diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/postfix/postfix.inc | 43 | ||||
-rw-r--r-- | config/postfix/postfix_acl.xml | 22 |
2 files changed, 49 insertions, 16 deletions
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 83fc46e2..3f465969 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -278,7 +278,7 @@ function check_cron(){ } -function sync_package_postfix() { +function sync_package_postfix($via_rpc=false) { global $config; # detect boot process @@ -289,7 +289,7 @@ function sync_package_postfix() { $boot_process="on"; } - if(is_process_running("master") && isset($boot_process)) + if(is_process_running("master") && isset($boot_process) && $via_rpc==false) return; #check patch in /etc/inc/config. @@ -360,7 +360,7 @@ function sync_package_postfix() { $copyright=<<<ABOUT #Part of the Postfix package for pfSense #Copyright (C) 2010 Erik Fonnesbeck -#Copyright (C) 2011 Marcello Coutinho +#Copyright (C) 2011-2013 Marcello Coutinho #All rights reserved. #DO NOT EDIT THIS FILE @@ -372,6 +372,11 @@ $pf_dir=POSTFIX_LOCALBASE; {$copyright} mynetworks = {$pf_dir}/etc/postfix/mynetwork_table mynetworks_style = host +access_map_reject_code= 554 +access_map_defer_code = 451 +unverified_recipient_reject_code = 550 +unknown_client_reject_code = 550 +unknown_hostname_reject_code = 550 EOF; #Header Maps @@ -385,6 +390,10 @@ EOF; $postfix_main .= "header_size_limit = 1024000\n"; $header_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['header_maps']); } + #Helo Maps + if ($config['installedpackages']['postfixacl']['config'][0]['helo_maps']){ + $helo_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['helo_maps']); + } #Sender access if ($config['installedpackages']['postfixacl']['config'][0]['sender_access']){ $sender_access = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['sender_access']); @@ -452,7 +461,16 @@ EOF; break; } } - $reject_unknown_helo_hostname=($antispam['reject_unknown_helo_hostname']?"reject_unknown_helo_hostname":""); + if ($antispam['reject_unknown_helo_hostname']){ + $reject_unknown_helo_hostname = <<<EOF +smtpd_helo_restrictions = check_helo_access pcre:/usr/local/etc/postfix/helo_check, + reject_unknown_helo_hostname, + reject_invalid_helo_hostname, + reject_non_fqdn_helo_hostname, + permit + +EOF; + } if ($antispam['header_check'] == "strong") { $postfix_main .= <<<EOF @@ -464,7 +482,7 @@ smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes -smtpd_helo_restrictions ={$reject_unknown_helo_hostname} +{$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, @@ -488,11 +506,11 @@ smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:{$pf_dir}/etc/postfix/cal_pcre, check_client_access cidr:{$pf_dir}/etc/postfix/cal_cidr, check_sender_access hash:{$pf_dir}/etc/postfix/sender_access, - reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_multi_recipient_bounce, + reject_unverified_recipient, SPFSPFSPFRBLRBLRBL EOF; @@ -505,7 +523,7 @@ smtpd_delay_reject = yes # Don't talk to mail systems that don't know their own hostname. smtpd_helo_required = yes -smtpd_helo_restrictions = {$reject_unknown_helo_hostname} +{$reject_unknown_helo_hostname} smtpd_sender_restrictions = reject_unknown_sender_domain, RBLRBLRBL @@ -733,10 +751,8 @@ EOF; log_error("Writing rc_file"); write_rcfile(array("file" => "postfix.sh", "start" => $start, "stop" => $stop)); - conf_mount_ro(); - sleep(1); - if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){ + if (is_array($config['installedpackages']['postfix']) && $config['installedpackages']['postfix']['config'][0]['enable_postfix']){ log_error("Reloading/starting postfix"); system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh'); mwexec_bg(POSTFIX_LOCALBASE."/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start"); @@ -747,6 +763,8 @@ EOF; mwexec("/usr/local/etc/rc.d/postfix.sh stop"); system('/bin/chmod -x /usr/local/etc/rc.d/postfix.sh'); } + + conf_mount_ro(); } function postfix_validate_input($post, &$input_errors) { @@ -782,7 +800,8 @@ function postfix_php_install_command() { function postfix_php_deinstall_command() { global $config; #disable service - $config['installedpackages']['postfix']['config'][0]['enable_postfix']=""; + if (is_array($config['installedpackages']['postfix'])) + $config['installedpackages']['postfix']['config'][0]['enable_postfix']=""; write_config(); sync_package_postfix(); conf_mount_rw(); @@ -924,7 +943,7 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; - $execcmd .= "sync_package_postfix();"; + $execcmd .= "sync_package_postfix(true);"; /* assemble xmlrpc payload */ $params = array( diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml index efc72721..4eeda7a4 100644 --- a/config/postfix/postfix_acl.xml +++ b/config/postfix/postfix_acl.xml @@ -5,11 +5,11 @@ <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ========================================================================== */post /* postfix.xml part of the Postfix package for pfSense - Copyright (C) 2010 Marcello Coutinho + Copyright (C) 2011-2013 Marcello Coutinho All rights reserved. */ /* ========================================================================== */ @@ -17,10 +17,10 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, + 1. Redistributions of source code MUST retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright + 2. Redistributions in binary form MUST reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -115,6 +115,20 @@ <encoding>base64</encoding> </field> <field> + <fielddescr>Helo</fielddescr> + <fieldname>helo_maps</fieldname> + <description><![CDATA[<strong>PCRE filters</strong><a href=http://www.postfix.org/pcre_table.5.html> that are applied to initial message helo info. Hint:<br> + /^tmpstr.*/ REJECT<br> + /^myserver.local/ REJECT external server with local domain info<br> + /^trusted_network.local/ DUNNO trusted remote misconfigured server<br> + See http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions for more help]]> + </description> + <type>textarea</type> + <cols>83</cols> + <rows>15</rows> + <encoding>base64</encoding> + </field> + <field> <fielddescr>Sender</fielddescr> <fieldname>sender_access</fieldname> <description><![CDATA[<strong>HASH filters</strong> that implements whitelisting and blacklisting of full or partial email addresses and domains as specified in the MAIL FROM field :<br> |