コード例 #1
0
function smtpd_client_restrictions()
{
    exec("{$GLOBALS["postconf"]} -h smtpd_client_restrictions", $datas);
    $tbl = explode(",", implode(" ", $datas));
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack");
    $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter");
    $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF');
    $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon');
    $amavis_internal = null;
    if (is_array($tbl)) {
        while (list($num, $ligne) = each($tbl)) {
            $ligne = trim($ligne);
            if (trim($ligne) == null) {
                continue;
            }
            if ($ligne == "Array") {
                continue;
            }
            $newHash[$ligne] = $ligne;
        }
    }
    $hashToDelete[] = "check_client_access hash:/etc/postfix/check_client_access";
    $hashToDelete[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\"";
    $hashToDelete[] = "check_client_access hash:/etc/postfix/postfix_allowed_connections";
    $hashToDelete[] = "reject_non_fqdn_hostname";
    $hashToDelete[] = "reject_unknown_sender_domain";
    $hashToDelete[] = "reject_non_fqdn_sender";
    $hashToDelete[] = "reject_unauth_pipelining";
    $hashToDelete[] = "reject_invalid_hostname";
    $hashToDelete[] = "reject_unknown_client_hostname";
    $hashToDelete[] = "reject_unknown_reverse_client_hostname";
    $hashToDelete[] = "reject_invalid_hostname";
    $hashToDelete[] = "reject_rbl_client zen.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client sbl.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client cbl.abuseat.org";
    $hashToDelete[] = "reject_unauth_pipelining";
    $hashToDelete[] = "reject_unauth_pipelining";
    $hashToDelete[] = "reject_rbl_client=zen.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org";
    $hashToDelete[] = "check_client_access hash:/etc/postfix/amavis_internal";
    while (list($num, $ligne) = each($hashToDelete)) {
        if (isset($newHash[$ligne])) {
            unset($newHash[$ligne]);
        }
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "Starting......: smtpd_client_restrictions: origin:" . @implode(",", $newHash) . "\n";
    }
    $main = new maincf_multi("master", "master");
    $check_client_access = $main->check_client_access();
    if ($check_client_access != null) {
        $newHash[$check_client_access] = $check_client_access;
    }
    $smtpd_client_restrictions = array();
    if (isset($newHash)) {
        if (is_array($newHash)) {
            while (list($num, $ligne) = each($newHash)) {
                if (preg_match("#hash:(.+)\$#", $ligne, $re)) {
                    $path = trim($re[1]);
                    if (!is_file($path)) {
                        echo "Starting......: smtpd_client_restrictions: bungled \"{$ligne}\"\n";
                        continue;
                    }
                }
                if (preg_match("#reject_rbl_client=(.+?)\$#", $ligne, $re)) {
                    $rbl = trim($re[1]);
                    echo "Starting......: reject_rbl_client: bungled \"{$ligne}\" fix it\n";
                    $num = "reject_rbl_client {$rbl}";
                    continue;
                }
            }
            $smtpd_client_restrictions[] = $num;
        }
    }
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    $reject_unknown_client_hostname = $sock->GET_INFO('reject_unknown_client_hostname');
    $reject_unknown_reverse_client_hostname = $sock->GET_INFO('reject_unknown_reverse_client_hostname');
    $reject_invalid_hostname = $sock->GET_INFO('reject_invalid_hostname');
    if ($reject_unknown_client_hostname == 1) {
        $smtpd_client_restrictions[] = "reject_unknown_client_hostname";
    }
    if ($reject_unknown_reverse_client_hostname == 1) {
        $smtpd_client_restrictions[] = "reject_unknown_reverse_client_hostname";
    }
    if ($reject_invalid_hostname == 1) {
        $smtpd_client_restrictions[] = "reject_invalid_hostname";
    }
    if ($EnablePostfixAntispamPack == 1) {
        echo "Starting......: smtpd_client_restrictions:Anti-spam Pack is enabled\n";
        if (!is_file("/etc/postfix/postfix_allowed_connections")) {
            @file_put_contents("/etc/postfix/postfix_allowed_connections", "#");
        }
        $smtpd_client_restrictions[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\"";
        $smtpd_client_restrictions[] = "reject_non_fqdn_hostname";
        $smtpd_client_restrictions[] = "reject_invalid_hostname";
        $smtpd_client_restrictions[] = "reject_rbl_client zen.spamhaus.org";
        $smtpd_client_restrictions[] = "reject_rbl_client sbl.spamhaus.org";
        $smtpd_client_restrictions[] = "reject_rbl_client cbl.abuseat.org";
