aboutsummaryrefslogtreecommitdiffstats
path: root/config/mailscanner
diff options
context:
space:
mode:
Diffstat (limited to 'config/mailscanner')
-rw-r--r--config/mailscanner/mailscanner.inc147
-rw-r--r--config/mailscanner/mailscanner_antivirus.xml4
-rw-r--r--config/mailscanner/mailscanner_sync.xml39
3 files changed, 132 insertions, 58 deletions
diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc
index 3ff4cd40..1ba0a4ca 100644
--- a/config/mailscanner/mailscanner.inc
+++ b/config/mailscanner/mailscanner.inc
@@ -2,16 +2,16 @@
/*
postfix.inc
part of the Postfix package for pfSense
- Copyright (C) 2011 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
+ 1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
+ 2. Redistributions in binary form MUST reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
@@ -32,6 +32,12 @@ require_once("util.inc");
require("globals.inc");
#require("guiconfig.inc");
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version > 2.0)
+ define('MAILSCANNER_LOCALBASE', '/usr/pbi/mailscanner-' . php_uname("m"));
+else
+ define('MAILSCANNER_LOCALBASE','/usr/local');
+
$uname=posix_uname();
if ($uname['machine']=='amd64')
ini_set('memory_limit', '250M');
@@ -40,7 +46,7 @@ function ms_text_area_decode($text){
return preg_replace('/\r\n/', "\n",base64_decode($text));
}
-function sync_package_mailscanner() {
+function sync_package_mailscanner($via_rpc=false) {
global $config;
# detect boot process
@@ -51,7 +57,7 @@ function sync_package_mailscanner() {
$boot_process="on";
}
exec('/bin/pgrep -f MailScanner',$pgrep_out);
- if (count($pgrep_out) > 0 && isset($boot_process))
+ if (count($pgrep_out) > 0 && isset($boot_process) && $via_rpc==false)
return;
#check default config
@@ -254,7 +260,7 @@ function sync_package_mailscanner() {
Language Strings = %report-dir%/languages.conf
*/
#check files
- $mailscanner_dir="/usr/local/etc/MailScanner";
+ $mailscanner_dir=MAILSCANNER_LOCALBASE ."/etc/MailScanner";
if($attachments['filename_rules'] == ""){
$config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($mailscanner_dir.'/archives.filename.rules.conf.sample'));
@@ -303,7 +309,7 @@ Language Strings = %report-dir%/languages.conf
$load_samples++;
}
- $report_dir="/usr/local/share/MailScanner/reports/".strtolower($report['language']);
+ $report_dir=MAILSCANNER_LOCALBASE."/share/MailScanner/reports/".strtolower($report['language']);
#CHECK REPORT FILES
$report_files= array('deletedbadcontent' => 'deleted.content.message.txt',
'deletedbadfilename' => 'deleted.filename.message.txt',
@@ -383,12 +389,13 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
chown ("/var/spool/MailScanner/{$msc_dir}",'postfix');
}
}
- chown ('/var/spool/postfix','postfix');
+ if (is_dir('/var/spool/postfix'))
+ chown ('/var/spool/postfix','postfix');
$mlang=strtolower($report['language']);
- $mfiles[]="/usr/local/etc/MailScanner/virus.scanners.conf";
- $mfiles[]="/usr/local/share/MailScanner/reports/{$mlang}/inline.spam.warning.txt";
- $mfiles[]="/usr/local/share/MailScanner/reports/{$mlang}/languages.conf";
+ $mfiles[]= MAILSCANNER_LOCALBASE. "/etc/MailScanner/virus.scanners.conf";
+ $mfiles[]= MAILSCANNER_LOCALBASE. "/share/MailScanner/reports/{$mlang}/inline.spam.warning.txt";
+ $mfiles[]= MAILSCANNER_LOCALBASE. "/share/MailScanner/reports/{$mlang}/languages.conf";
foreach ($mfiles as $mfile)
if (! file_exists ($mfile) && file_exists($mfile.".sample"))
@@ -511,7 +518,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX);
#check virus_scanner options
- $libexec_dir="/usr/local/libexec/MailScanner/";
+ $libexec_dir=MAILSCANNER_LOCALBASE. "/libexec/MailScanner/";
if ($virus_scanning == "yes"){
if ($antivirus['virus_scanner'] =="none"){
unlink_if_exists($libexec_dir.'clamav-autoupdate');
@@ -543,7 +550,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
chmod ($libexec_dir.'clamav-autoupdate',0755);
if (!file_exists('/var/db/clamav/main.cvd')){
log_error('No clamav database found, running freshclam in background.');
- mwexec_bg('/usr/local/bin/freshclam');
+ mwexec_bg(MAILSCANNER_LOCALBASE. '/bin/freshclam');
}
#clamav-wrapper file
