function smtpd_recipient_restrictions() { exec("{$GLOBALS["postconf"]} -h smtpd_recipient_restrictions", $datas); $tbl = explode(",", implode(" ", $datas)); $permit_mynetworks_remove = false; if (is_array($tbl)) { while (list($num, $ligne) = each($tbl)) { if (trim($ligne) == null) { continue; } $newHash[trim($ligne)] = trim($ligne); } } unset($newHash["permit"]); unset($newHash["check_sender_access hash:/etc/postfix/disallow_my_domain"]); unset($newHash["check_sender_access hash:/etc/postfix/unrestricted_senders"]); unset($newHash["reject_unauth_destination"]); unset($newHash["permit_mynetworks"]); if (is_array($newHash)) { while (list($num, $ligne) = each($newHash)) { if (preg_match("#hash:(.+)\$#", $ligne, $re)) { $path = trim($re[1]); if (!is_file($path)) { echo "Starting......: smtpd_recipient_restrictions: bungled \"{$ligne}\"\n"; continue; } } $smtpd_recipient_restrictions[] = $num; } } $smtpd_recipient_restrictions[] = "permit_mynetworks"; $smtpd_recipient_restrictions[] = "permit_sasl_authenticated"; system("{$GLOBALS["postconf"]} -e \"auth_relay=\" >/dev/null 2>&1"); if ($GLOBALS["EnableBlockUsersTroughInternet"] == 1) { echo "Starting......: Restricted users are enabled\n"; if (RestrictedForInternet()) { system("{$GLOBALS["postconf"]} -e \"auth_relay=check_recipient_access hash:/etc/postfix/local_domains, reject\" >/dev/null 2>&1"); array_unshift($smtpd_recipient_restrictions, "check_sender_access hash:/etc/postfix/unrestricted_senders"); __ADD_smtpd_restriction_classes("auth_relay"); } else { __REMOVE_smtpd_restriction_classes("auth_relay"); } } else { __REMOVE_smtpd_restriction_classes("auth_relay"); } $sock = new sockets(); $reject_forged_mails = $sock->GET_INFO("reject_forged_mails"); if ($reject_forged_mails == 1) { if (smtpd_recipient_restrictions_reject_forged_mails()) { echo "Starting......: Reject Forged mails enabled\n"; $smtpd_recipient_restrictions[] = "check_sender_access hash:/etc/postfix/disallow_my_domain"; } } else { echo "Starting......: Reject Forged mails disabled\n"; } $smtpd_recipient_restrictions[] = "reject_unauth_destination"; //CLEAN engine --------------------------------------------------------------------------------------- while (list($num, $ligne) = each($smtpd_recipient_restrictions)) { $smtpd_recipient_restrictions_cleaned[trim($ligne)] = trim($ligne); } unset($smtpd_recipient_restrictions); while (list($num, $ligne) = each($smtpd_recipient_restrictions_cleaned)) { $smtpd_recipient_restrictions[] = trim($ligne); } //CLEAN engine --------------------------------------------------------------------------------------- if (is_array($smtpd_recipient_restrictions)) { $newval = implode(",", $smtpd_recipient_restrictions); } system("{$GLOBALS["postconf"]} -e \"smtpd_recipient_restrictions = {$newval}\" >/dev/null 2>&1"); }
function smtpd_recipient_restrictions() { if (!isset($GLOBALS["CLASS_USERS_MENUS"])) { $users = new usersMenus(); $GLOBALS["CLASS_USERS_MENUS"] = $users; } else { $users = $GLOBALS["CLASS_USERS_MENUS"]; } if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } $newHash = array(); $EnableCluebringer = $sock->GET_INFO("EnableCluebringer"); $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack"); $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter"); if ($GLOBALS["DEBUG"]) { echo "EnableCluebringer={$EnableCluebringer}\n"; } $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF'); $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon'); exec("{$GLOBALS["postconf"]} -h smtpd_recipient_restrictions", $datas); $tbl = explode(",", implode(" ", $datas)); $permit_mynetworks_remove = false; if (is_array($tbl)) { while (list($num, $ligne) = each($tbl)) { if (trim($ligne) == null) { continue; } $newHash[trim($ligne)] = trim($ligne); } } unset($newHash["check_client_access hash:/etc/postfix/amavis_internal"]); unset($newHash["check_recipient_access hash:/etc/postfix/relay_domains_restricted"]); unset($newHash["permit"]); unset($newHash["check_sender_access hash:/etc/postfix/disallow_my_domain"]); unset($newHash["check_sender_access hash:/etc/postfix/unrestricted_senders"]); unset($newHash["check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt"]); unset($newHash["reject_unauth_destination"]); unset($newHash["permit_mynetworks"]); unset($newHash["check_client_access pcre:/etc/postfix/fqrdns.pcre"]); unset($newHash["check_policy_service inet:127.0.0.1:54423"]); if (is_array($newHash)) { while (list($num, $ligne) = each($newHash)) { if (preg_match("#hash:(.