aboutsummaryrefslogtreecommitdiffstats
path: root/config/postfix
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2011-09-14 15:41:36 -0300
committermarcelloc <marcellocoutinho@gmail.com>2011-09-14 15:41:36 -0300
commitc8de1625e3014dd62eb12e72472e18112242b78e (patch)
tree2a5d96fe21be811a196f608ba25fe6229ab3c037 /config/postfix
parent861c0705a95948dc87c053f1bbbaae083614e601 (diff)
downloadpfsense-packages-c8de1625e3014dd62eb12e72472e18112242b78e.tar.gz
pfsense-packages-c8de1625e3014dd62eb12e72472e18112242b78e.tar.bz2
pfsense-packages-c8de1625e3014dd62eb12e72472e18112242b78e.zip
Postfix - Include native SPF extra options
Include sysctl sets on startup script Remove some old code from postfix.inc
Diffstat (limited to 'config/postfix')
-rw-r--r--config/postfix/postfix.inc74
-rw-r--r--config/postfix/postfix_antispam.xml12
-rw-r--r--config/postfix/postfix_view_config.php2
3 files changed, 36 insertions, 52 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc
index 7ba67e56..e8152be7 100644
--- a/config/postfix/postfix.inc
+++ b/config/postfix/postfix.inc
@@ -3,6 +3,8 @@
postfix.inc
part of the Postfix package for pfSense
Copyright (C) 2010 Erik Fonnesbeck
+ Copyright (C) 2011 Marcello Coutinho
+
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -198,46 +200,7 @@ function sync_package_postfix() {
#restart syslog daemon
system_syslogd_start();
}
-
- /*
- #insert new syslog definition
- if (preg_match("/.*mail.crit.(.*)/",$line,$matches)){
- if ($postfix_config['log_to'] == "/var/log/system.log"){
- system("/usr/bin/touch /var/log/maillog");
- $new_sys_log .= $postfix_log.$matches[1]."\n".$line;
- }
- else
- {$new_sys_log .= $postfix_log.$postfix_log_sufix."\n".$line;}
- }
- else{
- #remove previous syslog definition
- $new_sys_log .= (preg_match("/mail.(info|debug|log)/",$line)?"":$line);
- }
- }
- file_put_contents($sys_log_file,$new_sys_log, LOCK_EX);
-
- }
-
- #update /var/etc/syslog.conf
- $sys_log_file="/var/etc/syslog.conf";
- $sys_log = file($sys_log_file);
- $postfix_log .= $postfix_log_sufix;
- $new_sys_log="";
- foreach ($sys_log as $line)
- $new_sys_log.=(preg_match("/mail.(info|debug|log)/",$line)?$postfix_log."\n":$line);
- #include if conf does not exist in crontab
- $new_sys_log.=(!preg_match("/mail.(info|debug|log)/",$new_sys_log)?"\n".$postfix_log."\n\n":"");
- file_put_contents($sys_log_file,$new_sys_log, LOCK_EX);
- #check crontab changes
- $md5_new_file = trim(md5_file($sys_log_file));
- $md5_old_file = trim(file_get_contents($sys_log_file.'.md5'));
- if($md5_new_file <> $md5_old_file){
- mwexec('/usr/bin/killall -HUP syslogd');
- file_put_contents($sys_log_file.'.md5',$md5_new_file, LOCK_EX);
- }
- */
- #}
-
+
#check_debug
if($postfix_config['debug_list'] && $postfix_config['debug_list']!=""){
$check_debug ="\n#Debugging postfix\n";
@@ -388,7 +351,18 @@ smtpd_recipient_restrictions = reject_unauth_destination,
EOF;
}
#check spf option
-$spf=($antispam['postfix_spf']?"check_policy_service unix:private/spf,\n\t\t\t\t":"");
+switch($antispam['postfix_spf']){
+ case 'spf_mark_only':
+ $postfix_main.= "spf_mark_only = yes\n";
+ $spf="reject_spf_invalid_sender,\n\t\t\t\t";
+ break;
+ case 'disable':
+ $spf="";
+ break;
+ default:
+ $spf=$antispam['postfix_spf'].",\n\t\t\t\t";
+ break;
+}
$postfix_main=preg_replace("/SPFSPFSPF/",$spf,$postfix_main);
$postfix_main .= $postfix_main_antispam.$check_debug;
switch ($antispam['zombie_blocker'])