@@ -557,7 +564,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
#freshclam conf file
- $cconf="/usr/local/etc/freshclam.conf";
+ $cconf=MAILSCANNER_LOCALBASE. "/etc/freshclam.conf";
if (file_exists($conf)){
$cconf_file=file_get_contents($cconf);
if (preg_match('/DatabaseOwner clamav/',$cconf_file)){
@@ -567,7 +574,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
#clamd conf file
- $cconf="/usr/local/etc/clamd.conf";
+ $cconf=MAILSCANNER_LOCALBASE. "/etc/clamd.conf";
if (file_exists($conf)){
$cconf_file=file_get_contents($cconf);
if (preg_match('/User clamav/',$cconf_file)){
@@ -576,7 +583,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
}
#clamd script file
- $script='/usr/local/etc/rc.d/clamav-clamd';
+ $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/clamav-clamd';
if (file_exists($script)){
$script_file=file($script);
foreach ($script_file as $script_line){
@@ -590,7 +597,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
}
file_put_contents($script, $new_clamav_startup, LOCK_EX);
-
+ mwexec("/usr/sbin/pw user show postfix || /usr/sbin/pw user add -n postfix -s /usr/sbin/nologin");
chmod ($script,0755);
if($config['installedpackages']['mailscanner']['config'][0]['enable']){
if (is_process_running('clamd')){
@@ -617,7 +624,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
#check dcc config file
- $script='/usr/local/dcc/dcc_conf';
+ $script=MAILSCANNER_LOCALBASE. '/dcc/dcc_conf';
if (file_exists($script)){
$script_file=file_get_contents($script);
if (preg_match('/DCCIFD_ENABLE=off/',$script_file)){
@@ -627,7 +634,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
#check dcc startup script
- $script='/usr/local/etc/rc.d/dccifd';
+ $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/dccifd';
if (file_exists($script)){
$script_file=file_get_contents($script);
if (preg_match('/NO/',$script_file)){
@@ -654,13 +661,13 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
}
}
- $script='/usr/local/etc/rc.d/mailscanner';
+ $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/mailscanner';
#fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/mailscanner
- $cconf="/usr/local/sbin/mailscanner";
+ $cconf=MAILSCANNER_LOCALBASE. "/sbin/mailscanner";
if (file_exists($cconf)){
#check perl's version
- exec('find /usr/local/lib/perl5/site_perl -name Df.pm',$find_out);
+ exec('find '.MAILSCANNER_LOCALBASE. '/lib/perl5/site_perl -name Df.pm',$find_out);
$perl_bin="perl";
foreach($find_out as $perl_dir){
if (preg_match ('@usr/local/lib/perl5/site_perl/([.0-9]+)/mach/Filesys/Df.pm@',$perl_dir,$perl_match))
@@ -670,12 +677,12 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
$cconf_file=file_get_contents($cconf);
$pattern2[0]='@#!/usr.*bin/perl.*I@';
$pattern2[1]='/\smy .current = config MIME::ToolUtils/';
- $replacement2[0]='#!/usr/local/bin/'.$perl_bin.' -U -I';
+ $replacement2[0]='#!'.MAILSCANNER_LOCALBASE. "/bin/{$perl_bin} -U -I";
$replacement2[1]=' #my $current = config MIME::ToolUtils';
if (preg_match('@#!/usr.*bin/perl.*I@',$cconf_file)){
$cconf_file=preg_replace($pattern2,$replacement2,$cconf_file);
file_put_contents($cconf, $cconf_file, LOCK_EX);
- }
+ }
}
if (file_exists($script)){
$script_file=file_get_contents($script);
@@ -710,22 +717,56 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf
if (isset($boot_process))
return;
- $synconchanges = $config['installedpackages']['mailscannersync']['config'][0]['synconchanges'];
- if(!$synconchanges && !$syncondbchanges)
- return;
-
- log_error("[MailScanner] mailscanner_xmlrpc_sync.php is starting.");
- foreach ($config['installedpackages']['mailscannersync']['config'] as $rs ){
- foreach($rs['row'] as $sh){
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- $sync_type = $sh['sync_type'];
- if($password && $sync_to_ip)
- mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type);
+ /* Uses XMLRPC to synchronize the changes to a remote node */
+ if (is_array($config['installedpackages']['mailscannersync'])){
+ $mailscanner_sync=$config['installedpackages']['mailscannersync']['config'][0];
+ $synctimeout = $mailscanner_sync['synctimeout'];
