function MasterCFSSL_enable()
{
if ($GLOBALS["EnablePostfixMultiInstance"]) {
die;
}
echo "Starting......: Enabling SSL (465 port)\n";
SetTLS();
$file_content = @file_get_contents("/etc/postfix/master.cf");
$file_content = str_replace("\n\n", "\n", $file_content);
$data = explode("\n", $file_content);
$start = false;
while (list($num, $ligne) = each($data)) {
if (preg_match("#^smtps\\s+inet#", $ligne)) {
return true;
}
}
$data[] = "\nsmtps\tinet\tn\t-\tn\t-\t-\tsmtpd";
$data[] = " -o smtpd_tls_wrappermode=yes";
$data[] = " -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject\n";
@file_put_contents("/etc/postfix/master.cf", implode("\n", $data));
}
function MasterCFBuilder($restart_service = false)
{
$smtp_ssl = null;
if (!isset($GLOBALS["CLASS_SOCKET"])) {
$GLOBALS["CLASS_SOCKET"] = new sockets();
$sock = $GLOBALS["CLASS_SOCKET"];
} else {
$sock = $GLOBALS["CLASS_SOCKET"];
}
if (!is_object($GLOBALS["CLASS_SOCKET"])) {
$GLOBALS["CLASS_SOCKET"] = new sockets();
$sock = $GLOBALS["CLASS_SOCKET"];
} else {
$sock = $GLOBALS["CLASS_SOCKET"];
}
$EnableArticaSMTPFilter = $sock->GET_INFO("EnableArticaSMTPFilter");
$EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF');
$EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon');
$PostfixEnableMasterCfSSL = $sock->GET_INFO("PostfixEnableMasterCfSSL");
$ArticaFilterMaxProc = $sock->GET_INFO("ArticaFilterMaxProc");
$PostfixEnableSubmission = $sock->GET_INFO("PostfixEnableSubmission");
$EnableASSP = $sock->GET_INFO('EnableASSP');
$PostfixBindInterfacePort = $sock->GET_INFO("PostfixBindInterfacePort");
$user = new usersMenus();
$main = new maincf_multi("master", "master");
$EnablePostScreen = $main->GET("EnablePostScreen");
$postscreen_line = null;
$tlsproxy = null;
$dnsblog = null;
$re_cleanup_infos = null;
$smtp_submission = null;
$pre_cleanup_addons = null;
$master = new master_cf(1, "master");
$MASTER_CF_DEFINED = $master->GetArray();
if ($EnablePostScreen == null) {
$EnablePostScreen = 0;
}
if (!$user->POSTSCREEN_INSTALLED) {
$EnablePostScreen = 0;
}
if ($EnablePostScreen == 1) {
$PostfixEnableSubmission = 1;
}
$ADD_PRECLEANUP = false;
$TLSSET = false;
if ($GLOBALS["EnablePostfixMultiInstance"] == 1) {
$EnableAmavisDaemon = 0;
$PostfixEnableMasterCfSSL = 0;
}
if (!is_numeric($PostfixBindInterfacePort)) {
$PostfixBindInterfacePort = 25;
}
if (!is_numeric($EnableAmavisInMasterCF)) {
$EnableAmavisInMasterCF = 0;
}
if (!is_numeric($PostfixEnableSubmission)) {
$PostfixEnableSubmission = 0;
}
if (!is_numeric($EnableAmavisInMasterCF)) {
$EnableAmavisInMasterCF = 0;
}
if (!is_numeric($ArticaFilterMaxProc)) {
$ArticaFilterMaxProc = 20;
}
if (!is_numeric($EnableASSP)) {
$EnableASSP = 0;
}
shell_exec("{$GLOBALS["postconf"]} -e \"artica-filter_destination_recipient_limit = 1\" >/dev/null 2>&1");
if ($EnableArticaSMTPFilter == 0) {
