diff options
Diffstat (limited to 'config/postfix')
| -rw-r--r-- | config/postfix/postfix.inc | 65 | ||||
| -rw-r--r-- | config/postfix/postfix_acl.xml | 9 |
2 files changed, 56 insertions, 18 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 5fde243e..93fae05a 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -3,7 +3,7 @@ postfix.inc part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck - Copyright (C) 2011 Marcello Coutinho + Copyright (C) 2012 Marcello Coutinho All rights reserved. @@ -34,6 +34,10 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); +$uname=posix_uname(); +if ($uname['machine']=='amd64') + ini_set('memory_limit', '250M'); + function px_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } @@ -108,15 +112,18 @@ function sync_relay_recipients($via_cron="cron"){ $ldap_unique=array_unique($ldap_all); print "Total ldap recipients:".count($ldap_all)."\tunique:".count($ldap_unique)."\n"; foreach($ldap_unique as $recipient) - $relay_ldap_recipients.=($recipient != ""?$recipient." OK\n":""); + $relay_ldap_recipients.=($recipient != ""?preg_replace("/\s+/","",$recipient)." OK\n":""); #save ldap relay recipients file_put_contents("/usr/local/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX); } } } - #save all relay recipients and reload postfix - file_put_contents("/usr/local/etc/postfix/relay_recipients",$relay_ldap_recipients."\n".$relay_recipients, LOCK_EX); + #save all relay recipients, remove duplicates and reload postfix + $recipients_file="/usr/local/etc/postfix/relay_recipients"; + file_put_contents($recipients_file.".unsort",$relay_ldap_recipients."\n".$relay_recipients, LOCK_EX); + exec('/usr/bin/sort -u '.$recipients_file.'.unsort > '.$recipients_file); + unlink_if_exists($recipients_file.'.unsort'); exec("/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients"); mwexec("/usr/local/sbin/postfix reload"); } @@ -265,6 +272,17 @@ function check_cron(){ function sync_package_postfix() { global $config; + # detect boot process + if (is_array($_POST)){ + if (preg_match("/\w+/",$_POST['__csrf_magic'])) + unset($boot_process); + else + $boot_process="on"; + } + + if(is_process_running("master") && isset($boot_process)) + return; + #check patch in /etc/inc/config. $relay_domains = ""; $transport = ""; @@ -453,16 +471,16 @@ smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_ permit smtpd_recipient_restrictions = permit_mynetworks, + reject_unauth_destination, + reject_unauth_pipelining, check_client_access pcre:/usr/local/etc/postfix/cal_pcre, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, + check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_invalid_helo_hostname, - reject_unknown_recipient_domain, reject_non_fqdn_helo_hostname, + reject_unknown_recipient_domain, reject_non_fqdn_recipient, - reject_unauth_destination, - reject_unauth_pipelining, reject_multi_recipient_bounce, - check_sender_access hash:/usr/local/etc/postfix/sender_access, SPFSPFSPFRBLRBLRBL EOF; @@ -482,14 +500,19 @@ smtpd_sender_restrictions = reject_unknown_sender_domain, RBLRBLRBL # Allow connections from specified local clients and rbl check everybody else if rbl check are set. -smtpd_client_restrictions = check_client_access pcre:/usr/local/etc/postfix/cal_pcre, - check_client_access cidr:/usr/local/etc/postfix/cal_cidr, +smtpd_client_restrictions = reject_unauth_destination, + check_sender_access hash:/usr/local/etc/postfix/sender_access, + check_client_access pcre:/usr/local/etc/postfix/cal_pcre, + check_client_access cidr:/usr/local/etc/postfix/cal_cidr RBLRBLRBL # Whitelisting: local clients may specify any destination domain. #, smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, + check_sender_access hash:/usr/local/etc/postfix/sender_access, + check_client_access pcre:/usr/local/etc/postfix/cal_pcre, + check_client_access cidr:/usr/local/etc/postfix/cal_cidr, SPFSPFSPFRBLRBLRBL EOF; @@ -658,14 +681,28 @@ MASTEREOF2; { mwexec("/usr/local/sbin/postmap /usr/local/etc/postfix/".$file); } - - if (!is_dir("/etc/mail")) - mkdir("/etc/mail", 0755); + + #check postix dirs + $dirs=array("/var/spool/postfix","/etc/mail","/var/db/postfix","/var/mail/postfix"); + foreach ($dirs as $dir) + if (!is_dir($dir) && !file_exists($dir)) + mkdir($dir, 0755,TRUE); + + #check postfix owners + $dirs=array("/var/db/postfix","/var/mail/postfix"); + foreach ($dirs as $dir){ + chown($dir, 'postfix'); + chgrp($dir, 'postfix'); + } if (!file_exists("/etc/mail/aliases")) touch("/etc/mail/aliases"); exec("/usr/local/bin/newaliases"); postfix_start(); - postfix_sync_on_changes(); + + #Do not sync during boot + if(!isset($boot_process)) + postfix_sync_on_changes(); + } function postfix_start(){ global $config; diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index 2a2b4633..efc72721 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -118,13 +118,14 @@ <fielddescr>Sender</fielddescr> <fieldname>sender_access</fieldname> <description><![CDATA[<strong>HASH filters</strong> that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :<br> - myfriend@example.com OK<br> + myfriend@example.com DUNNO<br> junk@spam.com REJECT<br> marketing@ REJECT<br> - theboss@ OK<br> + theboss@ DUNNO<br> deals.marketing.com REJECT<br> - somedomain.com OK<br> - See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help]]> + somedomain.com DUNNO<br><br> + See http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions for more help<br> + <strong>Note: a result of "OK" in this field is not allowed/wanted for safety reasons(it may accept forged senders as it will not do other spam checks). Instead, use DUNNO in order to exclude specific hosts from blacklists.</strong>]]> </description> <type>textarea</type> <cols>83</cols> |