+ $synconchanges = $mailscanner_sync['synconchanges'];
+ switch ($synconchanges){
+ case "manual":
+ if (is_array($mailscanner_sync[row])){
+ $rs=$mailscanner_sync[row];
+ }
+ else{
+ log_error("[Mailscanner] xmlrpc sync is enabled but there is no hosts to push mailscanner config.");
+ return;
+ }
+ break;
+ case "auto":
+ if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){
+ $system_carp=$config['installedpackages']['carpsettings']['config'][0];
+ $rs[0]['ipaddress']=$system_carp['synchronizetoip'];
+ $rs[0]['username']=$system_carp['username'];
+ $rs[0]['password']=$system_carp['password'];
+ $rs[0]['enabless']=true;
+ if (! is_ipaddr($system_carp['synchronizetoip'])){
+ log_error("[Mailscanner] xmlrpc sync is enabled but there is no system backup hosts to push mailscanner config.");
+ return;
+ }
+ }
+ else{
+ log_error("[Mailscanner] xmlrpc sync is enabled but there is no system backup hosts to push mailscanner config.");
+ return;
+ }
+ break;
+ default:
+ return;
+ break;
}
- }
- log_error("[postfix] postfix_xmlrpc_sync.php is ending.");
-
+ if (is_array($rs)){
+ log_error("[Mailscanner] xmlrpc sync is starting.");
+ foreach($rs as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ if($sh['username'])
+ $username = $sh['username'];
+ else
+ $username = 'admin';
+ if($sh['password'] && $sh['ipaddress'] && $sh['enabless'])
+ mailscanner_do_xmlrpc_sync($sh['ipaddress'], $username, $sh['password'],$sh['sync_type'],$synctimeout);
+ }
+ log_error("[Mailscanner] xmlrpc sync is ending.");
+ }
+ }
}
function mailscanner_validate_input($post, &$input_errors) {
@@ -751,23 +792,29 @@ function mailscanner_php_install_command() {
function mailscanner_php_deinstall_command() {
exec('/bin/pgrep -f MailScanner',$pgrep_out);
if (count($pgreg_out) > 0){
- mwexec("/usr/local/etc/rc.d/mailscanner stop");
+ mwexec(MAILSCANNER_LOCALBASE. "/etc/rc.d/mailscanner stop");
sleep(1);
conf_mount_rw();
- unlink_if_exists("/usr/local/etc/rc.d/mailscanner");
+ unlink_if_exists(MAILSCANNER_LOCALBASE. "/etc/rc.d/mailscanner");
conf_mount_ro();
}
}
-function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
+function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) {
global $config, $g;
+ if(!$username)
+ $username="admin";
+
if(!$password)
return;
if(!$sync_to_ip)
return;
+ if(!$synctimeout)
+ $synctimeout=120;
+
$xmlrpc_sync_neighbor = $sync_to_ip;
if($config['system']['webgui']['protocol'] != "") {
$synchronizetoip = $config['system']['webgui']['protocol'];
@@ -808,18 +855,18 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
$method = 'pfsense.merge_installedpackages_section_xmlrpc';
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
+ $cli->setCredentials($username, $password);
if($g['debug'])
$cli->setDebug(1);
- /* send our XMLRPC message and timeout after 250 seconds */
- $resp = $cli->send($msg, "250");
+ /* send our XMLRPC message and timeout after $synctimeout seconds */
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting mailscanner XMLRPC sync with {$url}:{$port}.";
log_error($error);
file_notice("sync_settings", $error, "Mailscanner Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting mailscanner XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "mailscanner Settings Sync", "");
@@ -830,7 +877,7 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
/* tell postfix to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
$execcmd = "require_once('/usr/local/pkg/mailscanner.inc');\n";
- $execcmd .= "sync_package_mailscanner();";
+ $execcmd .= "sync_package_mailscanner(true);";
/* assemble xmlrpc payload */
$params = array(
@@ -841,15 +888,15 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) {
log_error("mailscanner XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
- $cli->setCredentials('admin', $password);
- $resp = $cli->send($msg, "250");
+ $cli->setCredentials($username, $password);
+ $resp = $cli->send($msg, $synctimeout);
if(!$resp) {
$error = "A communications error occurred while attempting mailscanner XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
log_error($error);
