postfix - include helo acl option

2 files changed, 49 insertions, 16 deletions

diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc
index 83fc46e2..3f465969 100644
--- a/config/postfix/postfix.inc
+++ b/config/postfix/postfix.inc
@@ -278,7 +278,7 @@ function check_cron(){
 			
 		
 }
-function sync_package_postfix() {
+function sync_package_postfix($via_rpc=false) {
 	global $config;
 	
 	# detect boot process
@@ -289,7 +289,7 @@ function sync_package_postfix() {
 			$boot_process="on";
 	}
 		
-	if(is_process_running("master") && isset($boot_process))
+	if(is_process_running("master") && isset($boot_process) && $via_rpc==false)
 		return;
 		
 	#check patch in /etc/inc/config.
@@ -360,7 +360,7 @@ function sync_package_postfix() {
 	$copyright=<<<ABOUT
 #Part of the Postfix package for pfSense
 #Copyright (C) 2010 Erik Fonnesbeck
-#Copyright (C) 2011 Marcello Coutinho
+#Copyright (C) 2011-2013 Marcello Coutinho
 #All rights reserved.
 #DO NOT EDIT THIS FILE
 
@@ -372,6 +372,11 @@ $pf_dir=POSTFIX_LOCALBASE;
 {$copyright}
 mynetworks = {$pf_dir}/etc/postfix/mynetwork_table
 mynetworks_style = host
+access_map_reject_code= 554
+access_map_defer_code = 451
+unverified_recipient_reject_code = 550
+unknown_client_reject_code = 550
+unknown_hostname_reject_code = 550
 
 EOF;
 	#Header Maps
@@ -385,6 +390,10 @@ EOF;
 		$postfix_main .= "header_size_limit = 1024000\n";
 		$header_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['header_maps']);
 		}
+	#Helo Maps
+	if ($config['installedpackages']['postfixacl']['config'][0]['helo_maps']){
+		$helo_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['helo_maps']);
+		}
 	#Sender access
 	if ($config['installedpackages']['postfixacl']['config'][0]['sender_access']){
 		$sender_access = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['sender_access']);
@@ -452,7 +461,16 @@ EOF;
 			break;
 		}	
 	}
-	$reject_unknown_helo_hostname=($antispam['reject_unknown_helo_hostname']?"reject_unknown_helo_hostname":"");
+	if ($antispam['reject_unknown_helo_hostname']){
+		$reject_unknown_helo_hostname = <<<EOF
+smtpd_helo_restrictions = check_helo_access pcre:/usr/local/etc/postfix/helo_check,
+				reject_unknown_helo_hostname,
+				reject_invalid_helo_hostname,
+				reject_non_fqdn_helo_hostname,
+				permit
+				
+EOF;
+		}
 	if ($antispam['header_check'] == "strong")
 	{
 	$postfix_main .= <<<EOF
@@ -464,7 +482,7 @@ smtpd_delay_reject = yes
 
 # Don't talk to mail systems that don't know their own hostname.
 smtpd_helo_required = yes
-smtpd_helo_restrictions ={$reject_unknown_helo_hostname}
+{$reject_unknown_helo_hostname}
 
 smtpd_sender_restrictions = reject_non_fqdn_sender,
 				reject_unknown_sender_domain,
@@ -488,11 +506,11 @@ smtpd_recipient_restrictions = permit_mynetworks,
 				check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre,
 				check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr,
 				check_sender_access hash:{$pf_dir}/etc/postfix/sender_access,
-				reject_invalid_helo_hostname,
 				reject_non_fqdn_helo_hostname,
 				reject_unknown_recipient_domain,
 				reject_non_fqdn_recipient,
 				reject_multi_recipient_bounce,
+				reject_unverified_recipient,
 				SPFSPFSPFRBLRBLRBL
 
