diff options
Diffstat (limited to 'config/mailscanner')
-rw-r--r-- | config/mailscanner/mailscanner.inc | 147 | ||||
-rw-r--r-- | config/mailscanner/mailscanner_antivirus.xml | 4 | ||||
-rw-r--r-- | config/mailscanner/mailscanner_sync.xml | 39 |
3 files changed, 132 insertions, 58 deletions
diff --git a/config/mailscanner/mailscanner.inc b/config/mailscanner/mailscanner.inc index 3ff4cd40..1ba0a4ca 100644 --- a/config/mailscanner/mailscanner.inc +++ b/config/mailscanner/mailscanner.inc @@ -2,16 +2,16 @@ /* postfix.inc part of the Postfix package for pfSense - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright + 2. Redistributions in binary form MUST reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -32,6 +32,12 @@ require_once("util.inc"); require("globals.inc"); #require("guiconfig.inc"); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('MAILSCANNER_LOCALBASE', '/usr/pbi/mailscanner-' . php_uname("m")); +else + define('MAILSCANNER_LOCALBASE','/usr/local'); + $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); @@ -40,7 +46,7 @@ function ms_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } -function sync_package_mailscanner() { +function sync_package_mailscanner($via_rpc=false) { global $config; # detect boot process @@ -51,7 +57,7 @@ function sync_package_mailscanner() { $boot_process="on"; } exec('/bin/pgrep -f MailScanner',$pgrep_out); - if (count($pgrep_out) > 0 && isset($boot_process)) + if (count($pgrep_out) > 0 && isset($boot_process) && $via_rpc==false) return; #check default config @@ -254,7 +260,7 @@ function sync_package_mailscanner() { Language Strings = %report-dir%/languages.conf */ #check files - $mailscanner_dir="/usr/local/etc/MailScanner"; + $mailscanner_dir=MAILSCANNER_LOCALBASE ."/etc/MailScanner"; if($attachments['filename_rules'] == ""){ $config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($mailscanner_dir.'/archives.filename.rules.conf.sample')); @@ -303,7 +309,7 @@ Language Strings = %report-dir%/languages.conf $load_samples++; } - $report_dir="/usr/local/share/MailScanner/reports/".strtolower($report['language']); + $report_dir=MAILSCANNER_LOCALBASE."/share/MailScanner/reports/".strtolower($report['language']); #CHECK REPORT FILES $report_files= array('deletedbadcontent' => 'deleted.content.message.txt', 'deletedbadfilename' => 'deleted.filename.message.txt', @@ -383,12 +389,13 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf chown ("/var/spool/MailScanner/{$msc_dir}",'postfix'); } } - chown ('/var/spool/postfix','postfix'); + if (is_dir('/var/spool/postfix')) + chown ('/var/spool/postfix','postfix'); $mlang=strtolower($report['language']); - $mfiles[]="/usr/local/etc/MailScanner/virus.scanners.conf"; - $mfiles[]="/usr/local/share/MailScanner/reports/{$mlang}/inline.spam.warning.txt"; - $mfiles[]="/usr/local/share/MailScanner/reports/{$mlang}/languages.conf"; + $mfiles[]= MAILSCANNER_LOCALBASE. "/etc/MailScanner/virus.scanners.conf"; + $mfiles[]= MAILSCANNER_LOCALBASE. "/share/MailScanner/reports/{$mlang}/inline.spam.warning.txt"; + $mfiles[]= MAILSCANNER_LOCALBASE. "/share/MailScanner/reports/{$mlang}/languages.conf"; foreach ($mfiles as $mfile) if (! file_exists ($mfile) && file_exists($mfile.".sample")) @@ -511,7 +518,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX); #check virus_scanner options - $libexec_dir="/usr/local/libexec/MailScanner/"; + $libexec_dir=MAILSCANNER_LOCALBASE. "/libexec/MailScanner/"; if ($virus_scanning == "yes"){ if ($antivirus['virus_scanner'] =="none"){ unlink_if_exists($libexec_dir.'clamav-autoupdate'); @@ -543,7 +550,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf chmod ($libexec_dir.'clamav-autoupdate',0755); if (!file_exists('/var/db/clamav/main.cvd')){ log_error('No clamav database found, running freshclam in background.'); - mwexec_bg('/usr/local/bin/freshclam'); + mwexec_bg(MAILSCANNER_LOCALBASE. '/bin/freshclam'); } #clamav-wrapper file @@ -557,7 +564,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } #freshclam conf file - $cconf="/usr/local/etc/freshclam.conf"; + $cconf=MAILSCANNER_LOCALBASE. "/etc/freshclam.conf"; if (file_exists($conf)){ $cconf_file=file_get_contents($cconf); if (preg_match('/DatabaseOwner clamav/',$cconf_file)){ @@ -567,7 +574,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } #clamd conf file - $cconf="/usr/local/etc/clamd.conf"; + $cconf=MAILSCANNER_LOCALBASE. "/etc/clamd.conf"; if (file_exists($conf)){ $cconf_file=file_get_contents($cconf); if (preg_match('/User clamav/',$cconf_file)){ @@ -576,7 +583,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } } #clamd script file - $script='/usr/local/etc/rc.d/clamav-clamd'; + $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/clamav-clamd'; if (file_exists($script)){ $script_file=file($script); foreach ($script_file as $script_line){ @@ -590,7 +597,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } } file_put_contents($script, $new_clamav_startup, LOCK_EX); - + mwexec("/usr/sbin/pw user show postfix || /usr/sbin/pw user add -n postfix -s /usr/sbin/nologin"); chmod ($script,0755); if($config['installedpackages']['mailscanner']['config'][0]['enable']){ if (is_process_running('clamd')){ @@ -617,7 +624,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } #check dcc config file - $script='/usr/local/dcc/dcc_conf'; + $script=MAILSCANNER_LOCALBASE. '/dcc/dcc_conf'; if (file_exists($script)){ $script_file=file_get_contents($script); if (preg_match('/DCCIFD_ENABLE=off/',$script_file)){ @@ -627,7 +634,7 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } #check dcc startup script - $script='/usr/local/etc/rc.d/dccifd'; + $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/dccifd'; if (file_exists($script)){ $script_file=file_get_contents($script); if (preg_match('/NO/',$script_file)){ @@ -654,13 +661,13 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf } } - $script='/usr/local/etc/rc.d/mailscanner'; + $script=MAILSCANNER_LOCALBASE. '/etc/rc.d/mailscanner'; #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/mailscanner - $cconf="/usr/local/sbin/mailscanner"; + $cconf=MAILSCANNER_LOCALBASE. "/sbin/mailscanner"; if (file_exists($cconf)){ #check perl's version - exec('find /usr/local/lib/perl5/site_perl -name Df.pm',$find_out); + exec('find '.MAILSCANNER_LOCALBASE. '/lib/perl5/site_perl -name Df.pm',$find_out); $perl_bin="perl"; foreach($find_out as $perl_dir){ if (preg_match ('@usr/local/lib/perl5/site_perl/([.0-9]+)/mach/Filesys/Df.pm@',$perl_dir,$perl_match)) @@ -670,12 +677,12 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf $cconf_file=file_get_contents($cconf); $pattern2[0]='@#!/usr.*bin/perl.*I@'; $pattern2[1]='/\smy .current = config MIME::ToolUtils/'; - $replacement2[0]='#!/usr/local/bin/'.$perl_bin.' -U -I'; + $replacement2[0]='#!'.MAILSCANNER_LOCALBASE. "/bin/{$perl_bin} -U -I"; $replacement2[1]=' #my $current = config MIME::ToolUtils'; if (preg_match('@#!/usr.*bin/perl.*I@',$cconf_file)){ $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); - } + } } if (file_exists($script)){ $script_file=file_get_contents($script); @@ -710,22 +717,56 @@ Country Sub-Domains List = %etc-dir%/country.domains.conf if (isset($boot_process)) return; - $synconchanges = $config['installedpackages']['mailscannersync']['config'][0]['synconchanges']; - if(!$synconchanges && !$syncondbchanges) - return; - - log_error("[MailScanner] mailscanner_xmlrpc_sync.php is starting."); - foreach ($config['installedpackages']['mailscannersync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - $sync_type = $sh['sync_type']; - if($password && $sync_to_ip) - mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); + /* Uses XMLRPC to synchronize the changes to a remote node */ + if (is_array($config['installedpackages']['mailscannersync'])){ + $mailscanner_sync=$config['installedpackages']['mailscannersync']['config'][0]; + $synctimeout = $mailscanner_sync['synctimeout']; + $synconchanges = $mailscanner_sync['synconchanges']; + switch ($synconchanges){ + case "manual": + if (is_array($mailscanner_sync[row])){ + $rs=$mailscanner_sync[row]; + } + else{ + log_error("[Mailscanner] xmlrpc sync is enabled but there is no hosts to push mailscanner config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress']=$system_carp['synchronizetoip']; + $rs[0]['username']=$system_carp['username']; + $rs[0]['password']=$system_carp['password']; + $rs[0]['enabless']=true; + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[Mailscanner] xmlrpc sync is enabled but there is no system backup hosts to push mailscanner config."); + return; + } + } + else{ + log_error("[Mailscanner] xmlrpc sync is enabled but there is no system backup hosts to push mailscanner config."); + return; + } + break; + default: + return; + break; } - } - log_error("[postfix] postfix_xmlrpc_sync.php is ending."); - + if (is_array($rs)){ + log_error("[Mailscanner] xmlrpc sync is starting."); + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + if($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if($sh['password'] && $sh['ipaddress'] && $sh['enabless']) + mailscanner_do_xmlrpc_sync($sh['ipaddress'], $username, $sh['password'],$sh['sync_type'],$synctimeout); + } + log_error("[Mailscanner] xmlrpc sync is ending."); + } + } } function mailscanner_validate_input($post, &$input_errors) { @@ -751,23 +792,29 @@ function mailscanner_php_install_command() { function mailscanner_php_deinstall_command() { exec('/bin/pgrep -f MailScanner',$pgrep_out); if (count($pgreg_out) > 0){ - mwexec("/usr/local/etc/rc.d/mailscanner stop"); + mwexec(MAILSCANNER_LOCALBASE. "/etc/rc.d/mailscanner stop"); sleep(1); conf_mount_rw(); - unlink_if_exists("/usr/local/etc/rc.d/mailscanner"); + unlink_if_exists(MAILSCANNER_LOCALBASE. "/etc/rc.d/mailscanner"); conf_mount_ro(); } } -function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { +function mailscanner_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) { global $config, $g; + if(!