diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/postfix/postfix.inc | 6 | ||||
-rw-r--r-- | config/postfix/postfix.php | 29 | ||||
-rw-r--r-- | config/postfix/postfix_antispam.xml | 16 | ||||
-rwxr-xr-x | config/postfix/postfix_queue.php | 12 | ||||
-rwxr-xr-x | config/postfix/postfix_search.php | 1 | ||||
-rw-r--r-- | config/snort/snort.inc | 16 | ||||
-rw-r--r-- | config/snort/snort_define_servers.php | 20 | ||||
-rw-r--r-- | config/snort/snort_interfaces_edit.php | 4 | ||||
-rw-r--r-- | config/squidGuard/squidguard_configurator.inc | 2 |
9 files changed, 96 insertions, 10 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index d009e72a..5a802054 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -391,8 +391,10 @@ EOF; if($antispam['antispam_enabled']){ switch ($antispam['antispam_software']){ case "mailscanner": - $header_check .= (!preg_match('@/ HOLD@',$header_check)?"\n/^Received:/ HOLD\n":"\n"); - $postfix_main_antispam = "#Saving all mail after header/body/rbl/spf checks to mailscanner\n\n"; + if ($antispam['hold_mode']=='auto'){ + $header_check .= "\n/^Received:/ HOLD\n"; + $postfix_main_antispam = "#Saving all mail after header/body/rbl/spf checks to mailscanner\n\n"; + } break; case "policyd2": if ($antispam['antispam_location']){ diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php index 0f397cc9..9f15973c 100644 --- a/config/postfix/postfix.php +++ b/config/postfix/postfix.php @@ -140,7 +140,7 @@ function grep_log(){ $total_lines=0;
$days=array();
- $grep="postfix.\(cleanup\|smtp\|error\|qmgr\)";
+ $grep="\(MailScanner\|postfix.cleanup\|postfix.smtp\|postfix.error\|postfix.qmgr\)";
$curr_time = time();
$log_time=strtotime($postfix_arg['time'],$curr_time);
$m=date('M',strtotime($postfix_arg['time'],$curr_time));
@@ -181,9 +181,19 @@ function grep_log(){ $stm_queue[$day].='insert or ignore into mail_from(sid,date,server,client) values ('.$values.');'."\n";
${$email[3]}=$email[3];
}
- #Nov 14 09:29:32 srvch011 postfix/error[58443]: 2B8EB1F5A5A: to=<hildae.sva@pi.email.com>, relay=none, delay=0.66, delays=0.63/0/0/0.02, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=mail.pi.trf1.gov.br type=A: Host not found, try again)
+ #Dec 2 22:21:18 pfsense MailScanner[60670]: Requeue: 8DC3BBDEAF.A29D3 to 5AD9ABDEB5
+ else if (preg_match("/(\w+\s+\d+\s+[0-9,:]+) (\w+) MailScanner.*Requeue: (\w+)\W\w+ to (\w+)/",$line,$email)){
+ $stm_queue[$day].= "update or ignore mail_from set sid='".$email[4]."' where sid='".$email[3]."';\n";
+ }
+ #Dec 5 14:06:10 srvchunk01 MailScanner[19589]: Message 775201F44B1.AED2C from 209.185.111.50 (marcellocoutinho@mailtest.com) to sede.mail.test.com is spam, SpamAssassin (not cached, escore=99.202, requerido 6, autolearn=spam, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, RCVD_IN_DNSWL_LOW -0.70, WORM_TEST2 100.00)
+ else if (preg_match("/(\w+\s+\d+\s+[0-9,:]+) (\w+) MailScanner\W\d+\W+\w+\s+(\w+).* is spam, (.*)/",$line,$email)){
+ $stm_queue[$day].= "insert or ignore into mail_status (info) values ('spam');\n";
+ print "\n#######################################\nSPAM:".$email[4].$email[3].$email[2]."\n#######################################\n";
+ $stm_queue[$day].= "update or ignore mail_to set status=(select id from mail_status where info='spam'), status_info='".preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[4])."' where from_id in (select id from mail_from where sid='".$email[3]."' and server='".$email[2]."');\n";
+ }
+ #Nov 14 09:29:32 srvch011 postfix/error[58443]: 2B8EB1F5A5A: to=<hildae.sva@pi.email.com>, relay=none, delay=0.66, delays=0.63/0/0/0.02, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=mail.pi.test.com type=A: Host not found, try again)
#Nov 3 21:45:32 srvch011 postfix/smtp[18041]: 4CE321F4887: to=<viinil@vitive.com.br>, relay=smtpe1.eom[81.00.20.9]:25, delay=1.9, delays=0.06/0.01/0.68/1.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2C33E2382C8)
