- added rspamd conditionals for mail dkim plugin

Marius Burkard · Marius Burkard · commit 0d8f89bbff77 · 2019-07-08T18:27:11.000+02:00
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -1458,6 +1458,12 @@ public function configure_rspamd() {
 			exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
 		}
 
+		if(is_user('_rspamd') && is_group('amavis')) {
+			exec("usermod -G amavis _rspamd");
+		} elseif(is_user('rspamd') && is_group('amavis')) {
+			exec("usermod -G amavis rspamd");
+		}
+				
 		if(!is_dir('/etc/rspamd/local.d/')){
 			mkdir('/etc/rspamd/local.d/', 0755, true);
 		}
diff --git a/server/plugins-available/mail_plugin_dkim.inc.php b/server/plugins-available/mail_plugin_dkim.inc.php
@@ -29,6 +29,7 @@
  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
  @author Florian Schaal, info@schaal-24.de
+ @author Marius Burkard, m.burkard@ispconfig.org (modified for rspamd)
  @copyright Florian Schaal, info@schaal-24.de
  */
 
@@ -59,8 +60,8 @@ function onInstall() {
 	/**
 	 * This function is called when the plugin is loaded
 	 */
-	function onLoad() {
-		global $app, $conf;
+	public function onLoad() {
+		global $app;
 		/*
 		Register for the events
 		*/
@@ -73,7 +74,7 @@ function onLoad() {
 	 * This function gets the amavisd-config file
 	 * @return string path to the amavisd-config for dkim-keys
 	 */
-	function get_amavis_config() {
+	private function get_amavis_config() {
 		$pos_config=array(
 			'/etc/amavisd.conf/50-user',
 			'/etc/amavis/conf.d/50-user',
@@ -101,45 +102,59 @@ function get_amavis_config() {
 	 * @param array $data mail-settings
 	 * @return boolean - true when the amavis-config and the dkim-dir are writeable
 	 */
-	function check_system($data) {
-		global $app, $mail_config;
+	private function check_system() {
+		global $app, $conf, $mail_config;
 
-		/** TODO: FIX IF ONLY RSPAMD IS INSTALLED AND NO AMAVIS! **/
-		/** TODO: FIX DKIM FOR RSPAMD, RSPAMD CANNOT READ FILES OF amavis:root **/
-		
 		$app->uses('getconf');
-		$check=true;
-
-		/* check for amavis-config */
-		$amavis_configfile = $this->get_amavis_config();
+		$check = true;
 
-		//* Create the file if it does not exists.
-		if (substr_compare($amavis_configfile, '60-dkim', -7) === 0 && !file_exists($amavis_configfile))
-			$app->system->touch($amavis_configfile);
+		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
+		if($mail_config['content_filter'] != 'rspamd') {
+			/* check for amavis-config */
+			$amavis_configfile = $this->get_amavis_config();
 
-		if ( $amavis_configfile == '' || !is_writeable($amavis_configfile) ) {
-			$app->log('Amavis-config not found or not writeable.', LOGLEVEL_ERROR);
-			$check=false;
+			//* Create the file if it does not exists.
+			if (substr_compare($amavis_configfile, '60-dkim', -7) === 0 && !file_exists($amavis_configfile)) {
+				$app->system->touch($amavis_configfile);
+			}
+			
+			if ( $amavis_configfile == '' || !is_writeable($amavis_configfile) ) {
+				$app->log('Amavis-config not found or not writeable.', LOGLEVEL_ERROR);
+				$check = false;
+			}
 		}
 