shell_exec("{$GLOBALS["postconf"]} -e \"content_filter =\" >/dev/null 2>&1");
}
if ($EnableAmavisInMasterCF == 1) {
$MasterCFAmavisInstancesCount = $sock->GET_INFO("MasterCFAmavisInstancesCount");
if (!is_numeric($MasterCFAmavisInstancesCount)) {
include_once dirname(__FILE__) . '/ressources/class.amavis.inc';
$amavisClass = new amavis();
$max_servers = $amavisClass->main_array["BEHAVIORS"]["max_servers"];
$MasterCFAmavisInstancesCount = $max_servers - 1;
}
if ($MasterCFAmavisInstancesCount == 0) {
$MasterCFAmavisInstancesCount = "-";
}
$ADD_PRECLEANUP = true;
echo "Starting......: Amavis is enabled using post-queue mode\n";
echo "Starting......: artica-filter enable={$EnableArticaSMTPFilter}\n";
shell_exec("{$GLOBALS["postconf"]} -e \"content_filter = amavis:[127.0.0.1]:10024\" >/dev/null 2>&1");
if ($EnableArticaSMTPFilter == 1) {
$artica_filter_amavis_option = " -o content_filter=artica-filter:";
$amavis_cleanup_infos = " -o cleanup_service_name=pre-cleanup";
echo "Starting......: Artica-filter max process: {$ArticaFilterMaxProc}\n";
}
if ($EnableArticaSMTPFilter == 0) {
$artica_filter_amavis_option = " -o content_filter=";
}
echo "Starting......: Amavis max process: {$MasterCFAmavisInstancesCount}\n";
if (isset($MASTER_CF_DEFINED["amavis"])) {
unset($MASTER_CF_DEFINED["amavis"]);
}
$amavis[] = "amavis\tunix\t-\t-\t-\t-\t{$MasterCFAmavisInstancesCount}\tsmtp";
if ($amavis_cleanup_infos != null) {
$amavis[] = $amavis_cleanup_infos;
}
$amavis[] = " -o smtp_data_done_timeout=1200";
$amavis[] = " -o smtp_send_xforward_command=yes";
$amavis[] = " -o disable_dns_lookups=yes";
$amavis[] = " -o smtp_generic_maps=";
$amavis[] = " -o smtpd_sasl_auth_enable=no";
$amavis[] = " -o smtpd_use_tls=no";
$amavis[] = " -o max_use=20";
$amavis[] = "";
$amavis[] = "";
if (isset($MASTER_CF_DEFINED["127.0.0.1:10025"])) {
unset($MASTER_CF_DEFINED["127.0.0.1:10025"]);
}
$amavis[] = "127.0.0.1:10025\tinet\tn\t-\tn\t-\t-\tsmtpd";
if ($amavis_cleanup_infos != null) {
$amavis[] = $amavis_cleanup_infos;
}
if ($artica_filter_amavis_option != null) {
$amavis[] = $artica_filter_amavis_option;
}
$amavis[] = " -o local_recipient_maps=";
$amavis[] = " -o relay_recipient_maps=";
$amavis[] = " -o smtpd_restriction_classes=";
$amavis[] = " -o smtpd_client_restrictions=";
$amavis[] = " -o smtpd_helo_restrictions=";
$amavis[] = " -o smtpd_sender_restrictions=";
$artica[] = " -o smtpd_end_of_data_restrictions=";
$amavis[] = " -o smtp_generic_maps=";
$amavis[] = " -o smtpd_recipient_restrictions=permit_mynetworks,reject";
$amavis[] = " -o mynetworks=127.0.0.0/8";
$amavis[] = " -o mynetworks_style=host";
$amavis[] = " -o strict_rfc821_envelopes=yes";
$amavis[] = " -o smtpd_error_sleep_time=0";
$amavis[] = " -o smtpd_soft_error_limit=1001";
$amavis[] = " -o smtpd_hard_error_limit=1000";
$amavis[] = " -o receive_override_options=no_header_body_checks";
