Merge branch 'greylist_filter' into 'master'

Greylist filter for mailadresses

Postgrey must be installed in advance (can be added to install instructions?!?)
When Updating ispconfig main.cf has to be changed to!!

See merge request !162

Author: Marius Cramer

install/dist/lib/fedora.lib.php

@@ -152,6 +152,9 @@ function configure_postfix($options = '')
 		//* mysql-virtual_relayrecipientmaps.cf
 		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
 
+		//* mysql-virtual_policy_greylist.cf
+		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
+
 		//* postfix-dkim
 		$full_file_name=$config_dir.'/tag_as_originating.re';
 		if(is_file($full_file_name)) {
@@ -193,13 +196,21 @@ function configure_postfix($options = '')
 		}
 		unset($rbl_hosts);
 		unset($server_ini_array);
-
+		
+		//* If Postgrey is installed, configure it
+		$greylisting = '';
+		if($conf['postgrey']['installed'] == true) {
+			$greylisting = 'check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
+		}
+		
 		//* These postconf commands will be executed on installation and update
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
 			'{vmail_userid}' => $cf['vmail_userid'],
 			'{vmail_groupid}' => $cf['vmail_groupid'],
-			'{rbl_list}' => $rbl_list);
+			'{rbl_list}' => $rbl_list,
+			'{greylisting}' => $greylisting,
+		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/fedora_postfix.conf.master', 'tpl/fedora_postfix.conf.master');
 		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);

install/dist/lib/opensuse.lib.php

@@ -168,6 +168,9 @@ function configure_postfix($options = '')
 		//* mysql-virtual_relayrecipientmaps.cf
 		$this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
 
+		//* mysql-virtual_policy_greylist.cf
+		$this->process_postfix_config('mysql-virtual_policy_greylist.cf');
+
 		//* postfix-dkim
 		$full_file_name=$config_dir.'/tag_as_originating.re';
 		if(is_file($full_file_name)) {
@@ -224,12 +227,20 @@ function configure_postfix($options = '')
 		unset($rbl_hosts);
 		unset($server_ini_array);
 
+		//* If Postgrey is installed, configure it
+		$greylisting = '';
+		if($conf['postgrey']['installed'] == true) {
+			$greylisting = 'check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
+		}
+		
 		//* These postconf commands will be executed on installation and update
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
 			'{vmail_userid}' => $cf['vmail_userid'],
 			'{vmail_groupid}' => $cf['vmail_groupid'],
-			'{rbl_list}' => $rbl_list);
+			'{rbl_list}' => $rbl_list,
+			'{greylisting}' => $greylisting,
+		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/opensuse_postfix.conf.master', 'tpl/opensuse_postfix.conf.master');
 		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);

install/lib/installer_base.lib.php

@@ -135,6 +135,7 @@ public function find_installed_apps() {
 
 		if(is_installed('mysql') || is_installed('mysqld')) $conf['mysql']['installed'] = true;
 		if(is_installed('postfix')) $conf['postfix']['installed'] = true;
+		if(is_installed('postgrey')) $conf['postgrey']['installed'] = true;
 		if(is_installed('mailman')) $conf['mailman']['installed'] = true;
 		if(is_installed('apache') || is_installed('apache2') || is_installed('httpd') || is_installed('httpd2')) $conf['apache']['installed'] = true;
 		if(is_installed('getmail')) $conf['getmail']['installed'] = true;
@@ -704,6 +705,9 @@ public function configure_postfix($options = '') {
 		//* mysql-virtual_outgoing_bcc.cf
 		$this->process_postfix_config('mysql-virtual_outgoing_bcc.cf');
 
+                //* mysql-virtual_policy_greylist.cf
+                $this->process_postfix_config('mysql-virtual_policy_greylist.cf');
+
 		//* postfix-dkim
 		$full_file_name=$config_dir.'/tag_as_originating.re';
 		if(is_file($full_file_name)) copy($full_file_name, $full_file_name.'~');
@@ -742,11 +746,19 @@ public function configure_postfix($options = '') {
 		unset($rbl_hosts);
 		unset($server_ini_array);
 