 EOF;
@@ -505,7 +523,7 @@ smtpd_delay_reject = yes
 	
 # Don't talk to mail systems that don't know their own hostname.
 smtpd_helo_required = yes
-smtpd_helo_restrictions = {$reject_unknown_helo_hostname}
+{$reject_unknown_helo_hostname}
 
 smtpd_sender_restrictions = reject_unknown_sender_domain,
 				RBLRBLRBL							
@@ -733,10 +751,8 @@ EOF;
 	log_error("Writing rc_file");		
 	write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop));
 
-	conf_mount_ro();
-
 	sleep(1);
-	if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){
+	if (is_array($config['installedpackages']['postfix']) && $config['installedpackages']['postfix']['config'][0]['enable_postfix']){
 		log_error("Reloading/starting postfix");
 		system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh');
 		mwexec_bg(POSTFIX_LOCALBASE."/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start");
@@ -747,6 +763,8 @@ EOF;
 		mwexec("/usr/local/etc/rc.d/postfix.sh stop");
 		system('/bin/chmod -x /usr/local/etc/rc.d/postfix.sh');
 		}
+		
+	conf_mount_ro();
 }
 
 function postfix_validate_input($post, &$input_errors) {
@@ -782,7 +800,8 @@ function postfix_php_install_command() {
 function postfix_php_deinstall_command() {
 	global $config;
 	#disable service
-	$config['installedpackages']['postfix']['config'][0]['enable_postfix']="";
+	if (is_array($config['installedpackages']['postfix']))
+		$config['installedpackages']['postfix']['config'][0]['enable_postfix']="";
 	write_config();
 	sync_package_postfix();
 	conf_mount_rw();
@@ -924,7 +943,7 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync
 		/* tell postfix to reload our settings on the destionation sync host. */
 		$method = 'pfsense.exec_php';
 		$execcmd  = "require_once('/usr/local/pkg/postfix.inc');\n";
-		$execcmd .= "sync_package_postfix();";
+		$execcmd .= "sync_package_postfix(true);";
 		
 		/* assemble xmlrpc payload */
 		$params = array(
diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml
index efc72721..4eeda7a4 100644
--- a/config/postfix/postfix_acl.xml
+++ b/config/postfix/postfix_acl.xml
@@ -5,11 +5,11 @@
 	<copyright>
 	<![CDATA[
 /* $Id$ */
-/* ========================================================================== */
+/* ========================================================================== */post	
 /*
     postfix.xml
     part of the Postfix package for pfSense
-    Copyright (C) 2010 Marcello Coutinho
+    Copyright (C) 2011-2013 Marcello Coutinho
     All rights reserved.            
                                                                   */
 /* ========================================================================== */
@@ -17,10 +17,10 @@
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions are met:
 
-     1. Redistributions of source code must retain the above copyright notice,
+     1. Redistributions of source code MUST retain the above copyright notice,
         this list of conditions and the following disclaimer.
 
-     2. Redistributions in binary form must reproduce the above copyright
+     2. Redistributions in binary form MUST reproduce the above copyright
         notice, this list of conditions and the following disclaimer in the
         documentation and/or other materials provided with the distribution.
 
@@ -115,6 +115,20 @@
 			<encoding>base64</encoding>
 		</field>
 		<field>
+			<fielddescr>Helo</fielddescr>
+			<fieldname>helo_maps</fieldname>
+			<description><![CDATA[<strong>PCRE filters</strong><a href=http://www.postfix.org/pcre_table.5.html> that are applied to initial message helo info. Hint:<br>
+								/^tmpstr.*/ REJECT<br>
+								/^myserver.local/ REJECT external server with local domain info<br>
+								/^trusted_network.local/ DUNNO trusted remote misconfigured server<br>
+								See http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions for more help]]>
+			</description>
+			<type>textarea</type>
+			<cols>83</cols>
+			<rows>15</rows>
+			<encoding>base64</encoding>
+		</field>
+		<field>
 			<fielddescr>Sender</fielddescr>
 			<fieldname>sender_access</fieldname>
 			<description><![CDATA[<strong>HASH filters</strong> that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :<br>