- #Nov 16 00:00:14 srvch011 postfix/smtp[7363]: 7AEB91F797D: to=<alessandra.bueno@mg.trf1.gov.br>, relay=mail.mg.trf1.gov.br[172.25.3.5]:25, delay=39, delays=35/1.1/0.04/2.7, dsn=5.7.1, status=bounced (host mail.mg.trf1.gov.br[172.25.3.5] said: 550 5.7.1 Unable to relay for alessandra.bueno@mg.trf1.gov.br (in reply to RCPT TO command))
+ #Nov 16 00:00:14 srvch011 postfix/smtp[7363]: 7AEB91F797D: to=<alessandra.bueno@mg.test.com>, relay=mail.mg.test.com[172.25.3.5]:25, delay=39, delays=35/1.1/0.04/2.7, dsn=5.7.1, status=bounced (host mail.mg.test.com[172.25.3.5] said: 550 5.7.1 Unable to relay for alessandra.bueno@mg.test.com (in reply to RCPT TO command))
else if(preg_match("/(\w+\s+\d+\s+[0-9,:]+) (\w+) postfix.\w+\W\d+\W+(\w+): to=\<(.*)\>, relay=(.*), delay=([0-9,.]+), .* dsn=([0-9,.]+), status=(\w+) (.*)/",$line,$email)){
$stm_queue[$day].= "insert or ignore into mail_status (info) values ('".$email[8]."');\n";
$stm_queue[$day].= "insert or ignore into mail_to (from_id,too,status,status_info,relay,delay,dsn) values ((select id from mail_from where sid='".$email[3]."' and server='".$email[2]."'),'".strtolower($email[4])."',(select id from mail_status where info='".$email[8]."'),'".preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[9])."','".$email[5]."','".$email[6]."','".$email[7]."');\n";
@@ -223,16 +233,23 @@ function grep_log(){ $status['status']=$email[4];
$stm_queue[$day].= "insert or ignore into mail_status (info) values ('".$email[4]."');\n";
if ($email[4] =="warning"){
- $stm_queue[$day].= "insert or ignore into mail_status (info) values ('incoming');\n";
+ if (${$status['sid']}=='hold'){
+ $status['status']='hold';
+ }
+ else{
+ $status['status']='incoming';
+ $stm_queue[$day].= "insert or ignore into mail_status (info) values ('".$status['status']."');\n";
+ }
#print "$line\n";
$status['status_info']=preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[11]);
$status['subject']=preg_replace("/header Subject: /","",$email[5]);
$status['subject']=preg_replace("/(\<|\>|\s+|\'|\")/"," ",$status['subject']);
$stm_queue[$day].="update mail_from set subject='".$status['subject']."', fromm='".strtolower($status['from'])."',helo='".$status['helo']."' where sid='".$status['sid']."';\n";
- $stm_queue[$day].="insert or ignore into mail_to (from_id,too,status,status_info) VALUES ((select id from mail_from where sid='".$email[3]."' and server='".$email[2]."'),'".strtolower($status['to'])."',(select id from mail_status where info='incoming'),'".$status['status_info']."');\n";
- $stm_queue[$day].="update or ignore mail_to set status=(select id from mail_status where info='incoming'), status_info='".$status['status_info']."', too='".strtolower($status['to'])."' where from_id in (select id from mail_from where sid='".$status['sid']."' and server='".$email[2]."');\n";
+ $stm_queue[$day].="insert or ignore into mail_to (from_id,too,status,status_info) VALUES ((select id from mail_from where sid='".$email[3]."' and server='".$email[2]."'),'".strtolower($status['to'])."',(select id from mail_status where info='".$status['status']."'),'".$status['status_info']."');\n";
+ $stm_queue[$day].="update or ignore mail_to set status=(select id from mail_status where info='".$status['status']."'), status_info='".$status['status_info']."', too='".strtolower($status['to'])."' where from_id in (select id from mail_from where sid='".$status['sid']."' and server='".$email[2]."');\n";
}
else{
+ ${$status['sid']}=$status['status'];
$stm_queue[$day].="update mail_from set fromm='".strtolower($status['from'])."',helo='".$status['helo']."' where sid='".$status['sid']."';\n";
$status['status_info']=preg_replace("/(\<|\>|\s+|\'|\")/"," ",$email[5].$email[11]);
$stm_queue[$day].="insert or ignore into mail_to (from_id,too,status,status_info) VALUES ((select id from mail_from where sid='".$email[3]."' and server='".$email[2]."'),'".strtolower($status['to'])."',(select id from mail_status where info='".$email[4]."'),'".$status['status_info']."');\n";
diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml index c4772085..94f52f35 100644 --- a/config/postfix/postfix_antispam.xml +++ b/config/postfix/postfix_antispam.xml @@ -239,6 +239,22 @@ <description></description> </field> <field> + <fielddescr>Message Hold mode</fielddescr> + <fieldname>hold_mode</fieldname> + <description><![CDATA[Select how postfix will hold messages to mailscanner.<br> + When using auto mode, postfix will hold all messages.<br> + When using manual mode, include options like this in acl headers:<br> + /^to:.*admin@mydomain.com/ OK<br> + /^from:.*user@extdomain.com/ OK<br> + /^from:/ HOLD<br> + /^to:.*@mydomain.com/ HOLD]]></description> + <type>select</type> + <options> + <option><name>Auto mode</name><value>auto</value></option> + <option><name>Manual mode using ACLs</name><value>manual</value></option> + </options> + </field> + <field> <fielddescr>Software</fielddescr> <fieldname>antispam_software</fieldname> <description>Select Third part solution to use. See postfix forwarder package info page for instaling instructions</description> diff --git a/config/postfix/postfix_queue.php b/config/postfix/postfix_queue.php index eaf6b7f5..ce4d6cc6 100755 --- a/config/postfix/postfix_queue.php +++ b/config/postfix/postfix_queue.php @@ -62,7 +62,7 @@ function get_cmd(){ } if ($_REQUEST['cmd'] =='qshape'){ if ($_REQUEST['qshape']!="") - exec("/usr/local/bin/qshape ". preg_replace("/\W/"," ",$_REQUEST['qshape']), $qshape); + exec("/usr/local/bin/qshape -".preg_replace("/\W/","",$_REQUEST['type'])." ". preg_replace("/\W/","",$_REQUEST['qshape']), $qshape); else exec("/usr/local/bin/qshape", $qshape); print '<table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0">'; @@ -167,6 +167,15 @@ else{ <option value="maildrop">maildrop</option> </select><br><?=gettext("Select how often queue will be queried.");?></td> </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("qshape Report type: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="qtype"> + <option value="s" selected>sender domain</option> + <option value="p">parent domain</option> + </select><br><?=gettext("Select between sender or parent domains to order by.");?></td> + </tr> + <tr> <td width="22%" valign="top"></td> <td width="78%"><input name="Submit" type="button" class="formbtn" id="run" value="<?=gettext("show queue");?>" onclick="get_queue('mailq')"><div id="search_help"></div></td> @@ -212,6 +221,7 @@ else{ var q_args=loopSelected('qshape'); var pars = 'cmd='+$('cmd').options[$('cmd').selectedIndex].value; var pars = pars + '&qshape='+q_args; + var pars = pars + '&type='+$('qtype').options[$('qtype').selectedIndex].value; var url = "/postfix_queue.php"; var myAjax = new Ajax.Request( url, diff --git a/config/postfix/postfix_search.php b/config/postfix/postfix_search.php index b76f0554..c2da3f7e 100755 --- a/config/postfix/postfix_search.php +++ b/config/postfix/postfix_search.php @@ -119,6 +119,7 @@ include("head.inc"); <option value="sent">sent</option> <option value="bounced">bounced</option> <option value="reject">reject</option> + <option value="spam">spam</option> <option value="incoming">incoming</option> </select><br><?=gettext("Max log messages to fetch per Sqlite file.");?></td> </tr> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 0e624c7f..36f58760 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1581,6 +1581,20 @@ function generate_snort_conf($id, $if_real, $snort_uuid) $def_sip_proxy_ports_type = "5060:5090,16384:32768"; else $def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk"; + + /* def SIP_IP */ + $def_sip_ip_info_chk = $snortcfg['def_sip_ip']; + if ($def_sip_ip_info_chk == "") + $def_sip_ip_type = "\$HOME_NET"; + else + $def_sip_ip_type = "$def_sip_ip_info_chk"; + + /* def SIP_PORTS */ + $def_sip_ports_info_chk = $snortcfg['def_sip_ports']; + if ($def_sip_ports_info_chk == "") + $def_sip_ports_type = "5060:5090,16384:32768"; + else + $def_sip_ports_type = "$def_sip_ports_info_chk"; /* def AUTH_PORTS */ $def_auth_ports_info_chk = $snortcfg['def_auth_ports']; @@ -1964,6 +1978,7 @@ var IMAP_SERVERS [{$def_imap_servers_type}] var RPC_SERVERS \$HOME_NET var WWW_SERVERS [{$def_www_servers_type}] var SIP_PROXY_IP [{$def_sip_proxy_ip_type}] +var SIP_IP [{$def_sip_ip_type}] var AIM_SERVERS \ [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24] @@ -1997,6 +2012,7 @@ portvar TELNET_PORTS [{$def_telnet_ports_type}] portvar MAIL_PORTS [{$def_mail_ports_type}] portvar SSL_PORTS [{$def_ssl_ports_type}] portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}] +portvar SIP_PORTS [{$def_sip_ports_type}] # DCERPC NCACN-IP-TCP portvar DCERPC_NCACN_IP_TCP [139,445] diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index e3238ef7..45264995 100644 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -88,6 +88,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; @@ -139,6 +141,8 @@ if ($_POST) { if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; } if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; } if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; } + if ($_POST['def_sip_ip'] != "") { $natent['def_sip_ip'] = $_POST['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; } + if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; } if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; } if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; } @@ -442,8 +446,24 @@ echo "{$snort_general_css}\n"; value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br> <span class="vexpl">Example: Specific ports "25,443" or All ports betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td> + <td width="78%" class="vtable"><input name="def_sip_ip" + type="text" class="formfld" id="def_sip_ip" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_ip']);?>"> <br> + <span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave + blank to scan all networks.</span></td> </tr> <tr> + <td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td> + <td width="78%" class="vtable"><input name="def_sip_ports" + type="text" class="formfld" id="def_sip_ports" size="40" + value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br> + <span class="vexpl">Example: Specific ports "25,443" or All ports + betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td> + </tr> + <tr> <td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td> <td width="78%" class="vtable"><input name="def_auth_ports" type="text" class="formfld" id="def_auth_ports" size="40" diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index b1a091e7..a0e912cd 100644 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -111,6 +111,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers']; $pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports']; $pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip']; + $pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip']; + $pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports']; $pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports']; $pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports']; $pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports']; @@ -253,6 +255,8 @@ if (isset($_GET['dup'])) if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; } if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; } if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; } + if ($pconfig['def_sip_ip'] != "") { $natent['def_sip_ip'] = $pconfig['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; } + if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; } if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; } if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; } if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; } diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index c9dc7aed..3347b48b 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -1945,7 +1945,7 @@ function squidguard_setup_cron($task_key, $options, $on_off) # ***************************************************************************** function squidguard_ramdisk($enable) { - $ramsize = 200; + $ramsize = 300; # delete old squidguard ramdisk if (file_exists("/dev/md15")) { |