aboutsummaryrefslogtreecommitdiffstats
path: root/config/postfix/postfix.inc
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-04-29 03:45:07 -0300
committerMarcello Coutinho <marcellocoutinho@gmail.com>2013-04-29 03:45:07 -0300
commit0116bb68003c94f143c16f3284cbaeeeaa9df993 (patch)
tree9d4b06b9dd004122f556b1266218711628bd983b /config/postfix/postfix.inc
parent856c26be57cee7edd483ba19146a6ac92083e34e (diff)
downloadpfsense-packages-0116bb68003c94f143c16f3284cbaeeeaa9df993.tar.gz
pfsense-packages-0116bb68003c94f143c16f3284cbaeeeaa9df993.tar.bz2
pfsense-packages-0116bb68003c94f143c16f3284cbaeeeaa9df993.zip
postfix - add support to pfsense 2.1 and include new sync gui
Diffstat (limited to 'config/postfix/postfix.inc')
-rw-r--r--config/postfix/postfix.inc179
1 files changed, 115 insertions, 64 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc
index e64f8cca..83fc46e2 100644
--- a/config/postfix/postfix.inc
+++ b/config/postfix/postfix.inc
@@ -3,14 +3,14 @@
postfix.inc
part of the Postfix package for pfSense
Copyright (C) 2010 Erik Fonnesbeck
- Copyright (C) 2012 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
+ 1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
@@ -34,6 +34,13 @@ require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("globals.inc");
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version > 2.0)
+ define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m"));
+else
+ define('POSTFIX_LOCALBASE','/usr/local');
+
+
$uname=posix_uname();
if ($uname['machine']=='amd64')
ini_set('memory_limit', '250M');
@@ -57,7 +64,7 @@ function sync_relay_recipients($via_cron="cron"){
if ($config['installedpackages']['postfixrecipients']['config']) {
$relay_recipients="";
$relay_ldap_recipients="";
- $ad_export="/usr/local/etc/postfix/adexport.pl";
+ $ad_export= "/usr/local/bin/adexport.pl";
$postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix'];
if (is_array($config['installedpackages']['postfixrecipients']['config'])) {
$relay_ldap_recipients="";
@@ -73,7 +80,7 @@ function sync_relay_recipients($via_cron="cron"){
#validate cront job
if ($via_cron == "gui"){
#running via pfsense gui, not time for ldap fetch.
- $ldap_recipients='/usr/local/etc/postfix/relay_ldap_recipients.txt';
+ $ldap_recipients= POSTFIX_LOCALBASE. '/etc/postfix/relay_ldap_recipients.txt';
if (!file_exists($ldap_recipients))
system('/usr/bin/touch '. $ldap_recipients);
$relay_ldap_recipients=file_get_contents($ldap_recipients);
@@ -83,7 +90,7 @@ function sync_relay_recipients($via_cron="cron"){
$ldap_temp=array();
foreach ($postfix_recipients_config['row'] as $postfix_ldap) {
print "extracting from ".$postfix_ldap['dc']."...";
- $filename="/usr/local/etc/postfix/relay_ldap_recipients.".$postfix_ldap['dc'].".txt";
+ $filename=POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.".$postfix_ldap['dc'].".txt";
exec($ad_export." ".$postfix_ldap['dc']." ".$postfix_ldap['cn']." ".$postfix_ldap['username']." ".$postfix_ldap['password'],$ldap_fetch,$status);
if ($status == 0){
#write backup conf for ldap server
@@ -115,20 +122,20 @@ function sync_relay_recipients($via_cron="cron"){
$relay_ldap_recipients.=($recipient != ""?preg_replace("/\s+/","",$recipient)." OK\n":"");
#save ldap relay recipients
- file_put_contents("/usr/local/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX);
}
}
}
#save all relay recipients, remove duplicates and reload postfix
- $recipients_file="/usr/local/etc/postfix/relay_recipients";