+)\$#", $ligne, $re)) { $path = trim($re[1]); if (!is_file($path)) { echo "Starting......: smtpd_recipient_restrictions: bungled \"{$ligne}\"\n"; continue; } } $smtpd_recipient_restrictions[] = $num; } } if ($GLOBALS["DEBUG"]) { echo "CLUEBRINGER_INSTALLED={$users->CLUEBRINGER_INSTALLED}\n"; } if ($users->CLUEBRINGER_INSTALLED) { if ($EnableCluebringer == 1) { $smtpd_recipient_restrictions[] = "check_policy_service inet:127.0.0.1:13331"; } } postconf("smtpd_restriction_classes", "artica_restrict_relay_domains"); postconf("artica_restrict_relay_domains", "reject_unverified_recipient"); $smtpd_recipient_restrictions[] = "permit_mynetworks"; $smtpd_recipient_restrictions[] = "permit_sasl_authenticated"; $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/relay_domains_restricted"; $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt"; amavis_bypass_byrecipients(); restrict_relay_domains(); postconf("auth_relay", null); if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } $reject_forged_mails = $sock->GET_INFO("reject_forged_mails"); if ($reject_forged_mails == 1) { if (smtpd_recipient_restrictions_reject_forged_mails()) { echo "Starting......: Reject Forged mails enabled\n"; $smtpd_recipient_restrictions[] = "check_sender_access hash:/etc/postfix/disallow_my_domain"; } } else { echo "Starting......: Reject Forged mails disabled\n"; } $EnableGenericrDNSClients = $sock->GET_INFO("EnableGenericrDNSClients"); if (!$users->POSTFIX_PCRE_COMPLIANCE) { $EnableGenericrDNSClients = 0; } if ($EnableGenericrDNSClients == 1) { echo "Starting......: Reject Public ISP reverse DNS patterns enabled\n"; $smtpd_recipient_restrictions[] = "check_client_access pcre:/etc/postfix/fqrdns.pcre"; shell_exec("/bin/cp /usr/share/artica-postfix/bin/install/postfix/fqrdns.pcre /etc/postfix/fqrdns.pcre"); } else { echo "Starting......: Reject Public ISP reverse DNS patterns disabled\n"; } if ($EnableArticaPolicyFilter == 1) { array_unshift($smtpd_recipient_restrictions, "check_policy_service inet:127.0.0.1:54423"); } $smtpd_recipient_restrictions[] = "reject_unauth_destination"; if ($GLOBALS["EnableBlockUsersTroughInternet"] == 1) { echo "Starting......: Restricted users are enabled\n"; if (RestrictedForInternet()) { postconf("auth_relay", "check_recipient_access hash:/etc/postfix/local_domains, reject"); array_unshift($smtpd_recipient_restrictions, "check_sender_access hash:/etc/postfix/unrestricted_senders"); __ADD_smtpd_restriction_classes("auth_relay"); } else { __REMOVE_smtpd_restriction_classes("auth_relay"); } } else { __REMOVE_smtpd_restriction_classes("auth_relay"); } //CLEAN engine --------------------------------------------------------------------------------------- while (list($num, $ligne) = each($smtpd_recipient_restrictions)) { $smtpd_recipient_restrictions_cleaned[trim($ligne)] = trim($ligne); } unset($smtpd_recipient_restrictions); while (list($num, $ligne) = each($smtpd_recipient_restrictions_cleaned)) { $smtpd_recipient_restrictions[] = trim($ligne); } //CLEAN engine --------------------------------------------------------------------------------------- if (is_array($smtpd_recipient_restrictions)) { $newval = implode(",", $smtpd_recipient_restrictions); } if ($GLOBALS["DEBUG"]) { echo "smtpd_recipient_restrictions = {$newval}\n"; } postconf("smtpd_recipient_restrictions", $newval); }
