function start()
{
    build_progress("Loading LDAP config", 15);
    LoadLDAPDBs();
    build_progress("Loading Transport data", 20);
    transport_maps_search();
    build_progress("Loading Transport data", 25);
    relais_domains_search();
    build_progress("Building Transport database", 30);
    build_transport_maps();
    build_progress("Building Transport database", 35);
    build_relay_domains();
    build_progress("Building Transport database", 40);
    restrict_relay_domains();
    build_progress("Building Transport database", 50);
    build_cyrus_lmtp_auth();
    build_progress("Building Transport database", 55);
    relay_recipient_maps_build();
    $hashT = new main_hash_table();
    $hashT->mydestination();
    build_progress("Building Transport database", 60);
    mailbox_transport_maps();
    build_progress("Building Transport database", 70);
    relayhost();
    build_progress("Building Transport database", 80);
    perso_settings();
    build_progress("{reloading_smtp_service}", 90);
    shell_exec("{$GLOBALS["postfix"]} reload >/dev/null 2>&1");
    build_progress("{done}", 100);
}
function cmdline_transport()
{
    LoadLDAPDBs();
    transport_maps_search();
    relais_domains_search();
    build_transport_maps();
    build_relay_domains();
    restrict_relay_domains();
    build_cyrus_lmtp_auth();
    relay_recipient_maps_build();
    $hashT = new main_hash_table();
    $hashT->mydestination();
    mailbox_transport_maps();
    relayhost();
}
Esempio n. 3
0
function smtpd_recipient_restrictions()
{
    if (!isset($GLOBALS["CLASS_USERS_MENUS"])) {
        $users = new usersMenus();
        $GLOBALS["CLASS_USERS_MENUS"] = $users;
    } else {
        $users = $GLOBALS["CLASS_USERS_MENUS"];
    }
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    $newHash = array();
    include_once dirname(__FILE__) . "/ressources/class.postfix.check_recipient_access.inc";
    $EnableCluebringer = $sock->GET_INFO("EnableCluebringer");
    $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack");
    $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter");
    $EnablePolicydWeight = intval($sock->GET_INFO('EnablePolicydWeight'));
    $EnableArticaPolicyFilter = 0;
    if ($GLOBALS["DEBUG"]) {
        echo "EnableCluebringer={$EnableCluebringer}\n";
    }
    $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF');
    $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon');
    $TrustMyNetwork = $sock->GET_INFO("TrustMyNetwork");
    $ValvuladEnabled = intval($sock->GET_INFO("ValvuladEnabled"));
    $POLICYD_WEIGHT_PORT = 12525;
    $main = new maincf_multi("master");
    if (!is_numeric($TrustMyNetwork)) {
        $TrustMyNetwork = 1;
    }
    exec("{$GLOBALS["postconf"]} -h smtpd_recipient_restrictions", $datas);
    $tbl = explode(",", implode(" ", $datas));
    $permit_mynetworks_remove = false;
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 51);
    if (is_array($tbl)) {
        while (list($num, $ligne) = each($tbl)) {
            if (trim($ligne) == null) {
                continue;
            }
            if (preg_match("#_rhsbl_#", $ligne)) {
                continue;
            }
            $newHash[trim($ligne)] = trim($ligne);
        }
    }
    unset($newHash["permit_dnswl_client list.dnswl.org"]);
    unset($newHash["check_client_access hash:/etc/postfix/amavis_internal"]);
    unset($newHash["check_recipient_access hash:/etc/postfix/relay_domains_restricted"]);
    unset($newHash["permit"]);
    unset($newHash["check_sender_access hash:/etc/postfix/disallow_my_domain"]);
    unset($newHash["check_sender_access hash:/etc/postfix/unrestricted_senders"]);
    unset($newHash["check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt"]);
    unset($newHash["reject_unauth_destination"]);
    unset($newHash["permit_mynetworks"]);
    unset($newHash["check_client_access pcre:/etc/postfix/fqrdns.pcre"]);
    unset($newHash["check_policy_service inet:127.0.0.1:54423"]);
    unset($newHash["check_policy_service inet:127.0.0.1:13331"]);
    unset($newHash["check_policy_service inet:127.0.0.1:7777"]);
    unset($newHash["check_policy_service inet:127.0.0.1:3579"]);
    unset($newHash["check_client_access hash:/etc/postfix/wbl_connections"]);
    unset($newHash["check_recipient_access hash:/etc/postfix/wbl_connections"]);
