo "Starting......: " . date("H:i:s") . " Clean \"{$ligne}\"\n"; $array_cleaned[trim($ligne)] = trim($ligne); } if (isset($array_cleaned["permit_mynetworks"])) { unset($array_cleaned["permit_mynetworks"]); } if (isset($array_cleaned["permit_sasl_authenticated"])) { unset($array_cleaned["permit_sasl_authenticated"]); } unset($smtpd_client_restrictions); $smtpd_client_restrictions = array(); smtpd_client_restrictions_progress("{construct_settings}", 25); if (is_array($array_cleaned)) { while (list($num, $ligne) = each($array_cleaned)) { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions : {$ligne}\n"; $smtpd_client_restrictions[] = trim($ligne); } } //CLEAN engine --------------------------------------------------------------------------------------- } else { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: Not an array\n"; } $newval = null; echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: arrayof (" . count($smtpd_client_restrictions) . ")\n"; if (count($smtpd_client_restrictions) > 1) { $newval = implode(",", $smtpd_client_restrictions); $newval = "{$amavis_internal}permit_mynetworks,permit_sasl_authenticated,reject_unauth_pipelining,{$newval}"; } else { if ($amavis_internal != null) { echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: adding amavis internal\n"; $newval = "check_client_access hash:/etc/postfix/amavis_internal"; } } smtpd_client_restrictions_progress("{construct_settings}", 30); echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: {$newval}\n"; smtpd_client_restrictions_progress("{apply_settings}", 80); postconf("smtpd_client_restrictions", $newval); return true; }