function smtpd_recipient_restrictions() { if (!isset($GLOBALS["CLASS_USERS_MENUS"])) { $users = new usersMenus(); $GLOBALS["CLASS_USERS_MENUS"] = $users; } else { $users = $GLOBALS["CLASS_USERS_MENUS"]; } if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } $newHash = array(); include_once dirname(__FILE__) . "/ressources/class.postfix.check_recipient_access.inc"; $EnableCluebringer = $sock->GET_INFO("EnableCluebringer"); $EnablePostfixAntispamPack = $sock->GET_INFO("EnablePostfixAntispamPack"); $EnableArticaPolicyFilter = $sock->GET_INFO("EnableArticaPolicyFilter"); $EnablePolicydWeight = intval($sock->GET_INFO('EnablePolicydWeight')); $EnableArticaPolicyFilter = 0; if ($GLOBALS["DEBUG"]) { echo "EnableCluebringer={$EnableCluebringer}\n"; } $EnableAmavisInMasterCF = $sock->GET_INFO('EnableAmavisInMasterCF'); $EnableAmavisDaemon = $sock->GET_INFO('EnableAmavisDaemon'); $TrustMyNetwork = $sock->GET_INFO("TrustMyNetwork"); $ValvuladEnabled = intval($sock->GET_INFO("ValvuladEnabled")); $POLICYD_WEIGHT_PORT = 12525; $main = new maincf_multi("master"); if (!is_numeric($TrustMyNetwork)) { $TrustMyNetwork = 1; } exec("{$GLOBALS["postconf"]} -h smtpd_recipient_restrictions", $datas); $tbl = explode(",", implode(" ", $datas)); $permit_mynetworks_remove = false; smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 51); if (is_array($tbl)) { while (list($num, $ligne) = each($tbl)) { if (trim($ligne) == null) { continue; } if (preg_match("#_rhsbl_#", $ligne)) { continue; } $newHash[trim($ligne)] = trim($ligne); } } unset($newHash["permit_dnswl_client list.dnswl.org"]); unset($newHash["check_client_access hash:/etc/postfix/amavis_internal"]); unset($newHash["check_recipient_access hash:/etc/postfix/relay_domains_restricted"]); unset($newHash["permit"]); unset($newHash["check_sender_access hash:/etc/postfix/disallow_my_domain"]); unset($newHash["check_sender_access hash:/etc/postfix/unrestricted_senders"]); unset($newHash["check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt"]); unset($newHash["reject_unauth_destination"]); unset($newHash["permit_mynetworks"]); unset($newHash["check_client_access pcre:/etc/postfix/fqrdns.pcre"]); unset($newHash["check_policy_service inet:127.0.0.1:54423"]); unset($newHash["check_policy_service inet:127.0.0.1:13331"]); unset($newHash["check_policy_service inet:127.0.0.1:7777"]); unset($newHash["check_policy_service inet:127.0.0.1:3579"]); unset($newHash["check_client_access hash:/etc/postfix/wbl_connections"]); unset($newHash["check_recipient_access hash:/etc/postfix/wbl_connections"]); unset($newHash["check_client_access cidr:/etc/postfix/check_client_access.cidr"]); unset($newHash["check_client_access hash:/etc/postfix/check_client_access"]); unset($newHash["check_policy_service inet:127.0.0.1:{$POLICYD_WEIGHT_PORT}"]); smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 52); if (is_array($newHash)) { while (list($num, $ligne) = each($newHash)) { if (preg_match("#hash:(.+)\$#", $ligne, $re)) { $path = trim($re[1]); if (!is_file($path)) { echo "Starting......: " . date("H:i:s") . " smtpd_recipient_restrictions: bungled \"{$ligne}\"\n"; continue; } } $smtpd_recipient_restrictions[] = $num; } } smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 53); postconf("smtpd_restriction_classes", "artica_restrict_relay_domains"); postconf("artica_restrict_relay_domains", "reject_unverified_recipient"); $MynetworksInISPMode = $sock->GET_INFO("MynetworksInISPMode"); if (!is_numeric($MynetworksInISPMode)) { $MynetworksInISPMode = 0; } if ($TrustMyNetwork == 0 && $MynetworksInISPMode == 1) { $TrustMyNetwork = 1; } if ($TrustMyNetwork == 1) { $smtpd_recipient_restrictions[] = "permit_mynetworks"; } else { echo "Starting......: " . date("H:i:s") . " **** TrustMyNetwork is disabled, outgoing messages should be not allowed... **** \n"; } $smtpd_recipient_restrictions[] = "permit_mynetworks"; $smtpd_recipient_restrictions[] = "permit_sasl_authenticated"; echo "Starting......: " . date("H:i:s") . " Postfix class check_recipient_access_ou()...