+ $recipients_file=POSTFIX_LOCALBASE."/etc/postfix/relay_recipients";
file_put_contents($recipients_file.".unsort",$relay_ldap_recipients."\n".$relay_recipients, LOCK_EX);
exec('/usr/bin/sort -u '.$recipients_file.'.unsort > '.$recipients_file);
unlink_if_exists($recipients_file.'.unsort');
- exec("/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients");
+ exec(POSTFIX_LOCALBASE."/sbin/postmap ".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients");
mwexec("/usr/local/sbin/postfix reload");
}
if($relay_recipients !="" || $relay_ldap_recipients!="")
- return("relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients\n");
+ return("relay_recipient_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients\n");
}
function check_cron(){
@@ -137,7 +144,7 @@ function check_cron(){
$new_cron=array();
$cron_cmd_sqlite = "";
$cron_postfix_sqlite="";
- $cron_cmd="/usr/local/bin/php -q /usr/local/www/postfix_recipients.php";
+ $cron_cmd= "/usr/local/bin/php -q /usr/local/www/postfix_recipients.php";
$postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix'];
#check ldap update
if (is_array($config['installedpackages']['postfixrecipients']['config']))
@@ -359,10 +366,11 @@ function sync_package_postfix() {
ABOUT;
+$pf_dir=POSTFIX_LOCALBASE;
$postfix_main=<<<EOF
#main.cf\
{$copyright}
-mynetworks = /usr/local/etc/postfix/mynetwork_table
+mynetworks = {$pf_dir}/etc/postfix/mynetwork_table
mynetworks_style = host
EOF;
@@ -373,7 +381,7 @@ EOF;
}
#Header Maps
if ($config['installedpackages']['postfixacl']['config'][0]['header_maps']){
- $postfix_main .= "header_checks = pcre:/usr/local/etc/postfix/header_check\n";
+ $postfix_main .= "header_checks = pcre:".POSTFIX_LOCALBASE."/etc/postfix/header_check\n";
$postfix_main .= "header_size_limit = 1024000\n";
$header_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['header_maps']);
}
@@ -383,12 +391,12 @@ EOF;
}
#MIME Maps
if ($config['installedpackages']['postfixacl']['config'][0]['mime_maps']){
- $postfix_main .= "mime_header_checks = pcre:/usr/local/etc/postfix/mime_check\n";
+ $postfix_main .= "mime_header_checks = pcre:".POSTFIX_LOCALBASE."/etc/postfix/mime_check\n";
$mime_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['mime_maps']);
}
#Body Maps
if ($config['installedpackages']['postfixacl']['config'][0]['body_maps']){
- $postfix_main .= "body_checks = pcre:/usr/local/etc/postfix/body_check\n";
+ $postfix_main .= "body_checks = pcre:".POSTFIX_LOCALBASE."/etc/postfix/body_check\n";
$body_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['body_maps']);
}
#Client CIDR
@@ -406,7 +414,7 @@ EOF;
}
$postfix_main .= px_text_area_decode($postfix_config['maincf'])."\n".
"relay_domains ={$relay_domains}\n" .
- "transport_maps = hash:/usr/local/etc/postfix/transport\n" .
+ "transport_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/transport\n" .
"local_recipient_maps =\n" .
$all_relay_recipients.
"mydestination =\n" .
@@ -467,8 +475,8 @@ smtpd_sender_restrictions = reject_non_fqdn_sender,
# Allow connections from specified local clients and strong check everybody else.
smtpd_client_restrictions = permit_mynetworks,
reject_unauth_destination,
- check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
- check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
+ check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
+ check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
reject_unknown_client_hostname,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