$username) + $username="admin"; + if(!$password) return; if(!$sync_to_ip) return; + if(!$synctimeout) + $synctimeout=120; + $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; @@ -808,18 +855,18 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); if($g['debug']) $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); + /* send our XMLRPC message and timeout after $synctimeout seconds */ + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting mailscanner XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "Mailscanner Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting mailscanner XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "mailscanner Settings Sync", ""); @@ -830,7 +877,7 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/mailscanner.inc');\n"; - $execcmd .= "sync_package_mailscanner();"; + $execcmd .= "sync_package_mailscanner(true);"; /* assemble xmlrpc payload */ $params = array( @@ -841,15 +888,15 @@ function mailscanner_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { log_error("mailscanner XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting mailscanner XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "mailscanner Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting mailscanner XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "mailscanner Settings Sync", ""); diff --git a/config/mailscanner/mailscanner_antivirus.xml b/config/mailscanner/mailscanner_antivirus.xml index a6b94c0b..4a3bfe6c 100644 --- a/config/mailscanner/mailscanner_antivirus.xml +++ b/config/mailscanner/mailscanner_antivirus.xml @@ -100,9 +100,9 @@ <option><name>Virus Scanning (yes)</name><value>VirusScanning</value></option> <option><name>Deliver Disinfected Files (no)</name><value>DeliverDisinfectedFiles</value></option> <option><name>Still Deliver Silent Viruses (no)</name><value>StillDeliverSilentViruses</value></option> - <option><name>Block Encrypted Messages (no)</name><value>BlockEncryptedMessagese</value></option> + <option><name>Block Encrypted Messages (no)</name><value>BlockEncryptedMessages</value></option> <option><name>Block Unencrypted Messages (no)</name><value>BlockUnencryptedMessages</value></option> - <option><name>Allow Password-Protected Archives (no)</name><value>AllowPassword-ProtectedArchive</value></option> + <option><name>Allow Password-Protected Archives (no)</name><value>AllowPassword-ProtectedArchives</value></option> <option><name>Check Filenames In Password-Protected Archives (yes)</name><value>CheckFilenamesInPassword-ProtectedArchives</value></option> </options> <size>08</size> diff --git a/config/mailscanner/mailscanner_sync.xml b/config/mailscanner/mailscanner_sync.xml index da31e853..46f7dbfe 100644 --- a/config/mailscanner/mailscanner_sync.xml +++ b/config/mailscanner/mailscanner_sync.xml @@ -9,7 +9,7 @@ /* postfix_sync.xml part of the Postfix package for pfSense - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -17,10 +17,10 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright + 2. Redistributions in binary form MUST reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -90,10 +90,32 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync mailscanner configuration changes</fielddescr> + <fielddescr>Sync method</fielddescr> <fieldname>synconchanges</fieldname> - <description>pfSense will automatically sync changes to the hosts defined below.</description> - <type>checkbox</type> + <description>Automatically sync postfix mailscanner changes.</description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>Sync timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>Select sync max wait time</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> </field> <field> <fielddescr>Remote Server</fielddescr> @@ -101,6 +123,11 @@ <type>rowhelper</type> <rowhelper> <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>enabless</fieldname> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> <fielddescr>IP Address</fielddescr> <fieldname>ipaddress</fieldname> <description>IP Address of remote server</description> |