\n"; smtpd_client_restrictions_progress("{organizations}", 54); $check_recipient_access_ou = new check_recipient_access_ou(); $check_recipient_access_ou->build(); $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/check_recipient_access_ou"; $smtpd_recipient_restrictions[] = "check_client_access cidr:/etc/postfix/check_client_access.cidr"; $smtpd_recipient_restrictions[] = "check_client_access hash:/etc/postfix/check_client_access"; $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/relay_domains_restricted"; $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/amavis_bypass_rcpt"; $smtpd_recipient_restrictions[] = "permit_auth_destination"; if ($ValvuladEnabled == 1) { $smtpd_recipient_restrictions[] = "check_policy_service inet:127.0.0.1:3579"; } if ($EnablePolicydWeight == 1) { $smtpd_recipient_restrictions[] = "check_client_access hash:/etc/postfix/wbl_connections"; $smtpd_recipient_restrictions[] = "check_recipient_access hash:/etc/postfix/wbl_connections"; $smtpd_recipient_restrictions[] = "check_policy_service inet:127.0.0.1:{$POLICYD_WEIGHT_PORT}"; } smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 54); $smtpd_recipient_restrictions[] = "permit_dnswl_client list.dnswl.org"; smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 55); amavis_bypass_byrecipients(); smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 56); restrict_relay_domains(); postconf("auth_relay", null); smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 57); if (!isset($GLOBALS["CLASS_SOCKET"])) { $GLOBALS["CLASS_SOCKET"] = new sockets(); $sock = $GLOBALS["CLASS_SOCKET"]; } else { $sock = $GLOBALS["CLASS_SOCKET"]; } $reject_forged_mails = $sock->GET_INFO("reject_forged_mails"); if ($reject_forged_mails == 1) { if (smtpd_recipient_restrictions_reject_forged_mails()) { echo "Starting......: " . date("H:i:s") . " Reject Forged mails enabled\n"; $smtpd_recipient_restrictions[] = "check_sender_access hash:/etc/postfix/disallow_my_domain"; } } else { echo "Starting......: " . date("H:i:s") . " Reject Forged mails disabled\n"; } smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 58); $main_rhsbl = $main->main_rhsbl(); if (count($main_rhsbl) > 0) { while (list($domain, $ID) = each($main_rhsbl)) { if (trim($domain) == null) { continue; } $smtpd_recipient_restrictions[] = "reject_rhsbl_client {$domain}"; $smtpd_recipient_restrictions[] = "reject_rhsbl_sender {$domain}"; } } smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 59); $smtpd_recipient_restrictions[] = "reject_unauth_destination"; $smtpd_recipient_restrictions[] = "permit"; if ($GLOBALS["EnableBlockUsersTroughInternet"] == 1) { echo "Starting......: " . date("H:i:s") . " Restricted users are enabled\n"; if (RestrictedForInternet()) { postconf("auth_relay", "check_recipient_access hash:/etc/postfix/local_domains, reject"); array_unshift($smtpd_recipient_restrictions, "check_sender_access hash:/etc/postfix/unrestricted_senders"); __ADD_smtpd_restriction_classes("auth_relay"); } else { __REMOVE_smtpd_restriction_classes("auth_relay"); } } else { __REMOVE_smtpd_restriction_classes("auth_relay"); } if (is_file("/opt/iRedAPD/iredapd.py")) { //array_unshift($smtpd_recipient_restrictions,"check_policy_service inet:127.0.0.1:7777"); } //CLEAN engine --------------------------------------------------------------------------------------- while (list($num, $ligne) = each($smtpd_recipient_restrictions)) { $smtpd_recipient_restrictions_cleaned[trim($ligne)] = trim($ligne); } unset($smtpd_recipient_restrictions); while (list($num, $ligne) = each($smtpd_recipient_restrictions_cleaned)) { echo "Starting......: " . date("H:i:s") . " smtpd_recipient_restrictions Final: " . trim($ligne) . "\n"; $smtpd_recipient_restrictions[] = trim($ligne); } //CLEAN engine --------------------------------------------------------------------------------------- smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 59); if (is_array($smtpd_recipient_restrictions)) { $newval = implode(",", $smtpd_recipient_restrictions); } if ($GLOBALS["DEBUG"]) { echo "smtpd_recipient_restrictions = {$newval}\n"; } postconf("smtpd_recipient_restrictions", $newval); smtpd_client_restrictions_progress("{smtpd_recipient_restrictions}", 60); }