diff options
Diffstat (limited to 'config/postfix')
-rwxr-xr-x[-rw-r--r--] | config/postfix/postfix.inc | 228 | ||||
-rw-r--r-- | config/postfix/postfix.php | 4 | ||||
-rw-r--r-- | config/postfix/postfix.xml | 6 | ||||
-rw-r--r-- | config/postfix/postfix_acl.xml | 22 | ||||
-rwxr-xr-x | config/postfix/postfix_queue.php | 18 | ||||
-rw-r--r-- | config/postfix/postfix_recipients.php | 6 | ||||
-rwxr-xr-x | config/postfix/postfix_search.php | 4 | ||||
-rw-r--r-- | config/postfix/postfix_sync.xml | 65 | ||||
-rw-r--r-- | config/postfix/postfix_view_config.php | 26 |
9 files changed, 255 insertions, 124 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index e64f8cca..193ec6c7 100644..100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -3,14 +3,14 @@ postfix.inc part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -34,6 +34,13 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +else + define('POSTFIX_LOCALBASE','/usr/local'); + + $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); @@ -57,7 +64,7 @@ function sync_relay_recipients($via_cron="cron"){ if ($config['installedpackages']['postfixrecipients']['config']) { $relay_recipients=""; $relay_ldap_recipients=""; - $ad_export="/usr/local/etc/postfix/adexport.pl"; + $ad_export= "/usr/local/bin/adexport.pl"; $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; if (is_array($config['installedpackages']['postfixrecipients']['config'])) { $relay_ldap_recipients=""; @@ -73,7 +80,7 @@ function sync_relay_recipients($via_cron="cron"){ #validate cront job if ($via_cron == "gui"){ #running via pfsense gui, not time for ldap fetch. - $ldap_recipients='/usr/local/etc/postfix/relay_ldap_recipients.txt'; + $ldap_recipients= POSTFIX_LOCALBASE. '/etc/postfix/relay_ldap_recipients.txt'; if (!file_exists($ldap_recipients)) system('/usr/bin/touch '. $ldap_recipients); $relay_ldap_recipients=file_get_contents($ldap_recipients); @@ -83,7 +90,7 @@ function sync_relay_recipients($via_cron="cron"){ $ldap_temp=array(); foreach ($postfix_recipients_config['row'] as $postfix_ldap) { print "extracting from ".$postfix_ldap['dc']."..."; - $filename="/usr/local/etc/postfix/relay_ldap_recipients.".$postfix_ldap['dc'].".txt"; + $filename=POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.".$postfix_ldap['dc'].".txt"; exec($ad_export." ".$postfix_ldap['dc']." ".$postfix_ldap['cn']." ".$postfix_ldap['username']." ".$postfix_ldap['password'],$ldap_fetch,$status); if ($status == 0){ #write backup conf for ldap server @@ -115,20 +122,20 @@ function sync_relay_recipients($via_cron="cron"){ $relay_ldap_recipients.=($recipient != ""?preg_replace("/\s+/","",$recipient)." OK\n":""); #save ldap relay recipients - file_put_contents("/usr/local/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX); } } } #save all relay recipients, remove duplicates and reload postfix - $recipients_file="/usr/local/etc/postfix/relay_recipients"; + $recipients_file=POSTFIX_LOCALBASE."/etc/postfix/relay_recipients"; file_put_contents($recipients_file.".unsort",$relay_ldap_recipients."\n".$relay_recipients, LOCK_EX); exec('/usr/bin/sort -u '.$recipients_file.'.unsort > '.$recipients_file); unlink_if_exists($recipients_file.'.unsort'); - exec("/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients"); + exec(POSTFIX_LOCALBASE."/sbin/postmap ".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients"); mwexec("/usr/local/sbin/postfix reload"); } if($relay_recipients !="" || $relay_ldap_recipients!="") - return("relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients\n"); + return("relay_recipient_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/relay_recipients\n"); } function check_cron(){ @@ -137,7 +144,7 @@ function check_cron(){ $new_cron=array(); $cron_cmd_sqlite = ""; $cron_postfix_sqlite=""; - $cron_cmd="/usr/local/bin/php -q /usr/local/www/postfix_recipients.php"; + $cron_cmd= "/usr/local/bin/php -q /usr/local/www/postfix_recipients.php"; $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; #check ldap update if (is_array($config['installedpackages']['postfixrecipients']['config'])) @@ -271,9 +278,10 @@ function