    unset($newHash["check_client_access cidr:/etc/postfix/check_client_access.cidr"]);
    unset($newHash["check_client_access hash:/etc/postfix/check_client_access"]);
    unset($newHash["check_policy_service inet:127.0.0.1:{$POLICYD_WEIGHT_PORT}"]);
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 52);
    if (is_array($newHash)) {
        while (list($num, $ligne) = each($newHash)) {
            if (preg_match("#hash:(.+)\$#", $ligne, $re)) {
                $path = trim($re[1]);
                if (!is_file($path)) {
                    echo "Starting......: " . date("H:i:s") . " smtpd_recipient_restrictions: bungled \"{$ligne}\"\n";
                    continue;
                }
            }
            $smtpd_recipient_restrictions[] = $num;
        }
    }
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 53);
    postconf("smtpd_restriction_classes", "artica_restrict_relay_domains");
    postconf("artica_restrict_relay_domains", "reject_unverified_recipient");
    $MynetworksInISPMode = $sock->GET_INFO("MynetworksInISPMode");
    if (!is_numeric($MynetworksInISPMode)) {
        $MynetworksInISPMode = 0;
    }
    if ($TrustMyNetwork == 0 && $MynetworksInISPMode == 1) {
        $TrustMyNetwork = 1;
    }
    if ($TrustMyNetwork == 1) {
        $smtpd_recipient_restrictions[] = "permit_mynetworks";
    } else {
        echo "Starting......: " . date("H:i:s") . " **** TrustMyNetwork is disabled, outgoing messages should be not allowed... **** \n";
    }
    $smtpd_recipient_restrictions[] = "permit_mynetworks";
    $smtpd_recipient_restrictions[] = "permit_sasl_authenticated";
    echo "Starting......: " . date("H:i:s") . " Postfix class check_recipient_access_ou()...\n";
    smtpd_client_restrictions_progress("{organizations}", 54);
    $check_recipient_access_ou = new check_recipient_access_ou();
    $check_recipient_access_ou->build();
    $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/check_recipient_access_ou";
    $smtpd_recipient_restrictions[] = "check_client_access cidr:/etc/postfix/check_client_access.cidr";
    $smtpd_recipient_restrictions[] = "check_client_access hash:/etc/postfix/check_client_access";
    $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/relay_domains_restricted";
    $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt";
    $smtpd_recipient_restrictions[] = "permit_auth_destination";
    if ($ValvuladEnabled == 1) {
        $smtpd_recipient_restrictions[] = "check_policy_service inet:127.0.0.1:3579";
    }
    if ($EnablePolicydWeight == 1) {
        $smtpd_recipient_restrictions[] = "check_client_access hash:/etc/postfix/wbl_connections";
        $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/wbl_connections";
        $smtpd_recipient_restrictions[] = "check_policy_service inet:127.0.0.1:{$POLICYD_WEIGHT_PORT}";
    }
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 54);
    $smtpd_recipient_restrictions[] = "permit_dnswl_client list.dnswl.org";
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 55);
    amavis_bypass_byrecipients();
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 56);
    restrict_relay_domains();
    postconf("auth_relay", null);
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 57);
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    $reject_forged_mails = $sock->GET_INFO("reject_forged_mails");
    if ($reject_forged_mails == 1) {
        if (smtpd_recipient_restrictions_reject_forged_mails()) {
            echo "Starting......: " . date("H:i:s") . " Reject Forged mails enabled\n";
            $smtpd_recipient_restrictions[] = "check_sender_access hash:/etc/postfix/disallow_my_domain";
        }
    } else {
        echo "Starting......: " . date("H:i:s") . " Reject Forged mails disabled\n";
    }
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 58);
    $main_rhsbl = $main->main_rhsbl();
    if (count($main_rhsbl) > 0) {
        while (list($domain, $ID) = each($main_rhsbl)) {
            if (trim($domain) == null) {
                continue;
            }
            $smtpd_recipient_restrictions[] = "reject_rhsbl_client {$domain}";
            $smtpd_recipient_restrictions[] = "reject_rhsbl_sender {$domain}";
        }
    }
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 59);
