diff options
Diffstat (limited to 'config/postfix/postfix.inc')
| -rw-r--r-- | config/postfix/postfix.inc | 44 |
1 files changed, 32 insertions, 12 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 83fc46e2..b564fd47 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -278,7 +278,7 @@ function check_cron(){ } -function sync_package_postfix() { +function sync_package_postfix($via_rpc=false) { global $config; # detect boot process @@ -289,7 +289,7 @@ function sync_package_postfix() { $boot_process="on"; } - if(is_process_running("master") && isset($boot_process)) + if(is_process_running("master") && isset($boot_process) && $via_rpc==false) return; #check patch in /etc/inc/config. @@ -360,7 +360,7 @@ function sync_package_postfix() { $copyright=<<<ABOUT #Part of the Postfix package for pfSense #Copyright (C) 2010 Erik Fonnesbeck -#Copyright (C) 2011 Marcello Coutinho +#Copyright (C) 2011-2013 Marcello Coutinho #All rights reserved. #DO NOT EDIT THIS FILE @@ -372,6 +372,11 @@ $pf_dir=POSTFIX_LOCALBASE; {$copyright} mynetworks = {$pf_dir}/etc/postfix/mynetwork_table mynetworks_style = host +access_map_reject_code= 554 +access_map_defer_code = 451 +unverified_recipient_reject_code = 550 +unknown_client_reject_code = 550 +unknown_hostname_reject_code = 550 EOF; #Header Maps @@ -385,6 +390,10 @@ EOF; $postfix_main .= "header_size_limit = 1024000\n"; $header_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['header_maps']); } + #Helo Maps + if ($config['installedpackages']['postfixacl']['config'][0]['helo_maps']){ + $helo_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['helo_maps']); + } #Sender access if ($config['installedpackages']['postfixacl']['config'][0]['sender_access']){ $sender_access = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['sender_access']); @@ -452,7 +461,16 @@ EOF; break; } } - $reject_unknown_helo_hostname=($antispam['reject_unknown_helo_hostname']?"reject_unknown_helo_hostname":""); + if ($antispam['reject_unknown_helo_hostname']){ + $reject_unknown_helo_hostname = <<<EOF +smtpd_helo_restrictions = check_helo_access pcre:{$pf_dir}/etc/postfix/helo_check, + reject_unknown_helo_hostname, + reject_invalid_helo_hostname, + reject_non_fqdn_helo_hostname, + permit + +EOF; + } if ($antispam['header_check'] == "strong") { $postfix_main .= <<<EOF @@ -464,7 +482,7 @@ smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes -smtpd_helo_restrictions ={$reject_unknown_helo_hostname} +{$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, @@ -488,11 +506,11 @@ smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr, check_sender_access hash:{$pf_dir}/etc/postfix/sender_access, - reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, + reject_unverified_recipient, SPFSPFSPFRBLRBLRBL EOF; @@ -505,7 +523,7 @@ smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes -smtpd_helo_restrictions = {$reject_unknown_helo_hostname} +{$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_unknown_sender_domain, RBLRBLRBL @@ -685,6 +703,7 @@ MASTEREOF2; file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/cal_cidr", $cal_cidr, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/cal_pcre", $cal_pcre, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/header_check", $header_check, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/helo_check", $helo_check, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/mime_check", $mime_check, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/body_check", $body_check, LOCK_EX); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/mynetwork_table", $mynetworks, LOCK_EX); @@ -733,10 +752,8 @@ EOF; log_error("Writing rc_file"); write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop)); - conf_mount_ro(); - sleep(1); - if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){ + if (is_array($config['installedpackages']['postfix']) && $config['installedpackages']['postfix']['config'][0]['enable_postfix']){ log_error("Reloading/starting postfix"); system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh'); mwexec_bg(POSTFIX_LOCALBASE."/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start"); @@ -747,6 +764,8 @@ EOF; mwexec("/usr/local/etc/rc.d/postfix.sh stop"); system('/bin/chmod -x /usr/local/etc/rc.d/postfix.sh'); } + + conf_mount_ro(); } function postfix_validate_input($post, &$input_errors) { @@ -782,7 +801,8 @@ function postfix_php_install_command() { function postfix_php_deinstall_command() { global $config; #disable service - $config['installedpackages']['postfix']['config'][0]['enable_postfix']=""; + if (is_array($config['installedpackages']['postfix'])) + $config['installedpackages']['postfix']['config'][0]['enable_postfix']=""; write_config(); sync_package_postfix(); conf_mount_rw(); @@ -924,7 +944,7 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; - $execcmd .= "sync_package_postfix();"; + $execcmd .= "sync_package_postfix(true);"; /* assemble xmlrpc payload */ $params = array( |