 		/* dir for dkim-keys writeable? */
-		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 		if (isset($mail_config['dkim_path']) && !empty($mail_config['dkim_path']) && $mail_config['dkim_path'] != '/') {
             if (!is_dir($mail_config['dkim_path'])) {
                 $app->log('DKIM Path '.$mail_config['dkim_path'].' not found - (re)created.', LOGLEVEL_DEBUG);
 				if($app->system->is_user('amavis')) { 
 					$amavis_user='amavis'; 
+				} elseif($app->system->is_user('_rspamd')) {
+					$amavis_user = '_rspamd';
+				} elseif($app->system->is_user('rspamd')) {
+					$amavis_user = 'rspamd';
 				} elseif ($app->system->is_user('vscan')) { 
-					$amavis_user='vscan'; 
+					$amavis_user = 'vscan'; 
+				} else { 
+					$amavis_user = ''; 
 				}
-				else { 
-					$amavis_user=''; 
+				if($app->system->is_user('amavis')) { 
+					$amavis_group='amavis'; 
+				} elseif($app->system->is_user('_rspamd')) {
+					$amavis_group = '_rspamd';
+				} elseif($app->system->is_user('rspamd')) {
+					$amavis_group = 'rspamd';
+				} elseif ($app->system->is_user('vscan')) { 
+					$amavis_group = 'vscan'; 
+				} else { 
+					$amavis_group = ''; 
 				}
+				
 				if(!empty($amavis_user)) {
-					mkdir($mail_config['dkim_path'], 0750, true);
-					$app->system->chown($mail_config['dkim_path'], $amavis_user);
+					$app->system->mkdirpath($mail_config['dkim_path'], 0750, $amavis_user, $amavis_group);
 				} else {
-					mkdir($mail_config['dkim_path'], 0755, true);
+					$app->system->mkdirpath($mail_config['dkim_path'], 0755);
 					$app->log('No user amavis or vscan found - using root for '.$mail_config['dkim_path'], LOGLEVEL_WARNING);
 				}
             } else {
@@ -169,12 +184,15 @@ function check_system($data) {
 	/**
 	 * This function restarts amavis
 	 */
-    function restart_amavis() {
+    private function restart_amavis() {
         global $app;
+		$output = null;
 		$initcommand = $app->system->getinitcommand(array('amavis', 'amavisd'), 'restart');
 		$app->log('Restarting amavis: '.$initcommand.'.', LOGLEVEL_DEBUG);
 		exec($initcommand, $output);
-		foreach($output as $logline) $app->log($logline, LOGLEVEL_DEBUG);
+		foreach($output as $logline) {
+			$app->log($logline, LOGLEVEL_DEBUG);
+		}
     }
 
 	/**
@@ -184,8 +202,8 @@ function restart_amavis() {
 	 * @param string $key_domain mail-domain
 	 * @return bool - true when the private key was written to disk
 	 */
-	function write_dkim_key($key_file, $key_value, $key_domain) {
-		global $app, $mailconfig;
+	private function write_dkim_key($key_file, $key_value, $key_domain) {
+		global $app;
 		$success=false;
 		if ($key_file == '' || $key_value  == '' || $key_domain == '') {
 			$app->log('DKIM internal error for domain '.$key_domain, LOGLEVEL_ERROR);
@@ -194,14 +212,20 @@ function write_dkim_key($key_file, $key_value, $key_domain) {
 		if ( $app->system->file_put_contents($key_file.'.private', $key_value) ) {
 			$app->log('Saved DKIM Private-key to '.$key_file.'.private', LOGLEVEL_DEBUG);
 			$success=true;
+			$pubkey = null;
+			$result = 0;
 			/* now we get the DKIM Public-key */
 			exec('cat '.escapeshellarg($key_file.'.private').'|openssl rsa -pubout 2> /dev/null', $pubkey, $result);
 			$public_key='';
-			foreach($pubkey as $values) $public_key=$public_key.$values."\n";
+			foreach($pubkey as $values) {
+				$public_key = $public_key . $values . "\n";
+			}
 			/* save the DKIM Public-key in dkim-dir */
-			if ( $app->system->file_put_contents($key_file.'.public', $public_key) )
+			if($app->system->file_put_contents($key_file.'.public', $public_key)) {
 				$app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
-			else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
+			} else {
+				$app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
+			}
 		} else {
 			$app->log('Unable to save DKIM Private-key to '.$key_file.'.private', LOGLEVEL_ERROR);
 		}
@@ -213,26 +237,32 @@ function write_dkim_key($key_file, $key_value, $key_domain) {
 	 * @param string $key_file full path to the key-file
 	 * @param string $key_domain mail-domain
 	 */
-	function remove_dkim_key($key_file, $key_domain) {
+	private function remove_dkim_key($key_file, $key_domain) {
 		global $app;
 		if (file_exists($key_file.'.private')) {
 			$app->system->unlink($key_file.'.private');
 			$app->log('Deleted the DKIM Private-key for '.$key_domain.'.', LOGLEVEL_DEBUG);
-		} else $app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
+		} else {
+			$app->log('Unable to delete the DKIM Private-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
+		}
 		if (file_exists($key_file.'.public')) {
 			$app->system->unlink($key_file.'.public');
 			$app->log('Deleted the DKIM Public-key for '.$key_domain.'.', LOGLEVEL_DEBUG);
-		} else $app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
+		} else {
+			$app->log('Unable to delete the DKIM Public-key for '.$key_domain.' (not found).', LOGLEVEL_DEBUG);
+		}
 	}
 