    $smtpd_recipient_restrictions[] = "reject_unauth_destination";
    $smtpd_recipient_restrictions[] = "permit";
    if ($GLOBALS["EnableBlockUsersTroughInternet"] == 1) {
        echo "Starting......: " . date("H:i:s") . " Restricted users are enabled\n";
        if (RestrictedForInternet()) {
            postconf("auth_relay", "check_recipient_access hash:/etc/postfix/local_domains, reject");
            array_unshift($smtpd_recipient_restrictions, "check_sender_access hash:/etc/postfix/unrestricted_senders");
            __ADD_smtpd_restriction_classes("auth_relay");
        } else {
            __REMOVE_smtpd_restriction_classes("auth_relay");
        }
    } else {
        __REMOVE_smtpd_restriction_classes("auth_relay");
    }
    if (is_file("/opt/iRedAPD/iredapd.py")) {
        //array_unshift($smtpd_recipient_restrictions,"check_policy_service inet:127.0.0.1:7777");
    }
    //CLEAN engine ---------------------------------------------------------------------------------------
    while (list($num, $ligne) = each($smtpd_recipient_restrictions)) {
        $smtpd_recipient_restrictions_cleaned[trim($ligne)] = trim($ligne);
    }
    unset($smtpd_recipient_restrictions);
    while (list($num, $ligne) = each($smtpd_recipient_restrictions_cleaned)) {
        echo "Starting......: " . date("H:i:s") . " smtpd_recipient_restrictions Final: " . trim($ligne) . "\n";
        $smtpd_recipient_restrictions[] = trim($ligne);
    }
    //CLEAN engine ---------------------------------------------------------------------------------------
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 59);
    if (is_array($smtpd_recipient_restrictions)) {
        $newval = implode(",", $smtpd_recipient_restrictions);
    }
    if ($GLOBALS["DEBUG"]) {
        echo "smtpd_recipient_restrictions = {$newval}\n";
    }
    postconf("smtpd_recipient_restrictions", $newval);
    smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 60);
}
Esempio n. 4
0
function smtpd_recipient_restrictions()
{
    if (!isset($GLOBALS["CLASS_USERS_MENUS"])) {
        $users = new usersMenus();
        $GLOBALS["CLASS_USERS_MENUS"] = $users;
    } else {
        $users = $GLOBALS["CLASS_USERS_MENUS"];
    }
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    $newHash = array();
    $EnableCluebringer = $sock->GET_INFO("EnableCluebringer");
    $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack");
    $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter");
    if ($GLOBALS["DEBUG"]) {
        echo "EnableCluebringer={$EnableCluebringer}\n";
    }
    $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF');
    $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon');
    exec("{$GLOBALS["postconf"]} -h smtpd_recipient_restrictions", $datas);
    $tbl = explode(",", implode(" ", $datas));
    $permit_mynetworks_remove = false;
    if (is_array($tbl)) {
        while (list($num, $ligne) = each($tbl)) {
            if (trim($ligne) == null) {
                continue;
            }
            $newHash[trim($ligne)] = trim($ligne);
        }
    }
    unset($newHash["check_client_access hash:/etc/postfix/amavis_internal"]);
    unset($newHash["check_recipient_access hash:/etc/postfix/relay_domains_restricted"]);
    unset($newHash["permit"]);
    unset($newHash["check_sender_access hash:/etc/postfix/disallow_my_domain"]);
    unset($newHash["check_sender_access hash:/etc/postfix/unrestricted_senders"]);
    unset($newHash["check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt"]);
    unset($newHash["reject_unauth_destination"]);
    unset($newHash["permit_mynetworks"]);
    unset($newHash["check_client_access pcre:/etc/postfix/fqrdns.pcre"]);
    unset($newHash["check_policy_service inet:127.0.0.1:54423"]);
    if (is_array($newHash)) {
        while (list($num, $ligne) = each($newHash)) {
            if (preg_match("#hash:(.+)\$#", $ligne, $re)) {
                $path = trim($re[1]);
                if (!is_file($path)) {
                    echo "Starting......: smtpd_recipient_restrictions: bungled \"{$ligne}\"\n";
                    continue;
                }
            }
            $smtpd_recipient_restrictions[] = $num;
        }
    }
    if ($GLOBALS["DEBUG"]) {
        echo "CLUEBRINGER_INSTALLED={$users->CLUEBRINGER_INSTALLED}\n";