@@ -513,8 +487,6 @@ virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
-spf unix - n n - - spawn
- user=nobody argv=/usr/local/sbin/postfix-policyd-spf
MASTEREOF2;
@@ -545,7 +517,16 @@ MASTEREOF2;
}
function postfix_start(){
global $config;
- $start = "/usr/local/sbin/postfix start\n";
+ $start=<<<EOF
+
+ sysctl kern.ipc.nmbclusters=65536
+ sysctl kern.ipc.somaxconn=16384
+ sysctl kern.maxfiles=131072
+ sysctl kern.maxfilesperproc=104856
+ sysctl kern.threads.max_threads_per_proc=4096
+ /usr/local/sbin/postfix start
+
+EOF;
$stop = "/usr/local/sbin/postfix stop\n";
log_error("Writing rc_file");
write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop));
@@ -556,7 +537,7 @@ function postfix_start(){
if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){
log_error("Reloading/starting postfix");
system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh');
- mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/sbin/postfix start");
+ mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start");
log_error("Postfix setup completed");
}
else{
@@ -593,9 +574,6 @@ function postfix_validate_input($post, &$input_errors) {
}
function postfix_php_install_command() {
- #small freebsd packages for full functional ldap and spf options
- system('/usr/sbin/pkg_add -r postfix-policyd-spf');
- #system('/usr/sbin/pkg_add -r p5-perl-ldap');
sync_package_postfix();
}
diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml
index b014da03..fa518efa 100644
--- a/config/postfix/postfix_antispam.xml
+++ b/config/postfix/postfix_antispam.xml
@@ -174,7 +174,7 @@
<option><name>postscreen_pipelining_enable</name><value>postscreen_pipelining_enable</value></option>
<option><name>postscreen_greet_check</name><value>postscreen_greet_check</value></option>
</options>
- <rows>10</rows>
+ <size>06</size>
<multiple/>
</field>
<field>
@@ -202,7 +202,7 @@
</description>
<type>textarea</type>
<cols>70</cols>
- <rows>03</rows>
+ <rows>05</rows>
</field>
<field>
<fielddescr>RBL threshold</fielddescr>
@@ -220,7 +220,13 @@
<field>
<fielddescr>SPF lookup</fielddescr>
<fieldname>postfix_spf</fieldname>
- <type>checkbox</type>
+ <type>select</type>
+ <options>
+ <option><name>REJECT the mail when the sender credentials FAILS (Recomended)</name><value>reject_spf_invalid_sender</value></option>
+ <option><name>PERMIT the mail when the sender credentials SUCCEED</name><value>permit_spf_valid_sender</value></option>
+ <option><name>Just show in header that the mail failed the test</name><value>spf_mark_only</value></option>
+ <option><name>Do not check SPF records</name><value>disable</value></option>
+ </options>
<description>
<![CDATA[<a target=_new href='http://www.openspf.org/Introduction'>The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.</a>]]>
</description>
diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php
index 0f92574f..c73e9cb4 100644
--- a/config/postfix/postfix_view_config.php
+++ b/config/postfix/postfix_view_config.php
@@ -86,7 +86,7 @@ include("head.inc");
<?php
$files_array[]="/usr/local/etc/postfix/main.cf";
$files_array[]="/usr/local/etc/postfix/master.cf";
- $files_array[]="/usr/local/etc/postfix/relay_recipientes";
+ $files_array[]="/usr/local/etc/postfix/relay_recipients";
$files_array[]="/usr/local/etc/postfix/header_check";
$files_array[]="/usr/local/etc/postfix/mime_check";
$files_array[]="/usr/local/etc/postfix/body_check";