$amavis[] = "\t-o smtpd_sasl_auth_enable=no";
$amavis[] = "\t-o smtpd_use_tls=no";
$master_amavis = @implode("\n", $amavis);
} else {
$master_amavis = "";
if ($EnableArticaSMTPFilter == 1) {
$ADD_PRECLEANUP = true;
echo "Starting......: Enable Artica-filter globaly\n";
echo "Starting......: Artica-filter max process: {$ArticaFilterMaxProc}\n";
shell_exec("{$GLOBALS["postconf"]} -e \"content_filter = artica-filter:\" >/dev/null 2>&1");
} else {
shell_exec("{$GLOBALS["postconf"]} -e \"content_filter =\" >/dev/null 2>&1");
}
}
if ($ADD_PRECLEANUP) {
echo "Starting......: Enable pre-cleanup service...\n";
$pre_cleanup_addons = " -o smtp_generic_maps= -o canonical_maps= -o sender_canonical_maps= -o recipient_canonical_maps= -o masquerade_domains= -o recipient_bcc_maps= -o sender_bcc_maps=";
$re_cleanup_infos = " -o cleanup_service_name=pre-cleanup";
}
if ($PostfixEnableMasterCfSSL == 1) {
echo "Starting......: Enabling SSL (465 port)\n";
SetTLS();
$TLSSET = true;
if (isset($MASTER_CF_DEFINED["smtps"])) {
unset($MASTER_CF_DEFINED["smtps"]);
}
$SSL_INSTANCE[] = "smtps\tinet\tn\t-\tn\t-\t-\tsmtpd";
if ($re_cleanup_infos != null) {
$SSL_INSTANCE[] = $re_cleanup_infos;
}
$SSL_INSTANCE[] = " -o smtpd_tls_wrappermode=yes";
$SSL_INSTANCE[] = " -o smtpd_delay_reject=yes";
$SSL_INSTANCE[] = " -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject\n";
$SSL_INSTANCE[] = " -o smtpd_sender_restrictions=permit_sasl_authenticated,reject";
$SSL_INSTANCE[] = " -o smtpd_helo_restrictions=permit_sasl_authenticated,reject";
$SSL_INSTANCE[] = " -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject";
$smtp_ssl = @implode("\n", $SSL_INSTANCE);
} else {
echo "Starting......: SSL (465 port) Disabled\n";
}
if ($PostfixEnableSubmission == 1) {
echo "Starting......: Enabling submission (587 port)\n";
if (isset($MASTER_CF_DEFINED["submission"])) {
unset($MASTER_CF_DEFINED["submission"]);
}
if (!$TLSSET) {
SetTLS();
}
$TLSSET = true;
$SUBMISSION_INSTANCE[] = "submission\tinet\tn\t-\tn\t-\t-\tsmtpd";
if ($re_cleanup_infos != null) {
$SUBMISSION_INSTANCE[] = $re_cleanup_infos;
}
$SUBMISSION_INSTANCE[] = " -o smtpd_etrn_restrictions=reject";
$SUBMISSION_INSTANCE[] = " -o smtpd_enforce_tls=yes";
$SUBMISSION_INSTANCE[] = " -o smtpd_sasl_auth_enable=yes";
$SUBMISSION_INSTANCE[] = " -o smtpd_delay_reject=yes";
$SUBMISSION_INSTANCE[] = " -o smtpd_client_restrictions=permit_sasl_authenticated,reject";
$SUBMISSION_INSTANCE[] = " -o smtpd_sender_restrictions=permit_sasl_authenticated,reject";
$SUBMISSION_INSTANCE[] = " -o smtpd_helo_restrictions=permit_sasl_authenticated,reject";
$SUBMISSION_INSTANCE[] = " -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject";
$SUBMISSION_INSTANCE[] = " -o smtp_generic_maps=";
$SUBMISSION_INSTANCE[] = " -o sender_canonical_maps=";
$smtp_submission = @implode("\n", $SUBMISSION_INSTANCE);
} else {