    }
    if ($users->CLUEBRINGER_INSTALLED) {
        if ($EnableCluebringer == 1) {
            $smtpd_recipient_restrictions[] = "check_policy_service inet:127.0.0.1:13331";
        }
    }
    postconf("smtpd_restriction_classes", "artica_restrict_relay_domains");
    postconf("artica_restrict_relay_domains", "reject_unverified_recipient");
    $smtpd_recipient_restrictions[] = "permit_mynetworks";
    $smtpd_recipient_restrictions[] = "permit_sasl_authenticated";
    $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/relay_domains_restricted";
    $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt";
    amavis_bypass_byrecipients();
    restrict_relay_domains();
    postconf("auth_relay", null);
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    $reject_forged_mails = $sock->GET_INFO("reject_forged_mails");
    if ($reject_forged_mails == 1) {
        if (smtpd_recipient_restrictions_reject_forged_mails()) {
            echo "Starting......: Reject Forged mails enabled\n";
            $smtpd_recipient_restrictions[] = "check_sender_access hash:/etc/postfix/disallow_my_domain";
        }
    } else {
        echo "Starting......: Reject Forged mails disabled\n";
    }
    $EnableGenericrDNSClients = $sock->GET_INFO("EnableGenericrDNSClients");
    if (!$users->POSTFIX_PCRE_COMPLIANCE) {
        $EnableGenericrDNSClients = 0;
    }
    if ($EnableGenericrDNSClients == 1) {
        echo "Starting......: Reject Public ISP reverse DNS patterns enabled\n";
        $smtpd_recipient_restrictions[] = "check_client_access pcre:/etc/postfix/fqrdns.pcre";
        shell_exec("/bin/cp /usr/share/artica-postfix/bin/install/postfix/fqrdns.pcre /etc/postfix/fqrdns.pcre");
    } else {
        echo "Starting......: Reject Public ISP reverse DNS patterns disabled\n";
    }
    if ($EnableArticaPolicyFilter == 1) {
        array_unshift($smtpd_recipient_restrictions, "check_policy_service inet:127.0.0.1:54423");
    }
    $smtpd_recipient_restrictions[] = "reject_unauth_destination";
    if ($GLOBALS["EnableBlockUsersTroughInternet"] == 1) {
        echo "Starting......: Restricted users are enabled\n";
        if (RestrictedForInternet()) {
            postconf("auth_relay", "check_recipient_access hash:/etc/postfix/local_domains, reject");
            array_unshift($smtpd_recipient_restrictions, "check_sender_access hash:/etc/postfix/unrestricted_senders");
            __ADD_smtpd_restriction_classes("auth_relay");
        } else {
            __REMOVE_smtpd_restriction_classes("auth_relay");
        }
    } else {
        __REMOVE_smtpd_restriction_classes("auth_relay");
    }
    //CLEAN engine ---------------------------------------------------------------------------------------
    while (list($num, $ligne) = each($smtpd_recipient_restrictions)) {
        $smtpd_recipient_restrictions_cleaned[trim($ligne)] = trim($ligne);
    }
    unset($smtpd_recipient_restrictions);
    while (list($num, $ligne) = each($smtpd_recipient_restrictions_cleaned)) {
        $smtpd_recipient_restrictions[] = trim($ligne);
    }
    //CLEAN engine ---------------------------------------------------------------------------------------
    if (is_array($smtpd_recipient_restrictions)) {
        $newval = implode(",", $smtpd_recipient_restrictions);
    }
    if ($GLOBALS["DEBUG"]) {
        echo "smtpd_recipient_restrictions = {$newval}\n";
    }
    postconf("smtpd_recipient_restrictions", $newval);
}
Esempio n. 5
0
smtp_generic_maps_build_global();
smtp_generic_maps();
sender_dependent_relayhost_maps();
smtp_sasl_password_maps_build();
smtp_sasl_password_maps();
recipient_bcc_maps();
recipient_bcc_domain_maps();
recipient_bcc_maps_build();
sender_bcc_maps();
sender_bcc_maps_build();
build_local_recipient_maps();
$hashT = new main_hash_table();
$hashT->mydestination();
transport_maps_search();
build_transport_maps();
restrict_relay_domains();
relayhost();
postmaster();
build_cyrus_lmtp_auth();
perso_settings();
shell_exec("{$GLOBALS["postfix"]} reload >/dev/null 2>&1");
function perso_settings()
{
    $main = new main_perso();
    $main->replace_conf("/etc/postfix/main.cf");
}
function recipient_bcc_maps()
{
    $ldap = new clladp();
    $filter = "(&(objectClass=UserArticaClass)(RecipientToAdd=*))";
    $attrs = array("RecipientToAdd", "mail");