    }
    if ($EnableArticaPolicyFilter == 1) {
        array_unshift($smtpd_client_restrictions, "check_policy_service inet:127.0.0.1:54423");
    }
    echo "Starting......: smtpd_client_restrictions: " . count($smtpd_client_restrictions) . " rule(s)\n";
    if ($EnableAmavisInMasterCF == 1) {
        if ($EnableAmavisDaemon == 1) {
            $count = amavis_internal();
            if ($count > 0) {
                echo "Starting......: {$count} addresses bypassing amavisd new\n";
                $amavis_internal = "check_client_access hash:/etc/postfix/amavis_internal,";
            }
        }
    }
    if (is_array($smtpd_client_restrictions)) {
        //CLEAN engine ---------------------------------------------------------------------------------------
        while (list($num, $ligne) = each($smtpd_client_restrictions)) {
            $array_cleaned[trim($ligne)] = trim($ligne);
        }
        if (isset($array_cleaned["permit_mynetworks"])) {
            unset($array_cleaned["permit_mynetworks"]);
        }
        if (isset($array_cleaned["permit_sasl_authenticated"])) {
            unset($array_cleaned["permit_sasl_authenticated"]);
        }
        unset($smtpd_client_restrictions);
        $smtpd_client_restrictions = array();
        if (is_array($smtpd_client_restrictions)) {
            while (list($num, $ligne) = each($smtpd_client_restrictions)) {
                echo "Starting......: smtpd_client_restrictions : {$ligne}\n";
                $smtpd_client_restrictions[] = trim($ligne);
            }
        }
        //CLEAN engine ---------------------------------------------------------------------------------------
    } else {
        echo "Starting......: smtpd_client_restrictions: Not an array\n";
    }
    $newval = null;
    if (count($smtpd_client_restrictions) > 1) {
        $newval = implode(",", $smtpd_client_restrictions);
        $newval = "{$amavis_internal}permit_mynetworks,permit_sasl_authenticated,reject_unauth_pipelining,{$newval}";
    } else {
        if ($amavis_internal != null) {
            echo "Starting......: smtpd_client_restrictions: adding amavis internal\n";
            $newval = "check_client_access hash:/etc/postfix/amavis_internal";
        }
    }
    postconf("smtpd_client_restrictions", $newval);
}
コード例 #2
0
function smtpd_client_restrictions()
{
    if (!isset($GLOBALS["CLASS_SOCKET"])) {
        $GLOBALS["CLASS_SOCKET"] = new sockets();
        $sock = $GLOBALS["CLASS_SOCKET"];
    } else {
        $sock = $GLOBALS["CLASS_SOCKET"];
    }
    exec("{$GLOBALS["postconf"]} -h smtpd_client_restrictions", $datas);
    $tbl = explode(",", implode(" ", $datas));
    echo "Old values = {$datas}\n";
    $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack");
    $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter");
    $EnableArticaPolicyFilter = 0;
    $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF');
    $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon');
    $amavis_internal = null;
    $newHash = array();
    smtpd_client_restrictions_progress("{cleaning_data}", 10);
    if (is_array($tbl)) {
        while (list($num, $ligne) = each($tbl)) {
            $ligne = trim($ligne);
            if (trim($ligne) == null) {
                continue;
            }
            if ($ligne == "Array") {
                continue;
            }
            $newHash[$ligne] = $ligne;
        }
    }
    $hashToDelete[] = "check_client_access hash:/etc/postfix/check_client_access";
    $hashToDelete[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\"";
    $hashToDelete[] = "check_client_access hash:/etc/postfix/postfix_allowed_connections";
    $hashToDelete[] = "check_client_access pcre:/etc/postfix/fqrdns.pcre";
    $hashToDelete[] = "check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre";
    $hashToDelete[] = "reject_unknown_reverse_client_hostname";
    $hashToDelete[] = "reject_unknown_client_hostname";
    $hashToDelete[] = "reject_non_fqdn_hostname";
    $hashToDelete[] = "reject_unknown_sender_domain";
    $hashToDelete[] = "reject_non_fqdn_sender";
    $hashToDelete[] = "reject_unauth_pipelining";
    $hashToDelete[] = "reject_invalid_hostname";
    $hashToDelete[] = "reject_unknown_client_hostname";
    $hashToDelete[] = "reject_unknown_reverse_client_hostname";
    $hashToDelete[] = "reject_invalid_hostname";
    $hashToDelete[] = "reject_rbl_client zen.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client sbl.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client cbl.abuseat.org";
    $hashToDelete[] = "reject_unauth_pipelining";
    $hashToDelete[] = "reject_unauth_pipelining";
    $hashToDelete[] = "reject_rbl_client=zen.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org";
