Merge branch 'stable-3.1' of https://git.ispconfig.org/ispconfig/ispconfig3 into stable-3.1

Author: ms217

install/dist/lib/fedora.lib.php

@@ -153,9 +153,16 @@ function configure_postfix($options = '')
 		}
 
 		$reject_sender_login_mismatch = '';
+		$reject_authenticated_sender_login_mismatch = '';
 		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+			$reject_sender_login_mismatch = ', reject_sender_login_mismatch';
+			$reject_authenticated_sender_login_mismatch = 'reject_authenticated_sender_login_mismatch, ';
 		}
+
+		# placeholder includes comment char
+		$stress_adaptive_placeholder = '#{stress_adaptive} ';
+		$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+
 		unset($server_ini_array);
 
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
@@ -165,6 +172,8 @@ function configure_postfix($options = '')
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
+			'{reject_aslm}' => $reject_authenticated_sender_login_mismatch,
+			$stress_adaptive_placeholder => $stress_adaptive,
 		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');

install/dist/lib/gentoo.lib.php

@@ -102,9 +102,16 @@ public function configure_postfix($options = '')
 		}
 
 		$reject_sender_login_mismatch = '';
+		$reject_authenticated_sender_login_mismatch = '';
 		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+			$reject_sender_login_mismatch = ', reject_sender_login_mismatch';
+			$reject_authenticated_sender_login_mismatch = 'reject_authenticated_sender_login_mismatch, ';
 		}
+
+		# placeholder includes comment char
+		$stress_adaptive_placeholder = '#{stress_adaptive} ';
+		$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+
 		unset($server_ini_array);
 
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
@@ -114,6 +121,8 @@ public function configure_postfix($options = '')
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
+			'{reject_aslm}' => $reject_authenticated_sender_login_mismatch,
+			$stress_adaptive_placeholder => $stress_adaptive,
 		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_postfix.conf.master', 'tpl/gentoo_postfix.conf.master');

install/dist/lib/opensuse.lib.php

@@ -164,9 +164,16 @@ function configure_postfix($options = '')
 		}
 
 		$reject_sender_login_mismatch = '';
+		$reject_authenticated_sender_login_mismatch = '';
 		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+			$reject_sender_login_mismatch = ', reject_sender_login_mismatch';
+			$reject_authenticated_sender_login_mismatch = 'reject_authenticated_sender_login_mismatch, ';
 		}
+
+		# placeholder includes comment char
+		$stress_adaptive_placeholder = '#{stress_adaptive} ';
+		$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+
 		unset($server_ini_array);
 
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
@@ -176,6 +183,8 @@ function configure_postfix($options = '')
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
+			'{reject_aslm}' => $reject_authenticated_sender_login_mismatch,
+			$stress_adaptive_placeholder => $stress_adaptive,
 		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');

install/lib/installer_base.lib.php

@@ -967,6 +967,11 @@ public function configure_postfix($options = '') {
 			$this->error("The postfix configuration directory '$config_dir' does not exist.");
 		}
 
+		//* Get postfix version
+		exec('postconf -d mail_version 2>&1', $out);
+		$postfix_version = preg_replace('/.*=\s*/', '', $out[0]);
+		unset($out);
+
 		//* mysql-virtual_domains.cf
 		$this->process_postfix_config('mysql-virtual_domains.cf');
 
@@ -1072,12 +1077,28 @@ public function configure_postfix($options = '') {
 		}
 
 		$reject_sender_login_mismatch = '';
-		if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
-			$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
+		$reject_authenticated_sender_login_mismatch = '';
+		if (isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
+			$reject_sender_login_mismatch = ',reject_sender_login_mismatch,';
+			$reject_authenticated_sender_login_mismatch = 'reject_authenticated_sender_login_mismatch, ';
 		}
-		unset($server_ini_array);
 
-		$tmp = str_replace('.','\.',$conf['hostname']);
+		# placeholder includes comment char
+		$stress_adaptive_placeholder = '#{stress_adaptive}';
+		$stress_adaptive = (isset($server_ini_array['mail']['stress_adaptive']) && ($server_ini_array['mail']['stress_adaptive'] == 'y')) ? '' : $stress_adaptive_placeholder;
+
+		$reject_unknown_client_hostname='';
+		if (isset($server_ini_array['mail']['reject_unknown']) && ($server_ini_array['mail']['reject_unknown'] == 'client' || $server_ini_array['mail']['reject_unknown'] == 'client_helo')) {
+			$reject_unknown_client_hostname=',reject_unknown_client_hostname';
+		}
+		$reject_unknown_helo_hostname='';
+		if ((!isset($server_ini_array['mail']['reject_unknown'])) || $server_ini_array['mail']['reject_unknown'] == 'helo' || $server_ini_array['mail']['reject_unknown'] == 'client_helo') {
+			$reject_unknown_helo_hostname=',reject_unknown_helo_hostname';
+		}
+
+		unset($server_ini_array);
+		
+		$myhostname = str_replace('.','\.',$conf['hostname']);
 
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
@@ -1086,13 +1107,43 @@ public function configure_postfix($options = '') {
 			'{rbl_list}' => $rbl_list,
 			'{greylisting}' => $greylisting,
 			'{reject_slm}' => $reject_sender_login_mismatch,
-			'{myhostname}' => $tmp,
+			'{reject_aslm}' => $reject_authenticated_sender_login_mismatch,
+			'{myhostname}' => $myhostname,
+			$stress_adaptive_placeholder => $stress_adaptive,
+			'{reject_unknown_client_hostname}' => $reject_unknown_client_hostname,
+			'{reject_unknown_helo_hostname}' => $reject_unknown_helo_hostname,
 		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
 		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
 		$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines
 
