Merge branch 'master' into 'master'

Master

See merge request !230

Author: Marius Cramer

install/dist/tpl/gentoo/amavisd-ispconfig.conf.master

@@ -94,16 +94,24 @@ $LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)
 $log_level = 0;                # (defaults to 0)
 
 $inet_socket_port = [10024,10026];
-$forward_method = 'smtp:[127.0.0.1]:10025';
-$notify_method = 'smtp:[127.0.0.1]:10027';
+
+# *:* = send to IP/HOST:incoming Port + 1
+$forward_method = 'smtp:*:*';
+$notify_method = 'smtp:*:*';
+
 $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
   originating => 1,
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
-  forward_method => 'smtp:[127.0.0.1]:10027',
 };
-@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
-192.168.0.0/16);
+
+# IP-Addresses for internal networks => load policy MYNETS
+# - requires -o smtp_send_xforward_command=yes in postfix master.cf
+@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [::1] [FE80::]/10 [FEC0::]/10);
+
+# Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port
+@inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 );
+
 $signed_header_fields{'received'} = 0; # turn off signing of Received
 $enable_dkim_verification = 1;
 $enable_dkim_signing = 1;

install/tpl/amavisd_user_config.master

@@ -76,19 +76,24 @@ $LOGFILE = "/var/log/amavis.log";  # (defaults to empty, no log)
 $log_level = 0;                # (defaults to 0)
 
 $inet_socket_port = [10024,10026];
-$forward_method = 'smtp:[127.0.0.1]:10025';
-$notify_method = 'smtp:[127.0.0.1]:10027';
+
+# *:* = send to IP/HOST:incoming Port + 1
+$forward_method = 'smtp:*:*';
+$notify_method = 'smtp:*:*';
 $interface_policy{'10026'} = 'ORIGINATING';
 $policy_bank{'ORIGINATING'} = {
   originating => 1,
   smtpd_discard_ehlo_keywords => ['8BITMIME'],
-  forward_method => 'smtp:[127.0.0.1]:10027',
 };
-@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
-192.168.0.0/16);
 
-# DKIM
+# IP-Addresses for internal networks => load policy MYNETS
+# - requires -o smtp_send_xforward_command=yes in postfix master.cf
+@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [::1] [FE80::]/10 [FEC0::]/10);
 
+# Allow SMTP access from IPs in @inet_acl to amvisd SMTP Port
+@inet_acl = qw( 127.0.0.1 [::1] 192.168.0.0/16 );
+
+# DKIM
 $enable_dkim_verification = 1;
 $enable_dkim_signing = 1; # load DKIM signing code
 $signed_header_fields{'received'} = 0;  # turn off signing of Received

server/plugins-available/mail_plugin_dkim.inc.php

@@ -122,8 +122,8 @@ function check_system($data) {
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 		if (	isset($mail_config['dkim_path']) && 
 				!empty($mail_config['dkim_path']) && 
-				isset($data['new']['dkim_private']) && 
-				!empty($data['new']['dkim_private']) &&
+//				isset($data['new']['dkim_private']) && 
+//				!empty($data['new']['dkim_private']) &&
 				$mail_config['dkim_path'] != '/' 
 		) {
             if (!is_dir($mail_config['dkim_path'])) {
@@ -199,6 +199,10 @@ function restart_amavis() {
 	function write_dkim_key($key_file, $key_value, $key_domain) {
 		global $app, $mailconfig;
 		$success=false;
+		if ($key_file == '' || $key_value  == '' || $key_domain == '') {
+			$app->log('DKIM internal error for domain '.$key_domain, LOGLEVEL_ERROR);
+			return $success;
+		}
 		if ( $app->system->file_put_contents($key_file.'.private', $key_value) ) {
 			$app->log('Saved DKIM Private-key to '.$key_file.'.private', LOGLEVEL_DEBUG);
 			$success=true;
@@ -211,7 +215,7 @@ function write_dkim_key($key_file, $key_value, $key_domain) {
 				$app->log('Saved DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
 			else $app->log('Unable to save DKIM Public to '.$key_domain.'.', LOGLEVEL_DEBUG);
 		} else {
-			$app->log('Unable to save DKIM Privte-key to '.$key_file.'.private', LOGLEVEL_ERROR);
+			$app->log('Unable to save DKIM Private-key to '.$key_file.'.private', LOGLEVEL_ERROR);
 		}
 		return $success;
 	}