@@ -477,9 +485,9 @@ smtpd_client_restrictions = permit_mynetworks,
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
- check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
- check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
- check_sender_access hash:/usr/local/etc/postfix/sender_access,
+ check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
+ check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
+ check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_recipient_domain,
@@ -505,18 +513,18 @@ smtpd_sender_restrictions = reject_unknown_sender_domain,
# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
smtpd_client_restrictions = permit_mynetworks,
reject_unauth_destination,
- check_sender_access hash:/usr/local/etc/postfix/sender_access,
- check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
- check_client_access cidr:/usr/local/etc/postfix/cal_cidr
+ check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
+ check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
+ check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr
RBLRBLRBL
# Whitelisting: local clients may specify any destination domain.
#,
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
- check_sender_access hash:/usr/local/etc/postfix/sender_access,
- check_client_access pcre:/usr/local/etc/postfix/cal_pcre,
- check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
+ check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
+ check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
+ check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
SPFSPFSPFRBLRBLRBL
EOF;
@@ -578,7 +586,7 @@ switch ($antispam['zombie_blocker'])
$postfix_main.="postscreen_greet_action = ".$antispam['zombie_blocker']."\n";
}
- $postfix_main.="postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n";
+ $postfix_main.="postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:".POSTFIX_LOCALBASE."/etc/postfix/cal_cidr\n";
$postfix_main.="postscreen_dnsbl_action= ".$antispam['zombie_blocker']."\n";
$postfix_main.="postscreen_blacklist_action= ".$antispam['zombie_blocker']."\n";
@@ -670,20 +678,20 @@ MASTEREOF2;
conf_mount_rw();
log_error("Writing out configuration");
- file_put_contents("/usr/local/etc/postfix/main.cf", $postfix_main, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/master.cf", $postfix_master, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/transport", $transport, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/sender_access", $sender_access, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/cal_cidr", $cal_cidr, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/cal_pcre", $cal_pcre, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/header_check", $header_check, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/mime_check", $mime_check, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/body_check", $body_check, LOCK_EX);
- file_put_contents("/usr/local/etc/postfix/mynetwork_table", $mynetworks, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/main.cf", $postfix_main, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/master.cf", $postfix_master, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/transport", $transport, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/sender_access", $sender_access, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/cal_cidr", $cal_cidr, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/cal_pcre", $cal_pcre, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/header_check", $header_check, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/mime_check", $mime_check, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/body_check", $body_check, LOCK_EX);
+ file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/mynetwork_table", $mynetworks, LOCK_EX);
$FILES=array("transport","sender_access");
foreach ($FILES as $file)
{
- mwexec("/usr/local/sbin/postmap /usr/local/etc/postfix/".$file);
+ mwexec(POSTFIX_LOCALBASE."/sbin/postmap ".POSTFIX_LOCALBASE."/etc/postfix/".$file);
}
#check postix dirs
@@ -710,6 +718,7 @@ MASTEREOF2;
}
function postfix_start(){
global $config;
+ $pf_dir=POSTFIX_LOCALBASE;
$start=<<<EOF
sysctl kern.ipc.nmbclusters=65536
@@ -717,10 +726,10 @@ function postfix_start(){
sysctl kern.maxfiles=131072
sysctl kern.maxfilesperproc=104856
sysctl kern.threads.max_threads_per_proc=4096
- /usr/local/sbin/postfix start
+ {$pf_dir}/sbin/postfix start
EOF;
- $stop = "/usr/local/sbin/postfix stop\n";
+ $stop = POSTFIX_LOCALBASE."/sbin/postfix stop\n";
log_error("Writing rc_file");
write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop));
@@ -730,7 +739,7 @@ EOF;
if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){
log_error("Reloading/starting postfix");
system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh');
- mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start");
+ mwexec_bg(POSTFIX_LOCALBASE."/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start");
log_error("Postfix setup completed");
}
else{
@@ -783,33 +792,75 @@ function postfix_php_deinstall_command() {
/* Uses XMLRPC to synchronize the changes to a remote node */
function postfix_sync_on_changes() {
- global $config, $g;
- $synconchanges = $config['installedpackages']['postfixsync']['config'][0]['synconchanges'];
- $syncondbchanges= $config['installedpackages']['postfixsync']['config'][0]['rsync'];
- if(!$synconchanges && !$syncondbchanges)
- return;
- log_error("[postfix] postfix_xmlrpc_sync.php is starting.");
- foreach ($config['installedpackages']['postfixsync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- $sync_type = $sh['sync_type'];
- if($password && $sync_to_ip)
- postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type);
+ global $config, $g;
+ if (is_array($config['installedpackages']['postfixsync']['config'])){
+ $postfix_sync=$config['installedpackages']['postfixsync']['config'][0];
+ $synctimeout = $postfix_sync['synctimeout'];
+ $synconchanges = $postfix_sync['synconchanges'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($postfix_sync[row])){
+ $rs=$postfix_sync[row];
+ }
+ else{
+ log_error("[postfix] xmlrpc sync is enabled but there is no hosts to push postfix config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['ipaddress']=$system_carp['synchronizetoip'];
+ $rs[0]['username']=$system_carp['username'];
+ $rs[0]['password']=$system_carp['password'];
+ $rs[0]['enabless']=true;
+ $rs[0]['sync_type']="xmlrpc";
+ if (! is_ipaddr($system_carp['synchronizetoip'])){
+ log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config.");
+ return;
+ }
+ }
+ else{
+ log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
}
- }
- log_error("[postfix] postfix_xmlrpc_sync.php is ending.");
+ if (is_array($rs)){
+ log_error("[postfix] xmlrpc sync is starting.");
+ foreach($rs as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ if($sh['username'])
+ $username = $sh['username'];
+ else
+ $username = 'admin';
+ if($sh['password'] && $sh['ipaddress'] && $sh['enabless'])
+ postfix_do_xmlrpc_sync($sh['ipaddress'], $username, $sh['password'],$sh['sync_type'],$synctimeout);
+ }
+ log_error("[postfix] xmlrpc sync is ending.");
+ }
+ }
}
+
/* Do the actual XMLRPC sync */
-function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
+function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) {
global $config, $g;
+ if(!$username)
+ $username="admin";
+
if(!$password)
return;
if(!$sync_to_ip)
return;
+
+ if(!$synctimeout)
+ $synctimeout=120;
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
@@ -851,18 +902,18 @@ function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
if($g['debug'])
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
+ /* send our XMLRPC message and timeout after $sync_timeout seconds */
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "Postfix Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "Postfix Settings Sync", "");
@@ -884,15 +935,15 @@ function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
log_error("postfix XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "postfix Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "postfix Settings Sync", "");