Skip to content

Commit 85ffd16

Browse files
author
Marius Cramer
committed
Merge branch 'reject_sender_login_mismatch' into 'master'
Reject sender login mismatch Included FS#3161: Reject sender login mismatch Feature added as checkbox on mail-server-config. If activated (default = 'n') outgoing mails are checked against existing mail_users and mail_forwarders(aliases). Additional added "prefetch" to dovecot-config-files to halve sql-queries (dovecot is able to fetch all userdb-queries already with passworddb-query -> if query does this, activate prefetch-driver, and with active prefetching, dovecot doesn't call database twice, when User loggs in -> this doesn't matter on small systems, but improves performance on large systems) See merge request !174
2 parents ca2165e + badfbef commit 85ffd16

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+164
-31
lines changed

install/dist/lib/fedora.lib.php

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,9 @@ function configure_postfix($options = '')
143143
//* mysql-virtual_sender.cf
144144
$this->process_postfix_config('mysql-virtual_sender.cf');
145145

146+
//* mysql-virtual_sender_login_maps.cf
147+
$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
148+
146149
//* mysql-virtual_client.cf
147150
$this->process_postfix_config('mysql-virtual_client.cf');
148151

@@ -195,23 +198,28 @@ function configure_postfix($options = '')
195198
}
196199
}
197200
unset($rbl_hosts);
198-
unset($server_ini_array);
199201

200202
//* If Postgrey is installed, configure it
201203
$greylisting = '';
202204
if($conf['postgrey']['installed'] == true) {
203-
$greylisting = 'check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
205+
$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
204206
}
205207

206-
//* These postconf commands will be executed on installation and update
208+
$reject_sender_login_mismatch = '';
209+
if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
210+
$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
211+
}
212+
unset($server_ini_array);
213+
207214
$postconf_placeholders = array('{config_dir}' => $config_dir,
208215
'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
209216
'{vmail_userid}' => $cf['vmail_userid'],
210217
'{vmail_groupid}' => $cf['vmail_groupid'],
211218
'{rbl_list}' => $rbl_list,
212219
'{greylisting}' => $greylisting,
220+
'{reject_slm}' => $reject_sender_login_mismatch,
213221
);
214-
222+
215223
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
216224
$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
217225
$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines

install/dist/lib/gentoo.lib.php

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,40 @@ public function configure_postfix($options = '')
8181
}
8282

8383
//* These postconf commands will be executed on installation and update
84+
$server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].'.server', $conf['server_id']);
85+
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
86+
unset($server_ini_rec);
87+
88+
//* If there are RBL's defined, format the list and add them to smtp_recipient_restrictions to prevent removeal after an update
89+
$rbl_list = '';
90+
if (@isset($server_ini_array['mail']['realtime_blackhole_list']) && $server_ini_array['mail']['realtime_blackhole_list'] != '') {
91+
$rbl_hosts = explode(",", str_replace(" ", "", $server_ini_array['mail']['realtime_blackhole_list']));
92+
foreach ($rbl_hosts as $key => $value) {
93+
$rbl_list .= ", reject_rbl_client ". $value;
94+
}
95+
}
96+
unset($rbl_hosts);
97+
98+
//* If Postgrey is installed, configure it
99+
$greylisting = '';
100+
if($conf['postgrey']['installed'] == true) {
101+
$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
102+
}
103+
104+
$reject_sender_login_mismatch = '';
105+
if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
106+
$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
107+
}
108+
unset($server_ini_array);
109+
84110
$postconf_placeholders = array('{config_dir}' => $config_dir,
85111
'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
86112
'{vmail_userid}' => $cf['vmail_userid'],
87113
'{vmail_groupid}' => $cf['vmail_groupid'],
88-
'{rbl_list}' => $rbl_list);
114+
'{rbl_list}' => $rbl_list,
115+
'{greylisting}' => $greylisting,
116+
'{reject_slm}' => $reject_sender_login_mismatch,
117+
);
89118

90119
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/gentoo_postfix.conf.master', 'tpl/gentoo_postfix.conf.master');
91120
$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);

install/dist/lib/opensuse.lib.php

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,9 @@ function configure_postfix($options = '')
159159
//* mysql-virtual_sender.cf
160160
$this->process_postfix_config('mysql-virtual_sender.cf');
161161

162+
//* mysql-virtual_sender_login_maps.cf
163+
$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
164+
162165
//* mysql-virtual_client.cf
163166
$this->process_postfix_config('mysql-virtual_client.cf');
164167

@@ -225,23 +228,28 @@ function configure_postfix($options = '')
225228
}
226229
}
227230
unset($rbl_hosts);
228-
unset($server_ini_array);
229231

230232
//* If Postgrey is installed, configure it
231233
$greylisting = '';
232234
if($conf['postgrey']['installed'] == true) {
233-
$greylisting = 'check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
235+
$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
234236
}
235237

236-
//* These postconf commands will be executed on installation and update
238+
$reject_sender_login_mismatch = '';
239+
if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
240+
$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
241+
}
242+
unset($server_ini_array);
243+
237244
$postconf_placeholders = array('{config_dir}' => $config_dir,
238245
'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
239246
'{vmail_userid}' => $cf['vmail_userid'],
240247
'{vmail_groupid}' => $cf['vmail_groupid'],
241248
'{rbl_list}' => $rbl_list,
242249
'{greylisting}' => $greylisting,
250+
'{reject_slm}' => $reject_sender_login_mismatch,
243251
);
244-
252+
245253
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
246254
$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
247255
$postconf_commands = array_filter(explode("\n", $postconf_tpl)); // read and remove empty lines

install/lib/installer_base.lib.php

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -692,6 +692,9 @@ public function configure_postfix($options = '') {
692692
//* mysql-virtual_sender.cf
693693
$this->process_postfix_config('mysql-virtual_sender.cf');
694694