file_notice("sync_settings", $error, "mailscanner Settings Sync", "");
} elseif($resp->faultCode()) {
$cli->setDebug(1);
- $resp = $cli->send($msg, "250");
+ $resp = $cli->send($msg, $synctimeout);
$error = "An error code was received while attempting mailscanner XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
log_error($error);
file_notice("sync_settings", $error, "mailscanner Settings Sync", "");
diff --git a/config/mailscanner/mailscanner_antivirus.xml b/config/mailscanner/mailscanner_antivirus.xml
index a6b94c0b..4a3bfe6c 100644
--- a/config/mailscanner/mailscanner_antivirus.xml
+++ b/config/mailscanner/mailscanner_antivirus.xml
@@ -100,9 +100,9 @@
<option><name>Virus Scanning (yes)</name><value>VirusScanning</value></option>
<option><name>Deliver Disinfected Files (no)</name><value>DeliverDisinfectedFiles</value></option>
<option><name>Still Deliver Silent Viruses (no)</name><value>StillDeliverSilentViruses</value></option>
- <option><name>Block Encrypted Messages (no)</name><value>BlockEncryptedMessagese</value></option>
+ <option><name>Block Encrypted Messages (no)</name><value>BlockEncryptedMessages</value></option>
<option><name>Block Unencrypted Messages (no)</name><value>BlockUnencryptedMessages</value></option>
- <option><name>Allow Password-Protected Archives (no)</name><value>AllowPassword-ProtectedArchive</value></option>
+ <option><name>Allow Password-Protected Archives (no)</name><value>AllowPassword-ProtectedArchives</value></option>
<option><name>Check Filenames In Password-Protected Archives (yes)</name><value>CheckFilenamesInPassword-ProtectedArchives</value></option>
</options>
<size>08</size>
diff --git a/config/mailscanner/mailscanner_sync.xml b/config/mailscanner/mailscanner_sync.xml
index da31e853..46f7dbfe 100644
--- a/config/mailscanner/mailscanner_sync.xml
+++ b/config/mailscanner/mailscanner_sync.xml
@@ -9,7 +9,7 @@
/*
postfix_sync.xml
part of the Postfix package for pfSense
- Copyright (C) 2011 Marcello Coutinho
+ Copyright (C) 2011-2013 Marcello Coutinho
All rights reserved.
*/
/* ========================================================================== */
@@ -17,10 +17,10 @@
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
+ 1. Redistributions of source code MUST retain the above copyright notice,
this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
+ 2. Redistributions in binary form MUST reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
@@ -90,10 +90,32 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Automatically sync mailscanner configuration changes</fielddescr>
+ <fielddescr>Sync method</fielddescr>
<fieldname>synconchanges</fieldname>
- <description>pfSense will automatically sync changes to the hosts defined below.</description>
- <type>checkbox</type>
+ <description>Automatically sync postfix mailscanner changes.</description>
+ <type>select</type>
+ <required/>
+ <default_value>auto</default_value>
+ <options>
+ <option><name>Sync to configured system backup server</name><value>auto</value></option>
+ <option><name>Sync to host(s) defined below</name><value>manual</value></option>
+ <option><name>Do not sync this package configuration</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Sync timeout</fielddescr>
+ <fieldname>synctimeout</fieldname>
+ <description>Select sync max wait time</description>
+ <type>select</type>
+ <required/>
+ <default_value>250</default_value>
+ <options>
+ <option><name>250 seconds(Default)</name><value>250</value></option>
+ <option><name>120 seconds</name><value>120</value></option>
+ <option><name>90 seconds</name><value>90</value></option>
+ <option><name>60 seconds</name><value>60</value></option>
+ <option><name>30 seconds</name><value>30</value></option>
+ </options>
</field>
<field>
<fielddescr>Remote Server</fielddescr>
@@ -101,6 +123,11 @@
<type>rowhelper</type>
<rowhelper>
<rowhelperfield>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>enabless</fieldname>
+ <type>checkbox</type>
+ </rowhelperfield>
+ <rowhelperfield>
<fielddescr>IP Address</fielddescr>
<fieldname>ipaddress</fieldname>
<description>IP Address of remote server</description>