Merge branch 'whitelist_sender_before_rslm' into 'develop'

unlisted sender improvements

Closes #6018

See merge request ispconfig/ispconfig3!1390

Author: Marius Burkard

install/lib/installer_base.lib.php

@@ -1796,11 +1796,18 @@ public function configure_rspamd() {
 				$new_options[] = $value;
 			}
 			if ($mail_config['reject_sender_login_mismatch'] == 'y') {
-				array_splice($new_options, 0, 0, array('reject_authenticated_sender_login_mismatch'));
-
+				// insert before permit_mynetworks
 				for ($i = 0; isset($new_options[$i]); $i++) {
 					if ($new_options[$i] == 'permit_mynetworks') {
-						array_splice($new_options, $i+1, 0, array('reject_sender_login_mismatch'));
+						array_splice($new_options, $i, 0, array('reject_authenticated_sender_login_mismatch'));
+						break;
+					}
+				}
+
+				// insert before permit_sasl_authenticated
+				for ($i = 0; isset($new_options[$i]); $i++) {
+					if ($new_options[$i] == 'permit_sasl_authenticated') {
+						array_splice($new_options, $i, 0, array('reject_sender_login_mismatch'));
 						break;
 					}
 				}

install/sql/incremental/upd_dev_collection.sql

@@ -1 +1,9 @@
-ALTER TABLE `remote_user` MODIFY `remote_password` VARCHAR(200) NOT NULL DEFAULT '';
+ALTER TABLE `remote_user` MODIFY `remote_password` VARCHAR(200) NOT NULL DEFAULT '';
+
+ALTER TABLE `client` ADD COLUMN `limit_mail_wblist` INT(11) NOT NULL DEFAULT '0' AFTER `limit_mailrouting`;
+ALTER TABLE `client_template` ADD COLUMN `limit_mail_wblist` INT(11) NOT NULL DEFAULT '0' AFTER `limit_mailrouting`;
+
+ALTER TABLE mail_access DROP CONSTRAINT `server_id`;
+SET SESSION old_alter_table=1;
+ALTER IGNORE TABLE mail_access ADD UNIQUE KEY `unique_source` (`server_id`,`source`,`type`);
+SET SESSION old_alter_table=0;

install/sql/ispconfig3.sql

@@ -178,6 +178,7 @@ CREATE TABLE `client` (
   `limit_mailforward` int(11) NOT NULL DEFAULT '-1',
   `limit_mailcatchall` int(11) NOT NULL DEFAULT '-1',
   `limit_mailrouting` int(11) NOT NULL DEFAULT '0',
+  `limit_mail_wblist` int(11) NOT NULL DEFAULT '0',
   `limit_mailfilter` int(11) NOT NULL DEFAULT '-1',
   `limit_fetchmail` int(11) NOT NULL DEFAULT '-1',
   `limit_mailquota` int(11) NOT NULL DEFAULT '-1',
@@ -309,6 +310,7 @@ CREATE TABLE `client_template` (
   `limit_mailforward` int(11) NOT NULL default '-1',
   `limit_mailcatchall` int(11) NOT NULL default '-1',
   `limit_mailrouting` int(11) NOT NULL default '0',
+  `limit_mail_wblist` int(11) NOT NULL default '0',
   `limit_mailfilter` int(11) NOT NULL default '-1',
   `limit_fetchmail` int(11) NOT NULL default '-1',
   `limit_mailquota` int(11) NOT NULL default '-1',
@@ -820,7 +822,7 @@ CREATE TABLE `mail_access` (
   `type` set('recipient','sender','client') NOT NULL DEFAULT 'recipient',
   `active` enum('n','y') NOT NULL default 'y',
   PRIMARY KEY  (`access_id`),
-  KEY `server_id` (`server_id`,`source`)
+  UNIQUE KEY `unique_source` (`server_id`,`source`,`type`)
 ) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------

install/tpl/debian_postfix.conf.master

@@ -26,9 +26,9 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_reject_unlisted_sender = yes
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
+smtpd_reject_unlisted_sender = no
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

install/tpl/fedora_postfix.conf.master

@@ -22,9 +22,9 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_reject_unlisted_sender = yes
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
+smtpd_reject_unlisted_sender = no
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

install/tpl/gentoo_postfix.conf.master

@@ -21,9 +21,9 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_reject_unlisted_sender = yes
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
+smtpd_reject_unlisted_sender = no
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

install/tpl/opensuse_postfix.conf.master

@@ -24,9 +24,9 @@ relay_recipient_maps = proxy:mysql:{config_dir}/mysql-virtual_relayrecipientmaps
 smtpd_sender_login_maps = proxy:mysql:{config_dir}/mysql-virtual_sender_login_maps.cf
 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
 smtpd_helo_required = yes
-smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
-smtpd_sender_restrictions =  {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re, check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf
-smtpd_reject_unlisted_sender = yes
+smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:{config_dir}/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:{config_dir}/blacklist_helo, {reject_unknown_helo_hostname}, permit
+smtpd_sender_restrictions = check_sender_access proxy:mysql:{config_dir}/mysql-virtual_sender.cf, {reject_aslm} check_sender_access regexp:{config_dir}/tag_as_originating.re, permit_mynetworks{reject_slm}, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:{config_dir}/tag_as_foreign.re
+smtpd_reject_unlisted_sender = no
 smtpd_client_restrictions = check_client_access proxy:mysql:{config_dir}/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated{rbl_list}, reject_unauth_pipelining {reject_unknown_client_hostname}, permit
 smtpd_etrn_restrictions = permit_mynetworks, reject
 smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit

interface/web/client/form/client.tform.php

@@ -840,6 +840,20 @@
 			'rows'  => '',
 			'cols'  => ''
 		),
+		'limit_mail_wblist' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'validators' => array (  0 => array ( 'type' => 'ISINT',
+					'errmsg'=> 'limit_mail_wblist_error_notint'),
+			),
+			'default' => '-1',
+			'value'  => '',
+			'separator' => '',
+			'width'  => '10',
+			'maxlength' => '10',
+			'rows'  => '',
+			'cols'  => ''
+		),
 		'limit_mailfilter' => array (
 			'datatype' => 'INTEGER',
 			'formtype' => 'TEXT',

interface/web/client/form/client_template.tform.php

@@ -256,6 +256,20 @@
 			'rows'  => '',
 			'cols'  => ''
 		),
+		'limit_mail_wblist' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'validators' => array (  0 => array ( 'type' => 'ISINT',
+					'errmsg'=> 'limit_mail_wblist_error_notint'),
+			),
+			'default' => '-1',
+			'value'  => '',
+			'separator' => '',
+			'width'  => '10',
+			'maxlength' => '10',
+			'rows'  => '',
+			'cols'  => ''
+		),
 		'limit_mailfilter' => array (
 			'datatype' => 'INTEGER',
 			'formtype' => 'TEXT',

interface/web/client/form/reseller.tform.php

@@ -838,6 +838,20 @@
 			'rows'  => '',
 			'cols'  => ''
 		),
+		'limit_mail_wblist' => array (
+			'datatype' => 'INTEGER',
+			'formtype' => 'TEXT',
+			'validators' => array (  0 => array ( 'type' => 'ISINT',
+					'errmsg'=> 'limit_mail_wblist_error_notint'),
+			),
+			'default' => '-1',
+			'value'  => '',
+			'separator' => '',
+			'width'  => '10',
+			'maxlength' => '10',
+			'rows'  => '',
+			'cols'  => ''
+		),
 		'limit_mailfilter' => array (
 			'datatype' => 'INTEGER',
 			'formtype' => 'TEXT',