 	/**
 	 * This function adds the entry to the amavisd-config
 	 * @param string $key_domain mail-domain
 	 */
-	function add_to_amavis($key_domain, $selector, $old_selector) {
+	private function add_to_amavis($key_domain, $selector, $old_selector) {
 		global $app, $mail_config;
 
-		if (empty($selector)) $selector = 'default';
+		if (empty($selector)) {
+			$selector = 'default';
+		}
 		$restart = false;
 		$amavis_configfile = $this->get_amavis_config();
 
@@ -270,7 +300,7 @@ function add_to_amavis($key_domain, $selector, $old_selector) {
 	 * This function removes the entry from the amavisd-config
 	 * @param string $key_domain mail-domain
 	 */
-	function remove_from_amavis($key_domain) {
+	private function remove_from_amavis($key_domain) {
 		global $app;
 
 		$restart = false;
@@ -308,14 +338,17 @@ function remove_from_amavis($key_domain) {
 	 * This function controlls new key-files and amavisd-entries
 	 * @param array $data mail-settings
 	 */
-	function add_dkim($data) {
-		global $app;
+	private function add_dkim($data) {
+		global $app, $conf;
 		if ($data['new']['active'] == 'y') {
 			$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
-			if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' )
+			if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
 				$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
+			}
 			if ($this->write_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'], $data['new']['dkim_private'], $data['new']['domain'])) {
-				if ($this->add_to_amavis($data['new']['domain'], $data['new']['dkim_selector'], $data['old']['dkim_selector'] )) {
+				if($mail_config['content_filter'] == 'rspamd') {
+					$app->services->restartServiceDelayed('rspamd', 'reload');
+				} elseif ($this->add_to_amavis($data['new']['domain'], $data['new']['dkim_selector'], $data['old']['dkim_selector'] )) {
 					$this->restart_amavis();
 				} else {
 					$this->remove_dkim_key($mail_config['dkim_path']."/".$data['new']['domain'], $data['new']['domain']);
@@ -329,86 +362,89 @@ function add_dkim($data) {
 	/**
 	 * This function controlls the removement of keyfiles (public and private)
 	 * and the entry in the amavisd-config
-	 * @param array $data mail-settings
+	 * @param array $_data mail-settings
 	 */
-	function remove_dkim($_data) {
-		global $app;
+	private function remove_dkim($_data) {
+		global $app, $conf;
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
-		if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' )
+		if ( substr($mail_config['dkim_path'], strlen($mail_config['dkim_path'])-1) == '/' ) {
 			$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
+		}
 		$this->remove_dkim_key($mail_config['dkim_path']."/".$_data['domain'], $_data['domain']);
-		if ($this->remove_from_amavis($_data['domain']))
+		
+		if($mail_config['content_filter'] == 'rspamd') {
+			$app->services->restartServiceDelayed('rspamd', 'reload');
+		} elseif ($this->remove_from_amavis($_data['domain'])) {
 			$this->restart_amavis();
+		}
 	}
 
 	/**
 	 * Function called by onLoad
 	 * deletes dkim-keys
 	 */
-	function domain_dkim_delete($event_name, $data) {
-		if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y')
+	public function domain_dkim_delete($event_name, $data) {
+		if (isset($data['old']['dkim']) && $data['old']['dkim'] == 'y' && $data['old']['active'] == 'y') {
 			$this->remove_dkim($data['old']);
+		}
 	}
 