check_cron(){ } -function sync_package_postfix() { +function sync_package_postfix($via_rpc="no") { global $config; + log_error("sync_package_postfix called with via_rpc={$via_rpc}"); # detect boot process if (is_array($_POST)){ if (preg_match("/\w+/",$_POST['__csrf_magic'])) @@ -282,7 +290,7 @@ function sync_package_postfix() { $boot_process="on"; } - if(is_process_running("master") && isset($boot_process)) + if(is_process_running("master") && isset($boot_process) && $via_rpc=="no") return; #check patch in /etc/inc/config. @@ -353,17 +361,23 @@ function sync_package_postfix() { $copyright=<<<ABOUT #Part of the Postfix package for pfSense #Copyright (C) 2010 Erik Fonnesbeck -#Copyright (C) 2011 Marcello Coutinho +#Copyright (C) 2011-2013 Marcello Coutinho #All rights reserved. #DO NOT EDIT THIS FILE ABOUT; +$pf_dir=POSTFIX_LOCALBASE; $postfix_main=<<<EOF #main.cf\ {$copyright} -mynetworks = /usr/local/etc/postfix/mynetwork_table +mynetworks = {$pf_dir}/etc/postfix/mynetwork_table mynetworks_style = host +access_map_reject_code= 554 +access_map_defer_code = 451 +unverified_recipient_reject_code = 550 +unknown_client_reject_code = 550 +unknown_hostname_reject_code = 550 EOF; #Header Maps @@ -373,22 +387,26 @@ EOF; } #Header Maps if ($config['installedpackages']['postfixacl']['config'][0]['header_maps']){ - $postfix_main .= "header_checks = pcre:/usr/local/etc/postfix/header_check\n"; + $postfix_main .= "header_checks = pcre:".POSTFIX_LOCALBASE."/etc/postfix/header_check\n"; $postfix_main .= "header_size_limit = 1024000\n"; $header_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['header_maps']); } + #Helo Maps + if ($config['installedpackages']['postfixacl']['config'][0]['helo_maps']){ + $helo_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['helo_maps']); + } #Sender access if ($config['installedpackages']['postfixacl']['config'][0]['sender_access']){ $sender_access = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['sender_access']); } #MIME Maps if ($config['installedpackages']['postfixacl']['config'][0]['mime_maps']){ - $postfix_main .= "mime_header_checks = pcre:/usr/local/etc/postfix/mime_check\n"; + $postfix_main .= "mime_header_checks = pcre:".POSTFIX_LOCALBASE."/etc/postfix/mime_check\n"; $mime_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['mime_maps']); } #Body Maps if ($config['installedpackages']['postfixacl']['config'][0]['body_maps']){ - $postfix_main .= "body_checks = pcre:/usr/local/etc/postfix/body_check\n"; + $postfix_main .= "body_checks = pcre:".POSTFIX_LOCALBASE."/etc/postfix/body_check\n"; $body_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['body_maps']); } #Client CIDR @@ -406,7 +424,7 @@ EOF; } $postfix_main .= px_text_area_decode($postfix_config['maincf'])."\n". "relay_domains ={$relay_domains}\n" . - "transport_maps = hash:/usr/local/etc/postfix/transport\n" . + "transport_maps = hash:".POSTFIX_LOCALBASE."/etc/postfix/transport\n" . "local_recipient_maps =\n" . $all_relay_recipients. "mydestination =\n" . @@ -444,7 +462,16 @@ EOF; break; } } - $reject_unknown_helo_hostname=($antispam['reject_unknown_helo_hostname']?"reject_unknown_helo_hostname":""); + if ($antispam['reject_unknown_helo_hostname']){ + $reject_unknown_helo_hostname = <<<EOF +smtpd_helo_restrictions = check_helo_access pcre:{$pf_dir}/etc/postfix/helo_check, + reject_unknown_helo_hostname, + reject_invalid_helo_hostname, + reject_non_fqdn_helo_hostname, + permit + +EOF; + } if ($antispam['header_check'] == "strong") { $postfix_main .= <<<EOF @@ -456,7 +483,7 @@ smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes -smtpd_helo_restrictions ={$reject_unknown_helo_hostname} +{$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, @@ -467,8 +494,8 @@ smtpd_sender_restrictions = reject_non_fqdn_sender, # Allow connections from specified local clients and strong check everybody else. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, - check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr, + check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, + check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, reject_multi_recipient_bounce, @@ -477,14 +504,14 @@ smtpd_client_restrictions = permit_mynetworks, smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, - check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr, - check_sender_access hash:/usr/local/etc/postfix/sender_access, - reject_invalid_helo_hostname, + check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, + check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr, + check_sender_access hash:{$pf_dir}/etc/postfix/sender_access, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, + reject_unverified_recipient, SPFSPFSPFRBLRBLRBL EOF; @@ -497,7 +524,7 @@ smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes -smtpd_helo_restrictions = {$reject_unknown_helo_hostname} +{$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_unknown_sender_domain, RBLRBLRBL @@ -505,18 +532,18 @@ smtpd_sender_restrictions = reject_unknown_sender_domain, # Allow connections from specified local clients and rbl check everybody else if rbl check are set. smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, - check_sender_access hash:/usr/local/etc/postfix/sender_access, - check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr + check_sender_access hash:{$pf_dir}/etc/postfix/sender_access, + check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, + check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr RBLRBLRBL # Whitelisting: local clients may specify any destination domain. #, smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, - check_sender_access hash:/usr/local/etc/postfix/sender_access, - check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr, + check_sender_access hash:{$pf_dir}/etc/postfix/sender_access, + check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, + check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr, SPFSPFSPFRBLRBLRBL EOF; @@ -578,7 +605,7 @@ switch ($antispam['zombie_blocker']) $postfix_main.="postscreen_greet_action = ".$antispam['zombie_blocker']."\n"; } - $postfix_main.="postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:/usr/local/etc/postfix/cal_cidr\n"; + $postfix_main.="postscreen_access_list = permit_mynetworks,\n\t\t\tcidr:".POSTFIX_LOCALBASE."/etc/postfix/cal_cidr\n"; $postfix_main.="postscreen_dnsbl_action= ".$antispam['zombie_blocker']."\n"; $postfix_main.="postscreen_blacklist_action= ".$antispam['zombie_blocker']."\n"; @@ -626,7 +653,7 @@ MASTEREOF; foreach (explode(",", $ifaces) as $i => $iface) { $real_ifaces[] = px_get_real_interface_address($iface); if($real_ifaces[$i][0]) { - $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - 1 smtpd\n\t-o user=postfix\n"; + $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - - smtpd\n"; } } @@ -670,20 +697,21 @@ MASTEREOF2; conf_mount_rw(); log_error("Writing out configuration"); - file_put_contents("/usr/local/etc/postfix/main.cf", $postfix_main, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/master.cf", $postfix_master, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/transport", $transport, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/sender_access", $sender_access, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/cal_cidr", $cal_cidr, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/cal_pcre", $cal_pcre, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/header_check", $header_check, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/mime_check", $mime_check, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/body_check", $body_check, LOCK_EX); - file_put_contents("/usr/local/etc/postfix/mynetwork_table", $mynetworks, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/main.cf", $postfix_main, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/master.cf", $postfix_master, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/transport", $transport, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/sender_access", $sender_access, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/cal_cidr", $cal_cidr, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/cal_pcre", $cal_pcre, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/header_check", $header_check, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/helo_check", $helo_check, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/mime_check", $mime_check, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/body_check", $body_check, LOCK_EX); + file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/mynetwork_table", $mynetworks, LOCK_EX); $FILES=array("transport","sender_access"); foreach ($FILES as $file) { - mwexec("/usr/local/sbin/postmap /usr/local/etc/postfix/".