+		//* Merge version-specific postfix config
+		if(version_compare($postfix_version , '2.5', '>=')) {
+		    $configfile = 'postfix_2-5.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		if(version_compare($postfix_version , '2.10', '>=')) {
+		    $configfile = 'postfix_2-10.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		if(version_compare($postfix_version , '3.0', '>=')) {
+		    $configfile = 'postfix_3-0.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+		if(version_compare($postfix_version , '3.3', '>=')) {
+		    $configfile = 'postfix_3-3.conf';
+		    $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master');
+		    $content = strtr($content, $postconf_placeholders);
+		    $postconf_commands = array_merge($postconf_commands, array_filter(explode("\n", $content)));
+		}
+
 		//* These postconf commands will be executed on installation only
 		if($this->is_update == false) {
 			$postconf_commands = array_merge($postconf_commands, array(
@@ -1399,7 +1450,7 @@ public function configure_dovecot() {
 		if ($configure_lmtp) {
 			for ($i = 0; isset($new_options[$i]); $i++) {
 				if ($new_options[$i] == 'reject_unlisted_recipient') {
-					array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${config_dir}/mysql-verify_recipients.cf"));
+					array_splice($new_options, $i+1, 0, array("check_recipient_access proxy:mysql:${quoted_config_dir}/mysql-verify_recipients.cf"));
 					break;
 				}
 			}
@@ -1408,7 +1459,6 @@ public function configure_dovecot() {
 				$postconf_commands[] = "enable_original_recipient = yes";
 			}
 		}
-		#exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
 		$postconf_commands[] = "smtpd_recipient_restrictions = ".implode(", ", $new_options);
 
 		// Executing the postconf commands
@@ -1630,7 +1680,7 @@ public function configure_amavis() {
 
 	public function configure_rspamd() {
 		global $conf;
-
+		
 		//* These postconf commands will be executed on installation and update
 		$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
 		$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
@@ -1647,8 +1697,33 @@ public function configure_rspamd() {
 			exec("postconf -e 'milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}'");
 			exec("postconf -e 'milter_default_action = accept'");
 
-			exec("postconf -e 'smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated'");
+			if(! isset($mail_config['reject_sender_login_mismatch'])) {
+				$mail_config['reject_sender_login_mismatch'] = 'n';
+			}
+			$options = preg_split("/,\s*/", exec("postconf -h smtpd_sender_restrictions"));
+			$new_options = array();
+			foreach ($options as $key => $value) {
+				$value = trim($value);
+				if ($value == '') continue;
+				if (preg_match('/tag_as_(originating|foreign)\.re/', $value)) {
+					continue;
+				}
+				if (preg_match('/reject_(authenticated_)?sender_login_mismatch/', $value)) {
+					continue;
+				}
+				$new_options[] = $value;
+			}
+			if ($mail_config['reject_sender_login_mismatch'] == 'y') {
+				array_splice($new_options, 0, 0, array('reject_authenticated_sender_login_mismatch'));
 
+				for ($i = 0; isset($new_options[$i]); $i++) {
+					if ($new_options[$i] == 'permit_mynetworks') {
+						array_splice($new_options, $i+1, 0, array('reject_sender_login_mismatch'));
+						break;
+					}
+				}
+			}
+			exec("postconf -e 'smtpd_sender_restrictions = ".implode(", ", $new_options)."'");
 
 			$options = preg_split("/,\s*/", exec("postconf -h smtpd_recipient_restrictions"));
 			$new_options = array();

install/sql/ispconfig3.sql

@@ -2070,7 +2070,6 @@ CREATE TABLE `web_domain` (
   `backup_excludes` mediumtext,
   `active` enum('n','y') NOT NULL default 'y',
   `traffic_quota_lock` enum('n','y') NOT NULL default 'n',
-  `fastcgi_php_version` varchar(255) DEFAULT NULL,
   `proxy_directives` mediumtext,
   `last_quota_notification` date NULL default NULL,
   `rewrite_rules` mediumtext,

install/tpl/debian_postfix.conf.master

@@ -5,8 +5,8 @@ virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{co
 virtual_mailbox_domains = proxy:mysql:{config_dir}/mysql-virtual_domains.cf
 virtual_mailbox_maps = proxy:mysql:{config_dir}/mysql-virtual_mailboxes.cf
 virtual_mailbox_base = {vmail_mailbox_base}
-virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
-virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
+virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
+virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
 sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 inet_protocols=all
 inet_interfaces = all
@@ -15,20 +15,22 @@ broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_restriction_classes = greylisting
 greylisting = check_policy_service inet:127.0.0.1:10023
-smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}, check_policy_service unix:private/quota-status
+smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, check_recipient_access proxy:mysql:{config_dir}/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:{config_dir}/mysql-virtual_recipient.cf{greylisting}, check_policy_service unix:private/quota-status
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert
 smtpd_tls_key_file = {config_dir}/smtpd.key
 transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
-relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
-relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
+relay_domains = proxy:mysql:{config_dir}/mysql-virtual_relaydomains.cf
+relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
-proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $smtpd_recipient_restrictions
+proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
-smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo
-smtpd_sender_restrictions = check_sender_access regexp:{config_dir}/tag_as_originating.re {reject_slm}, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf, check_sender_access regexp:{config_dir}/tag_as_foreign.re
-smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
+smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
+smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks{rbl_list}, permit_sasl_authenticated, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
+smtpd_etrn_restrictions = permit_mynetworks, reject
+smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
 smtpd_client_message_rate_limit = 100
 maildrop_destination_concurrency_limit = 1
 maildrop_destination_recipient_limit   = 1