 	/**
 	 * Function called by onLoad
 	 * insert dkim-keys
 	 */
-	function domain_dkim_insert($event_name, $data) {
-		if (isset($data['new']['dkim']) && $data['new']['dkim']=='y' && $this->check_system($data))
+	public function domain_dkim_insert($event_name, $data) {
+		if (isset($data['new']['dkim']) && $data['new']['dkim']=='y' && $this->check_system()) {
 			$this->add_dkim($data);
+		}
 	}
 
 	/**
 	 * Function called by onLoad
 	 * chang dkim-settings
 	 */
-	function domain_dkim_update($event_name, $data) {
+	public function domain_dkim_update($event_name, $data) {
 		global $app;
 		if($data['new']['dkim'] == 'y' || $data['old']['dkim'] == 'y'){
-			if ($this->check_system($data)) {
+			if ($this->check_system()) {
 				/* maildomain disabled */
 				if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y' && $data['new']['dkim']=='y') {
 					$app->log('Maildomain '.$data['new']['domain'].' disabled - remove DKIM-settings', LOGLEVEL_DEBUG);
 					$this->remove_dkim($data['new']);
 				}
 				/* maildomain re-enabled */
-				if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n' && $data['new']['dkim']=='y') 
+				if ($data['new']['active'] == 'y' && $data['old']['active'] == 'n' && $data['new']['dkim']=='y') {
 					$this->add_dkim($data);
-
+				}
+				
 				/* maildomain active - only dkim changes */
 				if ($data['new']['active'] == 'y' && $data['old']['active'] == 'y') {
 					/* dkim disabled */
 					if ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'n') {
 						$this->remove_dkim($data['new']);
 					}
-					/* dkim enabled */
-					elseif ($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y') {
-						$this->add_dkim($data);
-					}
-					/* new private-key */
-					if ($data['new']['dkim_private'] != $data['old']['dkim_private'] && $data['new']['dkim'] == 'y') {
-						$this->add_dkim($data);
-					}
-					/* new selector */
-					if ($data['new']['dkim_selector'] != $data['old']['dkim_selector'] && $data['new']['dkim'] == 'y') {
+					/* dkim enabled
+					 * or new private-key
+					 * or new selector
+					 * or new domain-name
+					 */
+					elseif (
+							($data['new']['dkim'] != $data['old']['dkim'] && $data['new']['dkim'] == 'y')
+							|| ($data['new']['dkim_private'] != $data['old']['dkim_private'] && $data['new']['dkim'] == 'y')
+							|| ($data['new']['dkim_selector'] != $data['old']['dkim_selector'] && $data['new']['dkim'] == 'y')
+							|| ($data['new']['domain'] != $data['old']['domain'])
+							) {
+						if ($data['new']['domain'] != $data['old']['domain']) {
+							$this->remove_dkim($data['old']);
+						}
 						$this->add_dkim($data);
 					}
-					/* new domain-name */
-					if ($data['new']['domain'] != $data['old']['domain']) {
-						$this->remove_dkim($data['old']);
+					/* resync */
+					elseif($data['new'] == $data['old'] && $data['new']['dkim']=='y') {
 						$this->add_dkim($data);
 					}
 				}
-
-				/* resync */
-				if ($data['new']['active'] == 'y' && $data['new'] == $data['old'] && $data['new']['dkim']=='y') {
-					$this->add_dkim($data);
-				}
 			}
 		}
 	}
-
 }
-
-?>

Original file line number	Diff line number	Diff line change
`@@ -1458,6 +1458,12 @@ public function configure_rspamd() {`
`1458`	`1458`	`exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");`
`1459`	`1459`	`}`
`1460`	`1460`
	`1461`	`+ if(is_user('_rspamd') && is_group('amavis')) {`
	`1462`	`+ exec("usermod -G amavis _rspamd");`
	`1463`	`+ } elseif(is_user('rspamd') && is_group('amavis')) {`
	`1464`	`+ exec("usermod -G amavis rspamd");`
	`1465`	`+ }`
	`1466`	`+`
`1461`	`1467`	`if(!is_dir('/etc/rspamd/local.d/')){`
`1462`	`1468`	`mkdir('/etc/rspamd/local.d/', 0755, true);`
`1463`	`1469`	`}`