$file); + mwexec(POSTFIX_LOCALBASE."/sbin/postmap ".POSTFIX_LOCALBASE."/etc/postfix/".$file); } #check postix dirs @@ -704,12 +732,13 @@ MASTEREOF2; postfix_start(); #Do not sync during boot - if(!isset($boot_process)) + if(!isset($boot_process) || $via_rpc=="yes") postfix_sync_on_changes(); } function postfix_start(){ global $config; + $pf_dir=POSTFIX_LOCALBASE; $start=<<<EOF sysctl kern.ipc.nmbclusters=65536 @@ -717,20 +746,18 @@ function postfix_start(){ sysctl kern.maxfiles=131072 sysctl kern.maxfilesperproc=104856 sysctl kern.threads.max_threads_per_proc=4096 - /usr/local/sbin/postfix start + {$pf_dir}/sbin/postfix start EOF; - $stop = "/usr/local/sbin/postfix stop\n"; + $stop = POSTFIX_LOCALBASE."/sbin/postfix stop\n"; log_error("Writing rc_file"); write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop)); - conf_mount_ro(); - sleep(1); - if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){ + if (is_array($config['installedpackages']['postfix']) && $config['installedpackages']['postfix']['config'][0]['enable_postfix']){ log_error("Reloading/starting postfix"); system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh'); - mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start"); + mwexec_bg(POSTFIX_LOCALBASE."/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start"); log_error("Postfix setup completed"); } else{ @@ -738,6 +765,8 @@ EOF; mwexec("/usr/local/etc/rc.d/postfix.sh stop"); system('/bin/chmod -x /usr/local/etc/rc.d/postfix.sh'); } + + conf_mount_ro(); } function postfix_validate_input($post, &$input_errors) { @@ -773,7 +802,8 @@ function postfix_php_install_command() { function postfix_php_deinstall_command() { global $config; #disable service - $config['installedpackages']['postfix']['config'][0]['enable_postfix']=""; + if (is_array($config['installedpackages']['postfix'])) + $config['installedpackages']['postfix']['config'][0]['enable_postfix']=""; write_config(); sync_package_postfix(); conf_mount_rw(); @@ -783,33 +813,75 @@ function postfix_php_deinstall_command() { /* Uses XMLRPC to synchronize the changes to a remote node */ function postfix_sync_on_changes() { - global $config, $g; - $synconchanges = $config['installedpackages']['postfixsync']['config'][0]['synconchanges']; - $syncondbchanges= $config['installedpackages']['postfixsync']['config'][0]['rsync']; - if(!$synconchanges && !$syncondbchanges) - return; - log_error("[postfix] postfix_xmlrpc_sync.php is starting."); - foreach ($config['installedpackages']['postfixsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - $sync_type = $sh['sync_type']; - if($password && $sync_to_ip) - postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); + global $config, $g; + if (is_array($config['installedpackages']['postfixsync']['config'])){ + $postfix_sync=$config['installedpackages']['postfixsync']['config'][0]; + $synctimeout = $postfix_sync['synctimeout']; + $synconchanges = $postfix_sync['synconchanges']; + switch ($synconchanges){ + case "manual": + if (is_array($postfix_sync[row])){ + $rs=$postfix_sync[row]; + } + else{ + log_error("[postfix] xmlrpc sync is enabled but there is no hosts to push postfix config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ + $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress']=$system_carp['synchronizetoip']; + $rs[0]['username']=$system_carp['username']; + $rs[0]['password']=$system_carp['password']; + $rs[0]['enabless']=true; + $rs[0]['sync_type']="xmlrpc"; + if (! is_ipaddr($system_carp['synchronizetoip'])){ + log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config."); + return; + } + } + else{ + log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config."); + return; + } + break; + default: + return; + break; } - } - log_error("[postfix] postfix_xmlrpc_sync.php is ending."); + if (is_array($rs)){ + log_error("[postfix] xmlrpc sync is starting."); + foreach($rs as $sh){ + $sync_to_ip = $sh['ipaddress']; + if($sh['username']) + $username = $sh['username']; + else + $username = 'admin'; + if($sh['password'] && $sh['ipaddress'] && $sh['enabless']) + postfix_do_xmlrpc_sync($sh['ipaddress'], $username, $sh['password'],$sh['sync_type'],$synctimeout); + } + log_error("[postfix] xmlrpc sync is ending."); + } + } } + /* Do the actual XMLRPC sync */ -function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { +function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) { global $config, $g; + if(!$username) + $username="admin"; + if(!$password) return; if(!$sync_to_ip) return; + + if(!$synctimeout) + $synctimeout=120; $xmlrpc_sync_neighbor = $sync_to_ip; if($config['system']['webgui']['protocol'] != "") { @@ -851,18 +923,18 @@ function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); + $cli->setCredentials($username, $password); if($g['debug']) $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); + /* send our XMLRPC message and timeout after $sync_timeout seconds */ + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "Postfix Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "Postfix Settings Sync", ""); @@ -873,7 +945,7 @@ function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; - $execcmd .= "sync_package_postfix();"; + $execcmd .= "sync_package_postfix('yes');"; /* assemble xmlrpc payload */ $params = array( @@ -884,15 +956,15 @@ function postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { log_error("postfix XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); if(!$resp) { $error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "postfix Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "postfix Settings Sync", ""); diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php index ff42918c..a11af2dd 100644 --- a/config/postfix/postfix.php +++ b/config/postfix/postfix.php @@ -2,14 +2,14 @@ /* postfix.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml index 51ddf601..25f7a81d 100644 --- a/config/postfix/postfix.xml +++ b/config/postfix/postfix.xml @@ -10,7 +10,7 @@ postfix.xml part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. */ @@ -19,7 +19,7 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -142,7 +142,7 @@ </additional_files_needed> <additional_files_needed> <item>http://www.pfsense.org/packages/config/postfix/adexport.pl</item> - <prefix>/usr/local/etc/postfix/</prefix> + <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> </additional_files_needed> <tabs> diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index efc72721..4eeda7a4 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -5,11 +5,11 @@ <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ========================================================================== */post /* postfix.xml part of the Postfix package for pfSense - Copyright (C) 2010 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -17,10 +17,10 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright + 2. Redistributions in binary form MUST reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -115,6 +115,20 @@ <encoding>base64</encoding> </field> <field> + <fielddescr>Helo</fielddescr> + <fieldname>helo_maps</fieldname> + <description><![CDATA[<strong>PCRE filters</strong><a href=http://www.postfix.org/pcre_table.5.html> that are applied to initial message helo info. Hint:<br> + /^tmpstr.*/ REJECT<br> + /^myserver.local/ REJECT external server with local domain info<br> + /^trusted_network.local/ DUNNO trusted remote misconfigured server<br> + See http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions for more help]]> + </description> + <type>textarea</type> + <cols>83</cols> + <rows>15</rows> + <encoding>base64</encoding> + </field> + <field> <fielddescr>Sender</fielddescr> <fieldname>sender_access</fieldname> <description><![CDATA[<strong>HASH filters</strong> that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :<br> diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php index 914ad88e..76bed31f 100755 --- a/config/postfix/postfix_queue.php +++ b/config/postfix/postfix_queue.php @@ -2,14 +2,14 @@ /* postfix_view_config.