695+
//* mysql-virtual_sender_login_maps.cf
696+
$this->process_postfix_config('mysql-virtual_sender_login_maps.cf');
697+
695698
//* mysql-virtual_client.cf
696699
$this->process_postfix_config('mysql-virtual_client.cf');
697700

@@ -743,20 +746,26 @@ public function configure_postfix($options = '') {
743746
}
744747
}
745748
unset($rbl_hosts);
746-
unset($server_ini_array);
747749

748750
//* If Postgrey is installed, configure it
749751
$greylisting = '';
750752
if($conf['postgrey']['installed'] == true) {
751-
$greylisting = 'check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
753+
$greylisting = ', check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
752754
}
753755

756+
$reject_sender_login_mismatch = '';
757+
if(isset($server_ini_array['mail']['reject_sender_login_mismatch']) && ($server_ini_array['mail']['reject_sender_login_mismatch'] == 'y')) {
758+
$reject_sender_login_mismatch = ', reject_authenticated_sender_login_mismatch';
759+
}
760+
unset($server_ini_array);
761+
754762
$postconf_placeholders = array('{config_dir}' => $config_dir,
755763
'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
756764
'{vmail_userid}' => $cf['vmail_userid'],
757765
'{vmail_groupid}' => $cf['vmail_groupid'],
758766
'{rbl_list}' => $rbl_list,
759767
'{greylisting}' => $greylisting,
768+
'{reject_slm}' => $reject_sender_login_mismatch,
760769
);
761770

762771
$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');

install/tpl/debian6_dovecot-sql.conf.master

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@ driver = mysql
1313
connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password}
1414
default_pass_scheme = CRYPT
1515

16-
password_query = SELECT password FROM mail_user WHERE (login = '%u' OR email = '%u') AND disable%Ls = 'n' AND server_id = '{server_id}'
16+
# password-query with prefetch
17+
password_query = SELECT email as user, password, maildir as userdb_home, CONCAT('maildir:', maildir, '/Maildir') as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
1718
user_query = SELECT email as user, maildir as home, CONCAT('maildir:', maildir, '/Maildir') as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
1819

1920
# The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.

install/tpl/debian6_dovecot2.conf.master

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ passdb {
1212
args = /etc/dovecot/dovecot-sql.conf
1313
driver = sql
1414
}
15+
userdb {
16+
driver = prefetch
17+
}
1518
userdb {
1619
args = /etc/dovecot/dovecot-sql.conf
1720
driver = sql

install/tpl/debian_dovecot-sql.conf.master

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -120,8 +120,9 @@ driver = mysql
120120
connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password}
121121
default_pass_scheme = CRYPT
122122

123-
password_query = SELECT password FROM mail_user WHERE (login = '%u' OR email = '%u') AND disable%Ls = 'n' AND server_id = '{server_id}'
124-
user_query = SELECT email as user, maildir as home, CONCAT('maildir:', maildir, '/Maildir') as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND disable%Ls = 'n' AND server_id = '{server_id}'
123+
# password-query with prefetch
124+
password_query = SELECT email as user, password, maildir as userdb_home, CONCAT('maildir:', maildir, '/Maildir') as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
125+
user_query = SELECT email as user, maildir as home, CONCAT('maildir:', maildir, '/Maildir') as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}'
125126

126127
# The iterate_query is required for the doveadm command only and works only on dovecot 2 servers.
127128
# Do not enable it on Dovecot 1.x servers

install/tpl/debian_dovecot.conf.master

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1006,8 +1006,8 @@ auth default {
10061006
# This can be made to work with SQL and LDAP databases, see their example
10071007
# configuration files for more information how to do it.
10081008
# <doc/wiki/UserDatabase.Prefetch.txt>
1009-
#userdb prefetch {
1010-
#}
1009+
userdb prefetch {
1010+
}
10111011

10121012
# User to use for the process. This user needs access to only user and
10131013
# password databases, nothing else. Only shadow and pam authentication

install/tpl/debian_dovecot2.conf.master

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ passdb {
1313
args = /etc/dovecot/dovecot-sql.conf
1414
driver = sql
1515
}
16+
userdb {
17+
driver = prefetch
18+
}
1619
userdb {
1720
args = /etc/dovecot/dovecot-sql.conf
1821
driver = sql

install/tpl/debian_postfix.conf.master

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,9 @@ smtpd_tls_key_file = {config_dir}/smtpd.key
2222
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:{config_dir}/mysql-virtual_transports.cf
2323
relay_domains = mysql:{config_dir}/mysql-virtual_relaydomains.cf
2424
relay_recipient_maps = mysql:{config_dir}/mysql-virtual_relayrecipientmaps.cf
25-
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
26-
smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
25+
smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
26+
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
27+
smtpd_sender_restrictions = check_sender_access mysql:{config_dir}/mysql-virtual_sender.cf regexp:{config_dir}/tag_as_originating.re{reject_slm}, permit_mynetworks, check_sender_access regexp:{config_dir}/tag_as_foreign.re
2728
smtpd_client_restrictions = check_client_access mysql:{config_dir}/mysql-virtual_client.cf
2829
smtpd_client_message_rate_limit = 100
2930
maildrop_destination_concurrency_limit = 1

0 commit comments

Comments
 (0)