echo "Starting......: submission (587 port) Disabled\n";
}
if ($PostfixBindInterfacePort == 25) {
$postfix_listen_port = "smtp";
$postscreen_listen_port = "smtp";
} else {
$postfix_listen_port = $PostfixBindInterfacePort;
$postscreen_listen_port = $PostfixBindInterfacePort;
}
echo "Starting......: Postfix intended to listen SMTP Port {$postfix_listen_port}\n";
$smtp_in_proto = "inet";
$smtp_private = "n";
if ($EnableASSP == 1) {
echo "Starting......: ASSP is enabled change postfix listen port to 127.0.0.1:26\n";
$postfix_listen_port = "127.0.0.1:6000";
$postscreen_listen_port = "127.0.0.1:6000";
}
if ($EnablePostScreen == 1) {
if (isset($MASTER_CF_DEFINED["tlsproxy"])) {
unset($MASTER_CF_DEFINED["tlsproxy"]);
}
if (isset($MASTER_CF_DEFINED["dnsblog"])) {
unset($MASTER_CF_DEFINED["dnsblog"]);
}
echo "Starting......: PostScreen is enabled, users should use 587 port to send mails internally\n";
$smtp_in_proto = "pass";
$smtp_private = "-";
if ($postfix_listen_port == "smtp") {
$postfix_listen_port = "smtpd";
}
$postscreen_line = "{$postscreen_listen_port}\tinet\tn\t-\tn\t-\t1\tpostscreen -o soft_bounce=yes";
$tlsproxy = "tlsproxy\tunix\t-\t-\tn\t-\t0\ttlsproxy";
$dnsblog = "dnsblog\tunix\t-\t-\tn\t-\t0\tdnsblog";
} else {
echo "Starting......: PostScreen is disabled\n";
}
if ($GLOBALS["VERBOSE"]) {
echo "Starting......: run MasterCF_DOMAINS_THROTTLE()\n";
}
$smtp_throttle = MasterCF_DOMAINS_THROTTLE();
// http://www.ijs.si/software/amavisd/README.postfix.html
$conf[] = "#";
$conf[] = "# Postfix master process configuration file. For details on the format";
$conf[] = "# of the file, see the master(5) manual page (command: \"man 5 master\").";
$conf[] = "#";
$conf[] = "# ==========================================================================";
$conf[] = "# service type private unpriv chroot wakeup maxproc command + args";
$conf[] = "# (yes) (yes) (yes) (never) (100)";
$conf[] = "# ==========================================================================";
if (isset($MASTER_CF_DEFINED[$postfix_listen_port])) {
unset($MASTER_CF_DEFINED[$postfix_listen_port]);
}
if ($postscreen_line != null) {
$conf[] = $postscreen_line;
}
if ($tlsproxy != null) {
$conf[] = $tlsproxy;
}
if ($dnsblog != null) {
$conf[] = $dnsblog;
}
$conf[] = "{$postfix_listen_port}\t{$smtp_in_proto}\t{$smtp_private}\t-\tn\t-\t-\tsmtpd{$re_cleanup_infos}";
if ($smtp_ssl != null) {
$conf[] = $smtp_ssl;
}
if ($smtp_submission != null) {
$conf[] = $smtp_submission;
}
if ($smtp_throttle != null) {
$conf[] = $smtp_throttle;
}
if (isset($MASTER_CF_DEFINED["pickup"])) {
unset($MASTER_CF_DEFINED["pickup"]);
}
if (isset($MASTER_CF_DEFINED["cleanup"])) {
unset($MASTER_CF_DEFINED["cleanup"]);
}
if (isset($MASTER_CF_DEFINED["mailman"])) {
unset($MASTER_CF_DEFINED["mailman"]);
}
if (count($MASTER_CF_DEFINED) == 0) {
$conf[] = "pickup\tfifo\tn\t-\tn\t60\t1\tpickup{$re_cleanup_infos}";