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -33,11 +33,17 @@ require("guiconfig.inc"); $uname=posix_uname(); if ($uname['machine']=='amd64') ini_set('memory_limit', '250M'); - + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +else + define('POSTFIX_LOCALBASE','/usr/local'); + function get_cmd(){ if ($_REQUEST['cmd'] =='mailq'){ #exec("/usr/local/bin/mailq" . escapeshellarg('^'.$m.$j." ".$hour.".*".$grep)." /var/log/maillog", $lists); - exec("/usr/local/bin/mailq", $mailq); + exec(POSTFIX_LOCALBASE."/bin/mailq", $mailq); print '<table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0">'; print '<tr><td colspan="6" valign="top" class="listtopic">'.gettext($_REQUEST['cmd']." Results").'</td></tr>'; print '<tr><td class="listlr"><strong>SID</strong></td>'; @@ -67,9 +73,9 @@ function get_cmd(){ } if ($_REQUEST['cmd'] =='qshape'){ if ($_REQUEST['qshape']!="") - exec("/usr/local/bin/qshape -".preg_replace("/\W/","",$_REQUEST['type'])." ". preg_replace("/\W/","",$_REQUEST['qshape']), $qshape); + exec(POSTFIX_LOCALBASE."/bin/qshape -".preg_replace("/\W/","",$_REQUEST['type'])." ". preg_replace("/\W/","",$_REQUEST['qshape']), $qshape); else - exec("/usr/local/bin/qshape", $qshape); + exec(POSTFIX_LOCALBASE."/bin/qshape", $qshape); print '<table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0">'; print '<tr><td colspan="12" valign="top" class="listtopic">'.gettext($_REQUEST['cmd']." Results").'</td></tr>'; $td='<td valign="top" class="listlr">'; diff --git a/config/postfix/postfix_recipients.php b/config/postfix/postfix_recipients.php index 0deb2f79..8d7db416 100644 --- a/config/postfix/postfix_recipients.php +++ b/config/postfix/postfix_recipients.php @@ -1,4 +1,4 @@ -<?php
-require_once ('/usr/local/pkg/postfix.inc');
-sync_relay_recipients("cron");
+<?php +require_once ('/usr/local/pkg/postfix.inc'); +sync_relay_recipients("cron"); ?>
\ No newline at end of file diff --git a/config/postfix/postfix_search.php b/config/postfix/postfix_search.php index 2b831f72..a1cf6b3f 100755 --- a/config/postfix/postfix_search.php +++ b/config/postfix/postfix_search.php @@ -2,14 +2,14 @@ /* postfix_search.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright diff --git a/config/postfix/postfix_sync.xml b/config/postfix/postfix_sync.xml index 08a62d87..88617fbf 100644 --- a/config/postfix/postfix_sync.xml +++ b/config/postfix/postfix_sync.xml @@ -9,7 +9,7 @@ /* postfix_sync.xml part of the Postfix package for pfSense - Copyright (C) 2010 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -20,7 +20,7 @@ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright + 2. Redistributions in binary form MUST reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -100,23 +100,46 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync Postfix configuration changes</fielddescr> + <fielddescr>Sync method</fielddescr> <fieldname>synconchanges</fieldname> - <description><![CDATA[pfSense will automatically sync changes to the hosts defined below.<br><br> - Remote server options are:<br> - <strong>XMLRPC Sync</strong> - Forward postfix settings to other pfsense boxes. Remote password required<br> - <strong>Share Database To</strong> - Allow other pfsense boxes to fetch maillog data via xml. Remote password NOT required.<br> - <strong>Fetch Database From</strong> - Merge logs from other pfsense boxes to this local database. Remote password required.<br> - <strong>Disabled</strong> - Ignore this host while sync.<br><br> - While sharing databases, you must setup 'Share Database To' in one box and 'Fetch Database From' on other box.]]></description> - <type>checkbox</type> + <description>Automatically sync postfix configuration changes.