+		//* If Postgrey is installed, configure it
+		$greylisting = '';
+		if($conf['postgrey']['installed'] == true) {
+			$greylisting = 'check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf';
+		}
+		
 		$postconf_placeholders = array('{config_dir}' => $config_dir,
 			'{vmail_mailbox_base}' => $cf['vmail_mailbox_base'],
 			'{vmail_userid}' => $cf['vmail_userid'],
 			'{vmail_groupid}' => $cf['vmail_groupid'],
-			'{rbl_list}' => $rbl_list);
+			'{rbl_list}' => $rbl_list,
+			'{greylisting}' => $greylisting,
+		);
 
 		$postconf_tpl = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/debian_postfix.conf.master', 'tpl/debian_postfix.conf.master');
 		$postconf_tpl = strtr($postconf_tpl, $postconf_placeholders);
@@ -841,7 +853,7 @@ public function configure_postfix($options = '') {
 		caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
 
 	}
-
+	
 	public function configure_saslauthd() {
 		global $conf;
 

install/sql/incremental/upd_dev_collection.sql

@@ -34,3 +34,6 @@ TXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600' WHERE `dns_template`.`template_id` = 1;
 
 ALTER TABLE `mail_backup` CHANGE `filesize` `filesize` VARCHAR(20) NOT NULL DEFAULT '';
 ALTER TABLE `web_backup` CHANGE `filesize` `filesize` VARCHAR(20) NOT NULL DEFAULT '';
+
+ALTER TABLE `mail_user` ADD `greylisting` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'n' AFTER `postfix`;
+ALTER TABLE `mail_forwarding` ADD `greylisting` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'n' AFTER `active`;

install/tpl/debian_postfix.conf.master

@@ -12,7 +12,9 @@ inet_protocols=all
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}
+smtpd_restriction_classes = greylisting
+greylisting = check_policy_service inet:127.0.0.1:10023 
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert

install/tpl/fedora_postfix.conf.master

@@ -9,7 +9,9 @@ sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}
+smtpd_restriction_classes = greylisting
+greylisting = check_policy_service inet:127.0.0.1:10023
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert

install/tpl/gentoo_postfix.conf.master

@@ -8,7 +8,9 @@ virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}
+smtpd_restriction_classes = greylisting
+greylisting = check_policy_service inet:127.0.0.1:10023
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert

install/tpl/mysql-virtual_policy_greylist.cf.master

@@ -0,0 +1,5 @@
+user = {mysql_server_ispconfig_user}
+password = {mysql_server_ispconfig_password}
+dbname = {mysql_server_database}
+query = SELECT 'greylisting' FROM (SELECT greylisting, source AS email FROM mail_forwarding WHERE server_id = {server_id} UNION SELECT greylisting, email FROM mail_user WHERE server_id = {server_id}) addresses WHERE addresses.email='%s' AND addresses.greylisting='y'
+hosts = {mysql_server_ip}

install/tpl/opensuse_postfix.conf.master

@@ -11,7 +11,9 @@ sender_bcc_maps = proxy:mysql:{config_dir}/mysql-virtual_outgoing_bcc.cf
 smtpd_sasl_auth_enable = yes
 broken_sasl_auth_clients = yes
 smtpd_sasl_authenticated_header = yes
-smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}
+smtpd_restriction_classes = greylisting
+greylisting = check_policy_service inet:127.0.0.1:10023
+smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:{config_dir}/mysql-virtual_recipient.cf{rbl_list}{greylisting}
 smtpd_use_tls = yes
 smtpd_tls_security_level = may
 smtpd_tls_cert_file = {config_dir}/smtpd.cert

interface/web/mail/form/mail_alias.tform.php

@@ -124,6 +124,12 @@
 			'default' => 'y',
 			'value'  => array(0 => 'n', 1 => 'y')
 		),
+		'greylisting' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'n',
+			'value'  => array(1 => 'y', 0 => 'n')
+		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################