$conf[] = "cleanup\tunix\tn\t-\tn\t-\t0\tcleanup";
$conf[] = "pre-cleanup\tunix\tn\t-\tn\t-\t0\tcleanup{$pre_cleanup_addons}";
$conf[] = "qmgr\tfifo\tn\t-\tn\t300\t1\tqmgr";
$conf[] = "tlsmgr\tunix\t-\t-\tn\t1000?\t1\ttlsmgr";
$conf[] = "rewrite\tunix\t-\t-\tn\t-\t-\ttrivial-rewrite";
$conf[] = "bounce\tunix\t-\t-\tn\t-\t0\tbounce";
$conf[] = "defer\tunix\t-\t-\tn\t-\t0\tbounce";
$conf[] = "trace\tunix\t-\t-\tn\t-\t0\tbounce";
$conf[] = "verify\tunix\t-\t-\tn\t-\t1\tverify";
$conf[] = "flush\tunix\tn\t-\tn\t1000?\t0\tflush";
$conf[] = "proxymap\tunix\t-\t-\tn\t-\t-\tproxymap";
$conf[] = "proxywrite\tunix\t-\t-\tn\t-\t1\tproxymap";
$conf[] = "smtp\tunix\t-\t-\tn\t-\t-\tsmtp";
$conf[] = "relay\tunix\t-\t-\tn\t-\t-\tsmtp -o fallback_relay=";
$conf[] = "showq\tunix\tn\t-\tn\t-\t-\tshowq";
$conf[] = "error\tunix\t-\t-\tn\t-\t-\terror";
$conf[] = "discard\tunix\t-\t-\tn\t-\t-\tdiscard";
$conf[] = "local\tunix\t-\tn\tn\t-\t-\tlocal";
$conf[] = "virtual\tunix\t-\tn\tn\t-\t-\tvirtual";
$conf[] = "lmtp\tunix\t-\t-\tn\t-\t-\tlmtp";
$conf[] = "anvil\tunix\t-\t-\tn\t-\t1\tanvil";
$conf[] = "scache\tunix\t-\t-\tn\t-\t1\tscache";
$conf[] = "scan\tunix\t-\t-\tn\t\t-\t10\tsm -v";
$conf[] = "maildrop\tunix\t-\tn\tn\t-\t-\tpipe ";
$conf[] = "retry\tunix\t-\t-\tn\t-\t-\terror ";
$conf[] = "uucp\tunix\t-\tn\tn\t-\t-\tpipe flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)";
$conf[] = "ifmail\tunix\t-\tn\tn\t-\t-\tpipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)";
$conf[] = "bsmtp\tunix\t-\tn\tn\t-\t-\tpipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t\$nexthop -f\$sender \$recipient";
}
while (list($service, $MFARRY) = each($MASTER_CF_DEFINED)) {
$conf[] = "{$service}\t{$MFARRY["TYPE"]}\t{$MFARRY["PRIVATE"]}\t{$MFARRY["UNIPRIV"]}\t{$MFARRY["CHROOT"]}\t{$MFARRY["WAKEUP"]}\t{$MFARRY["MAXPROC"]}\t{$MFARRY["COMMAND"]}";
echo "Starting......: master.cf adding {$service} ({$MFARRY["TYPE"]})\n";
}
$conf[] = "mailman\tunix\t-\tn\tn\t-\t-\tpipe flags=FR user=mail:mail argv=/etc/mailman/postfix-to-mailman.py \${nexthop} \${mailbox}";
$conf[] = "artica-whitelist\tunix\t-\tn\tn\t-\t-\tpipe flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist -a \${nexthop} -s \${sender} --white";
$conf[] = "artica-blacklist\tunix\t-\tn\tn\t-\t-\tpipe flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist -a \${nexthop} -s \${sender} --black";
$conf[] = "artica-reportwbl\tunix\t-\tn\tn\t-\t-\tpipe flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist -a \${nexthop} -s \${sender} --report";
$conf[] = "artica-reportquar\tunix\t-\tn\tn\t-\t-\tpipe flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist -a \${nexthop} -s \${sender} --quarantines";
$conf[] = "artica-spam\tunix\t-\tn\tn\t-\t-\tpipe flags=F user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist -a \${nexthop} -s \${sender} --spam";