</description> + <type>select</type> + <required/> + <default_value>auto</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> + </field> + <field> + <fielddescr>Sync timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>Select sync max wait time</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> </field> <field> <fielddescr><![CDATA[Remote Server]]></fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> + <dontdisplayname/> + <usecolspan2/> <rowhelper> <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>enabless</fieldname> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> <fielddescr>Sync Type </fielddescr> <fieldname>sync_type</fieldname> <type>select</type> @@ -126,18 +149,22 @@ <option><name>Fetch Database From</name><value>fetch</value></option> <option><name>Disabled</name><value>disabled</value></option> </options> - <description><![CDATA[<strong>Default: Strong</strong><br> - Enable sender, client, recipients and rfc verification.<br>]]></description> </rowhelperfield> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> + <fielddescr>Remote Server IP</fielddescr> <fieldname>ipaddress</fieldname> <description>IP Address of remote server</description> <type>input</type> <size>10</size> </rowhelperfield> <rowhelperfield> + <fielddescr>Username</fielddescr> + <fieldname>username</fieldname> + <description>Username for remote server.</description> + <type>input</type> + <size>10</size> + </rowhelperfield> + <rowhelperfield> <fielddescr>Password</fielddescr> <fieldname>password</fieldname> <description>Password for remote server.</description> @@ -148,9 +175,15 @@ <fielddescr>Description</fielddescr> <fieldname>description</fieldname> <type>input</type> - <size>25</size> + <size>27</size> </rowhelperfield> </rowhelper> + <description><![CDATA[<br>Sync types Description:<br><br> + <strong>XMLRPC Sync</strong> - Forward postfix settings to other pfsense boxes. Remote password required<br> + <strong>Share Database To</strong> - Allow other pfsense boxes to fetch maillog data via xml. Remote password NOT required.<br> + <strong>Fetch Database From</strong> - Merge logs from other pfsense boxes to this local database. Remote password required.<br> + <strong>Disabled</strong> - Ignore this host while sync.<br><br> + While sharing databases works only when you select 'Sync to host(s) defined below' on sync method and you must setup 'Share Database To' in source box and 'Fetch Database From' on destination box.]]></description> </field> </fields> <custom_php_install_command> diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php index 2c0b973e..5e1f6271 100644 --- a/config/postfix/postfix_view_config.php +++ b/config/postfix/postfix_view_config.php @@ -2,14 +2,14 @@ /* postfix_view_config.php part of pfSense (http://www.pfsense.com/) - Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2011-2013 Marcello Coutinho <marcellocoutinho@gmail.com> based on varnish_view_config. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -29,15 +29,21 @@ */ require("guiconfig.inc"); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('POSTFIX_LOCALBASE', '/usr/pbi/postfix-' . php_uname("m")); +else + define('POSTFIX_LOCALBASE','/usr/local'); + function get_file($file){ - $files['main']="/usr/local/etc/postfix/main.cf"; - $files['master']="/usr/local/etc/postfix/master.cf"; - $files['recipients']="/usr/local/etc/postfix/relay_recipients"; - $files['header']="/usr/local/etc/postfix/header_check"; - $files['mime']="/usr/local/etc/postfix/mime_check"; - $files['body']="/usr/local/etc/postfix/body_check"; - $files['cidr']="/usr/local/etc/postfix/cal_cidr"; - $files['pcre']="/usr/local/etc/postfix/cal_pcre"; + $files['main']=POSTFIX_LOCALBASE."/etc/postfix/main.cf"; + $files['master']=POSTFIX_LOCALBASE."/etc/postfix/master.cf"; + $files['recipients']=POSTFIX_LOCALBASE."/etc/postfix/relay_recipients"; + $files['header']=POSTFIX_LOCALBASE."/etc/postfix/header_check"; + $files['mime']=POSTFIX_LOCALBASE."/etc/postfix/mime_check"; + $files['body']=POSTFIX_LOCALBASE."/etc/postfix/body_check"; + $files['cidr']=POSTFIX_LOCALBASE."/etc/postfix/cal_cidr"; + $files['pcre']=POSTFIX_LOCALBASE."/etc/postfix/cal_pcre"; if ($files[$file]!="" && file_exists($files[$file])){ print '<textarea rows="50" cols="100%">'; |