    $hashToDelete[] = "reject_rbl_client=sbl.spamhaus.org";
    $hashToDelete[] = "permit_sasl_authenticated";
    $hashToDelete[] = "check_client_access hash:/etc/postfix/amavis_internal";
    $hashToDelete[] = "check_client_access cidr:/etc/postfix/acls.cdir.cf";
    $hashToDelete[] = "check_client_access hash:/etc/postfix/blacklist.domains.cf";
    $hashToDelete[] = "check_recipient_access hash:/etc/postfix/check_recipient_access_ou";
    while (list($num, $ligne) = each($hashToDelete)) {
        if (isset($newHash[$ligne])) {
            unset($newHash[$ligne]);
        }
    }
    if (is_file("/etc/postfix/acls.cdir.cf")) {
        $newHash["check_client_access cidr:/etc/postfix/acls.cdir.cf"] = "check_client_access cidr:/etc/postfix/acls.cdir.cf";
    }
    if (is_file("/etc/postfix/blacklist.domains.cf.db")) {
        $newHash["check_client_access hash:/etc/postfix/blacklist.domains.cf"] = "check_client_access hash:/etc/postfix/blacklist.domains.cf";
    }
    if ($GLOBALS["VERBOSE"]) {
        echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: origin:" . @implode(",", $newHash) . "\n";
    }
    $main = new maincf_multi("master", "master");
    $check_client_access = $main->check_client_access();
    if (strpos($check_client_access, ",") > 0) {
        $check_client_accessEX = explode(",", $check_client_access);
        $check_client_access = null;
        while (list($num, $ligne) = each($check_client_accessEX)) {
            $ligne = trim($ligne);
            if ($ligne == null) {
                continue;
            }
            $newHash[$ligne] = $ligne;
        }
    }
    if ($check_client_access != null) {
        $newHash[$check_client_access] = $check_client_access;
    }
    $smtpd_client_restrictions = array();
    if (count($newHash) > 0) {
        while (list($num, $ligne) = each($newHash)) {
            echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: Checks \"{$ligne}\"\n";
            if (preg_match("#(hash|cidr):(.+)\$#", $ligne, $re)) {
                $path = trim($re[2]);
                if (!is_file($path)) {
                    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: bungled \"{$ligne}\"\n";
                    continue;
                }
                $smtpd_client_restrictions[] = $ligne;
                continue;
            }
            if (preg_match("#reject_rbl_client=(.+?)\$#", $ligne, $re)) {
                $rbl = trim($re[1]);
                echo "Starting......: " . date("H:i:s") . " reject_rbl_client: bungled \"{$ligne}\" fix it\n";
                $num = "reject_rbl_client {$rbl}";
                continue;
            }
            $smtpd_client_restrictions[] = $ligne;
        }
    }
    $smtpd_client_restrictions[] = "check_recipient_access hash:/etc/postfix/check_recipient_access_ou";
    if (!is_file("/etc/artica-postfix/settings/Daemons/reject_unknown_client_hostname")) {
        @file_put_contents("/etc/artica-postfix/settings/Daemons/reject_unknown_client_hostname", 1);
    }
    if (!is_file("/etc/artica-postfix/settings/Daemons/reject_unknown_reverse_client_hostname")) {
        @file_put_contents("/etc/artica-postfix/settings/Daemons/reject_unknown_reverse_client_hostname", 1);
    }
    $reject_unknown_client_hostname = $sock->GET_INFO('reject_unknown_client_hostname');
    $reject_unknown_reverse_client_hostname = $sock->GET_INFO('reject_unknown_reverse_client_hostname');
    $reject_invalid_hostname = $sock->GET_INFO('reject_invalid_hostname');
    if ($reject_unknown_client_hostname == 1) {
        $smtpd_client_restrictions[] = "reject_unknown_client_hostname";
    }
    if ($reject_unknown_reverse_client_hostname == 1) {
        $smtpd_client_restrictions[] = "reject_unknown_reverse_client_hostname";
    }
    if ($reject_invalid_hostname == 1) {
        $smtpd_client_restrictions[] = "reject_invalid_hostname";
    }
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: reject_invalid_hostname...............: {$reject_invalid_hostname}\n";
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: reject_unknown_reverse_client_hostname: {$reject_unknown_reverse_client_hostname}\n";
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: reject_unknown_client_hostname........: {$reject_unknown_client_hostname}\n";
    smtpd_client_restrictions_progress("{construct_settings}", 15);
    $main_dnsbl = $main->main_dnsbl();
    $main_rhsbl = $main->main_rhsbl();
    if ($EnablePostfixAntispamPack == 1) {
        echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions:Anti-spam Pack is enabled\n";
        if (!is_file("/etc/postfix/postfix_allowed_connections")) {
            @file_put_contents("/etc/postfix/postfix_allowed_connections", "#");