$conf[] = "zarafa\tunix\t-\tn\tn\t-\t-\tpipe\tuser=mail argv=/usr/local/bin/zarafa-dagent \${user}";
$conf[] = "artica-filter\tunix\t-\tn\tn\t-\t{$ArticaFilterMaxProc}\tpipe flags=FOh user=www-data argv=/usr/share/artica-postfix/exec.artica-filter.php -f \${sender} -- -s \${sender} -r \${recipient} -c \${client_address}";
$conf[] = "";
$conf[] = $master_amavis;
$conf[] = "";
$conf[] = "127.0.0.1:33559\tinet\tn\t-\tn\t-\t-\tsmtpd";
$conf[] = " -o notify_clases=protocol,resource,software";
$conf[] = " -o header_checks=";
$conf[] = " -o content_filter=";
$conf[] = " -o smtpd_restriction_classes=";
$conf[] = " -o smtpd_delay_reject=no";
$conf[] = " -o smtpd_client_restrictions=permit_mynetworks,reject";
$conf[] = " -o smtpd_helo_restrictions=";
$conf[] = " -o smtpd_sender_restrictions=";
$conf[] = " -o smtpd_recipient_restrictions=permit_mynetworks,reject";
$conf[] = " -o smtpd_data_restrictions=reject_unauth_pipelining";
$conf[] = " -o smtpd_end_of_data_restrictions=";
$conf[] = " -o mynetworks=127.0.0.0/8";
$conf[] = " -o strict_rfc821_envelopes=yes";
$conf[] = " -o smtpd_error_sleep_time=0";
$conf[] = " -o smtpd_soft_error_limit=1001";
$conf[] = " -o smtpd_hard_error_limit=1000";
$conf[] = " -o smtpd_client_connection_count_limit=0";
$conf[] = " -o smtpd_client_connection_rate_limit=0";
$conf[] = " -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks";
$conf[] = " -o smtp_send_xforward_command=yes";
$conf[] = " -o disable_dns_lookups=yes";
$conf[] = " -o local_header_rewrite_clients=";
$conf[] = " -o smtp_generic_maps=";
$conf[] = " -o sender_canonical_maps=";
$conf[] = " -o smtpd_milters=";
$conf[] = " -o smtpd_sasl_auth_enable=no";
$conf[] = " -o smtpd_use_tls=no";
$conf[] = "";
$conf[] = "";
@file_put_contents("/etc/postfix/master.cf", @implode("\n", $conf));
echo "Starting......: master.cf done\n";
if ($GLOBALS["RELOAD"]) {
shell_exec("/usr/sbin/postfix reload");
}
if ($restart_service) {
shell_exec("{$GLOBALS["postfix"]} stop");
shell_exec("{$GLOBALS["postfix"]} start");
}
}
function SMTP_SASL_PROGRESS()
{
SMTP_SASL_PROGRESS_LOG("Check structure", 10);
SetSASLMech();
SMTP_SASL_PROGRESS_LOG("Enable SASL", 20);
SetSALS();
SMTP_SASL_PROGRESS_LOG("Enable TLS", 30);
SetTLS();
SMTP_SASL_PROGRESS_LOG("Smtpd Recipient Restrictions", 40);
smtpd_recipient_restrictions();
SMTP_SASL_PROGRESS_LOG("SMTP SASL Security Options", 50);
smtp_sasl_security_options();
SMTP_SASL_PROGRESS_LOG("SMTP SASL whitelisted networks", 55);
smtpd_sasl_exceptions_networks();
SMTP_SASL_PROGRESS_LOG("Build Master.cf", 60);
MasterCFBuilder();
SMTP_SASL_PROGRESS_LOG("Checks transport table", 70);
MailBoxTransport();
SMTP_SASL_PROGRESS_LOG("{reloading} SMTP MTA", 80);
ReloadPostfix(true);
SMTP_SASL_PROGRESS_LOG("{reloading} SaslAuthd", 90);
system("/etc/init.d/saslauthd restart");
SMTP_SASL_PROGRESS_LOG("{done}", 100);
}