        }
        $smtpd_client_restrictions[] = "check_client_access \"hash:/etc/postfix/postfix_allowed_connections\"";
        $smtpd_client_restrictions[] = "reject_non_fqdn_hostname";
        $smtpd_client_restrictions[] = "reject_invalid_hostname";
        $main_dnsbl["zen.spamhaus.org"] = true;
        $main_dnsbl["sbl.spamhaus.org"] = true;
        $main_dnsbl["cbl.abuseat.org"] = true;
    }
    if (!is_file("/etc/artica-postfix/settings/Daemons/EnableGenericrDNSClients")) {
        @file_put_contents("/etc/artica-postfix/settings/Daemons/EnableGenericrDNSClients", 1);
    }
    $EnableGenericrDNSClients = $sock->GET_INFO("EnableGenericrDNSClients");
    if ($EnableGenericrDNSClients == 1) {
        $users = new usersMenus();
        if (!$users->POSTFIX_PCRE_COMPLIANCE) {
            $EnableGenericrDNSClients = 0;
        }
    }
    if ($EnableGenericrDNSClients == 1) {
        echo "Starting......: " . date("H:i:s") . " Reject Public ISP reverse DNS patterns enabled\n";
        $smtpd_client_restrictions[] = "check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre";
        shell_exec("/bin/cp /usr/share/artica-postfix/bin/install/postfix/fqrdns.pcre /etc/postfix/fqrdns.pcre");
    } else {
        echo "Starting......: " . date("H:i:s") . " Reject Public ISP reverse DNS patterns disabled\n";
    }
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions:" . count($main_dnsbl) . " DNSBL Services\n";
    if (count($main_dnsbl) > 0) {
        while (list($num, $ligne) = each($main_dnsbl)) {
            $smtpd_client_restrictions[] = "reject_rbl_client {$num}";
        }
    }
    if (count($main_rhsbl) > 0) {
        while (list($num, $ligne) = each($main_dnsbl)) {
            $smtpd_client_restrictions[] = "reject_rhsbl_client {$num}";
        }
    }
    smtpd_client_restrictions_progress("{construct_settings}", 20);
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: " . count($smtpd_client_restrictions) . " rule(s)\n";
    if ($EnableAmavisInMasterCF == 1) {
        if ($EnableAmavisDaemon == 1) {
            $count = amavis_internal();
            if ($count > 0) {
                echo "Starting......: " . date("H:i:s") . " {$count} addresses bypassing amavisd new\n";
                $amavis_internal = "check_client_access hash:/etc/postfix/amavis_internal,";
            }
        }
    }
    smtpd_client_restrictions_progress("{construct_settings}", 25);
    if (is_array($smtpd_client_restrictions)) {
        //CLEAN engine ---------------------------------------------------------------------------------------
        while (list($num, $ligne) = each($smtpd_client_restrictions)) {
            $ligne = trim($ligne);
            if ($ligne == null) {
                continue;
            }
            echo "Starting......: " . date("H:i:s") . " Clean \"{$ligne}\"\n";
            $array_cleaned[trim($ligne)] = trim($ligne);
        }
        if (isset($array_cleaned["permit_mynetworks"])) {
            unset($array_cleaned["permit_mynetworks"]);
        }
        if (isset($array_cleaned["permit_sasl_authenticated"])) {
            unset($array_cleaned["permit_sasl_authenticated"]);
        }
        unset($smtpd_client_restrictions);
        $smtpd_client_restrictions = array();
        smtpd_client_restrictions_progress("{construct_settings}", 25);
        if (is_array($array_cleaned)) {
            while (list($num, $ligne) = each($array_cleaned)) {
                echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions : {$ligne}\n";
                $smtpd_client_restrictions[] = trim($ligne);
            }
        }
        //CLEAN engine ---------------------------------------------------------------------------------------
    } else {
        echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: Not an array\n";
    }
    $newval = null;
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: arrayof (" . count($smtpd_client_restrictions) . ")\n";
    if (count($smtpd_client_restrictions) > 1) {
        $newval = implode(",", $smtpd_client_restrictions);
        $newval = "{$amavis_internal}permit_mynetworks,permit_sasl_authenticated,reject_unauth_pipelining,{$newval}";
    } else {
        if ($amavis_internal != null) {
            echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: adding amavis internal\n";
            $newval = "check_client_access hash:/etc/postfix/amavis_internal";
        }
    }
    smtpd_client_restrictions_progress("{construct_settings}", 30);
    echo "Starting......: " . date("H:i:s") . " smtpd_client_restrictions: {$newval}\n";
    smtpd_client_restrictions_progress("{apply_settings}", 80);
    postconf("smtpd_client_restrictions", $newval);
    return true;
}